KYKK Posted January 28, 2008 Share Posted January 28, 2008 I have a problem here, so i have the register code///////////////////////////////////////////////////////////////////////////////////////////////////<?php$host = 'localhost';$user = 'kykk_ks';$pass = '@@11@@oo';$db = 'kykk_ks';$con = mysql_connect($host, $user, $pass);if($con){ mysql_select_db($db);}else{ die('MySQL Connection Attempt Failed');}include('config.php');error_reporting('E_ALL');$get = $_GET['do'];switch($get){ default: // Registration form $form = '<form method="post" action="?do=register">'; $form .= 'oldgamename: <input type="text" name="oldgamename" /><br />'; $form .= 'newgamename with -=KS=- tag: <input type="text" name="newgamename" /><br />'; $form .= 'Username: <input type="text" name="username" /><br />'; $form .= 'Password: <input type="password" name="password" /><br />'; $form .= 'Email: <input type="text" name="email" /><br />'; $form .= '<input type="hidden" name="form_check" value="1" />'; $form .= '<input type="submit" value="Register" />'; $form .= '</form>'; echo $form; break; case 'register': if(array_key_exists("form_check", $_POST)) // Check if the form has been submitted { // Necessary for security $oldgamename = $_POST['oldgamename']; $oldgamename = mysql_real_escape_string($oldgamename); $oldgamename = htmlentities($oldgamename); $oldgamename = htmlspecialchars($oldgamename); $newgamename = $_POST['newgamename']; $newgamename = mysql_real_escape_string($newgamename); $newgamename = htmlentities($newgamename); $newgamename = htmlspecialchars($newgamename); $username = $_POST['username']; $username = mysql_real_escape_string($username); $username = htmlentities($username); $username = htmlspecialchars($username); $password = $_POST['password']; $password = mysql_real_escape_string($password); $password = htmlentities($password); $password = htmlspecialchars($password); $password = MD5($password); $email = $_POST['email']; $email = mysql_real_escape_string($email); $email = htmlentities($email); $email = htmlspecialchars($email); $ipadd = $_SERVER['REMOTE_ADDR']; // Insert form data into database $sql = sprintf("INSERT INTO `Register` ( `username`, `password`, `email`, `ipadd`, `oldgamename`, `newgamename` ) VALUES ( '%s', '%s', '%s', '%s', '%s', '%s' )", $username, $password, $email, $ipadd, $oldgamename, $newgamename); $sql = mysql_query($sql) or die('Error: ' . mysql_error()); if($sql) { echo '<meta http-equiv="refresh" content="5;url=login.php">'; echo 'You have registered successfully'; echo 'You will now be re-directed in 5 seconds to the login page'; echo 'Please <a href="login.php">Click Here</a> if you are not re-directed automatically.'; } else { echo 'The registration process has failed. Please <a href="register.php">go back</a> and try again'; } } break;}?>///////////////////////////////////////////////////////////////////////////////////////////////////////////////and it successfully auto saved !and then login.php/////////////////////////////////////////////////////////////////////////////////////////////////////////////// <?php $host = 'localhost';$user = 'kykk_ks';$pass = '@@11@@oo';$db = 'kykk_ks';$con = mysql_connect($host, $user, $pass);if($con){ mysql_select_db($db);}else{ die('MySQL Connection Attempt Failed');}include('config.php');error_reporting('E_ALL');$get = $_GET['do'];switch($get){ default: // Login form $form = '<form method="post" action="?do=login">'; $form .= 'Username: <input type="text" name="username" /><br />'; $form .= 'Password: <input type="password" name="password" /><br />'; $form .= '<input type="hidden" name="form_check" value="1" />'; $form .= '<input type="submit" value="Login" />'; $form .= '</form>'; echo $form; break; case 'login': if(array_key_exists("form_check", $_POST)) // Check if the form has been submitted { // Necessary for security $username = $_POST['username']; $username = mysql_real_escape_string($username); $username = htmlentities($username); $username = htmlspecialchars($username); $password = $_POST['password']; $password = mysql_real_escape_string($password); $password = htmlentities($password); $password = htmlspecialchars($password); $password = MD5($password); // Check the given form data against the database data to confirm login $sql = sprintf("SELECT * FROM `Register` WHERE `username` = '%s' AND `password` = '%s' LIMIT 1", $username, $password); $sql = mysql_query($sql) or die('Error: ' . mysql_error()); $obj = mysql_fetch_object($sql); if($obj) { echo 'Logged in successfully.'; echo '<meta http-equiv="refresh" content="5;url=http://ksbsm.co.cc/strategy/home.html">'; echo 'You will now be re-directed in 5 seconds to the Strategy page'; // $_SESSION['username'] = $_POST['username']; // $_SESSION['logged_in'] = true;0 } else { echo 'The details you have given are in-correct. Please <a href="login.php">go back</a> and try again'; } } break;}?>//////////////////////////////////////////////////////////////////////////////////////////////////////////but even i have the right password and username it show'The details you have given are in-correct. Please <a href="login.php">go back</a> and try again';???????????????????????????????????????????????what should i do ? Thanks for reading Link to comment Share on other sites More sharing options...
