|
#1
|
|||
|
|||
account-login
hey guys I am just fiddling with code with a helping hand from https://www.w3schools.com/php/php_form_validation.asp
here is what I got so far ( not tested yet ) Code:
<?php // // TorrentTrader v2.x // $LastChangedDate: 2012-09-19 19:13:35 +0100 (Wed, 19 Sep 2012) $ // $LastChangedBy: torrenttrader $ // // http://www.torrenttrader.org // // require_once("backend/functions.php"); dbconn(); function spesh_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } if($_SERVER["REQUEST_METHOD"] == "POST") { $username = spesh_input($_POST["username"]); $password = spesh_input($_POST["password"]); } $password = passhash($password); if(!empty($username) && !epmty($password)) { $res = mysqli_query("SELECT id,password,secret,status,enabled FROM users WHERE username=".mysqli_real_escape_string($username)."") or mysqli_error(__FILE__,__LINE__); $row = mysqli_fetch_assoc($res); if(!$row || $row["password"] != $password){ $message = T_("LOGIN_INCORRECT"); } elseif($row["status"] == "pending"){ $message = T_("ACCOUNT_PENDING"); } elseif($row["enabled"]) == "no"){ $message = T_("ACCOUNT_DISABLED"); } else { $message = T_("NO_EMPTY_FIELDS"); } if(!$message) { logincookie($row["id"},$row["password"],$row["secret"]); if(!empty($_POST["returnto"])){ header("Refresh:0;url=".$_POST["returnto"]); die(); } else { header("Refresh:0;url=index.php"); die(); } } else { show_error_msg(T_("ACCESS_DENIED"), $message, 1); } } logoutcookie(); |
#2
|
||||
|
||||
ok kinda confused on this one.
So first off you did not include any of the needed files (config, data base) second off you log them in then log them right back out? also you want to make sure that the server is using Code:
get_magic_quotes_gpc() Code:
stripslashes(
__________________
Do not ask me to help you work on your site that is not phpMyBitTorrent Do not ask me to make a mod for any other source Do not Ask me to setup your site. I will no longer help you setup your site, there is a setup script if you have trouble with it post in the forum here or in BT.Manager™ forum My Current Demo is here http://demo.btmanager.org/ |
#3
|
|||
|
|||
I updated the original post after I relized I left out the db and functions.php
if you check it again you will see I secured the: Code:
<form method='' action=''> Code:
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> Code:
<?php define('DB_SERVER', 'localhost'); define('DB_USERNAME', 'root'); define('DB_PASSWORD', 'MagicCues90'); define('DB_DATABASE', 'shop'); $db = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE); ?> Extra Note: Code:
function test_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } https://www.w3schools.com/php/showph...ion_escapechar Last edited by BamBam0077; 14th June 2018 at 04:14. |
#4
|
||||
|
||||
MySqli needs the connection ID on all
Code:
mysqli_query Code:
$res = mysqli_query($db, "SELECT id,password,secret,status,enabled FROM users WHERE username=".mysqli_real_escape_string($username)."") or mysqli_error(__FILE__,__LINE__);
__________________
Do not ask me to help you work on your site that is not phpMyBitTorrent Do not ask me to make a mod for any other source Do not Ask me to setup your site. I will no longer help you setup your site, there is a setup script if you have trouble with it post in the forum here or in BT.Manager™ forum My Current Demo is here http://demo.btmanager.org/ |
The Following User Says Thank You to joeroberts For This Useful Post: | ||
BamBam0077 (14th June 2018)
|
#5
|
|||
|
|||
now that makes more sense now how the new db style approach explains alot of other issues
|
Tags |
accountlogin |
|
|