So I have two PHP files that are supposed to talk to eachother during User Registration.
The first: register.inc.php is supposed to create a new user in mysql database on MAMP and the second is register.php which is the basic form and is supposed to send it's data to register.inc.php. I am not receiving any errors in either files but it does not want to both: create the user and redirect to the register-success.php page.
Any idea what is going on?
register.inc.php:
<?php
include_once 'db_connect.php';
include_once 'psl-config.php';
$error_msg = "";
//echo var_dump($_POST['username']);
if (isset($_POST['username'], $_POST['email'], $_POST['p'])) {
// Sanitize and validate the data passed in
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
$email = filter_var($email, FILTER_VALIDATE_EMAIL);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
// Not a valid email
$error_msg .= '<p class="error">The email address you entered is not valid</p>';
}
$password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
if (strlen($password) != 128) {
// The hashed pwd should be 128 characters long.
// If it's not, something really odd has happened
$error_msg .= '<p class="error">Invalid password configuration.</p>';
}
// Username validity and password validity have been checked client side.
// This should should be adequate as nobody gains any advantage from
// breaking these rules.
//
$prep_stmt = "SELECT id FROM members WHERE email = ? LIMIT 1";
$stmt = $mysqli->prepare($prep_stmt);
// check existing email
if ($stmt) {
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
// A user with this email address already exists
$error_msg .= '<p class="error">A user with this email address already exists.</p>';
$stmt->close();
}
$stmt->close();
} else {
$error_msg .= '<p class="error">Database error Line 39</p>';
$stmt->close();
}
// check existing username
$prep_stmt = "SELECT id FROM members WHERE username = ? LIMIT 1";
$stmt = $mysqli->prepare($prep_stmt);
if ($stmt) {
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
// A user with this username already exists
$error_msg .= '<p class="error">A user with this username already exists</p>';
$stmt->close();
}
$stmt->close();
} else {
$error_msg .= '<p class="error">Database error line 55</p>';
$stmt->close();
}
// TODO:
// We'll also have to account for the situation where the user doesn't have
// rights to do registration, by checking what type of user is attempting to
// perform the operation.
if (empty($error_msg)) {
// Create a random salt
//$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE)); // Did not work
$random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
// Create salted password
$password = hash('sha512', $password . $random_salt);
// Insert the new user into the database
if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt) VALUES (?, ?, ?, ?)")) {
$insert_stmt->bind_param('ssss', $username, $email, $password, $random_salt);
// Execute the prepared query.
if (! $insert_stmt->execute()) {
header('Location: ../error.php?err=Registration failure: INSERT');
}
}
header('Location: ./register_success.php');
}
}
register.php:
<?php
include_once 'includes/register.inc.php';
include_once 'includes/functions.php';
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Secure Login: Registration Form</title>
<script type="text/JavaScript" src="js/sha512.js"></script>
<script type="text/JavaScript" src="js/forms.js"></script>
<link rel="stylesheet" href="styles/main.css" />
</head>
<body>
<!-- Registration form to be output if the POST variables are not
set or if the registration script caused an error. -->
<h1>Register with us</h1>
<?php
if (!empty($error_msg)) {
echo $error_msg;
}
?>
<ul>
<li>Usernames may contain only digits, upper and lower case letters and underscores</li>
<li>Emails must have a valid email format</li>
<li>Passwords must be at least 6 characters long</li>
<li>Passwords must contain
<ul>
<li>At least one upper case letter (A..Z)</li>
<li>At least one lower case letter (a..z)</li>
<li>At least one number (0..9)</li>
</ul>
</li>
<li>Your password and confirmation must match exactly</li>
</ul>
<form action="<?php echo esc_url($_SERVER['PHP_SELF']); ?>"
method="post"
name="registration_form">
Username: <input type='text'
name='username'
id='username' /><br>
Email: <input type="text" name="email" id="email" /><br>
Password: <input type="password"
name="password"
id="password"/><br>
Confirm password: <input type="password"
name="confirmpwd"
id="confirmpwd" /><br>
<input type="button"
value="Register"
onclick="return regformhash(this.form,
this.form.username,
this.form.email,
this.form.password,
this.form.confirmpwd);" />
</form>
<p>Return to the login page.</p>
</body>
</html>
You have this
if (isset($_POST['username'], $_POST['email'], $_POST['p'])) {
But you do not have input in the form with name "p" -> $_POST['p']
so isset always return false
I suppose you wanted to type $_POST['password']
You just have to change the order of your db_connect and psl-config:
include_once 'psl-config.php';
include_once 'db_connect.php';
Related
I have created a simple php login form which connects to a database and checks the validity of username and password. If they are correct it allows access if not an error message is displayed. My problem is that when I go to my login page it is automatically giving me an error message saying"invalid user etc" before i have even attempted to login in. Any suggestions as to why this might be?
