Show DevBest Login page [PHP]

[Sisija]

What you need is

Xampp
And a mind >


Copy and paste this

<?php session_start(); ?>
<html>
<head/>
<body>
<form action='index.php?login=yes' method=post>
Username: <input type=text name='user'><br/>
password: <input type=password name='pass'><br/>
<input type=submit value='go!'>
<form>

<?php

    $user=$_POST['user'];
    $pass=$_POST['pass'];
    $login=$_GET['login']'
 
   if ($login=='yes'){
           $con=mysql_connect('5.50.230.66,'site',
           mysql_select_db(''login'')

          $get=mysql_query('SELECT count(id) FROM login WHERE user='$user' and pass='$pass'');
          $result=mysql_result($get, 0);

          mysql_close($con);

         if ($result!=1) echo ''login failure!'';
         else{
               echo ''login succsess!''
                $_SESSION['user']=$user;
         };
    };
?>

</body>

 

[Kryptos]

Very nice, did you make this?
Also, I see an error in the <head/> shouldn't it be <head> instead of <head/>?

 

[Sisija]

Ok then ty very mutch :] ima make a c++ tut fast

 

[Nick]

id be pretty facinated to see how this works....

$con=mysql_connect('5.50.230.66,'site', 
           mysql_select_db(''login'')

Quite a cupple of errors here ... let me help you with that

Security Issue

$user=$_POST['user']; 
$pass=$_POST['pass'];

Fix

$user=strip_tags(mysql_escape_string($_POST['user'])); 
$pass=strip_tags(mysql_escape_string($_POST['pass']));

Simple Fixs...

mysql_select_db("login", $con);

Iv decided id be here all night editing that... soo here is a clean copy

<?php
session_start();
class DBLink {
    
    ## MySQL CLASS
    var $link;
    
    function Connect() {
        $this->link = mysql_connect("localhost", "root", "");
        if(mysql_error($this->link)) {
            echo mysql_errno();
        } else {
            mysql_select_db("Nick", $this->link);
        }
    }
    
}
$DBLink = new DBLink;

#####################################

$DBLink->Connect();
$req = $_GET['req'];
switch($req) {
    case "login":
        $username = strip_tags(mysql_escape_string($_POST['username']));
        $password = strip_tags(mysql_escape_string(md5($_POST['password'])));
        
        // Step 1...
        $sql_1 = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
        if(mysql_num_rows($sql_1) <= 0) {
            header("Location: index.php?error=1");
        } else {
            $_SESSION['username'] = $username;
            $_SESSION['password'] = $password;
            $sql_2 = mysql_query("SELECT * FROM users WHERE username = '$_SESSION[username]' AND password = '$_SESSION[password]'");
            if(mysql_num_rows($sql_2) <= 0) {
                session_destroy();
                header("Location: index.php?error=2");
            } else {
                echo("Logging in...");
                header("Refresh: 2;cp.php");
            }
        }
    break;
?>

 

[RastaLulz]

Eh, this is a pretty useless tutorial as it explains nothing, and is simply a copy and paste. It's also missing a database, etc.

 

[Nick]

Ill write up a tutorial for a login tonight or tomorrow

 

[Roper]

There are many errors within this, which is why it shouldn't be used.

 

[StrongFaith II]

Very nice try !

 

[Benden]

Why bring back an old thread and so i dont get a warning its a nice try fix the security issues and repost

 

[Shockwave]

Obviously not Sisija. Sisija wouldn't make this many errors when he Releases stuff. :l

 

[Notice]

you wont know anyone makes his first mistake

 

[Jonty]

Sisija failed anyway, so it's probably him lmao

 

[Mastah]

jonty can you stop flaming on others work he did his best

[MOD] Thread closed - flaming will lead to spam [/MOD]