iseeyou94056 Posted August 5, 2009 Posted August 5, 2009 i have not coded in a wile and i dont remember how to fix this error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 can anyone please please tell me how Quote
iseeyou94056 Posted August 5, 2009 Author Posted August 5, 2009 Re: please help authenticate.php Quote
iseeyou94056 Posted August 5, 2009 Author Posted August 5, 2009 Re: please help mysql_query("UPDATE users SET loggedin=1 WHERE userid=$userid") or die(mysql_error()); thats the line of code doing it but i was trying to make a new way to login because the normal way wont work Quote
weewooz Posted August 5, 2009 Posted August 5, 2009 Re: please help <?php session_start(); if(get_magic_quotes_gpc() == 0) { foreach($_POST as $k => $v) { $_POST[$k]=addslashes($v); } foreach($_GET as $k => $v) { $_GET[$k]=addslashes($v); } } include "config.php"; global $_CONFIG; define("MONO_ON", 1); require "class/class_db_{$_CONFIG['driver']}.php"; $db=new database; $db->configure($_CONFIG['hostname'], $_CONFIG['username'], $_CONFIG['password'], $_CONFIG['database'], $_CONFIG['persistent']); $db->connect(); $c=$db->connection_id; $set=array(); $settq=$db->query("SELECT * FROM settings"); while($r=$db->fetch_row($settq)) { $set[$r['conf_name']]=$r['conf_value']; } if ($_POST['username'] == "" || $_POST['password'] == "") { die("<h3>{$set['game_name']} Error</h3> You did not fill in the login form! <a href=login.php>> Back</a>"); } $uq=$db->query("SELECT userid FROM users WHERE login_name='{$_POST['username']}' AND `userpass`=md5('{$_POST['password']}')"); if ($db->num_rows($uq)==0) { die("<h3>{$set['game_name']} Error</h3> Invalid username or password! <a href=login.php>> Back</a>"); } else { $_SESSION['loggedin']=1; $mem=$db->fetch_row($uq); $_SESSION['userid']=$mem['userid']; $IP = ($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; $db->query("UPDATE users SET lastip_login='$IP',last_login=unix_timestamp() WHERE userid={$mem['userid']}"); if($set['validate_period'] == "login" && $set['validate_on']) { $db->query("UPDATE users SET verified=0 WHERE userid={$mem['userid']}"); } header("Location: loggedin.php"); } ?> use that for the file what you get in your sql fields seems i my be a problem in there Quote
? Sparks ? Posted August 5, 2009 Posted August 5, 2009 Re: please help <?php session_start(); if ($_POST['username'] == "" || $_POST['password'] == "") { die("<h3>Your Game Name Error</h3> You did not fill in the login form! <a href=login.php>> Back</a>"); } include "mysql.php"; global $c; $uq=mysql_query("SELECT userid FROM users WHERE login_name='{$_POST['username']}' AND `userpass`=md5('{$_POST['password']}')",$c) or die(mysql_error()); if (mysql_num_rows($uq)==0) { die("<h3>Your Game Name Error</h3> Invalid username or password! <a href=login.php>> Back</a>"); } else { $_SESSION['loggedin']=1; $mem=mysql_fetch_array($uq); $_SESSION['userid']=$mem['userid']; header("Location: loggedin.php"); } ?> Quote
iseeyou94056 Posted August 6, 2009 Author Posted August 6, 2009 Re: please help i added that and there is no error but it wont login Quote
weewooz Posted August 6, 2009 Posted August 6, 2009 Re: please help have you got all the sqls in right what ya mean it not login does it just stop on the login page when you try and sign in bro? Quote
iseeyou94056 Posted August 6, 2009 Author Posted August 6, 2009 Re: please help it loads and looks like its going toogin then goes back to the login page Quote
Cod Phoenix Posted August 6, 2009 Posted August 6, 2009 Re: please help This should do it. <?php session_start(); if ($_POST['username'] == "" || $_POST['password'] == "") { die("<h3>Your Game Name Error</h3> You did not fill in the login form! <a href=login.php>> Back</a>"); } include "mysql.php"; global $c; $uq=mysql_query("SELECT userid FROM users WHERE login_name='{$_POST['username']}' AND `userpass`=md5('{$_POST['password']}')",$c) or die(mysql_error()); if (mysql_num_rows($uq)==0) { die("<h3>Your Game Name Error</h3> Invalid username or password! <a href=login.php>> Back</a>"); } else { $_SESSION['loggedin']=1; $mem=mysql_fetch_array($uq); $_SESSION['userid']=$mem['userid']; header("Location: index.php"); } ?> Quote