<?php
session_start();
include('conn.php');
$theUserID = $_POST['userID'];
$theUserPassword = $_POST['password'];
$query = "SELECT userID, firstName, password FROM user INNER JOIN password ON user.passwordID=password.passwordID WHERE userID='$theUserID' AND password='$theUserPassword'";
$result = mysqli_query($conn, $query) or die(mysqli_error($conn));
if(mysqli_num_rows($result)>0){
//let them in
$_SESSION['myuser40058058']=$theUserID;
Header("Location:index.php");
}
else{
$message = "Incorrect Username or Password";
echo "<script type='text/javascript'>alert('$message');</script>";
}
?>
<?php
session_start();
check if the form was posted and user and password are set
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['userID']) && isset($_POST['password'])){
THIS IS ABSOLUTE UNSECURE !!!
check Paths for include and test values of the form!!
include('conn.php');
$theUserID = $_POST['userID'];
$theUserPassword = $_POST['password'];
THIS IS UNSECURE !!!
use at least a $mysqli->real_escape_string($YOUR_VARIABLES) in the query
$query = "SELECT userID, firstName, password FROM user INNER JOIN password ON user.passwordID=password.passwordID WHERE userID='$theUserID' AND password='$theUserPassword'";
$result = mysqli_query($conn, $query) or die(mysqli_error($conn));
if(mysqli_num_rows($result)>0){
//let them in
$_SESSION['myuser40058058']=$theUserID;
Header("Location:index.php");
}else{
$message = "Incorrect Username or Password";
echo "<script type='text/javascript'>alert('$message');</script>";
}
}
?>
<? php
include_once("connection.php");
// email and password sent from form
$email = $_POST['email'];
$password = $_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$email = stripslashes($email);
$password = stripslashes($password);
$email = mysqli_real_escape_string($connection, $_POST['email']);
$password = mysqli_real_escape_string($connection, $_POST['password']);
$sql = "SELECT * FROM users WHERE email='$email' and password='$password'";
$result = mysqli_query($connection, $sql);
// Mysql_num_row is counting table row
$count = mysqli_num_rows($connection, $result);
// If result matched $username and $password, table row must be 1 row
if ($count == 1) {
session_start();
$_SESSION['loggedin'] = true;
$_SESSION['email'] = $email;
}
?>
<div id="openModal" class="modalDialog">
<div>
X
<form class="pop" method="post" action="login.php">
<p class="login">LOGIN</p>
<div class="form-group">
<div class="left-inner-addon "><i class="fa fa-envelope-o fa-fw"></i>
<input type="email" name="email" class="form-control" id="email" placeholder="Email" required>
</div>
</div>
<div class="form-group">
<div class="left-inner-addon"><i class="fa fa-key fa-fw"></i>
<input type="password" name="password" class="form-control" id="password" placeholder="Password" required>
</div>
</div>
<p>Forgot Password?</p>
<div class="form-group">
<button class="btn btn-default" role="button" name="login" id="login">LOGIN</button>
</div>
</form>
</div>
</div>
<? php
$host = 'localhost';
$user = 'root';
$password = '';
$db = 'members';
$connection = mysqli_connect($host, $user, $password, $db);
if ($connection) {
echo "Connected Successfully";
} else {
echo "Error connecting: . mysqli_connect_error()";
}
?>
I have index.php, connection.php and login.php files. I have already created register.php for sign up it's working fine. In login.php, it is connected successfully but throwing an error in Warning: mysqli_num_rows() expects exactly 1 parameter, 2 given
One more thing I want to figure out how do I know if the users is login in my website I means I want to find out if it is stored to the database or I don't know as I'm new to SQL and after login there should valid or invalid email and password but not showing. In my database, I have created table the list of id, username, email, password. Please help in proper way and simple, don't confuse me.
