iseeyou94056 Posted August 5, 2009 Share Posted August 5, 2009 i have not coded in a wile and i dont remember how to fix this error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 can anyone please please tell me how Quote Link to comment Share on other sites More sharing options...
Strats Posted August 5, 2009 Share Posted August 5, 2009 Re: please help What file is it for? Quote Link to comment Share on other sites More sharing options...
iseeyou94056 Posted August 5, 2009 Author Share Posted August 5, 2009 Re: please help authenticate.php Quote Link to comment Share on other sites More sharing options...
iseeyou94056 Posted August 5, 2009 Author Share Posted August 5, 2009 Re: please help mysql_query("UPDATE users SET loggedin=1 WHERE userid=$userid") or die(mysql_error()); thats the line of code doing it but i was trying to make a new way to login because the normal way wont work Quote Link to comment Share on other sites More sharing options...
weewooz Posted August 5, 2009 Share Posted August 5, 2009 Re: please help <?php session_start(); if(get_magic_quotes_gpc() == 0) { foreach($_POST as $k => $v) { $_POST[$k]=addslashes($v); } foreach($_GET as $k => $v) { $_GET[$k]=addslashes($v); } } include "config.php"; global $_CONFIG; define("MONO_ON", 1); require "class/class_db_{$_CONFIG['driver']}.php"; $db=new database; $db->configure($_CONFIG['hostname'], $_CONFIG['username'], $_CONFIG['password'], $_CONFIG['database'], $_CONFIG['persistent']); $db->connect(); $c=$db->connection_id; $set=array(); $settq=$db->query("SELECT * FROM settings"); while($r=$db->fetch_row($settq)) { $set[$r['conf_name']]=$r['conf_value']; } if ($_POST['username'] == "" || $_POST['password'] == "") { die("<h3>{$set['game_name']} Error</h3> You did not fill in the login form! <a href=login.php>> Back</a>"); } $uq=$db->query("SELECT userid FROM users WHERE login_name='{$_POST['username']}' AND `userpass`=md5('{$_POST['password']}')"); if ($db->num_rows($uq)==0) { die("<h3>{$set['game_name']} Error</h3> Invalid username or password! <a href=login.php>> Back</a>"); } else { $_SESSION['loggedin']=1; $mem=$db->fetch_row($uq); $_SESSION['userid']=$mem['userid']; $IP = ($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; $db->query("UPDATE users SET lastip_login='$IP',last_login=unix_timestamp() WHERE userid={$mem['userid']}"); if($set['validate_period'] == "login" && $set['validate_on']) { $db->query("UPDATE users SET verified=0 WHERE userid={$mem['userid']}"); } header("Location: loggedin.php"); } ?> use that for the file what you get in your sql fields seems i my be a problem in there Quote Link to comment Share on other sites More sharing options...
iseeyou94056 Posted August 5, 2009 Author Share Posted August 5, 2009 Re: please help its v1 Quote Link to comment Share on other sites More sharing options...
? Sparks ? Posted August 5, 2009 Share Posted August 5, 2009 Re: please help <?php session_start(); if ($_POST['username'] == "" || $_POST['password'] == "") { die("<h3>Your Game Name Error</h3> You did not fill in the login form! <a href=login.php>> Back</a>"); } include "mysql.php"; global $c; $uq=mysql_query("SELECT userid FROM users WHERE login_name='{$_POST['username']}' AND `userpass`=md5('{$_POST['password']}')",$c) or die(mysql_error()); if (mysql_num_rows($uq)==0) { die("<h3>Your Game Name Error</h3> Invalid username or password! <a href=login.php>> Back</a>"); } else { $_SESSION['loggedin']=1; $mem=mysql_fetch_array($uq); $_SESSION['userid']=$mem['userid']; header("Location: loggedin.php"); } ?> Quote Link to comment Share on other sites More sharing options...
iseeyou94056 Posted August 6, 2009 Author Share Posted August 6, 2009 Re: please help i added that and there is no error but it wont login Quote Link to comment Share on other sites More sharing options...
weewooz Posted August 6, 2009 Share Posted August 6, 2009 Re: please help have you got all the sqls in right what ya mean it not login does it just stop on the login page when you try and sign in bro? Quote Link to comment Share on other sites More sharing options...
iseeyou94056 Posted August 6, 2009 Author Share Posted August 6, 2009 Re: please help it loads and looks like its going toogin then goes back to the login page Quote Link to comment Share on other sites More sharing options...
