Jump to content

help with this problem ^_^


KYKK

Recommended Posts

I have a problem here, so i have the register code///////////////////////////////////////////////////////////////////////////////////////////////////<?php$host = 'localhost';$user = 'kykk_ks';$pass = '@@11@@oo';$db = 'kykk_ks';$con = mysql_connect($host, $user, $pass);if($con){ mysql_select_db($db);}else{ die('MySQL Connection Attempt Failed');}include('config.php');error_reporting('E_ALL');$get = $_GET['do'];switch($get){ default: // Registration form $form = '<form method="post" action="?do=register">'; $form .= 'oldgamename: <input type="text" name="oldgamename" /><br />'; $form .= 'newgamename with -=KS=- tag: <input type="text" name="newgamename" /><br />'; $form .= 'Username: <input type="text" name="username" /><br />'; $form .= 'Password: <input type="password" name="password" /><br />'; $form .= 'Email: <input type="text" name="email" /><br />'; $form .= '<input type="hidden" name="form_check" value="1" />'; $form .= '<input type="submit" value="Register" />'; $form .= '</form>'; echo $form; break; case 'register': if(array_key_exists("form_check", $_POST)) // Check if the form has been submitted { // Necessary for security $oldgamename = $_POST['oldgamename']; $oldgamename = mysql_real_escape_string($oldgamename); $oldgamename = htmlentities($oldgamename); $oldgamename = htmlspecialchars($oldgamename); $newgamename = $_POST['newgamename']; $newgamename = mysql_real_escape_string($newgamename); $newgamename = htmlentities($newgamename); $newgamename = htmlspecialchars($newgamename); $username = $_POST['username']; $username = mysql_real_escape_string($username); $username = htmlentities($username); $username = htmlspecialchars($username); $password = $_POST['password']; $password = mysql_real_escape_string($password); $password = htmlentities($password); $password = htmlspecialchars($password); $password = MD5($password); $email = $_POST['email']; $email = mysql_real_escape_string($email); $email = htmlentities($email); $email = htmlspecialchars($email); $ipadd = $_SERVER['REMOTE_ADDR']; // Insert form data into database $sql = sprintf("INSERT INTO `Register` ( `username`, `password`, `email`, `ipadd`, `oldgamename`, `newgamename` ) VALUES ( '%s', '%s', '%s', '%s', '%s', '%s' )", $username, $password, $email, $ipadd, $oldgamename, $newgamename); $sql = mysql_query($sql) or die('Error: ' . mysql_error()); if($sql) { echo '<meta http-equiv="refresh" content="5;url=login.php">'; echo 'You have registered successfully'; echo 'You will now be re-directed in 5 seconds to the login page'; echo 'Please <a href="login.php">Click Here</a> if you are not re-directed automatically.'; } else { echo 'The registration process has failed. Please <a href="register.php">go back</a> and try again'; } } break;}?>///////////////////////////////////////////////////////////////////////////////////////////////////////////////and it successfully auto saved !and then login.php/////////////////////////////////////////////////////////////////////////////////////////////////////////////// <?php $host = 'localhost';$user = 'kykk_ks';$pass = '@@11@@oo';$db = 'kykk_ks';$con = mysql_connect($host, $user, $pass);if($con){ mysql_select_db($db);}else{ die('MySQL Connection Attempt Failed');}include('config.php');error_reporting('E_ALL');$get = $_GET['do'];switch($get){ default: // Login form $form = '<form method="post" action="?do=login">'; $form .= 'Username: <input type="text" name="username" /><br />'; $form .= 'Password: <input type="password" name="password" /><br />'; $form .= '<input type="hidden" name="form_check" value="1" />'; $form .= '<input type="submit" value="Login" />'; $form .= '</form>'; echo $form; break; case 'login': if(array_key_exists("form_check", $_POST)) // Check if the form has been submitted { // Necessary for security $username = $_POST['username']; $username = mysql_real_escape_string($username); $username = htmlentities($username); $username = htmlspecialchars($username); $password = $_POST['password']; $password = mysql_real_escape_string($password); $password = htmlentities($password); $password = htmlspecialchars($password); $password = MD5($password); // Check the given form data against the database data to confirm login $sql = sprintf("SELECT * FROM `Register` WHERE `username` = '%s' AND `password` = '%s' LIMIT 1", $username, $password); $sql = mysql_query($sql) or die('Error: ' . mysql_error()); $obj = mysql_fetch_object($sql); if($obj) { echo 'Logged in successfully.'; echo '<meta http-equiv="refresh" content="5;url=http://ksbsm.co.cc/strategy/home.html">'; echo 'You will now be re-directed in 5 seconds to the Strategy page'; // $_SESSION['username'] = $_POST['username']; // $_SESSION['logged_in'] = true;0 } else { echo 'The details you have given are in-correct. Please <a href="login.php">go back</a> and try again'; } } break;}?>//////////////////////////////////////////////////////////////////////////////////////////////////////////but even i have the right password and username it show'The details you have given are in-correct. Please <a href="login.php">go back</a> and try again';???????????????????????????????????????????????what should i do ? Thanks for reading :)