PHP Scene Posted August 6, 2009 Posted August 6, 2009 Re: please help This should do it. <?php session_start(); if ($_POST['username'] == "" || $_POST['password'] == "") { die("<h3>Your Game Name Error</h3> You did not fill in the login form! <a href=login.php>> Back</a>"); } include "mysql.php"; global $c; $uq=mysql_query("SELECT userid FROM users WHERE login_name='{$_POST['username']}' AND `userpass`=md5('{$_POST['password']}')",$c) or die(mysql_error()); if (mysql_num_rows($uq)==0) { die("<h3>Your Game Name Error</h3> Invalid username or password! <a href=login.php>> Back</a>"); } else { $_SESSION['loggedin']=1; $mem=mysql_fetch_array($uq); $_SESSION['userid']=$mem['userid']; header("Location: index.php"); } ?> Whats the difference from the other one posted? lol btw..you should sanitize the $_POST. values with mysql_real_escape_string(). To the OP, you could try this: <?php /* Mccode V1, authenticate.php recode by PHP Scene. */ session_start(); include ('mysql.php'); $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); if ($username == '' || $password == ''){ exit('Please make sure you fill the username and password fields in. [url="login.php"]Back[/url]'); } $check = mysql_query("SELECT `userid` FROM `users` WHERE `login_name` = '{$username}' AND `userpass` = md5('$password') LIMIT 1;", $c) or die(mysql_error()); if(!mysql_num_rows($check)){ exit('Account cannot be found with that username and password.'); }else{ $_SESSION['loggedin'] = 1; $user = mysql_fetch_object($check); $_SESSION['userid'] = $user->userid; header('Location: index.php'); } ?> (recode from scratch) Quote
Cod Phoenix Posted August 6, 2009 Posted August 6, 2009 Re: please help Lol i just changed line header("Location: loggedin.php"); to header("Location: index.php"); thats all Quote
CrazyT Posted August 6, 2009 Posted August 6, 2009 Re: please help This should do it. <?php session_start(); if ($_POST['username'] == "" || $_POST['password'] == "") { die("<h3>Your Game Name Error</h3> You did not fill in the login form! <a href=login.php>> Back</a>"); } include "mysql.php"; global $c; $uq=mysql_query("SELECT userid FROM users WHERE login_name='{$_POST['username']}' AND `userpass`=md5('{$_POST['password']}')",$c) or die(mysql_error()); if (mysql_num_rows($uq)==0) { die("<h3>Your Game Name Error</h3> Invalid username or password! <a href=login.php>> Back</a>"); } else { $_SESSION['loggedin']=1; $mem=mysql_fetch_array($uq); $_SESSION['userid']=$mem['userid']; header("Location: index.php"); } ?> Whats the difference from the other one posted? lol btw..you should sanitize the $_POST. values with mysql_real_escape_string(). To the OP, you could try this: <?php /* Mccode V1, authenticate.php recode by PHP Scene. */ session_start(); include ('mysql.php'); $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); if ($username == '' || $password == ''){ exit('Please make sure you fill the username and password fields in. [url="login.php"]Back[/url]'); } $check = mysql_query("SELECT `userid` FROM `users` WHERE `login_name` = '{$username}' AND `userpass` = md5('$password') LIMIT 1;", $c) or die(mysql_error()); if(!mysql_num_rows($check)){ exit('Account cannot be found with that username and password.'); }else{ $_SESSION['loggedin'] = 1; $user = mysql_fetch_object($check); $_SESSION['userid'] = $user->userid; header('Location: index.php'); } ?> (recode from scratch) You don't need to use "mysql_real_escape_string" on a password, if it's beening hashed.. with md5/sha1/ ect Quote
iseeyou94056 Posted August 6, 2009 Author Posted August 6, 2009 Re: please help does anyone know what i should do? Quote
