#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    1
    Rep Power
    0

    Cant login on website


    Hello, i have website 9gag clone

    Problem is i cant login to website as member, and cant login in admin panel...


    but register work fine , even Facebook reg. work


    btw. login must redirect to setting.php

    here is code of login.php
    help !
    PHP Code:
    <?php


    include("include/config.php");
    include(
    "include/functions/import.php");

    $redirect stripslashes($_REQUEST['redirect']);
    $r base64_decode($redirect);
    STemplate::assign('r',$r);

    if (
    $_SESSION['USERID'] != "" && $redirect != "")
    {
        
    header("Location:$redirect");exit;
    }

    if(
    $_REQUEST['logsub']!="")
    {
        
    $username htmlentities(strip_tags($_REQUEST['username']), ENT_COMPAT"UTF-8");
        
    $password htmlentities(strip_tags($_REQUEST['password']), ENT_COMPAT"UTF-8");

        if(
    $username=="")
        {
            
    $error=$lang['4'];
        }
        elseif(
    $password=="")
        {
            
    $error=$lang['5'];
        }
        else
        {
            if(!
    verify_valid_email($username))
            {                
                
    $encryptedpassword md5($password);
                
    $query="SELECT status,USERID,email,username,verified,filter,mylang from members WHERE username='".mysql_real_escape_string($username)."' and password='".mysql_real_escape_string($encryptedpassword)."'";
                
    $result=$conn->execute($query);
                
                if(
    $result->recordcount()<1)
                {
                    
    $error=$lang['26'];
                }
                elseif(
    $result->fields['status']=="0")
                {
                    
    $error $lang['30'];
                }
        
                if(
    $error=="")
                {
                    
    $query="update members set lastlogin='".time()."', lip='".$_SERVER['REMOTE_ADDR']."' WHERE username='".mysql_real_escape_string($username)."'";
                    
    $conn->execute($query);
                    
    $_SESSION['USERID']=$result->fields['USERID'];
                    
    $_SESSION['EMAIL']=$result->fields['email'];
                    
    $_SESSION['USERNAME']=$result->fields['username'];
                    
    $_SESSION['VERIFIED']=$result->fields['verified'];
                    
    $_SESSION['FILTER']=$result->fields['filter'];
                    
    $setlang $result->fields['mylang'];
                    if(
    $setlang != "")
                    {
                        
    $addlang "?language=".$setlang;    
                    }
                    if(
    $_REQUEST["remember"]=="yes")
                    {
                        
    create_slrememberme();
                    }
                    
                    if(
    $redirect == "")
                    {
                        
    header("Location:$config[baseurl]/settings".$addlang);exit;
                    }
                    else
                    {
                        
    header("Location:$redirect");exit;
                    }
        
                }
            }
            else
            {
                
    $encryptedpassword md5($password);
                
    $query="SELECT status,USERID,email,username,verified,filter,mylang from members WHERE email='".mysql_real_escape_string($username)."' and password='".mysql_real_escape_string($encryptedpassword)."'";
                
    $result=$conn->execute($query);
                
                if(
    $result->recordcount()<1)
                {
                    
    $error=$lang['37'];
                }
                elseif(
    $result->fields['status']=="0")
                {
                    
    $error $lang['30'];
                }
        
                if(
    $error=="")
                {
                    
    $query="update members set lastlogin='".time()."', lip='".$_SERVER['REMOTE_ADDR']."' WHERE username='".mysql_real_escape_string($username)."'";
                    
    $conn->execute($query);
                    
    $_SESSION['USERID']=$result->fields['USERID'];
                    
    $_SESSION['EMAIL']=$result->fields['email'];
                    
    $_SESSION['USERNAME']=$result->fields['username'];
                    
    $_SESSION['VERIFIED']=$result->fields['verified'];
                    
    $_SESSION['FILTER']=$result->fields['filter'];
                    
    $setlang $result->fields['mylang'];
                    if(
    $setlang != "")
                    {
                        
    $addlang "?language=".$setlang;    
                    }
                    if(
    $_REQUEST["remember"]=="yes")
                    {
                        
    create_slrememberme();
                    }
                    
                    if(
    $redirect == "")
                    {
                        
    header("Location:$config[baseurl]/settings".$addlang);exit;
                    }
                    else
                    {
                        
    header("Location:$redirect");exit;
                        
    session_start();
                    }
        
                }
            }
        }
    }

    $pagetitle $lang['11'];
    STemplate::assign('pagetitle',$pagetitle);
    STemplate::assign('error',$error);

    //TEMPLATES BEGIN
    STemplate::display('login.tpl');
    //TEMPLATES END
    ?>
  2. #2
  3. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,908
    Rep Power
    6352
    This code is awful, insecure, and relies on PHP functions which were officially a bad idea to use a decade ago.

    You may as well start from scratch and get a real, secure, login system. This one has security holes just in the first few dozen lines.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.

IMN logo majestic logo threadwatch logo seochat tools logo