Jump to content
xisto Community
Eggie

Need Help With My Login Script If someone could look this script over

By Eggie, in Programming

Recommended Posts

Eggie    0

Eggie
Posted

Can someone look this script over??
ever time i put something in any of inputs,it sends me back to /index.php?invalid=invalid+username/password which can be found in validate.php

HERE is link to the site so you can try entering anything


I created user manually
username:Administrator
password:Xisto
so you can try logging in too

this is index.php


require 'require.inc.php';   // Unset all of the session variables. @session_unset(); // Finally, destroy the session. @session_destroy(); /* if ($_GET('signup')) { error("SIGNUP");	echo "Error Checking<br>";	while(list($name, $value) = each($signup)) { [tab][/tab]  echo "$name - $value<br>";	} } */  [tab][/tab]if (@$signup) {		[tab][/tab]if (@$signup[repassword] != @$signup[password]) {	[tab][/tab][tab][/tab]$err_msg = "Your passwords do not match."; error($err_msg);	[tab][/tab]}		[tab][/tab]if(!eregi("^[_\.0-9a-z-]+$",@$signup[username])) {	[tab][/tab][tab][/tab]$err_msg = "Invalid Username! Usernames can consist of letters and numbers only."; error($err_msg);   [tab][/tab] }	[tab][/tab]if(!eregi("^[_\.0-9a-z-]+$",@$signup[password])) {	[tab][/tab]   $err_msg = "Invalid Password!  Passwords can consist of letters and numbers only.";	[tab][/tab]} [tab][/tab]  if(!@$signup[password] || !@$signup[username] || !@$signup[email] || !@$signup[username]) { [tab][/tab][tab][/tab][tab][/tab]$err_msg = "Oops! You forgot some important fields!"; }  [tab][/tab]  if (mysql_num_rows(mysql_query("Select username from $user_table where username = '$signup[username]'")) > 0) { [tab][/tab][tab][/tab]  $err_msg = "Oops! Someone already has that username."; [tab][/tab]   }  [tab][/tab]  if (!@$err_msg) {	srand((double)microtime()*1000000);	$acode = rand(100000, 199999);  [tab][/tab]$usercheck = @mysql_query("INSERT INTO $user_table (username, realname, email, password, verified, activationcode, type, points, joindate) values('$signup[username]','$signup[rname]', [tab][/tab][tab][/tab]  '$signup[email]','$signup[password]', 'n', $acode, 'free', $signPoints, ".time().")"); [tab][/tab][tab][/tab]   [tab][/tab][tab][/tab][tab][/tab]// done, you are entered correctly, Now Enter the points and URL info [tab][/tab][tab][/tab][tab][/tab] [tab][/tab]    [tab][/tab]   [tab][/tab][tab][/tab]$sql = "Select userid from $user_table where username='$signup[username]'";  [tab][/tab][tab][/tab]$result = mysql_query( $sql ); [tab][/tab][tab][/tab][tab][/tab]if ( $result != false ) [tab][/tab][tab][/tab][tab][/tab][tab][/tab]{ [tab][/tab][tab][/tab][tab][/tab]while ( $data = mysql_fetch_assoc( $result ) ) [tab][/tab][tab][/tab][tab][/tab]{ [tab][/tab][tab][/tab][tab][/tab][tab][/tab]$point_set = $data['id']; [tab][/tab][tab][/tab] [tab][/tab][tab][/tab][tab][/tab][tab][/tab]} [tab][/tab][tab][/tab][tab][/tab]} else { [tab][/tab][tab][/tab][tab][/tab][tab][/tab]echo mysql_error(); [tab][/tab][tab][/tab][tab][/tab]}[tab][/tab]  [tab][/tab]    [tab][/tab][tab][/tab]    [tab][/tab][tab][/tab][tab][/tab]   [tab][/tab]if (!@$usercheck) { [tab][/tab][tab][/tab][tab][/tab] $err_msg = "Database error:<br>There was an error entering your account.<br>It is possible that username already exists, please try another one.<br>"; [tab][/tab][tab][/tab][tab][/tab] }   else { [tab][/tab][tab][/tab][tab][/tab] [tab][/tab]include ("reg.php");  [tab][/tab][tab][/tab][tab][/tab] [tab][/tab]exit; [tab][/tab][tab][/tab][tab][/tab] [tab][/tab]} [tab][/tab][tab][/tab] } [tab][/tab][tab][/tab] if (!@$err_msg) { [tab][/tab][tab][/tab][tab][/tab]// done, you are entered correctly  [tab][/tab][tab][/tab] } } else {   } ?> <html>  <head><title>	<? echo $title; ?> - Surf Exchange Engine   </title> <META NAME="keywords" CONTENT="free surf manual surf exchange money get paid traffic visitors hits"> <META NAME="description" CONTENT="Generate crazy hits to your website by visiting others, and earning money!"> </head>   <META content="text/html; charset=windows-1252" http-equiv=Content-Type> <BODY aLink="#333333" bgColor="white" link="#333333" text="#000000" vLink="#333333"> <basefont face='tahoma'><table width=100% background='images/1.jpg' cellpadding="0" cellspacing="0" style="background-repeat: no-repeat">   <tr valign="middle">  [tab][/tab]<td colspan="2" valign='middle'> <br> [tab][/tab]  <blockquote> <b><font face="Verdana, Arial, Helvetica, sans-serif" color="#000099" size=6>  [tab][/tab][tab][/tab]<? echo $title; ?></font></b> </blockquote> [tab][/tab]</td>   </tr>   <tr>  [tab][/tab]<td width=60% bgcolor="#FFFFFF" align="center"><small>(<a href='reset.php'>I've lost my password</a>)</small></td> [tab][/tab]<td width="40%" align="right" class="nowrapbg" background="images/logback.jpg" style="background-repeat: no-repeat"><small>  [tab][/tab]  <form action='validate.php' method=post> [tab][/tab][tab][/tab]<font size="2">Username:  [tab][/tab][tab][/tab]<input name="uname" type="text" size="6"> [tab][/tab]Password:  [tab][/tab]<input name="password" type="password" size="7"> [tab][/tab]<input type="image" border="0" name="imageField" src="images/arrow.gif" width="17" height="17"> [tab][/tab]</font>  [tab][/tab]  </form> [tab][/tab]  </small></td>   </tr> </table><font color=red><? echo @$invalid; echo "<br>"; ?></font>  <? echo $mainText; ?> <? if (@$err_msg) echo "<br><font color=red size=2>$err_msg</font><br>"; ?> [tab][/tab][tab][/tab][tab][/tab][tab][/tab]  <form name="form"  action="<? echo $PHP_SELF; ?>" method="POST"> <input type="hidden" name="signup" value="true">[tab][/tab][tab][/tab][tab][/tab][tab][/tab]     <table width=100% cellpadding="2" cellspacing="0" align=center> [tab][/tab][tab][/tab][tab][/tab][tab][/tab][tab][/tab]   [tab][/tab]<tr>  [tab][/tab]  <td colspan=2 bgcolor="#CCCCFF"><b>Please Enter Your  [tab][/tab][tab][/tab]Information:</b></td> [tab][/tab]<tr><td>Real Name:</td><td><input type="text" name="signup[rname]" maxlength="36" size="25" value="<? echo @$signup[rname]; ?>"></td></tr><tr><td> E-mail:</td><td><input type="text" name="signup[email]" maxlength="255" size="25" value="<? echo @$signup[email]; ?>"></td></tr> [tab][/tab]<tr>  [tab][/tab]  <td colspan = 2 bgcolor="#CCCCFF"> <b>Please supply  [tab][/tab][tab][/tab]a Username and Password</b></td> [tab][/tab]</tr><tr><td> Username:</td><td>  <input type="text" name="signup[username]" maxlength="10" size=25 value="<? echo @$signup[username]; ?>"></td></tr><tr><td> Password:</td><td> <input type="password" name="signup[password]" maxlength=10 size="25"></td></tr><tr> <td> Re-Enter Password:</td><td>   <input type="password" name="signup[repassword]" size=25></td></tr> [tab][/tab]<tr align="center">  [tab][/tab]  <td colspan=2>Press the button below ONCE to continue the process it will  [tab][/tab][tab][/tab]take a few seconds, please be patient! </td> [tab][/tab]</tr> [tab][/tab]<tr align="center">  [tab][/tab]  <td colspan=2>  [tab][/tab][tab][/tab]<input name="submit2" type="submit" value="Signup"> [tab][/tab]  </td> [tab][/tab]</tr></table></form> <tr><td width="800" align="center"> <CENTER>  <table> <tr>   <td class="font" align=center><a href="contact.php" target=_blank>-contact us-</a>  <a href="privacy.htm" target="_blank">-privacy policy-</a>  <a href="spam.htm" target="_blank">-spam policy-</a><br> [tab][/tab][tab][/tab][tab][/tab]This has been a Sabu production</td> [tab][/tab][tab][/tab]</tr>  </table>  </CENTER></td></tr> </body></html>







