Honesty Rocks! truth rules.

Login Script

HOME      >>       Programming

Eggie

I have another question---
i downloaded script of a game and it worked until my server changed to newer version of php after which it didn't work...
the most probable reason is that globals are not enabled...
now i need someone who can tell me what to put instead of what to make it work...
this is my login.php script

<?php $title = "Login"; if (!$user || !$pass) { include("head.php"); print "Please fill out all fields."; include("foot.php"); exit;}include("head.php");$password = md5($pass);$password2 = md5($password);$password3 = md5($password2);$password4 = md5($password3);$password5 = md5($password4);$logres = mysql_num_rows(mysql_query("select * from players where user='$user' and pass='$password5'"));$stat = mysql_fetch_array(mysql_query("select * from players where user='$user' and pass='$password5'"));if ($logres <= 0) { print "<br><center>Login failed. If you have not already, please signup. Otherwise, check your spelling and login again.<br><br>"; include("foot.php"); exit;}else{if ($stat['varified'] != 'Yes') { print "<br><center>You cannot loggin until you click the link in your e-mail!<br><br>"; include("foot.php"); exit;} else {$password = md5($pass);$password2 = md5($password);$password3 = md5($password2);$password4 = md5($password3);$pass = md5($password4); session_register("user"); session_register("pass"); if ($stat['logins'] == '0') { print "<br><center>Welcome $user, this is your first time logging in. Click <u><a href=help.php>here</a></u> to learn how to play<br><br>"; mysql_query("update players set logins=logins+1 where id=$stat[id]"); } else { print "<br><center>Welcome $user, click <u><a href=news.php>here</a></u> to play<br><br>"; mysql_query("update players set logins=logins+1 where id=$stat[id]"); } }}include("foot.php"); ?>


this is where you enter your username/pass(head.php)
<?php include("config.php"); session_start(); include "java.php";mysql_query("update guests set page='News' where id=$gstat[id]");if (session_is_registered("user") || session_is_registered("pass")) {include("config.php");?><body leftmargin=0 rightmargin=0 onload="window.status='<?php print "$site_com"; ?>'"> <?php print "<br><center><a href=news.php>Click Here To Log back in</a><br><br><a href=logout.php>Log Out</a></center>"; exit;}$ip = "$HTTP_SERVER_VARS[REMOTE_ADDR]";$ctime = time();$bannedip = mysql_fetch_array(mysql_query("select * from banned where ip='$ip'"));if ($bannedip['site'] == 'Yes') {die("You have been banned! Ask the admins if you don't know why.");}$remove_these = array("<", ">", "+","=" ,"-", "--");?><html><head><title><?php print "$title - $site_com"; ?></title><link rel=stylesheet href=style.css></head><body leftmargin=0 rightmargin=0 onload="window.status='<?php print "$site_com"; ?>'"><center><img border="0" src="images/header.png"></center><div align="center"> <center> <table border="0" width="780"> <tr> <td width="800" valign="top"> <div align="left"> <table border="0" width="100%"> <tr> <td width="198%" valign="top" colspan="3"> </td> <tr> <td width="20%" valign="top"> <table border="1" width="100%" bordercolor="<?php print "$table_border"; ?>"> <tr> <td width="20%"> <p align="center">-- <b> Login</b> --</p> </td> </tr> <tr> <td width="20%"> <div align="center"> <center> <table border="0" width="20"> <tr><form method=post action=login.php> <td align="center"><b>Name</b></td> </tr> <tr> <td align="center"><input type=text name=user size="12"></td> </tr> <tr> <td align="center"><b>Password</b></td> </tr> <tr> <td align="center"><input type=password name=pass size="12"></td> </tr> <tr> <td align="center"> <p align="center"><input type=submit value=Login></form></p> </td> </tr> </table> </center> </div> </td> </tr> </table>   <table border="1" bordercolor="<?php print "$table_border"; ?>"> <tr> <td width="20%"> <p align="center">-- <b> Navigation</b> --</p> </td> </tr> <tr> <td width="20%"> - <a href=index.php>News</a><br> - <a href=register.php>Register</a><br><br> - <a href=recovery.php>Password Recovery</a><br> </td> </tr> </table> </td> <td width="60%" valign="top" align="center"> <table border="1" width="100%" bordercolor="<?php print "$table_border"; ?>"> <tr> <td width="100%"> <p align="center">-- <?php print "<b>$title</b>"; ?> -- </td></tr> <tr><td>


