Bug i can't find
Posted: Wed May 12, 2004 12:01 am
<?php
// Potential bug.. Make sure that it does not update the last login field if they havn't logged in
include('functions.inc');
$lastlogon = date("l, M, d");
$pass = md5($pass);
$sql = "SELECT * FROM users where user='$uname' and pass='$pass'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
if ($row["user"] == $uname && $row["pass"] == $pass) {
$lastlogon = date("l, M, d");
if(setcookie("user",$uname,time()+604800,"/","..com","0")) {
$sqll = "UPDATE users SET last_logon='$lastlogon' WHERE user='".$_POST['uname']."'";
if(mysql_query($sqll)) {
header("location: mypage");
}
else {
echo "Couldn't update user<br />".$sqll."<br />".mysql_error()."";
}
}
else {
echo "Couldn't set cookie";
}
}
else {
$output = "<center><font face=arial size=-1 color=red>Username/Password do not match <a
href=loginbox.php>Click here to login again</a></font></center>";
include('html.inc');
start_header($output);
}
?>
This login script of mine has been working all the way up until today. Now it wont allow most people to login. However, when i reset the pass in my user field it allowed me to login. But it will not allow anybody else. I used a manual url byt grabbing the uname and pass fromt he db and entering it into the url and trying to use the login script that way but it woudln't work.
Any ideas on why my code might have broken?
Thanks
Anthony
// Potential bug.. Make sure that it does not update the last login field if they havn't logged in
include('functions.inc');
$lastlogon = date("l, M, d");
$pass = md5($pass);
$sql = "SELECT * FROM users where user='$uname' and pass='$pass'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
if ($row["user"] == $uname && $row["pass"] == $pass) {
$lastlogon = date("l, M, d");
if(setcookie("user",$uname,time()+604800,"/","..com","0")) {
$sqll = "UPDATE users SET last_logon='$lastlogon' WHERE user='".$_POST['uname']."'";
if(mysql_query($sqll)) {
header("location: mypage");
}
else {
echo "Couldn't update user<br />".$sqll."<br />".mysql_error()."";
}
}
else {
echo "Couldn't set cookie";
}
}
else {
$output = "<center><font face=arial size=-1 color=red>Username/Password do not match <a
href=loginbox.php>Click here to login again</a></font></center>";
include('html.inc');
start_header($output);
}
?>
This login script of mine has been working all the way up until today. Now it wont allow most people to login. However, when i reset the pass in my user field it allowed me to login. But it will not allow anybody else. I used a manual url byt grabbing the uname and pass fromt he db and entering it into the url and trying to use the login script that way but it woudln't work.
Any ideas on why my code might have broken?
Thanks
Anthony