It is currently Thu Mar 28, 2024 9:32 am


All times are UTC


Forum rules


Please click here to view the forum rules



Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: a loginpage for members only, but it doesn't work yet
PostPosted: Tue Jan 03, 2006 10:58 am 
Noobie
Noobie

Joined: Mon Jan 02, 2006 7:24 pm
Posts: 2
Hi there!
I'm trying to make an login page where members can login. It doesn't work yet, so I hope someone can help me out.
Here's my script:

<?php
/* Program: Login.php
* Desc: Login program for the Members Only section
*/
session_start();
include("jc.inc");
{
mysql_connect($host,$user,$password);
}

$sql = "SELECT loginName FROM Member
WHERE loginName='$_POST[fusername]'";

if ($num == 1) // login name was found
{
$sql = "SELECT loginName FROM Member
WHERE loginName='$_POST[fusername]'
AND password=md5('$_POST[fpassword]')";
$result2 = mysql_query($connection,$sql)
or die("Couldn't execute query 2.");
$num2 = mysql_num_rows($result2);
if ($num2 > 0) // password is correct
{
$_SESSION['auth']="yes";
$logname=$_POST['fusername'];

mysql_query($connection,$sql) or die("Can't execute query.");
header("Location: http://www.centelleo.mygb.nl/");
}
else // password is not correct
{
unset($_GET['do']);
$message="The Login Name, '$_POST[fusername]'
exists, but you have not entered the
correct password! Please try again.<br>";
include("login_form.inc");
}
}
elseif ($num == 0) // login name not found
{
unset($_GET['do']);
$message = "The Login Name you entered does not
exist! Please try again.<br>";
include("login_form.inc");
}

?>

In jc.inc are my passwords and inlognames, I know they are correct.
In login_form.inc is a tabel to login.

When I go to the page, it says ""The Login Name you entered does not exist! Please try again. ", although I haven't fill in anythin yet.
When I try to login, it shows after I logged in that the page can not be displayed.
Help, what am I doing wrong?
thanks in advance,
moos


Top
 Profile  
 
 Post subject:
PostPosted: Tue Jan 03, 2006 12:14 pm 
Posts like crazy!
Posts like crazy!

Joined: Mon Sep 26, 2005 5:03 pm
Posts: 204
Location: The Netherlands
Quite some errors, besides that you didnt select a db.. again. I mostly took the syntax errors out. And I still think you got the login infromation wrong.

ALSO IMPORTANT!

I do not advise you to use .inc for your includes.... Because you did I do now know your password! The server does not know what to do with .inc files and just outputs the text within. So I just have to go to the files and now all your info.. just use .php so the info will not be shown. (And change your password)

ps. Hoi nederlander ;)

Code:
<?php
/* Program: Login.php
* Desc: Login program for the Members Only section
*/
session_start();
include("jc.inc");
$connect = mysql_connect($host,$user,$password);
mysql_select_db($database, $connect);

$sql = "SELECT loginName FROM Member
WHERE loginName= '".$_POST[fusername]."'";

if ($num == 1) // login name was found
{
   $sql = "SELECT loginName FROM Member
   WHERE loginName= '".$_POST[fusername]."'
   AND password=md5('".$_POST[fpassword]."')";
   $result2 = mysql_query($sql) or die("Couldn't execute query 2.");
   /*where did you get '$connection' from? besides if there is only 1    connection this isn't needed. (and the syntax was wrong ;) )*/

   $num2 = mysql_num_rows($result2);
   if ($num2 > 0) // password is correct
   {
      $_SESSION['auth']="yes";
      $logname=$_POST[fusername];

      mysql_query($sql) or die("Can't execute query."); /*what is this suppose to do?*/
      header("Location: http://www.centelleo.mygb.nl/");
   }
   elseif ($num == 0) // login name not found
   {
      unset($_GET['do']);
      $message = "The Login Name you entered does not exist! Please try again.<br>";
      echo $message;
      include("login_form.inc");
   }
   else // password is not correct
   {
      unset($_GET['do']);
      $message="The Login Name, '".$_POST[fusername]."' exists, but you have not entered the correct password! Please try again.<br>";
      echo $message;
      include("login_form.inc");
   }
}

?>


Last edited by Revaroo on Tue Jan 03, 2006 12:36 pm, edited 2 times in total.

Top
 Profile  
 
 Post subject:
PostPosted: Tue Jan 03, 2006 12:22 pm 
Moderator
Moderator

Joined: Thu Dec 15, 2005 2:59 pm
Posts: 681
Location: England
.inc.php is even more secure :D

_________________
Mountain biking forum ;)
Ponds and fishkeeping :D


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ]  Moderators: fhmagic, KJ, Moderators, Support Team

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
100WebSpace © 2011