Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $con = mysql_connect("localhost", "Admin", "password") or die(mysql_error()); //localhost:192.168.0.15 is an invalid host, you need one or the other, not both; if you're going to use $con you need to actually define it first;
- //mysql_select_db("login_test") or die(mysql_error()); How are we selecting this db if we haven't made it yet?
- //just tidied the queries up for you, and added in checks to see if they worked.
- $createdb = mysql_query("CREATE DATABASE `login_test`", $con);
- if($createdb === true) { print "database created"; } else { print "error creating database"; mysql_error(); die(); }
- $createtb = mysql_query("CREATE TABLE `members` (`memberID` int NOT NULL AUTO_INCREMENT, `username` varchar(15), `password` varchar(15), PRIMARY KEY (memberID))", $con);
- if($createtb === true) { print "table created"; } else { print "error creating table"; mysql_error(); die(); }
- $insert = mysql_query("INSERT INTO `members` (`username`, `password`) values ('Admin','SPIDER')", $con);
- if($insert === true) { print "data row a inserted"; } else { print "error inserting data row a"; mysql_error(); }
- $insert = mysql_query("INSERT INTO `members` (`username`, `password`) values ('Admin2','123456')", $con);
- if($insert === true) { print "data row b inserted"; } else { print "error inserting data row b"; mysql_error(); }
- // I presume the select query was to check the data inserts worked? The conditionals above should deal with that.
- ?>
- <?php
- //If you're going to define these, then you should probably use them in your functions..
- $host = "localhost";
- $username = "ADMIN";
- $password = "SPIDER";
- $db_name = "login_test";
- $tbl_name = "members";
- $con = mysql_connect($host, $username, $password) or die(mysql_error()); //Although $con isn't needed you've started using it, so I'm adding it for consistency.
- mysql_select_db($db_name) or die(mysql_error());
- //It's GREAT that you're sanitising your inputs like this, but you need to do it BEFORE you create your query, or it won't have any effect.
- $myusername = $_POST['username'];
- $mypassword = $_POST['password'];
- $myusername = stripslashes($myusername);
- $mypassword = stripslashes($mypassword);
- $myusername = mysql_real_escape_string($myusername);
- $mypassword = mysql_real_escape_string($mypassword);
- //I've set it to limit 1 or the fetching of the array will fail without a loop if there's more than one result (there shouldn't be though, you should be checking this before a user registers)
- $sql = "SELECT * FROM `". $tbl_name ."` WHERE `username` = '". $myusername ."' and `password` = '". $mypassword ."' LIMIT 1";
- $result = mysql_query($sql, $con);
- if($result !== false) {
- $data = mysql_fetch_array($result);
- $_SESSION['username'] = $data['username'];
- $_SESSION['password'] = $data['password']; //I hope this has been encrypted and you're not using plaintext passwords.
- header("Location: checklogin.html");
- }
- else { print "Wrong Username or Password"; }
- ?>
- <?php
- //I don't know if this will return a boolean false or a string, so I'll evaluate with a double equals.
- if($candle_login == false) { header("Location: ./checklogin.html"); die; } //The die is important here, if the user sets their browser to ignore "location: *" headers your login check will be bypassed
- //Same as the above conditional, I don't know what it will return.
- if($phpcoders == true) {
- $con = mysql_connect() or die ("Whoops"); //You need to build a valid connect statement here. You should really set up a global configuration page that establishes your mysql connection.
- //$user = explode(echo"checklogin.html"); <- What are you trying to so here?
- $sql = "SELECT * FROM `login` WHERE `username` = '". $user[0] ."'"; //Where are you getting this array from?
- mysql_select_db("members") or die(mysql_error());
- $r = mysql_query($sql, $con);
- if(mysql_num_rows($r) == false) {
- header("Location: ./checklogin.html");
- die(); //Once again for security you'll want to kill the script at this point if the user has disabled the redirects.
- }
- $chkusr = mysql_fetch_array($r);
- if(unserialize($user[1]) != $chkusr[1]) { //I don't see where this user array came from..
- header("Location: ./checklogin.html");
- die(); //Same as above
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement