Login and join up page

[j123]

Can you help me i can't get this to work here's the php scripts


login.php:

PHP Code:

<?php


// start session
session_start(); 

include("connect.php");
include("join.php");

function checkLogin()
{
    // convert username and password from _GET to _SESSION
    if($_GET){
      $_SESSION['username']=$_GET["username"];
      $_SESSION['passwort']=$_GET["passwort"];  
    } 
    
    $username = $_SESSION['username'];
    $passwort = $_SESSION['passwort'];
    
    $username = addslashes($username);
    $passwort = addslashes($passwort);
    
    $sql = "SELECT * FROM sys_user WHERE username = '$username' AND (passwort = '".md5($passwort)."' OR passwort = PASSWORD('$passwort'))";
    
    $result=mysql_query($sql);
    if (!$_SESSION['verified'])
    {
        if (( $num = mysql_num_rows($result) ) and ($passwort != ""))
        {
            if ($num != 0)
            {
                $_SESSION['ERROR'] = "";
                $_SESSION['verified'] = 1;
                
                // lets get their e-mail alias.
                $sql = "SELECT user_email FROM isp_isp_user WHERE user_name='$username'";
                $result = mysql_query($sql);
                $_SESSION['email'] = mysql_result($result,0,"user_email");
            } 
        } 
        else 
        {
            $_SESSION['ERROR'] = "login is WRONG!!";
        }
    }
    
    if ($_SESSION['verified'] != 1) $_SESSION['ERROR'] = "Login Failed. <br />";
}


//////////////////////////
// Main Bit Starts Here //
//////////////////////////
//
if ($_SESSION['verified'] != 1 and $_GET['action'] == "login")
    checkLogin(); 
    
if ($_GET['action'] == "logout")
{
    $_SESSION = array();
    session_destroy();
    $_SESSION['ERROR'] = "You have successfully logged out. <BR />";
}
    
if ($_SESSION['verified'] != 1)
{
    // User is NOT logged in, so lets give him a login form...
    echo("<!--Begin Login -->");
    echo("<font color='red'>");
    echo($_SESSION['ERROR']);
    $_SESSION['ERROR'] = ""; // reset the error message if there is one.
    echo("</font><br />");
    echo("<form method=\"GET\" action=\"");
    echo($_SERVER['PHP_SELF']);
    echo("\">");
    echo("Username: <br /><input type=\"text\" name=\"username\" size=\"15\" /><br />");
    echo("Password: <br /><input type=\"password\" name=\"passwort\" size=\"15\" /><br />");
    echo("<input type=\"hidden\" name=\"action\" value=\"login\" />");
    echo("<p><input type=\"submit\" value=\"Login\" /></p>");
    echo("</form>");
    echo("<!--End Login -->");
    } else {
    // if the user IS logged in, give him options here.
    
    // Javascript to make POST data submittable thru link...
    // Web Admin Panel
    echo("<script language='JavaScript' type='text/javascript'>\n");
    echo("<!--\n");
    echo("function submit()\n");
    echo("{\n");
    echo("document.loginform.submit();\n");
    echo("}\n");
    echo("-->\n");
    
    // Mail
    //echo("<script language='JavaScript' type='text/javascript'>\n");
    echo("<!--\n");
    echo("function submit1()\n");
    echo("{\n");
    echo("document.loginform1.submit();\n");
    echo("}\n");
    echo("-->\n");
    
    // PhpMyAdmin
    //echo("<script language='JavaScript' type='text/javascript'>\n");
    echo("<!--\n");
    echo("function submit2()\n");
    echo("{\n");
    echo("document.loginform2.submit();\n");
    echo("}\n");
    echo("-->\n");
    echo("</script>\n");
    ////////////////////////////////////////////////////////////////////
    // Note: Newlines are required, else it screws up the javascript  //
    ////////////////////////////////////////////////////////////////////
    
    echo("<B>Control Panel: </B><BR />");
    
    echo("<form method='POST' target=_blank action='http://www.glorf.com:81/login/login.php' name='loginform'>\n");
    echo("<input type=\"hidden\" name=\"username\" value=\"");
    echo($_SESSION['username']);
    echo("\"><input type=\"hidden\" name=\"passwort\" value=\"");
    echo($_SESSION['passwort']);
    echo("\">");
    echo("</form>");
    echo("<a href='javascript: submit()'>Website Admin Panel</a>\n");

    echo("<form method='POST' target=_blank action='http://www.glorf.com:81/webmail/msglist.php' name='loginform1'>\n");
    echo("<input type=\"hidden\" name=\"f_email\" value=\"");
    echo($_SESSION['email']);
    echo("@glorfy.com\"><input type=\"hidden\" name=\"f_pass\" value=\"");
    echo($_SESSION['passwort']);
    echo("\">");
    echo("</form>");
    echo("<a href='javascript: submit1()'>Web Mail</a><br />\n");
    
    
    echo("<BR /><B>Databases: </B><BR />");
    
