Jump to content
Sign in to follow this  
Panta

Pin Number Login

Recommended Posts

i'm designing a site that requires pin number to login.i have my script but is not given me what i want

PINLOGIN STARTS<?php//start the session so you would stay logged in//always must be on topsession_start();//include config.php fileinclude('config.php');?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><title>The site</title></head><body><center><a href="?p=idx">Home</a> - <a href="?p=page">Protected page</a><?php$p=$_GET['p'];//see my ?id= browsing tutorial?><form action='testing.php' method='POST'>Serial: <input type='text' name='serial'><br>Pin: <input type='password' name='pin'><br><input name="login" type="submit" value="Submit"><br> <a href="register.php">Not registered</a>?</form></center></body></html>PINLOGIN.PHP ENDS<?php    error_reporting(E_ALL);    ini_set('display_errors', 1);    include 'config.php';    $submit = isset($_POST['login']) ? $_POST['login'] : "";    $serial = isset($_POST['serial']) ? $_POST['serial'] : "";    $serial = mysql_real_escape_string(strip_tags(htmlspecialchars($serial) ) );    $pin = isset($_POST['pin']) ? md5($_POST['pin']) : "";    if ($submit){        if ((!$serial) || (!$pin) || ($serial=='') || ($pin=='') ) {            header("Refresh: 2;".$_SERVER['HTTP_REFERER']);            echo '<center>Please enter both - serial and password!</center>';            exit;        }	        $result = mysql_query("SELECT logins FROM users WHERE serial='$serial'");        if (!$result) {            echo mysql_error();            exit;        }        $row = mysql_fetch_array($result);        if (!$row) {            echo mysql_error();            exit;        }        $cnt = $row['logins'];        if ($cnt != 3) {            $cnt++;            $result = mysql_query("UPDATE users SET logins='$cnt' WHERE serial='$serial'");            if (!$result) {                echo mysql_error();                exit;            }            echo "worked";        }        else {            echo "Password was used three times.";        }    }    else {        echo "something";    }?>

the is my script but when submit it will not display anythig can some one help me out

Share this post


Link to post
Share on other sites

You're not displaying an error message if the user wasn't found in the database, that might be the issue.

Share this post


Link to post
Share on other sites
You're not displaying an error message if the user wasn't found in the database, that might be the issue.
i want the it to verify the serial and pin and if exist it should update the logins

Share this post


Link to post
Share on other sites

Yeah, that's what I thought you wanted. When you get the user from the database you check if it returned a row but you don't display an error if it didn't. If it didn't return a row that means the serial wasn't found in the database. You do this:

		$row = mysql_fetch_array($result);		if (!$row) {			echo mysql_error();			exit;		}

But mysql_error won't output an error in that case. It's not a MySQL error if you run a query that doesn't return any rows, it's just a query that didn't return any rows. If that's what is happening then you would just see a blank screen, it wouldn't show any error message. It also looks like you're not checking the password, you get the user from the database but you don't check to see if the password they typed matches the password from the database.

Share this post


Link to post
Share on other sites
 $result = mysql_query("SELECT logins FROM users WHERE serial='$serial' And pin='$pin'");        if (!$result) {            echo mysql_error();            exit;        }        $row = mysql_fetch_array($result);        if (!$row) {            echo "No such pin or serial no"             exit;

hope this takes care of what u meant

Share this post


Link to post
Share on other sites
 $result = mysql_query("SELECT logins FROM users WHERE serial='$serial' And pin='$pin'");        if (!$result) {            echo mysql_error();            exit;        }        $row = mysql_fetch_array($result);        if (!$row) {            echo "No such pin or serial no"             exit;

hope this takes care of what u meant but still is not working

Edited by Panta

Share this post


Link to post
Share on other sites

If you're still seeing a blank page, print things out to debug. Print out the serial and pin you get from the form, print the MD5 of the pin so that you can compare with what's in the database, etc. You need to get information about why the page is blank, it's not a good use of time to try to guess what the problem might be. Print everything out so that you can verify what's happening. And make sure error reporting is enabled, if there's a syntax error in the file and error reporting is disabled you'll never know what the problem is. If you don't know if error reporting is enabled, create a phpinfo page where you can check the settings. If errors are going to a log the phpinfo page will be able to tell you where the error log is.

Share this post


Link to post
Share on other sites

$serial = mysql_real_escape_string(strip_tags(htmlspecialchars($serial) ) );$pin = isset($_POST['pin']) ? md5($_POST['pin']) : "";I think the pin are not in md5 thats why, so this is what i did and it worked $serial = isset($_POST['serial']) ? $_POST['serial'] : ""; $pin = isset($_POST['pin']) ? $_POST['pin'] : "";But i don't understand why it worked.please can u explain it for me

Share this post


Link to post
Share on other sites
Explain what? Why the pins aren't MD5-encoded?
YES I WANT TO KNOW WHERE TO PUT MD5-encoded and the reason

Share this post


Link to post
Share on other sites

It's a good idea to store passwords in the database as a hash because it improves security if anyone gets ahold of the database, they can't figure out any passwords. You can use MD5 if you want, it's probably better to use SHA-1 though. You need to hash the user's password when they register so that you store the hashed password in the database, and each time someone logs in you hash whatever they typed in and compare the two hashes. If they entered the same password then the hashes will match.

Share this post


Link to post
Share on other sites
It's a good idea to store passwords in the database as a hash because it improves security if anyone gets ahold of the database, they can't figure out any passwords. You can use MD5 if you want, it's probably better to use SHA-1 though. You need to hash the user's password when they register so that you store the hashed password in the database, and each time someone logs in you hash whatever they typed in and compare the two hashes. If they entered the same password then the hashes will match.
Thanks but assuming i have generated a numbers through "ran()" and want to use it as a scratch card,that is users are expected to login with it,begin that i have to print it out before given it to the users, do i need to hash since i cant print the hash numbers correctely

Share this post


Link to post
Share on other sites

I'm not quite sure what your question is, but this is the general process:1. Create the password2. Show or email the original password to the user3. Hash the password and store it in the databaseSo it's probably best not to use the database rand function to generate the password. If you did that, you would need to create the user record first with the random password un-hashed, then select the password so you can send it to the user, then update the record to hash the password. It may be easier to just generate the random number outside of the database, then insert the new record with the hashed password.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...