My login isnt validating the login....

buddysal

when i go to login i can type in anything and it will send me to the members area. even if the user name or password doesnt exist... I have it done on 2 pages because i have a quick login on the index.php then the processor in login.php... below are the codes from both pages...

Here is whats on my index for quick login

<?PHP
if (count ($errors) > 0)
{
$n = count ($errors);
for ($i = 0; $i < $n; $i++)
print $errors[$i];
}
?>
<form action="login.php" method="POST">
                            <p><font size="2">Enter Username</font><br>
                            <input type="text" size="15"
                            name="username" value="<?PHP if (isset ($p
['username'])) print $p['username']; ?>" 
                            style="background-color: #DFDFDF"
                            style="border: thin solid #CDCDCD"
                            style="color: #626262"
                            style="letter-spacing: -1px"><br>
                            <font size="2">Enter Password</font><br>
                            <input type="password" size="15"
                            name="password" value="<?PHP if (isset ($p
['password'])) print $p['password']; ?>"
                            style="background-color: #DFDFDF"
                            style="border: thin solid #CDCDCD"
                            style="color: #626262"
                            style="letter-spacing: -1px"><br>
                            <input type="submit" name="B1"
                            value="Login Now"
                            style="background-color: #DFDFDF"
                            style="border: thin solid #CDCDCD"><p>
                        </form>

Here is whats on my login.php (the login processor)

<?PHP
$_GET['$username'];
$_GET['$password'];
?>
<?PHP
function validate_user ($username, $password)
{
return true;
}

$errors = array();
$p =& $_POST;

if (count ($errors) == 0)
{

if (!isset ($p['username']) || (trim ($p['username']) == ''))
$errors[] = 'You must enter a username!';
elseif ((strlen ($p['username']) < 5) ||
(ereg ('[^a-zA-Z0-9]', $p['username'])))
$erros[] = 'You did not enter a valid username. Usernames must 
be atleast 5 charactars long and contain only letters and 
numbers';

if (!isset ($p['password']) || (trim ($p['password']) == ''))
$errors[] = 'You must enter a password!';
elseif ((strlen ($p['password']) < 5) ||
(ereg ('[^[:alnum:][:punct:][:space:]]', $p['password'])))
$erros[] = 'You did not enter a valid password. Passwords must 
be atleast 5 charactars long and contain only letters, numbers, 
punctuation, spaces';

if (count ($errors) == 0)
{

$user = "buddysal_admin";
$pass = "3585835";
$db = "buddysal_MEMBERS";
$link = mysql_connect( "localhost", $user, $pass );
mysql_select_db( $db, $link );

$query = mysql_query("SELECT * FROM MEMBERS WHERE 
username=['$username'] AND password=['$password']");
if (! $query ) {
print "<font size=2>Login was a success!</font>";
}
else 
{
print "<font size=2>Login Failed. Try again.</font>";
}
}
}
?>

I have no idea where im messing up, any help will be appriciated oh and how do u do a redirect? like if (! $login ) { print bleh bleh redirect=members.php; }

thank you

WinterDragon

Try this, here is a function i created the returns either 0 or 1, depending on if it worked or didn't work...
You will probably need to change it due to the fact that you're not using text files. But like for instance do this...

function checkLogin($name, $pass) {
#The path to the users directory.
$USERS_PATH = "members/";
#The extension of the files.
$USER_EXT = ".txt";
$filename = $USERS_PATH . $name . $USER_EXT;
if(file_exists($filename)) {
$test = 1;
$info = retrievePlayer($filename);
if($pass == $info[1]) {
$test = 1;
} elseif($pass != $info[1]) {
$test = 0;
}} elseif(!file_exists($filename)) {
$test = 0;
}
return $test;
}

then call the function and use it like this...

if(checkLogin($username, $password)) {
echo "Login was good.<Br>";
} elseif(!checkLogin($username, $password)) {
echo "Login was no good! You screwed up somewhere!<br>";
}

Hrm, If it does pass the test, then you would use include("something.php");
Depending on what you want... just a small function for flat files, you can change it to accomodate you like you see fit.

buddysal

so basically where the checker is looking for the users in a text file, id just replace that wil a mysql_query()?

WinterDragon

Well its like this...

read all the information from the database, then grab the password and compare the one the person entered with the password from the database. like...

if($password == $databasePassword) {
echo "You're good to go!";
} elseif($password != $databasePassword) {
echo "ITS WRONG!";
}

But get the information from the database... first hehe, btw, also try md5'ing the pw in both areas... mmmm security

buddysal

oo yes thanks for reminding me... i dont really know how to use md5ing the password, like on login do you have to do a md5_decode or can you just put the lgoin password field to submit as md5 and match the codes and if passwords match md5 continue login....

I have also thought about using your idea and using something like this. dunno if it would be easier or not though...

$uservalidate = mysql_fetch_row("SELECT * FROM MEMBERS WHERE username=['$username']");

$password = $uservalidate['1'];

$query = mysql_query("SELECT * FROM MEMBERS WHERE username=['$username'] AND password=['$password']");
if (! $query == true ) {
session_start();
session_register['$username'];

print "User login was a success, Click Here to continue to  your members area";
} else {
print "Sorry Username or Password returned 0 matches, Please check your username and password and try again. Or Cick Here to get a username and password free";
}

WinterDragon

well you might either put the password already md5ed into the database, then md5 it when they type it in, then test it out...

so put it in the database already ran through md5, then when the person enters a password, md5 it, then test it against each other to see if it works.

buddysal

ok 😃 oo great i used the above code i wrote and i found out why my login wasn't validating... for some reason its denying my access into the database. errr 😐

buddysal

dang it i broke it again! anyone got a suggestion on whats wrong?

Warning: mysql_fetch_row(): supplied argument is not a valid
MySQL result resource in /home/buddysal/public_html/login.php on line 38
User login was a success, Click Here to continue to your members
area

and its still not validating even after this code was entered...

<?PHP
$username = $_GET['$username'];
$password = $_GET['$password'];
?>
<?PHP
function validate_user ($username, $password)
{
return true;
}

$errors = array();
$p =& $_POST;

if (count ($errors) == 0)
{

if (!isset ($p['username']) || (trim ($p['username']) == ''))
$errors[] = 'You must enter a username!';
elseif ((strlen ($p['username']) < 5) ||
(ereg ('[^a-zA-Z0-9]', $p['username'])))
$erros[] = 'You did not enter a valid username. Usernames must be atleast 5 charactars long and contain only letters and numbers';

if (!isset ($p['password']) || (trim ($p['password']) == ''))
$errors[] = 'You must enter a password!';
elseif ((strlen ($p['password']) < 5) ||
(ereg ('[^[:alnum:][:punct:][:space:]]', $p['password'])))
$erros[] = 'You did not enter a valid password. Passwords must be atleast 5 charactars long and contain only letters, numbers, punctuation, spaces';

if (count ($errors) == 0)
{

$user = "buddysal_admin";
$pass = "3585835";
$db = "buddysal_USERS";
$link = mysql_connect( "localhost", "buddysal_admin", "3585835" );
mysql_select_db( $db, $link );

$uservalidate = mysql_fetch_row("SELECT * FROM MEMBERS WHERE password");

If (!$password = $uservalidate['1']) {
$query = mysql_query("SELECT * FROM MEMBERS WHERE username = ['$username'] AND password = ['$password']");
if (! $query == true ) {
print "User login was a success, Click Here to continue to  your members area";
} else {
print "Sorry Username or Password returned 0 matches, Please check your username and password and try again. Or Cick Here to get a username and password free";
}
}
}
}
?>