    // Now lets get the database names...
    // first that means we need to link the username to a web_id.
    $email = $_SESSION['email'];
    $sql = "SELECT web_id FROM isp_fakt_record WHERE notiz= '$email'";
    $result = mysql_query($sql);
    $_SESSION['web_id'] = mysql_result($result,0,"web_id");
    $web_id = $_SESSION['web_id'];
    
    // now we need to use that to grab all the DB names for displaying.
    $sql = "SELECT datenbankuser FROM isp_isp_datenbank WHERE web_id = '$web_id'";
    $result = mysql_query($sql);
    // now lets loop the results and store them into an array for later display purposes.
    global $dbs, $num_db;
    $num_db = mysql_num_rows($result);
    $dbs = array(30); // a user can't have more than 30 databases :)
    for ($i=0; $i < $num_db; $i+=1)
    {
        $dbs[$i] = mysql_result($result,$i,"datenbankuser");
        echo("<a href=\"http://");
        echo($dbs[$i]);
        echo(":");
        echo($_SESSION['passwort']);
        echo("@www.glorf.com:81/phpmyadmin/index.php");
        echo("\">");
        echo($dbs[$i]);
        echo("</a><br />");
    }
    
    ///////////////////////////////////////
    echo("<hr />");
    echo("<a href=\"");
    echo($_SERVER['PHP_SELF']);
    echo("?action=logout\">logout<br></a>");
} 
mysql_close();
?>

connect.php:

PHP Code:

<?php
// db info
$hostname="localhost";
$mysql_login="jarodco_lg1";
$mysql_password="lg1";
$database="jarodco_board";

if (!($db = mysql_connect($hostname, $mysql_login , $mysql_password))){
  die("Can't connect to mysql.");    
}else{
  if (!(mysql_select_db("$database",$db)))  {
    die("Can't connect to db.");
  }
}
?>

join.php:

PHP Code:

<?php
include("connect.php");
?>
<html>
   <head>
       <title>Registration</title>
   </head>
   <body>
       <form action="<?php $_SERVER['PHP_SELF']."?register=true" ?>" method="post">
           Username: <input type="text" name="username">
           Password: <input type="password" name="password">
           <input type="submit" value="Register">
       </form>
   </body>
</html>

Please Help

[traq]

which part are you having trouble with? can you describe what's not happening correctly, please?

related stuff: you should remove the comment and the whitespace from before your "session_start()" line, so nothing but the php tag comes before:

PHP Code:

<?php
session_start();
// correct
?>

########################

<?php
//not correct!  
//this will cause problems!


session_start();
?>

I would also avoid using $_GET for your login function. It is a security risk.
The way it's written now, you're taking the user input, assigning it a $_SESSION variable and plugging it straight into your database -without even looking at it first. You need to validate it first, or at least apply something like stripslashes().

[j123]

The join.php page it does not create a new user can you help?

[j123]

Is This Better

PHP Code:

<?php
session_start(); 
include("connect.php");
include("join.php");

function checkLogin()
{
    // convert username and password from _GET to _SESSION
    if($_GET){
      $_SESSION['username']=$_GET["username"];
      $_SESSION['passwort']=$_GET["passwort"];  
    } 
    
    $username = $_SESSION['username'];
    $passwort = $_SESSION['passwort'];
    
    $username = addslashes($username);
    $passwort = addslashes($passwort);
    
    $sql = "SELECT * FROM sys_user WHERE username = '$username' AND (passwort = '".md5($passwort)."' OR passwort = PASSWORD('$passwort'))";
    
    $result=mysql_query($sql);
    if (!$_SESSION['verified'])
    {
        if (( $num = mysql_num_rows($result) ) and ($passwort != ""))
        {
            if ($num != 0)
            {
                $_SESSION['ERROR'] = "";
                $_SESSION['verified'] = 1;
                
                // lets get their e-mail alias.
                $sql = "SELECT user_email FROM isp_isp_user WHERE user_name='$username'";
                $result = mysql_query($sql);
                $_SESSION['email'] = mysql_result($result,0,"user_email");
            } 
        } 
        else 
        {
            $_SESSION['ERROR'] = "login is WRONG!!";
        }
    }
    
    if ($_SESSION['verified'] != 1) $_SESSION['ERROR'] = "Login Failed. <br />";
}
if ($_SESSION['verified'] != 1 and $_GET['action'] == "login")
    checkLogin(); 
    
if ($_GET['action'] == "logout")
{
    $_SESSION = array();
    session_destroy();
    $_SESSION['ERROR'] = "You have successfully logged out. <BR />";
}
    