and this is code which goes after login.php
only part of it
<?php include("config.php"); session_start(); include "java.php"; include("inc/helpinc.php"); $formbug[0]= '+'; $formbug[1]= '='; ?><div id="overDiv" style="position:absolute; visibility:hidden; z-index:1000;"></div><script language="JavaScript" src="inc/overlib.js"><!-- overLIB (c) Erik Bosrup --></script> <?phpif (!session_is_registered("user") || !session_is_registered("pass")) { print "Sesion has expired."; print "<META http-equiv=refresh content=2;URL=index.php>"; exit;


Eggie

how do you write your login scripts guys?


Feelay

I've made a login-script tutorial in the tutorials section :P check it out. Very simple. it works for php 5. But it don't use 5 md5 hashs xD.. why so many ;) =?


TavoxPeru

If globals are not enabled then you must use the superglobals arrays like $_POST, $_GET, $_SERVER or $_SESSION, so it is very simple to make your script works again, simply add the superglobals to every variable that comes from your login page. For example:

<?php$title = "Login"; if (!$_POST["user"] || !$_POST["pass"]) { include "head.php"; print "Please fill out all fields."; include "foot.php"; exit;}?>
Here I use $_POST because it is the method that you use in your form, if you use GET then you will use $_GET instead.

Now, register_globals is the directive that controls this functionality and it is Off by default and also it is recommended that you don't turn it On because it can lead to security problems.

; You should do your best to write your scripts so that they do not require; register_globals to be on; Using form variables as globals can easily lead
; to possible security problems, if the code is not very well thought of.

Checking at your code i see that you use sessions, in this case, you must start your sessions before any other code in your scripts, like:
<?php session_start();include "config.php";include "java.php";?>
Another thing here is that you don't need to use parenthesis with include, include_once, require or require_once because they are not necessary, still it is valid.

Best regards,

Eggie

so...when someone enters username/pass in login.php...wht do i need to do next??
how do i send info to session_start to start the session with only that guys information??

EDIT: whats wrong with this....

<?session_start();if(!session_is_registered(myusername)){header("location:main_login.php");}else{$host="localhost"; // Host name$username="eggie_asa"; // Mysql username$password="asa"; // Mysql password$db_name="eggie_asa"; // Database name$tbl_name="members"; // Table name// Connect to server and select databse.mysql_connect("$host", "$username", "$password")or die("cannot connect");mysql_select_db("$db_name")or die("cannot select DB");if(session_is_registered(myusername)) mysql_query("select * from char where user=="$myusername");echo'$char['bike']';?><html><body>Login Successful</body></html>}

Parse error: syntax error, unexpected T_VARIABLE in /home/eggie/public_html/login_success.php on line 18

how do i print out something that is in table 'char' under column 'bike'... where column user is "myusername" which is inputed in other page...not the one it should be printed out

pyost

<?session_start();if(!session_is_registered(myusername)){header("location:main_login.php");}else{$host="localhost"; // Host name$username="eggie_asa"; // Mysql username$password="asa"; // Mysql password$db_name="eggie_asa"; // Database name$tbl_name="members"; // Table name// Connect to server and select databse.mysql_connect($host, $username, $password)or die("cannot connect");mysql_select_db($db_name)or die("cannot select DB");$result = mysql_query("select * from `char` where `user` = '$myusername'");$char = mysql_fetch_array($result);echo $char['bike'];?><html><body>Login Successful</body></html>}

Try this.

Eggie

it doesn't work...it prints out only

Login Successful

and btw how do i print out that string and after " is your bike"...i changed it to
echo '$char['bike'] is your bike ';
and
echo "$char['bike'] is your bike";
and that didn't work...

pyost

If the MySQL query is valid, and returns one row, this should work:

echo $char['bike'] . ' is your bike';


Eggie

i checked if there was ynthing in $myusername string...and there's nothing...so...how do i take a information which is typed in form in my login page and use it in other pages on my website??'SOLVED...close it and mark as solved