Please help me with this script.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • csabi_fl
    Sergeant

    • Jul 2006
    • 21

    Please help me with this script.

    Hi.
    Could someone please take a look at this script and figure out why it isn't working.It denies access even to registered users.
    <?php
    /* get the incoming ID and password hash */
    $user = $_POST["userid"];
    $pass = sha1($_POST["password"]);
    /* establish a connection with the database */
    $server = mysql_connect("localhost", "ydmmtbz_ydmmtbz",
    "slitodap");
    if (!$server) die(mysql_error());
    mysql_select_db("ydmmtbz_fmp");

    /* SQL statement to query the database */
    $query = "SELECT * FROM Users WHERE Userid = '$user'
    AND Password = '$pass'";
    /* query the database */
    $result = mysql_query($query);
    /* Allow access if a matching record was found, else deny access. */
    if (mysql_fetch_row($result))
    echo "Access granted.Welcome $user.";
    else
    echo "Access Denied: Invalid Credentials.";
    mysql_close($server);
    ?>
    Thank you for your time.
  • navaldesign
    General & Forum Moderator

    • Oct 2005
    • 12080

    #2
    Re: Please help me with this script.

    Originally posted by csabi_fl
    Hi.
    Could someone please take a look at this script and figure out why it isn't working.It denies access even to registered users.
    <?php
    /* get the incoming ID and password hash */
    $user = $_POST["userid"];
    $pass = $_POST["password"];
    /* establish a connection with the database */
    $server = mysql_connect("localhost", "ydmmtbz_ydmmtbz",
    "slitodap");
    if (!$server) die(mysql_error());
    mysql_select_db("ydmmtbz_fmp");

    /* SQL statement to query the database */
    $query = "SELECT * FROM Users WHERE Userid = '$user'
    AND Password = '$pass'";
    /* query the database */
    $result = mysql_query($query);
    /* Allow access if a matching record was found, else deny access. */
    if (mysql_fetch_row($result))
    echo "Access granted.Welcome $user.";
    else
    echo "Access Denied: Invalid Credentials.";
    mysql_close($server);
    ?>
    Thank you for your time.
    That's what i had already done but you changed it again!
    Navaldesign
    Logger Lite: Low Cost, Customizable, multifeatured Login script
    Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
    DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
    Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

    Comment

    • csabi_fl
      Sergeant

      • Jul 2006
      • 21

      #3
      Re: Please help me with this script.

      I might have changed it,but not on purpose.I am no expert and I appreciate all your help.
      Thank you Navaldesign.

      Comment

      • navaldesign
        General & Forum Moderator

        • Oct 2005
        • 12080

        #4
        Re: Please help me with this script.

        Your problem is that the original script "grabs" the sha1 (US Secure Hash Algorithm 1) number of the password, not the password itself. That would be ok if the registration form also stored the sha1 number of the password in the database, which apparently is not, so your validating script is trying to find the sha1 number of the password in the database, and can't find it so it dennies access. You either modify as indicated above, or modify your script that stores the password in the database. The use of the sha1 number of the password is a tecnique used to protect the system from intrusion by hacking computers that apply dictionary libraries to find passwords. But the password itself should be encoded before storing in tha database using the same algorithm. If you have manyally added those two couples of database usernames / passwords instead of going through your registration form, please verify your registration script, as it might be also encoding with sha1. In this case everything should run smooth.
        Navaldesign
        Logger Lite: Low Cost, Customizable, multifeatured Login script
        Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
        DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
        Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

        Comment

        • csabi_fl
          Sergeant

          • Jul 2006
          • 21

          #5
          Re: Please help me with this script.

          I was wondering what that "sha1" was in the script but I left it alone not knowing what it does.Now that you explained it I do.The script is working beautiful now.
          One more thing.How do I show the user's name on top of the member's page after they log in?I have found a script in this forum but it uses sessions and I don't.Is there any other way?
          Thanks in advance.

          Comment

          • navaldesign
            General & Forum Moderator

            • Oct 2005
            • 12080

            #6
            Re: Please help me with this script.

            Are your members pages html or php ?
            Navaldesign
            Logger Lite: Low Cost, Customizable, multifeatured Login script
            Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
            DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
            Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

            Comment

            • csabi_fl
              Sergeant

              • Jul 2006
              • 21

              #7
              Re: Please help me with this script.

              php.

              Comment

              • navaldesign
                General & Forum Moderator

                • Oct 2005
                • 12080

                #8
                Re: Please help me with this script.

                Originally posted by csabi_fl
                php.
                The only serious way is to start a session and pass the variables from page to page. Otherwise, each link to other pages has to be a small form itself, like the ones i have in this example: http://www.navaldesign.info/Tips/var...startpage.html. Each form has to implement the code i have used for the Multipage Form Tutorial , so it will pass through to the next page the necessary variables. Of course, in this case you need to have such a form also in the authentication (validate.php) page, so once the visitor has been authenticated, he clicks on this link (submit) button and gets to the first member page, and the variables that you want pass over also. Since you don't want to use a session, make sure to pass over also the user id and password, because this way you can implement the validate.php script in all your pages.
                Navaldesign
                Logger Lite: Low Cost, Customizable, multifeatured Login script
                Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
                DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
                Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

                Comment

                • rinahearts
                  Master Sergeant

                  • Aug 2006
                  • 68

                  #9
                  Re: Please help me with this script.

                  hello i was wondering if anyone can tell me how to create forms that will sent to an email address when the user clicks submit? i am developing my first website and i am not familiar

                  Comment

                  • Vasili
                    Moderator

                    • Mar 2006
                    • 14683

                    #10
                    Re: Please help me with this script.

                    You really need to start studying the Blue Voda Video Tutorials....they cover every question you have posted in the Forum so far, which demonstrates that you still haven't familiarized yourself with how the Forum can be searched for answers, and what the tutorials are all about!!
                    Start Here!

                    You also need to stop posting in exisitng threads (it's called interrupting), which is not allowed. (3 times today)
                    You are more apt to have a prompt and specific answer to your posts if you maintain Forum continuity by posting in the appropriate Forum, or within the complimentary thread!
                    ..
                    . VodaWebs....Luxury Group
                    * Success Is Potential Realized *

                    Comment

                    • navaldesign
                      General & Forum Moderator

                      • Oct 2005
                      • 12080

                      #11
                      Re: Please help me with this script.

                      Originally posted by rinahearts
                      hello i was wondering if anyone can tell me how to create forms that will sent to an email address when the user clicks submit? i am developing my first website and i am not familiar
                      Hi, the basic tutorials for form are BlueVoda Form Tutorial 1, BlueVoda Form Tutorial 2

                      Please read carefully the text UNDER the multimedia presentation of Tutorial #1
                      Navaldesign
                      Logger Lite: Low Cost, Customizable, multifeatured Login script
                      Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
                      DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
                      Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

                      Comment

                      Working...
                      X