Link to comment
Share on other sites

ok what about i create a forums by just pressing install so , i have a page that i want to lock of other people only allow people that reigstered .....and in the forums there already a register and auto saved , how do i lock it >??????

Link to comment
Share on other sites

You can always use Session variables.You can create a table on your database and have a row called "level", it could go from 1-5 depending of every user.The administrator would be 5 and, for example a moderator could be 3.In the page you want to restrict you can ask something like

if ($_SESSION['user']->getLevel()<3)	exit("YOU CAN'T ACCESS HERE");//Show the rest of the page

Edit: As you can see, the session variable is an object, which has the mehot getLevel()

Link to comment
Share on other sites

You can always use Session variables.You can create a table on your database and have a row called "level", it could go from 1-5 depending of every user.The administrator would be 5 and, for example a moderator could be 3.In the page you want to restrict you can ask something like
if ($_SESSION['user']->getLevel()<3)	exit("YOU CAN'T ACCESS HERE");//Show the rest of the page

Edit: As you can see, the session variable is an object, which has the mehot getLevel()

ok.... so i make a row named level and i put this if ($_SESSION['user']->getLevel()<3) exit("YOU CAN'T ACCESS HERE");in front of the page that i want to lock and it need to be chagne to php ? or html is ok? and how do i do like if regsister then enter 1 to the level row auto ? so like if ($_POST['Presssubitsuccessful']==false) that? lol .. what do i put?
Link to comment
Share on other sites

OK, looks like you're not too familiar with Object-Oriented Programming, so I'm gonna make the easy way:I'm taking for granted that you have a table called user, or any other table which has at least the columns username, password and user_level.Now, let's create the locked page:

<?phpsession_start();if (!isset($_SESSION['user']) || $_SESSION['user']['level']<3){?>	YOU CAN'T ACCESS HERE!!<br>	<table align="center">	<form action="login.php" method="post">	<tr><td>Username</td><td><input type="text" name="username"></td></tr>	<tr><td>Password</td><td><input type="password" name="password"></td></tr>	<tr align="center"><td colspan="2"><input type="submit" value="Login"></td></tr>	</form>	</table><?	exit;}else	echo "Welcome ".$_SESSION['user']['username'];?>

If you can notice, $_SESSION['user'] is an associative array.Let's create the login.php page:

<?phpsession_start();$_SESSION['user']=array("username","level");$connect=mysql_connect("server","db_username","db_password");mysql_select_db("db_name");$username= mysql_real_escape_string($_POST['username']); //Escaping characters such ' or "$password=md5($_POST['password']); //Hashing password$query="select username,user_level from user where username='$username' and password='$password';$result=mysql_query($query);if (mysql_num_rows($result)==0)	$_SESSION['user']['level']=0;else{	$k=mysql_fetch_object($result);	$_SESSION['user']['username']=$k->username;	$_SESSION['user']['level']=$k->user_level;}mysql_close($connect);echo "Validating.....<meta http-equiv=\"refresh\" content=\"3;URL=locked_page.php\">";?>

Hope that's enough....Note: In the registration page you must store the hashed password too...

Link to comment
Share on other sites

Well, consider these points:* Are you saving the hashed password?* are you having in mind the capital and small letters? (the password is case-sensitive)* do you have a column named user_level on your table?* have you registered any user with user_level >=3?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...