killboy Posted January 28, 2008 Share Posted January 28, 2008 How do you do with OOP? Becuz I could make a basic registration tutorial as well; this way, you can integrate my previous "basic login tutorial" with the registration one.... Link to comment Share on other sites More sharing options...
kishou Posted January 28, 2008 Share Posted January 28, 2008 look at my tut. it has registration and login. Link to comment Share on other sites More sharing options...
KYKK Posted January 28, 2008 Author Share Posted January 28, 2008 ok what about i create a forums by just pressing install so , i have a page that i want to lock of other people only allow people that reigstered .....and in the forums there already a register and auto saved , how do i lock it >?????? Link to comment Share on other sites More sharing options...
killboy Posted January 28, 2008 Share Posted January 28, 2008 You can always use Session variables.You can create a table on your database and have a row called "level", it could go from 1-5 depending of every user.The administrator would be 5 and, for example a moderator could be 3.In the page you want to restrict you can ask something like if ($_SESSION['user']->getLevel()<3) exit("YOU CAN'T ACCESS HERE");//Show the rest of the page Edit: As you can see, the session variable is an object, which has the mehot getLevel() Link to comment Share on other sites More sharing options...
KYKK Posted January 28, 2008 Author Share Posted January 28, 2008 You can always use Session variables.You can create a table on your database and have a row called "level", it could go from 1-5 depending of every user.The administrator would be 5 and, for example a moderator could be 3.In the page you want to restrict you can ask something likeif ($_SESSION['user']->getLevel()<3) exit("YOU CAN'T ACCESS HERE");//Show the rest of the page Edit: As you can see, the session variable is an object, which has the mehot getLevel() ok.... so i make a row named level and i put this if ($_SESSION['user']->getLevel()<3) exit("YOU CAN'T ACCESS HERE");in front of the page that i want to lock and it need to be chagne to php ? or html is ok? and how do i do like if regsister then enter 1 to the level row auto ? so like if ($_POST['Presssubitsuccessful']==false) that? lol .. what do i put? Link to comment Share on other sites More sharing options...
killboy Posted January 28, 2008 Share Posted January 28, 2008 OK, looks like you're not too familiar with Object-Oriented Programming, so I'm gonna make the easy way:I'm taking for granted that you have a table called user, or any other table which has at least the columns username, password and user_level.Now, let's create the locked page: <?phpsession_start();if (!isset($_SESSION['user']) || $_SESSION['user']['level']<3){?> YOU CAN'T ACCESS HERE!!<br> <table align="center"> <form action="login.php" method="post"> <tr><td>Username</td><td><input type="text" name="username"></td></tr> <tr><td>Password</td><td><input type="password" name="password"></td></tr> <tr align="center"><td colspan="2"><input type="submit" value="Login"></td></tr> </form> </table><? exit;}else echo "Welcome ".$_SESSION['user']['username'];?> If you can notice, $_SESSION['user'] is an associative array.Let's create the login.php page: <?phpsession_start();$_SESSION['user']=array("username","level");$connect=mysql_connect("server","db_username","db_password");mysql_select_db("db_name");$username= mysql_real_escape_string($_POST['username']); //Escaping characters such ' or "$password=md5($_POST['password']); //Hashing password$query="select username,user_level from user where username='$username' and password='$password';$result=mysql_query($query);if (mysql_num_rows($result)==0) $_SESSION['user']['level']=0;else{ $k=mysql_fetch_object($result); $_SESSION['user']['username']=$k->username; $_SESSION['user']['level']=$k->user_level;}mysql_close($connect);echo "Validating.....<meta http-equiv=\"refresh\" content=\"3;URL=locked_page.php\">";?> Hope that's enough....Note: In the registration page you must store the hashed password too... Link to comment Share on other sites More sharing options...
KYKK Posted February 5, 2008 Author Share Posted February 5, 2008 ok so this happen to me 3 time the I can;t login even with the right password ! y ? and the problem on your tut too Link to comment Share on other sites More sharing options...
killboy Posted February 5, 2008 Share Posted February 5, 2008 Well, consider these points:* Are you saving the hashed password?* are you having in mind the capital and small letters? (the password is case-sensitive)* do you have a column named user_level on your table?* have you registered any user with user_level >=3? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.