daGrevis Posted December 21, 2008 Report Share Posted December 21, 2008 Labdien! PHP un MySQL tikai mācos, tapēc noteikti tur ir pilns ar kļūdām un citām sliktām lietām, bet vēlējos tomēr novērst šo ķibeli... :) Viss ar piereģistrēšanos strādā, bet ielogošanās gan nē... Par to atbild fails "take_login.php"... Kas tur par vainu? P.S. Tas nav mans kods, atradu kautkur netā, un centos pielabot... SQL CREATE TABLE `users` ( `id` int(25) NOT NULL auto_increment, `nick` varchar(25) NOT NULL default '', `pass` varchar(255) NOT NULL default '', `email` varchar(255) NOT NULL default '', PRIMARY KEY (id), UNIQUE KEY nick (nick) ) TYPE=MyISAM; signup.php <?php require "includes/core.php"; stdhead("Reģistrācija"); ?> <form name="login" method="post" action="take_signup.php"> <table border="0" width="225" align="center"> <tr> <td width="219" bgcolor="#999999"> <p align="center"><font color="white"><span style="font-size:12pt;"><b>Registration</b></span></font></p> </td> </tr> <tr> <td width="219"> <table border="0" width="282" align="center"> <tr> <td width="116"><span style="font-size:10pt;">Email:</span></td> <td width="156"><input type="text" name="email" maxlength="100"></td> </tr> <tr> <td width="116"><span style="font-size:10pt;">Username:</span></td> <td width="156"><input type="text" name="nick"></td> </tr> <tr> <td width="116"><span style="font-size:10pt;">Password:</span></td> <td width="156"><input type="password" name="pass"></td> </tr> <tr> <td width="116"> </td> <td width="156"> <p align="right"><input type="submit" name="submit" value="Submit"></p> </td> </tr> </table> </td> </tr> <tr> <td width="219" bgcolor="#999999"> </td> </tr> </table> </form> <?php stdfoot(); ?> take_signup.php <?php $dbhost = "localhost"; $dbname = "mysource"; $dbuser = "root"; $dbpass = ""; mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Nevarēja piekonektēties: ".mysql_error()); mysql_select_db($dbname) or die(mysql_error()); $email = $_POST['email']; $nick = $_POST['nick']; $pass = $_POST['pass']; $checkuser = mysql_query("SELECT nick FROM users WHERE nick='$nick'"); $nick_exist = mysql_num_rows($checkuser); if($nick_exist > 0){ echo "Piedod, bet lietotājvārds, kuru tu izvēlējies jau ir lietošanā. Izvēlies citu!"; unset($nick); include 'register.html'; exit(); } $query = "INSERT INTO users (email, nick, pass) VALUES('$email', '$nick', '$pass')"; mysql_query($query) or die(mysql_error()); mysql_close(); echo "Tu esi veiksmīgi reģistrējies!"; ?> login.php <?php require "includes/core.php"; stdhead("Ielogošanās"); ?> <form name="login" method="post" action="take_login.php"> <table border="0" width="225" align="center"> <tr> <td width="219" bgcolor="#999999"> <p align="center"><font color="white"><span style="font-size:12pt;"><b>Login</b></span></font></p> </td> </tr> <tr> <td width="219"> <table border="0" width="220" align="center"> <tr> <td width="71"><span style="font-size:10pt;">Nick:</span></td> <td width="139"><input type="text" name="nick"></td> </tr> <tr> <td width="71"><span style="font-size:10pt;">Pass:</span></td> <td width="139"><input type="password" name="pass"></td> </tr> <tr> <td width="71"> </td> <td width="139"><p align="right"><input type="submit" name="submit" value="Submit"></p></td> </tr> </table> </td> </tr> <tr> <td width="219" bgcolor="#999999"><font color="white">Not Registered? </font><a href="signup.php" target="_self"><font color="white">Register</font></a><font color="white"> </font><b><i><font color="white">Now!</font></i></b></td> </tr> </table> </form> <?php stdfoot(); ?> take_login.php <?php $dbhost = "localhost"; $dbname = "mysource"; $dbuser = "root"; $dbpass = ""; mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Nevarēja piekonektēties: ".mysql_error()); mysql_select_db($dbname) or die(mysql_error()); session_start(); $nick = $_POST['nick']; $pass = md5($_POST['pass']); $query = "select * from users where nick='$nick' and pass='$pass'"; $result = mysql_query($query); if (mysql_num_rows($result) != 1) { echo "Nepareiza info!"; } else { $_SESSION['nick'] = "$nick"; include "index.php"; } ?> Lūdzu izskaidrojiet man... :) Link to comment Share on other sites More sharing options...
Aleksejs Posted December 21, 2008 Report Share Posted December 21, 2008 Pastāsti sīkāk kā neiešana izpaužās... Vai un kas ierakstās DB, kādu kļūdas paziņojumu rāda? Link to comment Share on other sites More sharing options...
daGrevis Posted December 22, 2008 Author Report Share Posted December 22, 2008 Jā, kad piereģistrējos, tad DB parādās jauns ieraksts, bet kad mēģinu ielogoties, izlec - "Nepareiza info!"... ..., lai gan tā nav... :( Link to comment Share on other sites More sharing options...