Dave Posted August 6, 2009 Posted August 6, 2009 Re: please help This should do it. <?php session_start(); if ($_POST['username'] == "" || $_POST['password'] == "") { die("<h3>Your Game Name Error</h3> You did not fill in the login form! <a href=login.php>> Back</a>"); } include "mysql.php"; global $c; $uq=mysql_query("SELECT userid FROM users WHERE login_name='{$_POST['username']}' AND `userpass`=md5('{$_POST['password']}')",$c) or die(mysql_error()); if (mysql_num_rows($uq)==0) { die("<h3>Your Game Name Error</h3> Invalid username or password! <a href=login.php>> Back</a>"); } else { $_SESSION['loggedin']=1; $mem=mysql_fetch_array($uq); $_SESSION['userid']=$mem['userid']; header("Location: index.php"); } ?> Whats the difference from the other one posted? lol btw..you should sanitize the $_POST. values with mysql_real_escape_string(). To the OP, you could try this: <?php /* Mccode V1, authenticate.php recode by PHP Scene. */ session_start(); include ('mysql.php'); $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); if ($username == '' || $password == ''){ exit('Please make sure you fill the username and password fields in. [url="login.php"]Back[/url]'); } $check = mysql_query("SELECT `userid` FROM `users` WHERE `login_name` = '{$username}' AND `userpass` = md5('$password') LIMIT 1;", $c) or die(mysql_error()); if(!mysql_num_rows($check)){ exit('Account cannot be found with that username and password.'); }else{ $_SESSION['loggedin'] = 1; $user = mysql_fetch_object($check); $_SESSION['userid'] = $user->userid; header('Location: index.php'); } ?> (recode from scratch) You don't need to use "mysql_real_escape_string" on a password, if it's beening hashed.. with md5/sha1/ ect So mres'ing the password would potentially lock out any users with a ' in their password. Quote
Haunted Dawg Posted August 7, 2009 Posted August 7, 2009 Re: please help This should do it. <?php session_start(); if ($_POST['username'] == "" || $_POST['password'] == "") { die("<h3>Your Game Name Error</h3> You did not fill in the login form! <a href=login.php>> Back</a>"); } include "mysql.php"; global $c; $uq=mysql_query("SELECT userid FROM users WHERE login_name='{$_POST['username']}' AND `userpass`=md5('{$_POST['password']}')",$c) or die(mysql_error()); if (mysql_num_rows($uq)==0) { die("<h3>Your Game Name Error</h3> Invalid username or password! <a href=login.php>> Back</a>"); } else { $_SESSION['loggedin']=1; $mem=mysql_fetch_array($uq); $_SESSION['userid']=$mem['userid']; header("Location: index.php"); } ?> Whats the difference from the other one posted? lol btw..you should sanitize the $_POST. values with mysql_real_escape_string(). To the OP, you could try this: <?php /* Mccode V1, authenticate.php recode by PHP Scene. */ session_start(); include ('mysql.php'); $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); if ($username == '' || $password == ''){ exit('Please make sure you fill the username and password fields in. [url="login.php"]Back[/url]'); } $check = mysql_query("SELECT `userid` FROM `users` WHERE `login_name` = '{$username}' AND `userpass` = md5('$password') LIMIT 1;", $c) or die(mysql_error()); if(!mysql_num_rows($check)){ exit('Account cannot be found with that username and password.'); }else{ $_SESSION['loggedin'] = 1; $user = mysql_fetch_object($check); $_SESSION['userid'] = $user->userid; header('Location: index.php'); } ?> (recode from scratch) You don't need to use "mysql_real_escape_string" on a password, if it's beening hashed.. with md5/sha1/ ect So mres'ing the password would potentially lock out any users with a ' in their password. Yes that would be the case and in this case a bad idea. Quote
iseeyou94056 Posted August 7, 2009 Author Posted August 7, 2009 Re: please help what should i do Quote
iseeyou94056 Posted August 13, 2009 Author Posted August 13, 2009 Re: please help can anyone help Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.