this is validate.php
session_start(); [tab][/tab][tab][/tab]require 'dconn.php'; $connection = mysql_connect($db_server, $db_user,$db_pass) or die(mysql_error()); [tab][/tab]mysql_select_db($db_name, $connection) or die(mysql_error());  [tab][/tab]$uname = $_POST['uname']; [tab][/tab]$password = $_POST['password'];  [tab][/tab]//set up the query [tab][/tab]$query = "SELECT * FROM $user_table WHERE username='$uname' AND password='$password'"; [tab][/tab][tab][/tab][tab][/tab] [tab][/tab]//run the query and get the number of affected rows   [tab][/tab]$result = mysql_query($query, $connection) or die('error making query'); [tab][/tab]$affected_rows = mysql_num_rows($result);  [tab][/tab]//if there's exactly one result, the user is validated. Otherwise, he's invalid [tab][/tab]if($affected_rows == 1) { [tab][/tab] [tab][/tab][tab][/tab][tab][/tab][tab][/tab]$_SESSION['letmein'] = true; [tab][/tab][tab][/tab][tab][/tab][tab][/tab]$result = mysql_query("SELECT userid, verified, username AS uuname FROM $user_table where username='$uname'",$connection); [tab][/tab][tab][/tab][tab][/tab][tab][/tab]if ($myrow = mysql_fetch_array($result)) {  [tab][/tab][tab][/tab][tab][/tab][tab][/tab][tab][/tab]$_SESSION["id"]=$myrow['userid']; [tab][/tab][tab][/tab][tab][/tab][tab][/tab]   if ($myrow["verified"] == 'n') { [tab][/tab][tab][/tab][tab][/tab][tab][/tab][tab][/tab]   die("You have not yet verified your account."); [tab][/tab][tab][/tab][tab][/tab][tab][/tab]   } [tab][/tab][tab][/tab][tab][/tab][tab][/tab] [tab][/tab][tab][/tab][tab][/tab][tab][/tab][tab][/tab][tab][/tab][tab][/tab]$_SESSION["username"]=$myrow['uuname'];  [tab][/tab][tab][/tab][tab][/tab]  header("Location: start.php?option=main");  [tab][/tab][tab][/tab][tab][/tab][tab][/tab][tab][/tab]} else {  [tab][/tab][tab][/tab][tab][/tab][tab][/tab][tab][/tab][tab][/tab]echo "Sorry, no records were found!";[tab][/tab]  [tab][/tab][tab][/tab][tab][/tab][tab][/tab][tab][/tab]} [tab][/tab][tab][/tab] [tab][/tab][tab][/tab] [tab][/tab][tab][/tab]}  else { [tab][/tab][tab][/tab]echo mysql_error(); [tab][/tab][tab][/tab]header ("Location: index.php?invalid=invalid+username/password"); [tab][/tab]} ?>