if ($_SESSION['verified'] != 1)
{
    // User is NOT logged in, so lets give him a login form...
    echo("<!--Begin Login -->");
    echo("<font color='red'>");
    echo($_SESSION['ERROR']);
    $_SESSION['ERROR'] = ""; // reset the error message if there is one.
    echo("</font><br />");
    echo("<form method=\"GET\" action=\"");
    echo($_SERVER['PHP_SELF']);
    echo("\">");
    echo("Username: <br /><input type=\"text\" name=\"username\" size=\"15\" /><br />");
    echo("Password: <br /><input type=\"password\" name=\"passwort\" size=\"15\" /><br />");
    echo("<input type=\"hidden\" name=\"action\" value=\"login\" />");
    echo("<p><input type=\"submit\" value=\"Login\" /></p>");
    echo("</form>");
    echo("<!--End Login -->");
    } else {
echo("<script language='JavaScript' type='text/javascript'>\n");
    echo("<!--\n");
    echo("function submit()\n");
    echo("{\n");
    echo("document.loginform.submit();\n");
    echo("}\n");
    echo("-->\n");
    echo("<script language='JavaScript' type='text/javascript'>\n");
    echo("<!--\n");
    echo("function submit1()\n");
    echo("{\n");
    echo("document.loginform1.submit();\n");
    echo("}\n");
    echo("-->\n");
    echo("<script language='JavaScript' type='text/javascript'>\n");
    echo("<!--\n");
    echo("function submit2()\n");
    echo("{\n");
    echo("document.loginform2.submit();\n");
    echo("}\n");
    echo("-->\n");
    echo("</script>\n");
echo("<B>Control Panel: </B><BR />");
    
    echo("<form method='POST' target=_blank action='http://www.glorf.com:81/login/login.php' name='loginform'>\n");
    echo("<input type=\"hidden\" name=\"username\" value=\"");
    echo($_SESSION['username']);
    echo("\"><input type=\"hidden\" name=\"passwort\" value=\"");
    echo($_SESSION['passwort']);
    echo("\">");
    echo("</form>");
    echo("<a href='javascript: submit()'>Website Admin Panel</a>\n");

    echo("<form method='POST' target=_blank action='http://www.glorf.com:81/webmail/msglist.php' name='loginform1'>\n");
    echo("<input type=\"hidden\" name=\"f_email\" value=\"");
    echo($_SESSION['email']);
    echo("@glorfy.com\"><input type=\"hidden\" name=\"f_pass\" value=\"");
    echo($_SESSION['passwort']);
    echo("\">");
    echo("</form>");
    echo("<a href='javascript: submit1()'>Web Mail</a><br />\n");
    
    
    echo("<BR /><B>Databases: </B><BR />");
    $email = $_SESSION['email'];
    $sql = "SELECT web_id FROM isp_fakt_record WHERE notiz= '$email'";
    $result = mysql_query($sql);
    $_SESSION['web_id'] = mysql_result($result,0,"web_id");
    $web_id = $_SESSION['web_id'];
    $sql = "SELECT datenbankuser FROM isp_isp_datenbank WHERE web_id = '$web_id'";
    $result = mysql_query($sql);
purposes.
    global $dbs, $num_db;
    $num_db = mysql_num_rows($result);
    $dbs = array(30); // a user can't have more than 30 databases :)
    for ($i=0; $i < $num_db; $i+=1)
    {
        $dbs[$i] = mysql_result($result,$i,"datenbankuser");
        echo("<a href=\"http://");
        echo($dbs[$i]);
        echo(":");
        echo($_SESSION['passwort']);
        echo("@www.glorf.com:81/phpmyadmin/index.php");
        echo("\">");
        echo($dbs[$i]);
        echo("</a><br />");
    }
    echo("<hr />");
    echo("<a href=\"");
    echo($_SERVER['PHP_SELF']);
    echo("?action=logout\">logout<br></a>");
} 
mysql_close();
?>

[traq]

well, kind of related to the $_GET issue...

your join page form is using the POST method, but your login page is trying to get the information via GET. Change one or the other (preferably change GET to POST).

[j123]

you try making a account then trying to login it does not work:

http://jarodco.me.uk/login/login.php

[JShor]

I get the error Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/jarodco/public_html/login/login.php on line 30 when logging in.

I think what's happening is that you have an incorrect sql query syntax, causing mysql_num_rows(x); to have a null value.

You;re using $_SESSION to get a result, but if there's no session [via the conversion from GET to SESSION, it will have a null result of course.

Try replacing that area of code w/this:

PHP Code:

    // convert username and password from _GET to _SESSION 
    if($_POST){ 
      $_SESSION['username']=$_POST["username"]; 
      $_SESSION['passwort']=$_POST["passwort"];   
    } 


Replace all GET with POST, that's basically it.

HTH

[traq]

Have you tried it out?

Also,

// db info
$hostname="localhost";
$mysql_login="jarodco_lg1";
$mysql_password="lg1";
$database="jarodco_board";

it's best not to post your DB info in public. I'd recommend changing your details now (especially your password).

[j123]

yes i did try it out

[traq]

I'm not sure. Have you looked in your database and verified that the new users are being registered?

I'm not a MySQL buff, but the error message I get

Code:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/jarodco/public_html/login/login.php on line 30

suggests that your query didn't return a valid result. This may be something as simple as a typo, or something worse. I'd suggest you try adding some error checking to your query and see where things go wrong.