Help with php.

**Niko** · 08-17-2013, 03:58 PM

<HTML>
<html>
<head>
<title>login page</title>
</head>
<body bgcolor="black" style="color:gray">
<form action="index.php" method=get>
<h1 align="center" style="color:gray" >Welcome to the Login page</h1>
<?php
session_start();
if( $_SESSION["logging"]&& $_SESSION["logged"])
{
print_secure_content();
}
else {
if(!$_SESSION["logging"])
{
$_SESSION["logging"]=true;
loginform();
}
else if($_SESSION["logging"])
{
$number_of_rows=checkpass();
if($number_of_rows==1)
{
$_SESSION[user]=$_GET[userlogin];
$_SESSION[logged]=true;
print"<h1>you have logged in successfully</h1>";
print_secure_content();
}
else{
print "wrong pawssword or username, please try again";
loginform();
}
}
}

function loginform()
{
print "please enter your login information to proceed with our site";
print ("<table border='2'><tr><td>username</td><td><input type='text' name='userlogin' size'20'></td></tr><tr><td>password</td><td><input type='password' name='password' size'20'></td></tr></table>");
print "<input type='submit' >";
print "<h3><a href='registerform.php'>register now!</a></h3>";
}

function checkpass()
{
$servername="localhost";
$username="root";
$conn= mysql_connect($servername,$username)or die(mysql_error());
mysql_select_db("dbUsers",$conn);
$sql="select * from users where name='$_GET[userlogin]' and password='$_GET[password]'";
$result=mysql_query($sql,$conn) or die(mysql_error());
return mysql_num_rows($result);
}

There is an error in this php script. Help!
</HTML>

**Kendrick** · 08-17-2013, 08:46 PM

isnt html the thing to make like a website or a page?

**Poorface** · 08-18-2013, 04:44 AM

Please put [.HTML] before and [./HTML] after your code (without the periods). It makes it easier to read

**Ace** · 08-18-2013, 06:00 AM

This isn't the error but you spelled password as pawssword on one line.

**The Doctor** · 08-19-2013, 01:47 AM

Hate to say this, but your code was a mess. I'm going to tell you what I fixed now.

Errors:
You were missing a ?> at the end of your file
(?) Check to see if MySQL is on and if you have a database.
Some places in the code didn't have quotes, but they are strings.

Warnings:
I would use cookies instead of sessions (Fixed)
Please style your code. (Fixed)
Please make sure that you md5 the password of every user so that it's not in a readable format. (ex. md5($password))
Make sure your HTML syntax is correct (Fixed by adding </body> and </html>)

PHP Code:


<html>
    <head>
        <title>Login Page</title>
    </head>
    <body bgcolor="black" style="color:gray">
    <form action="#" method="post">
        <h1 align="center" style="color:gray" >Welcome to the Login page</h1>
        <?php
            error_reporting(0);
            $servername = "localhost"; //MySQL server
            $username = "root";  //MySQL username
            $password = "";  //MySQL password (Leave blank if no password)
            $conn = mysql_connect($servername,$username,$password)or die(mysql_error());
            
             if($_POST["userlogin"] && $_POST["password"]) { //If the user has submitted the user login form
                mysql_select_db("dbUsers",$conn);
                $sql = "SELECT * FROM users WHERE name = '" . $_POST["userlogin"] . "' AND password = '" . $_POST["password"] . "'";
                $result = mysql_query($sql,$conn) or die(mysql_error());
                $number_of_rows = mysql_num_rows($result);
                if($number_of_rows == 1) {
                    setcookie("username", $_POST["userlogin"], time()+ 3600); //Automatically expires cookie in one hour, 3600 seconds
                    setcookie("password", $_POST["password"], time()+ 3600);
                    print"<h1>You have logged in.</h1>";
                    //print_secure_content();
                }
                else {
                    print "Wrong username or password.";
                    loginform();
                }
            }
            else if($_COOKIE["username"] && $_COOKIE["password"]) {
                //User is logged in, but he's on the login page. Print the secure content after verifying the login again!
                mysql_select_db("dbUsers",$conn);
                $sql="SELECT * FROM users WHERE name = '" . $_COOKIE["username"] . "' AND password = '" . $_COOKIE["password"] . "'";
                $result=mysql_query($sql,$conn) or die(mysql_error());
                $number_of_rows = mysql_num_rows($result);
                if($number_of_rows == 1) {
                    //Print the secure login information
                    //print_secure_content();
                }
                else {
                    //The user somehow has a bad cookie! Bring him to the login form.
                    loginform();
                }
            }
            
            else {
              //User is not logged in, therefore display the login form.
              loginform();
            }
            
            function loginform() {
                print "Please enter your username and password.";
                print ("<table border='2'><tr><td>username</td><td><input type='text' name='userlogin' size'20'></td></tr><tr><td>password</td><td><input type='password' name='password' size'20'></td></tr></table>");
                print "<input type='submit' >";
                print "<h3><a href='registerform.php'>register now!</a></h3>";
            }
        ?>
        </form>
    </body>
</html>

Side Note:
Make sure you have a MySQL DB called dbUsers with table users

45eOF.png

**Niko** · 08-23-2013, 11:54 PM

Originally Posted by The Doctor

Hate to say this, but your code was a mess. I'm going to tell you what I fixed now.

