[PHP] Problem with login

Status
Not open for further replies.
I

iRawrHotel

Member
Mar 4, 2012
41
0
Hello,
I'm coding a new website,
And i have a login system with a ban.

Below is my code;
PHP: 
if(isset($_SESSION['loggedin']))
{
    die("You are already logged in!
<a href='logged.html'> Go</a>");
} // That bit of code checks if you are logged in or not, and if you are, you can't log in again!
if(isset($_POST['submit']))
{
  $mail = mysql_real_escape_string($_POST['email']); // The function mysql_real_escape_string() stops hackers!
  $name = mysql_real_escape_string($_POST['name']); // The function mysql_real_escape_string() stops hackers!
  $pass = mysql_real_escape_string($_POST['password']); // We won't use MD5 encryption here because it is the simple tutorial, if you don't know what MD5 is, dont worry!
  $user_id = mysql_query("SELECT id FROM users where 'name' = '{$name}'");
  $row1 = mysql_num_rows( $user_id );
  $banned = mysql_query("SELECT * FROM bans WHERE 'user_id' = '{$user_id}'");
  $row2 = mysql_num_rows( $banned );
  $mysql = mysql_query("SELECT * FROM users WHERE name = '{$name}' AND email = '{$mail}' AND password = '{$pass}'"); // This code uses MySQL to get all of the users in the database with that username and password.
  if(mysql_num_rows($mysql) < 1)
  {
        die("Incorrect Login Details");
  } // That snippet checked to see if the number of rows the MySQL query was less than 1, so if it couldn't find a row, the password is incorrect or the user doesn't exist!
  elseif(($row2) == 1 )
  {
  die ("You are currently banned from PitchIT");
  }
  $_SESSION['loggedin'] = "YES"; // Set it so the user is logged in!
  $_SESSION['email'] = $mail; // Make it so the email can be called by $_SESSION['email']
  $_SESSION['name'] = $name; // Make it so the username can be called by $_SESSION['name']
  die("You are now logged in!
  <a href='logged.html'> Go</a>"); // Kill the script here so it doesn't show the login form after you are logged in!
} // That bit of code logs you in! The "$_POST['submit']" bit is the submission of the form down below VV
echo "<form type='index.html' method='POST'>
Name: <br>
<input type='text' name='name'><br>
Email: <br>
<input type='email' name='email'><br>
Password: <br>
<input type='password' name='password'><br>
<input type='submit' name='submit' value='Login'>
</form>";
?>

I've banned my account, however it doesn't show that I'm banned when I try to login.
 
Sort by date Sort by votes
V

ViiTactiiCZz

Member
Mar 19, 2013
35
5
Try
PHP: 
if(isset($_SESSION['loggedin']))
{
    die("You are already logged in!
<a href='logged.html'> Go</a>");
} // That bit of code checks if you are logged in or not, and if you are, you can't log in again!
if(isset($_POST['submit']))
{
  $mail = mysql_real_escape_string($_POST['email']); // The function mysql_real_escape_string() stops hackers!
  $name = mysql_real_escape_string($_POST['name']); // The function mysql_real_escape_string() stops hackers!
  $pass = mysql_real_escape_string($_POST['password']); // We won't use MD5 encryption here because it is the simple tutorial, if you don't know what MD5 is, dont worry!
  $user_id = mysql_query("SELECT id FROM users where 'name' = '{$name}'");
  $row1 = mysql_num_rows( $user_id );
  $banned = mysql_query("SELECT * FROM bans WHERE 'user_id' = '{$user_id}'");
  $row2 = mysql_num_rows( $banned );
  $mysql = mysql_query("SELECT * FROM users WHERE name = '{$name}' AND email = '{$mail}' AND password = '{$pass}'"); // This code uses MySQL to get all of the users in the database with that username and password.
  if(mysql_num_rows($mysql) < 1)
  {
        die("Incorrect Login Details");
  } // That snippet checked to see if the number of rows the MySQL query was less than 1, so if it couldn't find a row, the password is incorrect or the user doesn't exist!
  elseif(($row2) > 0 )
  {
  die ("You are currently banned from PitchIT");
  }
  $_SESSION['loggedin'] = "YES"; // Set it so the user is logged in!
  $_SESSION['email'] = $mail; // Make it so the email can be called by $_SESSION['email']
  $_SESSION['name'] = $name; // Make it so the username can be called by $_SESSION['name']
  die("You are now logged in!
  <a href='logged.html'> Go</a>"); // Kill the script here so it doesn't show the login form after you are logged in!
} // That bit of code logs you in! The "$_POST['submit']" bit is the submission of the form down below VV
echo "<form type='index.html' method='POST'>
Name: <br>
<input type='text' name='name'><br>
Email: <br>
<input type='email' name='email'><br>
Password: <br>
<input type='password' name='password'><br>
<input type='submit' name='submit' value='Login'>
</form>";
?>
 
