[Resolved] If statements

benson

I have this code

<?php
session_start();
ob_start(); 
include 'includes/db.php'; 

if($_REQUEST['cookie'] == "yes")
	{
	$nicknaam = $_REQUEST['nick'];
	$pasword = $_REQUEST['pas'];
	echo $nicknaam."|".$pasword;
	}
else
	{
	$nicknaam = $_POST['nicknaam']; 
	$paswoord = $_POST['paswoord']; 
	if((!$nicknaam) || (!$paswoord))
		{ 
    		echo "Vul al de informatie in .<br />"; 
    		exit(); 
		} 
	$pasword = md5($paswoord); 
	}
// check if the user info validates the db 
$sql = mysql_query("SELECT * FROM users WHERE nicknaam='$nicknaam' AND paswoord='$pasword'") or die(mysql_error());    

$login_check = mysql_num_rows($sql);    

if($login_check > 0){    

    $row = mysql_fetch_array($sql); 
        // Register some session variables! 
	$_SESSION['nick'] = $row['nicknaam'];  

        $_SESSION['lvl'] = $row['user_level'];
	$_SESSION['usid'] = $row['userid'];
	$userid = $row['userid']; 
	$time = time();
	$_SESSION['stamp'] = $time;
	if($row['cookie'] == "1")
	{
		if($_COOKIE['streetfreaks'] == "")
		{
		$value = $row['nicknaam']."|".md5($row['paswoord']);
		setcookie ("streetfreaks", $value, time()+3600*24*355);
		}
		else
		{
		}
	}
	else
	{
	}
        mysql_query("UPDATE users SET lastvisit=now(), logstamp='$time'  WHERE userid='$userid'") or die(mysql_error());
	mysql_close();   

        header("Location: index2.php?".SID); 
    }
else { 
    echo "Je hebt niet kunnen inloggen, waarschijnlijk ben je nog niet lid.<br />";
} 
?>

i acces the page with the var cookie = "yes" and the others are present too. (and correct)
But when i execute this it will always say "Je hebt niet kunnen inloggen, waarschijnlijk ben je nog niet lid"

What am i doing wrong on this one ?

TTT

didn't notice that anything is wrong, did you check what is the value of $login_check? and what does $POST['nicknaam'] print?
if post doesn't work use $GET['nicknaam']

instead you can use

if(mysql_num_rows($sql) != 0){

...
} else {

echo "Je hebt niet kunnen inloggen, waarschijnlijk ben je nog niet lid.<br />";
}

benson

Maybe i have gived an wrong example.

the main goal of the code is too login.

I have one page wich detects if an cookie has been stored. if yes then it goes towards the checkuser.php?nick=foo&pas=bar&cookie=yes
but if someone does not want's an cookie it goes to an login page and enters the nick and pas and then goes too checkuser.php

I hope you understand. In the last scenario it works but with "cookie=yes" it won't.

leatherback

Hi,

You never set the 'pas', if I am correct.

benson

I think all the trouble lies in this piece of script:

if($_REQUEST['cookie'] == "yes") 
    { 
    $nicknaam = $_REQUEST['nick']; 
    $pasword = $_REQUEST['pas']; 
    echo $nicknaam."|".$pasword; 
    } 
else 
    { 
    $nicknaam = $_POST['nicknaam'];  

    $paswoord = $_POST['paswoord'];  

    if((!$nicknaam) || (!$paswoord)) 
        {  

            echo "Vul al de informatie in .<br />";  

            exit();  

        }  

    $pasword = md5($paswoord);  

    }

The first if stament is correct (in the url "cookie=yes" has been passed.
And the echo is correct too.

leatherback

Hehe,

you are right I think I have it:

$pasword = md5($paswoord);

is missing
Your pas is not md5() encoded in the link, but is in the database. So you will never have any results.

benson

lol sorry for that.
I always md5 encode paswords in my cookies.
For security reasons the pasword is md5 encoded through the link.

leatherback

Did this solve the problem? If so: Please mark the thread resolved! (See link at bottom of thread)

Groet,

Jelle.

benson

nope it didn't

i will start over again trying too explain it in a better way.

Users can select if they want too be always logged in or not.
if yes there will be a cookie stored on the machine with his nickname and his md5 encoded pasword.

Then if they pay an next visit this code wil be executed:

if($_COOKIE['streetfreaks'] != "")
	{
	$arr = explode("|", $_COOKIE['streetfreaks']);
	$locstring = "checkuser.php?nick=".$arr[0]."&pas=".$arr[1]."&cookie=yes";
	header("location: $locstring");
	}

This code send them too checkuser.php
Which can be looked at at the above posts.

This script (checkuser.php) serves two ffunctions:
1) too log people in using the conventional method (enter the pas and nick manualy)
2) log the people in using the cookie stuff.

The problem is: When i have an cookie set he will not log in.
But when i use the convetntional method it will.

What am i doing wrong ?

benson

ohwja,
Groet terug uit het besneeuwde Tjalleberd.
(Mijn zus heeft ook in enschede gewoont!)

leatherback

Hey,

Have you tried echo "SELECT * FROM users WHERE nicknaam='$nicknaam' AND paswoord='$pasword'";
and checking the query? After that, you can copy & past this code into your databaseadmin (phpmyadmin?) and see wether it returns records. If it does, then the logic further down is busted. But I think you'll find the error when you echo the query.

benson

that did it.

It seems that there has been an different string stored in the cookie than it should be.
$value = $row['nicknaam']."|".md5($row['paswoord']);
That didn't worked proper.
i think it made an md5 hash of this:$row['paswoord'] isntead of the real pasword.

Thnx for the reply's.
and i will try too get the rest working.