Hi, i' making a login page at the moment, however my username + password is stored many different places, and is kinda hard to get, so I have written this entire code:
Code: <?php
session_start();
// dBase file
include 'inc/config.php';
if ($_GET["op"] == "login")
{
if (!$_POST["username"] || !$_POST["password"])
{
die("You need to provide a username and FG-Pass.");
}
// Create query
$id = "SELECT member_id FROM `members` "
."WHERE `name`='".$_POST["username"]."' ";
$q = "SELECT * FROM `members` "
."WHERE `name`='".$_POST["username"]."' "
."AND `p_locked`=0 "
."AND SELECT field_13 FROM `pfields_content` "
."WHERE `id`='".$id."' "
."AND WHERE `field_13`=('".$_POST["password"]."') "
."LIMIT 1";
// Run query
$r = mysql_query($q);
if ( $obj = @mysql_fetch_object($r) )
{
// Login good, create session variables
$_SESSION["valid_id"] = $obj->id;
$_SESSION["valid_user"] = $_POST["username"];
$_SESSION["valid_time"] = time();
// Redirect to member page
Header("Location: shop.php");
}
else
{
// Login not successful
die("Sorry, could not log you in. Wrong login information.
Or your fg has been locked. Please contact Smilie.");
}
}
else
{
//If all went right the Web form appears and users can log in
echo "<form action="?op=login" method="POST">";
echo "Username: <input name="username" size="15"><br />";
echo "FG-Password: <input type="password" name="password" size="8"><br />";
echo "<input type="submit" value="Login">";
echo "</form>";
}
?>
So, the process:
1. I get and store the member id:
Code: // Create query
$id = "SELECT member_id FROM `members` "
."WHERE `name`='".$_POST["username"]."' ";
Then:
Check if:
-Account is not locked
-Get password for a different table, using the member id we got above.
-Check if username + password matches.
-login
Code: $q = "SELECT * FROM `members` "
."WHERE `name`='".$_POST["username"]."' "
."AND `p_locked`=0 "
."AND SELECT field_13 FROM `pfields_content` "
."WHERE `id`='".$id."' "
."AND WHERE `field_13`=('".$_POST["password"]."') "
."LIMIT 1";
// Run query
$r = mysql_query($q);
But this doesn't appear to be the case that it works..
I think it has something to do with that i need to run the query, but i'm not sure, how would i fix this?
Thanks in advance
question about stripslashes and real_escape_string
im cleaning up an old app that I wrote fixing some of the vulernabilities from attacks.I have roughly 30 files. I want to be able to edit every $_POST and $_GETCode:
Displaying an image using echo command
I had done a query on my database, one of the fields being an image reference to a directory where an image is stored. e.g "/images/picture.jpg"I want to display this image by using
Need a fuction to count entries in a field
HiI need a fuction to count how many times a email address is entered in to a field.I making a for wordpress that counts how many timesa user has made comments.Thanks
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
what is wrong with this Code: [Select]<?phpif ($_SERVER['HTTP_REFERER']){ if($_GET['id']) { $con = mysql_connect("","",""); if (!$con) {
Writing Windows Device Drivers with C
Yes: one of the nice features of C is void*. You can put anything there and get anything out. Very error prone but absolutely brilliant for device drivers.Try
Why is the logic of this simple code not working?
Hey, I'm trying to determine if a table already exists in mysql, but doing a query first with mysql_query, then checking $sql as if it a were TRUE of FALSE. Which I though it would be. My Code
passing an array of objects after submit
How do I do this? This is what I have tried and it is not working.<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"><input
Structure Question - One Table or One Table Per Record Set?
I have a web app (mySQL and PHP) which allows people to create an item with up to 200 records which I store in a single table. Any user subscribing to that item will be pulling up to 4 records from
UPLOAD IMAGES NOT WORKING!
Hi there i have a upload script in which it uploads the picture to a folder than creates two thumbnails in different folders however it is uploading the image and saving it in the folder /photos/ then
PHP mail() with images
I'm trying to get images to send along with my HTML e-mail sent through PHP mail(). I only tried viewing the e-mail through google mail and thunderbird, google mail showed the image but thunderbird
