daGrevis Posted January 7, 2009 Report Posted January 7, 2009 Šeit ir reģistrēšanās un ielogošanās sistēma, kurā ir daži "bugiņi", kā piemēram, ka nevar ielogoties [ :D ], un prasu jums, kā to varētu izlabot... Ceru, ka palīdzēsiet, jo viens pats to nevaru, jo ar PHP neesmu tik lielos draugos [ pagaidām ], tap\ec prasu jums... :) Kļūda ir tāda, ka ieejot /login.php, un savadot savus datus, izmet šādu kļūdu - There was an error: , please try again. ! MySQL ieraksts CREATE TABLE `users` ( `id` INT( 5 ) NOT NULL AUTO_INCREMENT, `username` VARCHAR( 20 ) NOT NULL, `password` VARCHAR( 32 ) NOT NULL, PRIMARY KEY ( `id` ) ) TYPE=MyISAM; /functions.php <?php function user_register($username, $password) { // Now encrypt the password, using md5; $encrypted = md5($password); // Store the information in the database; $query = "INSERT INTO users (username, password) VALUES ('$username', '$encrypted')"; mysql_query ($query) or die ('Could not create user!'); } function user_login($username, $password) { // Try and get the user using the username & encrypted pass $query = "SELECT id, username FROM users WHERE username='$username' and password='$password'"; $result = mysql_query($query); $user = mysql_fetch_array($result); $numrows = mysql_num_rows($result); // Now encrypt the data to be stored in the session $encrypted_id = md5($user['id']); $encrypted_name = md5($user['username']); // Store the data in the session $_SESSION['id'] = $id; $_SESSION['username'] = $username; $_SESSION['encrypted_id'] = $encrypted_id; $_SESSION['encrypted_name'] = $encrypted_name; if ($numrows == 1) { return 'Correct'; } else { return false; } } function user_logout() { // End the session and unset all vars session_unset (); session_destroy (); } function is_authed() { // Check if the encrypted username is the same // as the unencrypted one, if it is, it hasn't been changed if (isset($_SESSION['username']) && (md5($_SESSION['username']) == $_SESSION['encrypted_name'])) { return true; } else { return false; } } ?> /init.php <?php // Start the session session_start(); // MySQL Settings $db_host = 'localhost'; $db_user = 'root'; $db_pass = ''; $db_database = 'db'; // Connect to the database mysql_connect ($db_host, $db_user, $db_pass) or die ('Could not connect to the database.'); mysql_selectdb ($db_database) or die ('Could not select database.'); // Seed the random number generator srand(); // Include functions include 'functions.php'; ?> /register.php <?php // Include init file include 'init.php'; if (!isset($_POST['submit'])) { // Show the form include 'register_form.inc.php'; exit; } else { // Check if any of the fields are missing if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['confirmpass'])) { // Reshow the form with an error $reg_error = 'One or more fields missing'; include 'register_form.inc.php'; exit; } // Check if the passwords match if ($_POST['password'] != $_POST['confirmpass']) { // Reshow the form with an error $reg_error = 'Your passwords do not match'; include 'register_form.inc.php'; exit; } // Everything is ok, register user_register ($_POST['username'], md5($_POST['password'])); echo 'Thank you for registering on our site, <a href="index.php">click here</a> to go back.'; } ?> /register_form.inc.php <?php if (isset($reg_error)) { ?> There was an error: <?php echo $reg_error; ?>, please try again. <?php } ?> <form action="register.php" method="post"> <b>Username:</b> <input type="text" size="20" maxlength="20" name="username" <?php if (isset($_POST['username'])) { ?> value="<?php echo $_POST['username']; ?>" <?php } ?>/><br /> <b>Password:</b> <input type="password" size="20" maxlength="10" name="password" /><br /> <b>Confirm Password:</b> <input type="password" size="20" maxlength="10" name="confirmpass" /><br /> <input type="submit" name="submit" value="Register!" /> </form> /login.php <?php // Include init file include 'init.php'; if (!isset($_POST['submit'])) { // Show the form include 'login_form.inc.php'; exit; } else { // Try and login with the given username & pass $result = user_login($_POST['username'], $_POST['password']); if ($result != 'Correct') { // Reshow the form with the error $login_error = $result; include 'login_form.inc.php'; } else { echo 'Thank you for logging in, <a href="index.php">click here</a> to go back.'; } } ?> /login_form.inc.php <?php if (isset($reg_error)) { ?> There was an error: <?php echo $reg_error; ?>, please try again. <?php } ?> <form action="register.php" method="post"> <b>Username:</b> <input type="text" size="20" maxlength="20" name="username" <?php if (isset($_POST['username'])) { ?> value="<?php echo $_POST['username']; ?>" <?php } ?>/><br /> <b>Password:</b> <input type="password" size="20" maxlength="10" name="password" /><br /> <b>Confirm Password:</b> <input type="password" size="20" maxlength="10" name="confirmpass" /><br /> <input type="submit" name="submit" value="Register!" /> </form> /index.php <?php include 'init.php'; if (!is_authed()) { die ('You are not permitted to view this page!'); } ?> All works! Ceru, ka palīdzēsiet... ;)
80MXM08 Posted January 27, 2009 Report Posted January 27, 2009 neredzu tavā kodā kur tu raksti iekšā savu login!!! Ieliec, savādāk nevar redzēt kas tev tur notiek
Aleksejs Posted January 28, 2009 Report Posted January 28, 2009 Problēma ir tajā, ka no login.php tiek izsaukts: $result = user_login($_POST['username'], $_POST['password']); bet DB tiek glabāts md5 no paroles, tādēļ vajadzētu sākt ar šo: $result = user_login($_POST['username'], md5($_POST['password']));
Kemito Posted August 30, 2009 Report Posted August 30, 2009 Nepārbaudi paroli no DB kas ir MD5 ar vienkārši POST paroli, bet gan ar MD5(POST)!
Recommended Posts