Error in login script?
Posted: Tue Aug 28, 2007 8:56 pm
Some of my users are getting an invalid password/username error while others aren't. I can't seem to figure out what it is. I contacted my host about it, but is there anything wrong with my script? again, it doesn't happen to all.
Code: Select all
<? session_start(); ?>
<? require("config.php"); ?>
<?
if (isset($_GET["form"]) && $_GET['form'] == "submit") {
//get vars
$username2 = $_POST['username'];
$password2 = $_POST['password'];
$username = strtolower($username2);
$password = strtolower($password2);
if (isset($_POST['cookie'])) { $cookie = $_POST['cookie']; }
$time = time();
$pass = md5($password);
//check database
$sql="SELECT * FROM users WHERE username='$username' and password='$pass'";
$result=mysql_query($sql);
//check if there is a match
$count=mysql_num_rows($result);
if($count==1){
$data = mysql_query("SELECT * FROM users WHERE username='$username' and password='$pass'");
$info = mysql_fetch_array($data);
$ip = getenv('REMOTE_ADDR');
$date = date("F j, Y, g:i a");
$iplogs = mysql_query("SELECT * FROM `iplogs` WHERE iusername='$username' and iip='$ip'");
$logs = mysql_num_rows($iplogs);
if ($logs > 0) {
$iplogs2 = mysql_query("SELECT * FROM `iplogs` WHERE iusername='$username' and iip='$ip'");
$r = mysql_fetch_array($iplogs2);
$logins = $r['logins'];
$logins++;
$update="UPDATE `iplogs` SET logins='$logins' WHERE iusername='$username' and iip='$ip'";
mysql_query($update);
} else {
$insert = mysql_query("insert into iplogs values ('', '$username', '$date', '$ip', '1')");
}
$_SESSION['username'] = $info['username'];
$_SESSION['admin'] = $info['astatus'];
$_SESSION['fname'] = $info['fname'];
if($cookie == "yes") {
setcookie("username", $info['username'], $time + 3600); // Sets the cookie username
setcookie("password", $password, $time + 3600); // Sets the cookie password
}
}
if ($count != 1) { $login = "error"; }
}
?>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8"/>
<meta name="description" content="description"/>
<meta name="keywords" content="keywords"/>
<meta name="author" content="author"/>
<link rel="stylesheet" type="text/css" href="default.css" media="screen"/>
<link rel="stylesheet" href="style.css" />
<script src="nav.js" type="text/javascript"></script>
<title>The Freebie Life</title>
</head>
<body>
<div class="outer-container">
<div class="inner-container">
<div class="header">
</div>
<div class="path">
Member Pages
</div>
<div class="main">
<div class="content">
<table align="center">
<Tr>
<font size="+3">Member Login</font> <br>
<?
if (isset($_GET["form"]) && $_GET['form'] == "submit") {
if($count==1) {
echo "<b><Center>You Have Now Been Logged In</center></b>";
echo '<meta http-equiv="refresh" content="2;url=main.php">';
exit;
}
}
//check to see if already logged in
if (isset($_SESSION['username'])) { echo "<b><center>You Are Currently Logged In As ".$_SESSION['username']."</center></b><br>";
echo '<meta http-equiv="refresh" content="2;url=main.php">';
exit; }
//check to see if a cookie is set
if (isset($_COOKIE['username'])) {
$username = $_COOKIE['username'];
$password = $_COOKIE['password'];
$pass = md5($password);
//check database
$sql="SELECT * FROM users WHERE username='$username' and password='$pass'";
$result=mysql_query($sql);
//check if there is a match
$count=mysql_num_rows($result);
if($count==1){
$data = mysql_query("SELECT * FROM users WHERE username='$username' and password='$pass'")
or die(mysql_error());
$info = mysql_fetch_array($data);
$cname = $info['username'];
$cpassword = $_COOKIE['password'];
$cookie = "set";
}
}
?>
<form action="login.php?form=submit" method="post" name="login">
<table width="350" border="0" align="center" cellpadding="1" cellspacing="0" bordercolor="#FFFFFF" class="table">
<tr>
<? if ($login == "error") { ?>
<td colspan="2" align="center"><? echo "<center><font color=red>Your Username or Password is Invalid</font></center>"; ?></td>
<? } else {?>
<td colspan="2"> </td>
<? } ?>
</tr>
<tr>
<td width="122"><div align="left"> Username: </div></td>
<td width="307"><input name="username" type="text" value="<? echo "$cname"; ?>" size="25" /></td>
</tr>
<tr>
<td><div align="left"> Password: </div></td>
<td><input name="password" type="password" id="Password" value="<? echo "$cpassword"; ?>" size="25" /></td>
</tr>
<? if ($cookie != "set") { ?><tr>
<td colspan="2"><div align="center">
<input name="cookie" type="checkbox" id="cookie" value="yes" />
Remember Me </div></td>
<tr>
<? } ?>
<td colspan="2"><div align="center">
<a href="forgot.php">Forgot Password</a>
</div></td>
</tr>
<Tr>
<td colspan="2"><div align="center">
<input name="submitbutton" type="submit" class="button" value="Submit">
</div></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</table> </form> <p> </p></td>