The mysqli_num_rows() function returns the number of rows in a result set.
It accepts only one parameter say $result which is Required. $result is a result set identifier returned by mysqli_query(), mysqli_store_result() or mysqli_use_result(). You are passing the $connection object along with the $result which causes the issue.
For saving sessions in Database, reffer these posts
Storing Sessions in a Database
or
Saving PHP's Session data to a database
config.php
< ?php
$mysql_hostname = "hostname";
$mysql_user = "username";
$mysql_password = "password";
$mysql_database = "database";
$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password)
or die("Opps some thing went wrong");
mysql_select_db($mysql_database, $bd) or die("Opps some thing went wrong");
?>
Login.php
include("config.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
$myemailid=addslashes($_POST['emailid']);
$mypassword=addslashes($_POST['password']);
$sql="SELECT id FROM admin WHERE username='$myemailid' and passcode='$mypassword'";
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
$active=$row['active'];
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
Session -> variables hold information about one single user, and are available to all pages in one application
if($count==1)
{
session_register("myusername");
$_SESSION['login_user']=$myusername;
header("location: welcome.php");
}
else
{
$error="Your Login Name or Password is invalid";
}
}
?>
Logout.php
< ?php
session_start();
if(session_destroy())
{
header("Location: login.php");
}
?>
Hey guys i am very new to this so i am sorry if there is just something completely stupid i am missing here. I have the following Sign Up Form. And in the URL http://www.rockaholics-cologne.de/root/signup.php?e=cataras#gmx.de i am trying to submit the value e. However, in all cases e is simply empty or undefined:
<?php
// Ajax calls this REGISTRATION code to execute
if(isset($_POST["u"])){
// CONNECT TO THE DATABASE
include_once("php_includes/db_conx.php");
// GATHER THE POSTED DATA INTO LOCAL VARIABLES
$u = preg_replace('#[^a-z0-9]#i', '', $_POST['u']);
$p = $_POST['p'];
$e = $_GET['e'];
echo "test";
echo "$e";
// GET USER IP ADDRESS
$ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
// DUPLICATE DATA CHECKS FOR USERNAME AND EMAIL
$sql = "SELECT id FROM team WHERE username='$u' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$u_check = mysqli_num_rows($query);
// FORM DATA ERROR HANDLING
if($u == "" || $p == ""){
echo "The form submission is missing values.";
exit();
} else if ($u_check > 0){
echo "The username you entered is alreay taken";
exit();
} else if (strlen($u) < 3 || strlen($u) > 16) {
echo "Username must be between 3 and 16 characters";
exit();
} else if (is_numeric($u[0])) {
echo 'Username cannot begin with a number';
exit();
} else {
// END FORM DATA ERROR HANDLING
// Begin Insertion of data into the database
// Hash the password and apply your own mysterious unique salt
$cryptpass = crypt($p);
include_once ("php_includes/randStrGen.php");
$p_hash = randStrGen(20)."$cryptpass".randStrGen(20);
// Add user info into the database table for the main site table
$sql = "UPDATE team
SET username='$u',password='$p_hash',ip='$ip',signup=now(),lastlogin=now(),notecheck=now()
WHERE email='$e'";
$query = mysqli_query($db_conx, $sql);
$uid = mysqli_insert_id($db_conx);
// Create directory(folder) to hold each user's files(pics, MP3s, etc.)
if (!file_exists("user/$u")) {
mkdir("user/$u", 0755);
}
// Email the user their activation link
$to = "$e";
$from = "auto_responder#yoursitename.com";
$subject = 'Account Activation';
$message = '<!DOCTYPE html><html><head><meta charset="UTF-8">
<title>yoursitename Message</title></head>
<body style="margin:0px; font-family:Tahoma, Geneva, sans-serif;">
<div style="padding:10px; background:#333; font-size:24px; color:#CCC;">
<img src="http://www.rockaholics-cologne.de/root/images/logo.png" width="36" height="30" alt="yoursitename" style="border:none; float:left;">Account Activation</div>
<div style="padding:24px; font-size:17px;">Hello '.$u.',<br /><br />Click the link below to activate your account when ready:<br /><br />Click here to activate your account now<br /><br />Login after successful activation using your:<br />* Username: <b>'.$u.'</b></div></body></html>';
$headers = "From: $from\n";
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\n";
mail($to, $subject, $message, $headers);
echo "signup_success";
exit();
}
exit();
}
?>
I do get new entries into the database when i fill out the form. But it does neither send me an email or UPDATE the database at the specified email. It simply updates all the entries with a blank email. The echo "$e" within the script also return nothing.
I used this code to check:
<?php
echo "<pre>";
print_r($_GET);
echo "</pre>";
$e = $_GET['e'];
echo "$e";
?>
And in this case it does return an array with [e]=cataras#gmx.de and it also prints out $e. But why doesnt it work in the other skript? I'm using the exact same methods to get e from the URL.
When i run my Javascript function:
function signup(){
var u = _("username").value;
var p1 = _("pass1").value;
var p2 = _("pass2").value;
var status = _("status");
if(u == "" || p1 == "" || p2 == ""){
status.innerHTML = "Fill out all of the form data";
} else if(p1 != p2){
status.innerHTML = "Your password fields do not match";
} else {
_("signupbtn").style.display = "none";
status.innerHTML = 'please wait ...';
var ajax = ajaxObj("POST", "signup.php");
ajax.onreadystatechange = function() {
if(ajaxReturn(ajax) == true) {
if(ajax.responseText.replace(/^\s+|\s+$/g, "") == "signup_success"){
status.innerHTML = ajax.responseText;
_("signupbtn").style.display = "block";
} else {
window.scrollTo(0,0);
_("signupform").innerHTML = "OK "+u+", check your email inbox and junk mail box at <u>"+e+"</u> in a moment to complete the sign up process by activating your account. You will not be able to do anything on the site until you successfully activate your account.";
}
}
}
ajax.send("u="+u+"&p="+p1);
}
}
I get Uncaught ReferenceError: e is not defined. And the site stops at "please wait...". I just took out the +e+ in the js to get to the php above. Sorry for the long post but i am really running out of ideas. THANKS in advance!!!
I think $_GET['e'] is not working in your original script because it's not getting passed to that processing script from your form page. I accessed the URL you provided (http://www.rockaholics-cologne.de/root/signup.php?e=cataras#gmx.de). Note that when you submit your form, the value of "e" in your URL is not being passed to whatever is processing your script. In your form, you need to either do this:
<form action="{yourscripturl}?e=<?php echo $_GET['e']?>" {rest of form tag}>
Or, add a hidden to hold the value of "e", and then use $_POST['e'] on your processing script instead of $_GET['e'].
<input type="hidden" name="e" value="<?php echo $_GET['e']?>" />
I'm making a form at which if user wants to change their password, i made a code that could change password from database but I want to implement some function before changing password, current password would be asked so that they can change their password, But how to do it?
code to update database:
strong text
$result = mysqli_query($con,"SELECT * FROM admin");
if ($row = mysqli_fetch_array($result)) {
$id=$row['id'];
mysqli_query($con,"update admin set password=SHA1( CONCAT('Rajendra')) WHERE id='$id'");
}
echo "<h2>Your password is successfully changed..</h2>";
mysqli_close($con);
?>
here is a code for form:
<?php
include('lock.php');
?>
<form method="post" action="db_change_password.php">
<label><strong>Current password: </strong></label>
<input type="password" name="current_password" value="password"><br><br>
<label><strong>New password: </strong></label>
<input type="password" name="password" value="password"><br><br>
<label><strong>Confirm password: </strong></label>
<input type="password" name="confirm_password" value="password"><br><br>
<input type="submit" value="Submit">
<label><p><strong><br>NOTE: </strong>After changing password, you have to put your new password during login time.</p></label>
</form>
EDITING
login script:
<?php
include("config.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
$myemail=mysql_real_escape_string($_POST['email']);
$mypassword=mysql_real_escape_string($_POST['password']);
$sql="SELECT * FROM admin WHERE email='$myemail' AND password='".sha1($mypassword)."'";
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
$active=$row['active'];
$count=mysql_num_rows($result);
// If result matched $myemail and $mypassword, table row must be 1 row
if($count==1)
{
$_SESSION["myemail"];
$_SESSION['login_user']=$myemail;
header("location: home.php");
}
else
{
header("location: invalid_login_form.php");
}
}
?>
I would however make a session with the user_id
$result = mysqli_query($con,"SELECT * FROM admin WHERE email = '".$_SESSION['email']."'");
if ($row = mysqli_fetch_array($result)) {
if(sha1($_POST['current_password']) == $row['password'])
{
$id=$row['id'];
mysqli_query($con,"update admin set password=SHA1( CONCAT('Rajendra')) WHERE id='$id'");
} else {
echo "incorrect password";
}
}
Just before updating the password, you can add a check to test the current password.