Errors:
You were missing a ?> at the end of your file
(?) Check to see if MySQL is on and if you have a database.
Some places in the code didn't have quotes, but they are strings.

Warnings:
I would use cookies instead of sessions (Fixed)
Please style your code. (Fixed)
Please make sure that you md5 the password of every user so that it's not in a readable format. (ex. md5($password))
Make sure your HTML syntax is correct (Fixed by adding </body> and </html>)

PHP Code:


<html>
    <head>
        <title>Login Page</title>
    </head>
    <body bgcolor="black" style="color:gray">
    <form action="#" method="post">
        <h1 align="center" style="color:gray" >Welcome to the Login page</h1>
        <?php
            error_reporting(0);
            $servername = "localhost"; //MySQL server
            $username = "root";  //MySQL username
            $password = "";  //MySQL password (Leave blank if no password)
            $conn = mysql_connect($servername,$username,$password)or die(mysql_error());
            
             if($_POST["userlogin"] && $_POST["password"]) { //If the user has submitted the user login form
                mysql_select_db("dbUsers",$conn);
                $sql = "SELECT * FROM users WHERE name = '" . $_POST["userlogin"] . "' AND password = '" . $_POST["password"] . "'";
                $result = mysql_query($sql,$conn) or die(mysql_error());
                $number_of_rows = mysql_num_rows($result);
                if($number_of_rows == 1) {
                    setcookie("username", $_POST["userlogin"], time()+ 3600); //Automatically expires cookie in one hour, 3600 seconds
                    setcookie("password", $_POST["password"], time()+ 3600);
                    print"<h1>You have logged in.</h1>";
                    //print_secure_content();
                }
                else {
                    print "Wrong username or password.";
                    loginform();
                }
            }
            else if($_COOKIE["username"] && $_COOKIE["password"]) {
                //User is logged in, but he's on the login page. Print the secure content after verifying the login again!
                mysql_select_db("dbUsers",$conn);
                $sql="SELECT * FROM users WHERE name = '" . $_COOKIE["username"] . "' AND password = '" . $_COOKIE["password"] . "'";
                $result=mysql_query($sql,$conn) or die(mysql_error());
                $number_of_rows = mysql_num_rows($result);
                if($number_of_rows == 1) {
                    //Print the secure login information
                    //print_secure_content();
                }
                else {
                    //The user somehow has a bad cookie! Bring him to the login form.
                    loginform();
                }
            }
            
            else {
              //User is not logged in, therefore display the login form.
              loginform();
            }
            
            function loginform() {
                print "Please enter your username and password.";
                print ("<table border='2'><tr><td>username</td><td><input type='text' name='userlogin' size'20'></td></tr><tr><td>password</td><td><input type='password' name='password' size'20'></td></tr></table>");
                print "<input type='submit' >";
                print "<h3><a href='registerform.php'>register now!</a></h3>";
            }
        ?>
        </form>
    </body>
</html>

Side Note:
Make sure you have a MySQL DB called dbUsers with table users

45eOF.png

Yes i have everything. Thank you for fixing my error lol. I guess im an ammature coder :P

**The Doctor** · 08-24-2013, 01:49 AM

Originally Posted by Niko

Yes i have everything. Thank you for fixing my error lol. I guess im an ammature coder :P

No problem ^^. On a side note, please make sure your register code uses md5($password) and your login code uses md5($password). This ensures that if anyone decides to hack into your database, they can't read passwords in plain text. Also, what's your website? I'd like to see

**Niko** · 10-30-2013, 12:39 AM

Originally Posted by The Doctor

No problem ^^. On a side note, please make sure your register code uses md5($password) and your login code uses md5($password). This ensures that if anyone decides to hack into your database, they can't read passwords in plain text. Also, what's your website? I'd like to see

Dear The Doctor, Thank you so much for your script. Sadly i do not want to tell anybody any of my websites. I do not want people to remember me.

**John** · 11-02-2013, 08:50 AM

Originally Posted by Niko

Dear The Doctor, Thank you so much for your script. Sadly i do not want to tell anybody any of my websites. I do not want people to remember me.

Your code is vulnerable to SQL injections, if I was you, I'd set a protected IP just in case someone tries to hack you.

Other than that, I discourage the use of copy/paste of scripts when learning, even variables... It's always good to read and type than to CTRL-C/V.

On another note, I'd like to point out that you should use more protection with more identification types, including POST, GET, a time stamp and a salt... If it's a single server communicator for MySQL you can also check for the IP address of the one connecting to the page, so this way it redirects him if he's on another PC.

Looking forward to see more of your scripts.

**Redrust** · 11-04-2013, 11:43 AM

One question, why is this under NPC Scripting? This forum really needs a programming sub-topic.

Thread: Help with php.

Thread Tools

Search Thread

Display

Help with php.

Tags for this Thread

Posting Permissions