Cod Phoenix Posted August 6, 2009 Share Posted August 6, 2009 Re: please help This should do it. <?php session_start(); if ($_POST['username'] == "" || $_POST['password'] == "") { die("<h3>Your Game Name Error</h3> You did not fill in the login form! <a href=login.php>> Back</a>"); } include "mysql.php"; global $c; $uq=mysql_query("SELECT userid FROM users WHERE login_name='{$_POST['username']}' AND `userpass`=md5('{$_POST['password']}')",$c) or die(mysql_error()); if (mysql_num_rows($uq)==0) { die("<h3>Your Game Name Error</h3> Invalid username or password! <a href=login.php>> Back</a>"); } else { $_SESSION['loggedin']=1; $mem=mysql_fetch_array($uq); $_SESSION['userid']=$mem['userid']; header("Location: index.php"); } ?> Quote Link to comment Share on other sites More sharing options...
PHP Scene Posted August 6, 2009 Share Posted August 6, 2009 Re: please help This should do it. <?php session_start(); if ($_POST['username'] == "" || $_POST['password'] == "") { die("<h3>Your Game Name Error</h3> You did not fill in the login form! <a href=login.php>> Back</a>"); } include "mysql.php"; global $c; $uq=mysql_query("SELECT userid FROM users WHERE login_name='{$_POST['username']}' AND `userpass`=md5('{$_POST['password']}')",$c) or die(mysql_error()); if (mysql_num_rows($uq)==0) { die("<h3>Your Game Name Error</h3> Invalid username or password! <a href=login.php>> Back</a>"); } else { $_SESSION['loggedin']=1; $mem=mysql_fetch_array($uq); $_SESSION['userid']=$mem['userid']; header("Location: index.php"); } ?> Whats the difference from the other one posted? lol btw..you should sanitize the $_POST. values with mysql_real_escape_string(). To the OP, you could try this: <?php /* Mccode V1, authenticate.php recode by PHP Scene. */ session_start(); include ('mysql.php'); $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); if ($username == '' || $password == ''){ exit('Please make sure you fill the username and password fields in. [url="login.php"]Back[/url]'); } $check = mysql_query("SELECT `userid` FROM `users` WHERE `login_name` = '{$username}' AND `userpass` = md5('$password') LIMIT 1;", $c) or die(mysql_error()); if(!mysql_num_rows($check)){ exit('Account cannot be found with that username and password.'); }else{ $_SESSION['loggedin'] = 1; $user = mysql_fetch_object($check); $_SESSION['userid'] = $user->userid; header('Location: index.php'); } ?> (recode from scratch) Quote Link to comment Share on other sites More sharing options...
Cod Phoenix Posted August 6, 2009 Share Posted August 6, 2009 Re: please help Lol i just changed line header("Location: loggedin.php"); to header("Location: index.php"); thats all Quote Link to comment Share on other sites More sharing options...
CrazyT Posted August 6, 2009 Share Posted August 6, 2009 Re: please help This should do it. <?php session_start(); if ($_POST['username'] == "" || $_POST['password'] == "") { die("<h3>Your Game Name Error</h3> You did not fill in the login form! <a href=login.php>> Back</a>"); } include "mysql.php"; global $c; $uq=mysql_query("SELECT userid FROM users WHERE login_name='{$_POST['username']}' AND `userpass`=md5('{$_POST['password']}')",$c) or die(mysql_error()); if (mysql_num_rows($uq)==0) { die("<h3>Your Game Name Error</h3> Invalid username or password! <a href=login.php>> Back</a>"); } else { $_SESSION['loggedin']=1; $mem=mysql_fetch_array($uq); $_SESSION['userid']=$mem['userid']; header("Location: index.php"); } ?> Whats the difference from the other one posted? lol btw..you should sanitize the $_POST. values with mysql_real_escape_string(). To the OP, you could try this: <?php /* Mccode V1, authenticate.php recode by PHP Scene. */ session_start(); include ('mysql.php'); $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); if ($username == '' || $password == ''){ exit('Please make sure you fill the username and password fields in. [url="login.php"]Back[/url]'); } $check = mysql_query("SELECT `userid` FROM `users` WHERE `login_name` = '{$username}' AND `userpass` = md5('$password') LIMIT 1;", $c) or die(mysql_error()); if(!mysql_num_rows($check)){ exit('Account cannot be found with that username and password.'); }else{ $_SESSION['loggedin'] = 1; $user = mysql_fetch_object($check); $_SESSION['userid'] = $user->userid; header('Location: index.php'); } ?> (recode from scratch) You don't need to use "mysql_real_escape_string" on a password, if it's beening hashed.. with md5/sha1/ ect Quote Link to comment Share on other sites More sharing options...
iseeyou94056 Posted August 6, 2009 Author Share Posted August 6, 2009 Re: please help does anyone know what i should do? Quote Link to comment Share on other sites More sharing options...