Share this post

Link to post
Share on other sites

Eggie    0

Eggie
Posted

Maybe this can help,or is there something wrong with this??

require.inc.php

global $username;require 'dconn.php';session_start();$username = @$_SESSION["username"];$connection = mysql_connect($db_server, $db_user, $db_pass) or die(mysql_error());mysql_select_db($db_name, $connection) or die(mysql_error());.....variables.....function footer() { ?> <CENTER> <table><tr>  <td class="font" align=center><a href="start.php?option=contact">-contact us-</a>  <a href="privacy.htm" target="_NEW">-privacy policy-</a>  <a href="spam.htm" target="_NEW">-spam policy-</a><br></td></tr> </table> </CENTER> <?}?>

Share this post

Link to post
Share on other sites

andrewgauger    0

andrewgauger
Posted

Maybe this can help,or is there something wrong with this??
require.inc.php

global $username;require 'dconn.php';session_start();$username = @$_SESSION["username"];$connection = mysql_connect($db_server, $db_user, $db_pass) or die(mysql_error());mysql_select_db($db_name, $connection) or die(mysql_error());.....variables.....function footer() { ?> <CENTER> <table><tr>  <td class="font" align=center><a href="start.php?option=contact">-contact us-</a>  <a href="privacy.htm" target="_NEW">-privacy policy-</a>  <a href="spam.htm" target="_NEW">-spam policy-</a><br></td></tr> </table> </CENTER> <?}?>


after this line:
header("Location: start.php?option=main");
put:
exit;

You need to end the parsing of the script so it doesn't always send you to index.
PHP.net: header - Manual

Share this post

Link to post
Share on other sites

Eggie    0

Eggie
Posted 
session_start();		require 'dconn.php';$connection = mysql_connect($db_server, $db_user,$db_pass) or die(mysql_error());	mysql_select_db($db_name, $connection) or die(mysql_error());	$uname = $_POST['uname'];	$password = $_POST['password'];	//set up the query	$query = "SELECT * FROM $user_table WHERE username='$uname' AND password='$password'";				//run the query and get the number of affected rows	$result = mysql_query($query, $connection) or die('error making query');	$affected_rows = mysql_num_rows($result);	//if there's exactly one result, the user is validated. Otherwise, he's invalid	if($affected_rows == 1) {					$_SESSION['letmein'] = true;				$result = mysql_query("SELECT userid, verified, username AS uuname FROM $user_table where username='$uname'",$connection);				if ($myrow = mysql_fetch_array($result)) {					$_SESSION["id"]=$myrow['userid'];				   if ($myrow["verified"] == 'n') {					   die("You have not yet verified your account.");				   }											$_SESSION["username"]=$myrow['uuname'];			  header("Location: start.php?option=main"); 						  exit();					} else {						echo "Sorry, no records were found!";						}						}  else {		echo mysql_error();		header ("Location: index.php?invalid=invalid+username/password");	}?>

so you think only this will settle everything??
thanks...Eggie

Share this post

Link to post
Share on other sites

yordan    10

yordan
Posted

For debugging purposes, you should put some intermediate printouts, in strategic places, and show us the text coming out, so we can see where your prog is passing through, and maybe understand what is going wrong.

Share this post

Link to post
Share on other sites

Eggie    0

Eggie
Posted (edited)

What kind of printouts ?and where should these printouts be?If anyone is interested in helping,please contact me on my email or PM me,you will get an reward for doing this :)...thanks,Eggie

Edited by Eggie (see edit history)

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept