Advertisement
Guest User

Untitled

a guest
Jul 9th, 2017
229
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 4.16 KB | None | 0 0
  1. <?php
  2. $con = mysql_connect("localhost", "Admin", "password") or die(mysql_error()); //localhost:192.168.0.15 is an invalid host, you need one or the other, not both; if you're going to use $con you need to actually define it first;
  3. //mysql_select_db("login_test") or die(mysql_error()); <- We haven't created this yet
  4.  
  5. //just tidied the queries up for you, and added in checks to see if they worked.
  6. $createdb = mysql_query("CREATE DATABASE `login_test`", $con);
  7. if($createdb === true) { print "database created"; } else { print "error creating database"; mysql_error(); die(); }
  8.  
  9. $createtb = mysql_query("CREATE TABLE `members` (`memberID` int NOT NULL AUTO_INCREMENT, `username` varchar(15), `password` varchar(15), PRIMARY KEY (memberID))", $con);
  10. if($createtb === true) { print "table created"; } else { print "error creating table"; mysql_error(); die(); }
  11.  
  12. $insert = mysql_query("INSERT INTO `members` (`username`, `password`) values ('Admin','SPIDER')", $con);
  13. if($insert === true) { print "data row a inserted"; } else { print "error inserting data row a"; mysql_error(); }
  14.  
  15. $insert = mysql_query("INSERT INTO `members` (`username`, `password`) values ('Admin2','123456')", $con);
  16. if($insert === true) { print "data row b inserted"; } else { print "error inserting data row b"; mysql_error(); }
  17.  
  18. // I presume the select query was to check the data inserts worked? The conditionals above should deal with that.
  19. ?>
  20.  
  21. <?php
  22. //If you're going to define these, then you should probably use them in your functions..
  23. $host = "localhost";
  24. $username = "ADMIN";
  25. $password = "SPIDER";
  26. $db_name = "login_test";
  27. $tbl_name = "members";
  28.  
  29. $con = mysql_connect($host, $username, $password) or die(mysql_error()); //Although $con isn't needed you've started using it, so I'm adding it for consistency.
  30. mysql_select_db($db_name) or die(mysql_error());
  31.  
  32. //It's GREAT that you're sanitising your inputs like this, but you need to do it BEFORE you create your query, or it won't have any effect.
  33. $myusername = $_POST['username'];
  34. $mypassword = $_POST['password'];
  35.  
  36. $myusername = stripslashes($myusername);
  37. $mypassword = stripslashes($mypassword);
  38. $myusername = mysql_real_escape_string($myusername);
  39. $mypassword = mysql_real_escape_string($mypassword);
  40.  
  41. //I've set it to limit 1 or the fetching of the array will fail without a loop if there's more than one result (there shouldn't be though, you should be checking this before a user registers)
  42. $sql = "SELECT * FROM `". $tbl_name ."` WHERE `username` = '". $myusername ."' and `password` = '". $mypassword ."' LIMIT 1";
  43. $result = mysql_query($sql, $con);
  44.  
  45. if($result !== false) {
  46.     $data = mysql_fetch_array($result);
  47.     $_SESSION['username'] = $data['username'];
  48.     $_SESSION['password'] = $data['password']; //I hope this has been encrypted and you're not using plaintext passwords.
  49.     header("Location: checklogin.html");
  50. }
  51. else { print "Wrong Username or Password"; }
  52. ?>
  53.  
  54. <?php
  55. //I don't know if this will return a boolean false or an equivalent, so I'll evaluate with a double equals.
  56. if($candle_login == false) { header("Location: ./checklogin.html"); die(); } //The die is important here, if the user sets their browser to ignore "location: *" headers your login check will be bypassed
  57.  
  58. //Same as the above conditional, I don't know what it will return.
  59. if($phpcoders == true) {
  60.     $con = mysql_connect() or die(mysql_error()); //You need to build a valid connect statement here. You should really set up a global configuration page that establishes your mysql connection.
  61.     //$user = explode(echo"checklogin.html"); <- What are you trying to so here?
  62.  
  63.     $sql = "SELECT * FROM `login` WHERE `username` = '". $user[0] ."'"; //Where are you getting this array from?
  64.     mysql_select_db("members") or die(mysql_error());
  65.     $r = mysql_query($sql, $con);
  66.  
  67.     if(mysql_num_rows($r) == false) {
  68.         header("Location: ./checklogin.html");
  69.         die(); //Once again for security you'll want to kill the script at this point if the user has disabled the redirects.
  70.     }
  71.  
  72.     $chkusr = mysql_fetch_array($r);
  73.     if(unserialize($user[1]) != $chkusr[1]) { //I don't see where this user array came from..
  74.         header("Location: ./checklogin.html");
  75.         die(); //Same as above
  76.     }
  77. }
  78. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement