01-22-2008, 04:43 AM
|
#3 (permalink)
|
|
The Addict
Join Date: Jan 2008
Location: los angeles
Posts: 309
Thanks: 44
|
i fixed a couple of things on the code that i found but now when i try to login , lets say the login and password is "dumb" and the same information exists in the database and the password in the database is in md5 thing is when i login it says password entered incorrectly. so i decided to output the md5 version of the password that i entered and match it against the one existing in the database and they look like two different strings. what is wrong here? i cant seem to find it.
Code:
<?php
#---------------------------------------
include("include/conn.php");
mysql_select_db("auth_users");
#---------------------------------------
#-------------------------------------------------------------------------------------------
# if this page is visited while the user is logged in , log em in if data is correct
#-------------------------------------------------------------------------------------------
if($_SESSION['$username'] && $_SESSION['$password'])
{
//check if its the correct ip that is stored in the session
$checkip = getenv('REMOTE_ADDR');
if($_SESSION['$userip'] == $checkip) {
//log the user in
header("Location: members.php");
}
}
else { }
#-------------------------------------------------------------------------------------------
#----------------------------------------------------------
if(isset($_POST['submit'])) {
#---- check if anything was entered
if(!$_POST['txt_username'] || !$_POST['txt_pass']) {
die('Username or password was not entered');
}
#------> check if username exists
$username = addslashes($_POST['txt_username']);
$checkuser = mysql_query("SELECT * FROM userlogin WHERE username = '$username'");
$checkrow = mysql_num_rows($checkuser);
if($checkrow == 0) { die('the username you entered does not exist in the database'); }
#--------->check if the username and password is correct
while ($data = mysql_fetch_array($checkuser)) {
$_POST['txt_pass'] = $_POST['txt_pass'];
$data['password'] = $data['password'];
$_POST['txt_pass'] = md5($_POST['txt_pass']);
#----> check if the password entered was incorrect
if($_POST['txt_pass'] != $data['password']) { die(print_r("txt_pass: ".$_POST['txt_pass']."<br>"."data pass: ".$data['password'])); }
else {
#---- [ LOG THE USER IN ]
//create a session and give it to the user
session_start();
session_register('$username') ;
session_register('$password');
session_register('$userip');
$_SESSION['$username'] = $_POST['txt_username'];
$_SESSION['$password'] = $_POST['txt_pass'];
$_SESSION['$userip'] = getenv('REMOTE_ADDR');
header("Location: members.php");
}
}
}
else {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>sharedemon login page</title>
<link href="style/style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="title">Share Demon Login Page</div>
<form method="post" action="login.php">
<table>
<tbody>
<tr>
<td>Username: </td>
<td><input type="text" name="txt_username" /></td>
</tr>
<tr>
<td>Password: </td>
<td><input type="password" name="txt_pass" /></td>
</tr>
</tbody>
<tfoot>
<tr>
<td rowspan="2" colspan="2"> <center><input type="submit" name="submit" value="submit" /> | <input type="reset" name="reset" value="reset" /></center></td><br />
</tr></tfoot></table><br />
</form>
<center>dont have a login? <a href="register.php">click here</a> to register</center><br />
<a href="index.php">home</a>
</body>
</html>
<?php
}
?>
__________________
no signature set
|
|
|
|