Dave Posted August 6, 2009 Share Posted August 6, 2009 Re: please help This should do it. <?php session_start(); if ($_POST['username'] == "" || $_POST['password'] == "") { die("<h3>Your Game Name Error</h3> You did not fill in the login form! <a href=login.php>> Back</a>"); } include "mysql.php"; global $c; $uq=mysql_query("SELECT userid FROM users WHERE login_name='{$_POST['username']}' AND `userpass`=md5('{$_POST['password']}')",$c) or die(mysql_error()); if (mysql_num_rows($uq)==0) { die("<h3>Your Game Name Error</h3> Invalid username or password! <a href=login.php>> Back</a>"); } else { $_SESSION['loggedin']=1; $mem=mysql_fetch_array($uq); $_SESSION['userid']=$mem['userid']; header("Location: index.php"); } ?> Whats the difference from the other one posted? lol btw..you should sanitize the $_POST. values with mysql_real_escape_string(). To the OP, you could try this: <?php /* Mccode V1, authenticate.php recode by PHP Scene. */ session_start(); include ('mysql.php'); $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); if ($username == '' || $password == ''){ exit('Please make sure you fill the username and password fields in. [url="login.php"]Back[/url]'); } $check = mysql_query("SELECT `userid` FROM `users` WHERE `login_name` = '{$username}' AND `userpass` = md5('$password') LIMIT 1;", $c) or die(mysql_error()); if(!mysql_num_rows($check)){ exit('Account cannot be found with that username and password.'); }else{ $_SESSION['loggedin'] = 1; $user = mysql_fetch_object($check); $_SESSION['userid'] = $user->userid; header('Location: index.php'); } ?> (recode from scratch) You don't need to use "mysql_real_escape_string" on a password, if it's beening hashed.. with md5/sha1/ ect So mres'ing the password would potentially lock out any users with a ' in their password. Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted August 7, 2009 Share Posted August 7, 2009 Re: please help This should do it. <?php session_start(); if ($_POST['username'] == "" || $_POST['password'] == "") { die("<h3>Your Game Name Error</h3> You did not fill in the login form! <a href=login.php>> Back</a>"); } include "mysql.php"; global $c; $uq=mysql_query("SELECT userid FROM users WHERE login_name='{$_POST['username']}' AND `userpass`=md5('{$_POST['password']}')",$c) or die(mysql_error()); if (mysql_num_rows($uq)==0) { die("<h3>Your Game Name Error</h3> Invalid username or password! <a href=login.php>> Back</a>"); } else { $_SESSION['loggedin']=1; $mem=mysql_fetch_array($uq); $_SESSION['userid']=$mem['userid']; header("Location: index.php"); } ?> Whats the difference from the other one posted? lol btw..you should sanitize the $_POST. values with mysql_real_escape_string(). To the OP, you could try this: <?php /* Mccode V1, authenticate.php recode by PHP Scene. */ session_start(); include ('mysql.php'); $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); if ($username == '' || $password == ''){ exit('Please make sure you fill the username and password fields in. [url="login.php"]Back[/url]'); } $check = mysql_query("SELECT `userid` FROM `users` WHERE `login_name` = '{$username}' AND `userpass` = md5('$password') LIMIT 1;", $c) or die(mysql_error()); if(!mysql_num_rows($check)){ exit('Account cannot be found with that username and password.'); }else{ $_SESSION['loggedin'] = 1; $user = mysql_fetch_object($check); $_SESSION['userid'] = $user->userid; header('Location: index.php'); } ?> (recode from scratch) You don't need to use "mysql_real_escape_string" on a password, if it's beening hashed.. with md5/sha1/ ect So mres'ing the password would potentially lock out any users with a ' in their password. Yes that would be the case and in this case a bad idea. Quote Link to comment Share on other sites More sharing options...
iseeyou94056 Posted August 7, 2009 Author Share Posted August 7, 2009 Re: please help what should i do Quote Link to comment Share on other sites More sharing options...
iseeyou94056 Posted August 13, 2009 Author Share Posted August 13, 2009 Re: please help can anyone help Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.