Aleksejs Posted December 22, 2008 Report Share Posted December 22, 2008 iekš take_signup.php - Tu paroli saglabā atklātā tekstā. Taču iekš take_login.php - Tu mēģini atrast paroles hash vērtību. $pass = md5($_POST['pass']); Link to comment Share on other sites More sharing options...
daGrevis Posted December 23, 2008 Author Report Share Posted December 23, 2008 Sapratu - izlaboju! :) Paldies... Vai ir iespējams to take_x.php savienot ar x.php vienā failā? Link to comment Share on other sites More sharing options...
yeahz Posted December 23, 2008 Report Share Posted December 23, 2008 Jā. Piemēram signup.php <?php require "includes/core.php"; stdhead("Reģistrācija"); if (isset($_GET['d']) and $_GET['d'] == "ok") { $dbhost = "localhost"; $dbname = "mysource"; $dbuser = "root"; $dbpass = ""; mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Nevarēja piekonektēties: ".mysql_error()); mysql_select_db($dbname) or die(mysql_error()); $email = $_POST['email']; $nick = $_POST['nick']; $pass = $_POST['pass']; $checkuser = mysql_query("SELECT nick FROM users WHERE nick='$nick'"); $nick_exist = mysql_num_rows($checkuser); if($nick_exist > 0){ echo "Piedod, bet lietotājvārds, kuru tu izvēlējies jau ir lietošanā. Izvēlies citu!"; unset($nick); include 'register.html'; exit(); } $query = "INSERT INTO users (email, nick, pass) VALUES('$email', '$nick', '$pass')"; mysql_query($query) or die(mysql_error()); mysql_close(); echo "Tu esi veiksmīgi reģistrējies!"; } ?> <form name="login" method="post" action="signup.php?d=ok"> <table border="0" width="225" align="center"> <tr> <td width="219" bgcolor="#999999"> <p align="center"><font color="white"><span style="font-size:12pt;"><b>Registration</b></span></font></p> </td> </tr> <tr> <td width="219"> <table border="0" width="282" align="center"> <tr> <td width="116"><span style="font-size:10pt;">Email:</span></td> <td width="156"><input type="text" name="email" maxlength="100"></td> </tr> <tr> <td width="116"><span style="font-size:10pt;">Username:</span></td> <td width="156"><input type="text" name="nick"></td> </tr> <tr> <td width="116"><span style="font-size:10pt;">Password:</span></td> <td width="156"><input type="password" name="pass"></td> </tr> <tr> <td width="116"> </td> <td width="156"> <p align="right"><input type="submit" name="submit" value="Submit"></p> </td> </tr> </table> </td> </tr> <tr> <td width="219" bgcolor="#999999"> </td> </tr> </table> </form> <?php stdfoot(); ?> Šķiet, ka pareizi uzrakstīju. Link to comment Share on other sites More sharing options...
daGrevis Posted December 24, 2008 Author Report Share Posted December 24, 2008 Divi jautājumiņi... P.S. zekils, tavs kods strādāja - paldies... :) 1) Ko es failā login.php uzrakstīju nepareizi, ka man met arā "erroru", lai gan viss pārējais strādā... ;) login.php <?php require "includes/core.php"; stdhead("Ielogošanās"); if (isset($_GET['d']) and $_GET['d'] == "ok") { $dbhost = "localhost"; $dbname = "mysource"; $dbuser = "root"; $dbpass = ""; mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Nevarēja piekonektēties: ".mysql_error()); mysql_select_db($dbname) or die(mysql_error()); session_start(); $nick = $_POST['nick']; $pass = md5($_POST['pass']); $query = "select * from users where nick='$nick' and pass='$pass'"; $result = mysql_query($query); if (mysql_num_rows($result) != 1) { echo "Nepareiza info!"; } else { $_SESSION['nick'] = "$nick"; echo "Veiksmīgi!"; } } ?> <form name="login" method="post" action="login.php?d=ok"> <table border="0" width="225" align="center"> <tr> <td width="219" bgcolor="#999999"> <p align="center"><font color="white"><span style="font-size:12pt;"><b>Login</b></span></font></p> </td> </tr> <tr> <td width="219"> <table border="0" width="220" align="center"> <tr> <td width="71"><span style="font-size:10pt;">Nick:</span></td> <td width="139"><input type="text" name="nick"></td> </tr> <tr> <td width="71"><span style="font-size:10pt;">Pass:</span></td> <td width="139"><input type="password" name="pass"></td> </tr> <tr> <td width="71"> </td> <td width="139"><p align="right"><input type="submit" name="submit" value="Submit"></p></td> </tr> </table> </td> </tr> <tr> <td width="219" bgcolor="#999999"><font color="white">Not Registered? </font><a href="signup.php" target="_self"><font color="white">Register</font></a><font color="white"> </font><b><i><font color="white">Now!</font></i></b></td> </tr> </table> </form> <?php stdfoot(); ?> Met ārā šo... Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at D:\xampp\htdocs\includes\core.php:59) in D:\xampp\htdocs\login.php on line 18 core.php - 59 line... <title><?php echo $title; ?></title> 2) Vai varu darīt šādi, un vai tas nekaitēs drošībai? Tajās vietās kur ir dati par savienošanos ar db, izdarīt šādi... require "includes/secrets.php" P.S. Man inludes mapei ir htaccess, ka nevar tā pat piekļūt... ;) Link to comment Share on other sites More sharing options...
Recommended Posts