Upvote 0 Downvote
I

iRawrHotel

Member
Mar 4, 2012
41
0
ViiTactiiCZz said:
Try
PHP: 
if(isset($_SESSION['loggedin']))
{
    die("You are already logged in!
<a href='logged.html'> Go</a>");
} // That bit of code checks if you are logged in or not, and if you are, you can't log in again!
if(isset($_POST['submit']))
{
  $mail = mysql_real_escape_string($_POST['email']); // The function mysql_real_escape_string() stops hackers!
  $name = mysql_real_escape_string($_POST['name']); // The function mysql_real_escape_string() stops hackers!
  $pass = mysql_real_escape_string($_POST['password']); // We won't use MD5 encryption here because it is the simple tutorial, if you don't know what MD5 is, dont worry!
  $user_id = mysql_query("SELECT id FROM users where 'name' = '{$name}'");
  $row1 = mysql_num_rows( $user_id );
  $banned = mysql_query("SELECT * FROM bans WHERE 'user_id' = '{$user_id}'");
  $row2 = mysql_num_rows( $banned );
  $mysql = mysql_query("SELECT * FROM users WHERE name = '{$name}' AND email = '{$mail}' AND password = '{$pass}'"); // This code uses MySQL to get all of the users in the database with that username and password.
  if(mysql_num_rows($mysql) < 1)
  {
        die("Incorrect Login Details");
  } // That snippet checked to see if the number of rows the MySQL query was less than 1, so if it couldn't find a row, the password is incorrect or the user doesn't exist!
  elseif(($row2) > 0 )
  {
  die ("You are currently banned from PitchIT");
  }
  $_SESSION['loggedin'] = "YES"; // Set it so the user is logged in!
  $_SESSION['email'] = $mail; // Make it so the email can be called by $_SESSION['email']
  $_SESSION['name'] = $name; // Make it so the username can be called by $_SESSION['name']
  die("You are now logged in!
  <a href='logged.html'> Go</a>"); // Kill the script here so it doesn't show the login form after you are logged in!
} // That bit of code logs you in! The "$_POST['submit']" bit is the submission of the form down below VV
echo "<form type='index.html' method='POST'>
Name: <br>
<input type='text' name='name'><br>
Email: <br>
<input type='email' name='email'><br>
Password: <br>
<input type='password' name='password'><br>
<input type='submit' name='submit' value='Login'>
</form>";
?>
Click to expand...



Nope, still get "You are now logged in"
 
Upvote 0 Downvote
V

ViiTactiiCZz

Member
Mar 19, 2013
35
5
PHP: 
<?php
if (isset($_SESSION['loggedin'])) {
    ?>
 
    You are already logged in
    <a href='logged.html'> Go!</a>
 
    <?php
} // That bit of code checks if you are logged in or not, and if you are, you can't log in again!
if (isset($_POST['submit'])) {
    $mail = mysql_real_escape_string($_POST['email']); // The function mysql_real_escape_string() stops hackers!
    $name = mysql_real_escape_string($_POST['name']); // The function mysql_real_escape_string() stops hackers!
    $pass = mysql_real_escape_string($_POST['password']); // We won't use MD5 encryption here because it is the simple tutorial, if you don't know what MD5 is, dont worry!
    $user_id = mysql_query("SELECT id FROM users where 'name' = '{$name}'");
    $row1 = mysql_num_rows($user_id);
    $banned = mysql_query("SELECT * FROM bans WHERE 'user_id' = '{$user_id}'");
    $mysql = mysql_query("SELECT * FROM users WHERE name = '{$name}' AND email = '{$mail}' AND password = '{$pass}'"); // This code uses MySQL to get all of the users in the database with that username and password.
    if (mysql_num_rows($mysql) < 1) {
        ?>
        Incorrect Login Details
        <?php
    } // That snippet checked to see if the number of rows the MySQL query was less than 1, so if it couldn't find a row, the password is incorrect or the user doesn't exist!
    elseif ((mysql_num_rows($banned)) > 0) {
        die("You are currently banned from PitchIT");
    }
    $_SESSION['loggedin'] = "YES"; // Set it so the user is logged in!
    $_SESSION['email'] = $mail; // Make it so the email can be called by $_SESSION['email']
    $_SESSION['name'] = $name; // Make it so the username can be called by $_SESSION['name']
    ?>
    You are now logged in!
    <a href='logged.html'> Go</a>
    <?php
    // Kill the script here so it doesn't show the login form after you are logged in!
} // That bit of code logs you in! The "$_POST['submit']" bit is the submission of the form down below VV
?>
<form type='index.html' method='POST'>
    Name: <br>
    <input type='text' name='name'><br>
    Email: <br>
    <input type='email' name='email'><br>
    Password: <br>
    <input type='password' name='password'><br>
    <input type='submit' name='submit' value='Login'>
</form>

