PHP Development
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me

The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.

Go Back   Dev Shed ForumsProgramming LanguagesPHP Development
Reload this Page

PHP-General - Cant login on website


Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old December 30th, 2012, 06:49 PM
tomex009 tomex009 is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Dec 2012
Posts: 1 tomex009 User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 35 m 26 sec
Reputation Power: 0
PHP-General - Cant login on website
Hello, i have website 9gag clone

Problem is i cant login to website as member, and cant login in admin panel...


but register work fine , even Facebook reg. work


btw. login must redirect to setting.php

here is code of login.php
help !
PHP Code:
<?php


include("include/config.php");
include("include/functions/import.php");

$redirect stripslashes($_REQUEST['redirect']);
$r base64_decode($redirect);
STemplate::assign('r',$r);

if ($_SESSION['USERID'] != "" && $redirect != "")
{
    header("Location:$redirect");exit;
}

if($_REQUEST['logsub']!="")
{
    $username htmlentities(strip_tags($_REQUEST['username']), ENT_COMPAT"UTF-8");
    $password htmlentities(strip_tags($_REQUEST['password']), ENT_COMPAT"UTF-8");

    if($username=="")
    {
        $error=$lang['4'];
    }
    elseif($password=="")
    {
        $error=$lang['5'];
    }
    else
    {
        if(!verify_valid_email($username))
        {                
            $encryptedpassword md5($password);
            $query="SELECT status,USERID,email,username,verified,filter,mylang from members WHERE username='".mysql_real_escape_string($username)."' and password='".mysql_real_escape_string($encryptedpassword)."'";
            $result=$conn->execute($query);
            
            if($result->recordcount()<1)
            {
                $error=$lang['26'];
            }
            elseif($result->fields['status']=="0")
            {
                $error $lang['30'];
            }
    
            if($error=="")
            {
                $query="update members set lastlogin='".time()."', lip='".$_SERVER['REMOTE_ADDR']."' WHERE username='".mysql_real_escape_string($username)."'";
                $conn->execute($query);
                $_SESSION['USERID']=$result->fields['USERID'];
                $_SESSION['EMAIL']=$result->fields['email'];
                $_SESSION['USERNAME']=$result->fields['username'];
                $_SESSION['VERIFIED']=$result->fields['verified'];
                $_SESSION['FILTER']=$result->fields['filter'];
                $setlang $result->fields['mylang'];
                if($setlang != "")
                {
                    $addlang "?language=".$setlang;    
                }
                if($_REQUEST["remember"]=="yes")
                {
                    create_slrememberme();
                }
                
                if($redirect == "")
                {
                    header("Location:$config[baseurl]/settings".$addlang);exit;
                }
                else
                {
                    header("Location:$redirect");exit;
                }
    
            }
        }
        else
        {
            $encryptedpassword md5($password);
            $query="SELECT status,USERID,email,username,verified,filter,mylang from members WHERE email='".mysql_real_escape_string($username)."' and password='".mysql_real_escape_string($encryptedpassword)."'";
            $result=$conn->execute($query);
            
            if($result->recordcount()<1)
            {
                $error=$lang['37'];
            }
            elseif($result->fields['status']=="0")
            {
                $error $lang['30'];
            }
    
            if($error=="")
            {
                $query="update members set lastlogin='".time()."', lip='".$_SERVER['REMOTE_ADDR']."' WHERE username='".mysql_real_escape_string($username)."'";
                $conn->execute($query);
                $_SESSION['USERID']=$result->fields['USERID'];
                $_SESSION['EMAIL']=$result->fields['email'];
                $_SESSION['USERNAME']=$result->fields['username'];
                $_SESSION['VERIFIED']=$result->fields['verified'];
                $_SESSION['FILTER']=$result->fields['filter'];
                $setlang $result->fields['mylang'];
                if($setlang != "")
                {
                    $addlang "?language=".$setlang;    
                }
                if($_REQUEST["remember"]=="yes")
                {
                    create_slrememberme();
                }
                
                if($redirect == "")
                {
                    header("Location:$config[baseurl]/settings".$addlang);exit;
                }
                else
                {
                    header("Location:$redirect");exit;
                    session_start();
                }
    
            }
        }
    }
}

$pagetitle $lang['11'];
STemplate::assign('pagetitle',$pagetitle);
STemplate::assign('error',$error);

//TEMPLATES BEGIN
STemplate::display('login.tpl');
//TEMPLATES END
?>
Reply With Quote
  #2  
Old December 31st, 2012, 05:35 PM
ManiacDan's Avatar
ManiacDan ManiacDan is offline
Likely to be eaten by a grue.
Dev Shed God 10th Plane (9500 - 9999 posts)
  
Join Date: Oct 2006
Location: Pennsylvania, USA
Posts: 9,811 ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)ManiacDan User rank is General 77th Grade (Above 100000 Reputation Level)  Folding Points: 127430 Folding Title: Super Ultimate Folder - Level 1Folding Points: 127430 Folding Title: Super Ultimate Folder - Level 1Folding Points: 127430 Folding Title: Super Ultimate Folder - Level 1Folding Points: 127430 Folding Title: Super Ultimate Folder - Level 1Folding Points: 127430 Folding Title: Super Ultimate Folder - Level 1Folding Points: 127430 Folding Title: Super Ultimate Folder - Level 1
Time spent in forums: 2 Months 3 Weeks 19 h 13 m 52 sec
Reputation Power: 6112
This code is awful, insecure, and relies on PHP functions which were officially a bad idea to use a decade ago.

You may as well start from scratch and get a real, secure, login system. This one has security holes just in the first few dozen lines.
__________________
HEY! YOU! Read the New User Guide and Forum Rules

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

"The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
Reply With Quote
Reply

Viewing: Dev Shed ForumsProgramming LanguagesPHP Development > PHP-General - Cant login on website

« Previous Thread | Next Thread »

Developer Shed Advertisers and Affiliates



Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 


Powered by: vBulletin Version 3.0.5
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap