Did one change in the script guildregister.php:
Changed the md5 part in the INSERT query to:
$sql_reg = sprintf("INSERT INTO guildlogin (guilduser_name, guilduser_pass)
VALUES ('%s', password('%s'))",
$_POST['guilduser_name'],
$_POST['guilduser_pass']);
$reg = mysql_query($sql_reg) or die(mysql_error());
On 10/15/05, twistednetadmin <[EMAIL PROTECTED]> wrote:
>
> All: Sorry..... I forgot to write what's wrong....stupid me...
> Mike:1) I'm not sure how to indent the code...
> 2) I'm using Dreamweaver, but not to write the code for me. I'm not that
> lazy :). And that's not the way for me to learn.
> It's just rather annoying that all the tutorials I have tried seems to
> fail. How can I learn when I'm apparently given the wrong information.
> I am searching php.net <http://php.net> for the right code, but it can be
> rather overwhelming at some points....
>
> Chris: No, it did not work before I made these changes.
>
>
>
> The way it should work:
> ---------------------------------------
> Guildregister.php
> -------------------------
> Sends the information from the form(guilduser_name and guilduser_pass) to
> the DB, encrypting the password with md5 encryption.
> This works as intended. No need for any security since am the only one
> with access to this.
> ----------------------------------------
> Code for Register.php:
> ----------------------------------------
>
> <html>
> <head>
> <title>HOoSRegisterpage for new membersHOoS</title>
> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
> <link href="stylesheets/holyorder.css" rel="stylesheet" type="text/css">
> </head>
>
> <body bgcolor="#000000">
> <?php
> include ("connections/HOoStest.php");
>
>
>
> if (isset($_POST["MM_insert"]) && $_POST["MM_insert"] == "reg") {
> $sql_reg = sprintf("INSERT INTO guildlogin (guilduser_name,
> guilduser_pass) VALUES ('%s', '%s')",
> $_POST['guilduser_name'],
> md5($_POST['guilduser_pass']));
> $reg = mysql_query($sql_reg) or die(mysql_error());
> }
>
> ?>
> <table width="100%" border="0" cellspacing="0" cellpadding="0">
> <tr>
> <td width="200" align="center"><img src="guildimages/tabard.jpg"
> alt="pic1"></td>
> <td align="center">
> <!--Mainlogo-->
>
> <img src="guildimages/main_logo.jpg" alt="logo"></td>
> <td width="200" align="center"><img src="guildimages/tabard.jpg"
> alt="pic1"></td>
> </tr>
> <tr>
> <td colspan="3" align="center">
> <table>
> <form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
> <tr>
> <td align="center" valign="middle" class="maintext">
> New user:<input name="guilduser_name">
> </td>
> </tr>
> <tr>
> <td align="center" valign="middle" class="maintext">
> Password:<input name="guilduser_pass" type="password"><br>
> <input type="hidden" name="MM_insert" value="reg">
> </td>
> </tr>
> <tr>
> <td align="center" valign="middle" class="maintext">
> <input name="submit" type="image" src="guildimages/register_btn.jpg"
> value="update">
> </td>
> </tr>
> </form>
> </table>
> </td>
> </tr>
>
> </table>
>
> </body>
> </html>
>
> -----------------------------------
> Guildlogin.php
> -----------------------------------
> This should create a session variable for the authentication, but it fails
> at some point. I have checked the sessiondata on my testserver, and that
> shows blank. So it's clear for me that I don't get the information saved in
> the variable $_SESSION.
> I don't get any sql errors, so I don't think that is the problem. But then
> again....it is my first script, and I could offcourse be wrong.
> I'm not sure where I should put the echo $sql; to check the query.Sincethe
> Guildlogin.php sends me directly to the error page at the end of
> execution.
> The script sends me to the loginerror.php even if the username and the
> password is correct.
> The point here is that this happens every time I press the button "login"
> in the form, regardless of the input in the form.
> --------------------
> Code for Guildlogin.php:
> ----------------------
> <?php
> include ("connections/HOoStest.php");
>
>
>
> session_start();
> if (@$_GET['guildaction'] == "login");
> {
>
> $sql = "SELECT guilduser_name FROM guildlogin
> WHERE guilduser_name='$_POST[guilduser_name]'";
> $result = mysql_query($sql) or die("Couldn't execute query.");
> $num = mysql_num_rows($result);
> if ($num ==1) //loginname found
> {
> $sql = "SELECT guilduser_name FROM guildlogin
> WHERE guilduser_name='$_POST[guilduser_name]'
> AND guilduser_pass=password('$_POST[guilduser_pass]')";
> $result2 = mysql_query($sql) or die("Couldn't execute query 2.");
> $num2 = mysql_num_rows($result2);
> if ($num2 > 0) //password is correct
> {
> $_SESSION['auth']="yes";
> $logname=$_POST['guilduser_name'];
> $_SESSION['logname'] = $logname;
> header("Location: HolyOrder1.php");
> exit();
> }
> else //password is not correct
> {
> unset($guildaction);
> $message="Login not correct";
> header("Location: Guildloginerror.php");
> }
> }
> elseif ($num == 0) // Wrong name. Name not in db
> {
> unset($guildaction);
> $message="Login failed";
> header("Location: Guildloginerror.php");
> }
>
> }
>
> ?>
> -------------------------------------------
> The form:
> -------------------------------------------
> I don't feel it's nessesary to explain this...
> -------------------------------------------
> Code for loginform:
> -------------------------------------------
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "
> http://www.w3.org/TR/html4/loose.dtd";>
> <html>
> <head>
> <title>HOoSloginpage for membersHOoS</title>
> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
> <link href="stylesheets/holyorder.css" rel="stylesheet" type="text/css">
> </head>
>
> <body bgcolor="#000000">
>
>
>
>
>
> <table width="100%" border="0" cellspacing="0" cellpadding="0"
> class="maintext">
> <tr>
> <td width="200" align="center"><img src="guildimages/tabard.jpg"
> alt="pic1"></td>
> <td align="center">
> <!--Mainlogo-->
>
> <img src="guildimages/main_logo.jpg" alt="logo"></td>
> <td width="200" align="center"><img src="guildimages/tabard.jpg"
> alt="pic1"></td>
> </tr>
> <tr>
> <td colspan="3" align="center">
>
>
> <table>
> <form action="Guildlogin1.php?guildaction=login" method="post">
>
> <tr>
> <td align="center" valign="middle" class="maintext">
> Login as:<input type=text name="guilduser_name">
> </td>
> </tr>
> <tr>
> <td align="center" valign="middle" class="maintext">
> Password:<input type="password" name="guilduser_pass"><br>
> </td>
> </tr>
> <tr>
> <td align="center" valign="middle" class="maintext">
> <input name="log" type="image" src="guildimages/login_btn.jpg"
> value="Enter"></td>
> </tr>
> </form>
> </table>
>
>
>
> </td>
> </tr>
>
> </table>
>
> </body>
> </html>
> -----------------------------------------------
> End
> -----------------------------------------------
> I hope this was a better explanation than the last one...hehe...
> I guess I was busy pulling out my hair...
>
> -TW-
>
>
>
>