Try this :L
 
Upvote 0 Downvote
Markshall

Markshall

Русский Стандарт
Contributor
Dec 18, 2010
2,637
2,389
Er, this should work. Coded it from scratch because your code was messy, and I don't know how your database is structured except from the code you provided so I've had to guess.

PHP: 
<?php
function c($str) {
    return mysql_real_escape_string($str);
}
 
if ($_SESSION['loggedin']) {
    echo 'You are logged in. <a href="logged.html">Go home</a>';
}else{
    if (isset($_POST['submit'])) {
        $name = c($_POST['name']);
        $email = c($_POST['email']);
        $password = c($_POST['password']);
        $checkuser = mysql_query("SELECT * FROM `users` WHERE `name` = '{$name}' AND `email` = '{$email}'");
        if (mysql_num_rows($checkuser) == 1) {
            $r = mysql_fetch_assoc($checkuser);
            if ($r["password"] == $password) {
                //check ban
                $bannedq = mysql_query("SELECT * FROM `bans` WHERE `user_id` = '{$r["id"]}'");
                if (mysql_num_rows($bannedq) == 1) {
                    echo 'You are banned.';
                }else{
                    $_SESSION['loggedin'] = 'YES';
                    $_SESSION['email'] = $email;
                    $_SESSION['name'] = $name;
                    echo 'You are now logged in! <a href="logged.html">Go home</a>';
                }
                //check ban
            }
        }else{
            echo 'This user does not exist.';
        }
    }else{
        ?>
        <form method="post">
            <label for="name">Name</label><br />
            <input type="text" name="name" id="name" /><br /><br />
           
            <label for="email">Email</label><br />
            <input type="text" name="email" id="email" /><br /><br />
           
            <label for="password">Password</label><br />
            <input type="password" name="password" id="password" /><br /><br />
           
            <input type="submit" name="submit" value="Log in" />
        </form>
        <?php
    }
}
 
?>
 
Upvote 0 Downvote
I

iRawrHotel

Member
Mar 4, 2012
41
0
m0nsta. said:
Er, this should work. Coded it from scratch because your code was messy, and I don't know how your database is structured except from the code you provided so I've had to guess.

PHP: 
<?php
function c($str) {
    return mysql_real_escape_string($str);
}
 
if ($_SESSION['loggedin']) {
    echo 'You are logged in. <a href="logged.html">Go home</a>';
}else{
    if (isset($_POST['submit'])) {
        $name = c($_POST['name']);
        $email = c($_POST['email']);
        $password = c($_POST['password']);
        $checkuser = mysql_query("SELECT * FROM `users` WHERE `name` = '{$name}' AND `email` = '{$email}'");
        if (mysql_num_rows($checkuser) == 1) {
            $r = mysql_fetch_assoc($checkuser);
            if ($r["password"] == $password) {
                //check ban
                $bannedq = mysql_query("SELECT * FROM `bans` WHERE `user_id` = '{$r["id"]}'");
                if (mysql_num_rows($bannedq) == 1) {
                    echo 'You are banned.';
                }else{
                    $_SESSION['loggedin'] = 'YES';
                    $_SESSION['email'] = $email;
                    $_SESSION['name'] = $name;
                    echo 'You are now logged in! <a href="logged.html">Go home</a>';
                }
                //check ban
            }
        }else{
            echo 'This user does not exist.';
        }
    }else{
        ?>
        <form method="post">
            <label for="name">Name</label><br />
            <input type="text" name="name" id="name" /><br /><br />
         
            <label for="email">Email</label><br />
            <input type="text" name="email" id="email" /><br /><br />
         
            <label for="password">Password</label><br />
            <input type="password" name="password" id="password" /><br /><br />
         
            <input type="submit" name="submit" value="Log in" />
        </form>
        <?php
    }
}
 
?>
Click to expand...



Thanks m0nsta!!!!

It worked :D

Spent ages trying to figure it out :p
 
Upvote 0 Downvote
Status
Not open for further replies.

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
🌙  Switch to Dark Theme

Latest posts

Top