I am new to development with HTML, PHP, CSS etc.
I need to do this small Registration and Login Form. I haven't gone into detail in Object-Oriented PHP and I'm working in the simplest manner as this task needs to be done in a short time and I've only been coding and experimenting with these languages these past two days.
What I already have is a working Registration and Login forms that when they are submitted the information is posted to another php file. Than it verifies that the data has been entered and that the e-mail isn't already used. What i need is that when either the e-mail is already used and when a field is left empty that it automatically goes back to Registration/Login forms and displays a message with their respective errors.
I know this might have been done in a different way but the deadline is really close and so i need a solution that works with what I already have.
I'm sorry if a similar question is already available, but i might be using incorrect keywords to search for the solution.
Keywords currently that I'm using are Redirection, "Going back to previous page".
If JavaScript is more suitable for this kind of operation it is also excepted and would like this to be pointed out, although a php solution would be appreciated a bit more as i currently obtain more knowledge on PHP than on JavaScript.
Thanks, any help or directions to suitable solutions would be mostly appreciated.
You can use
A) PHP header() function
B) echo a META HTTP - EQUIV=" refresh "
CONTENT=" seconds; URL = \the-other-url">
C) Use JS like this but you
will need to set a timeout
Example:
if (empty ($_POST ['username']) || empty ($_POST ['password']))
{
echo "Please enter a username, or password";
header ("refresh:5; url=back.php");
exit;
}
There are many different ways to do this. If when the form is submitted your executing the code on a different php file then you could have an IF statement there which redirects the headers back to the form page if there are errors with the users input such as:
if($username == "")
{
header("Location: YOUR_FORM_PAGE.php");
}
Hope this helps.
To add the execution to the same page you can do this.
add these buttons;
<input type="hidden" id="submitted" name="submitted" value="1">
<span class="label"></span><input type="submit" class="submit" value="Submit"><input type="reset" class="submit" value="Clear">
set the form action to the form page. Add this to the top of the page and add any PHP you want to it;
if(isset($_POST["submitted"]) && $_POST["submitted"] == 1)
{
for example;
if($from_fullname == "")
{
$submission_status = '<div class="vpb_info" align="left">Please enter your fullname in the required field to proceed. Thanks.</div>';
}
and add this to the page where you want the error displayed;
<p> <?php echo $submission_status; ?></p>
Sounds like http-redirect (http://php.net/manual/en/function.http-redirect.php) should help you out. You can redirect on your error conditions with that.
Update
With redirect you can attatch QueryString Parameters so you could redirect back to the login.php page with an errror code and/or message as a query string perameter.
These will get you started, a registration or signup php file and a login php file I made once
(personal info is faked).
SignUp.php
<?php
session_start();
$name = $_REQUEST['name'] ;
$userpassword = hash('sha512',$_REQUEST['password'] );
$signature = $_REQUEST['signature'] ;
$image = $_REQUEST['image'];
$email = $_REQUEST['email'] ;
$emailreplies = $_REQUEST['emailreplies'] ;
if (!isset($_REQUEST['name'])) {
header( "Location: MotesBlog.php" );
}else{
$username="root";
$password="root";
$database="MotesBlog";
mysql_connect("localhost",$username,$password);
#mysql_select_db($database) or die( "Unable to select database");
$query=sprintf("SELECT Name FROM users WHERE Name LIKE '%s';",
mysql_real_escape_string($name));
$query=mysql_query($query);
if(mysql_num_rows($query)){
$query = sprintf("SELECT Email FROM users WHERE Name='%s';",
mysql_real_escape_string($name));
$query=mysql_query($query);
$_SESSION['NameTaken'] = true;
$_SESSION['UsedName'] = $name;
$_SESSION['UsedEmail'] = mysql_result($query,0);
header("Location: SignUp.html");
}else{
$query=sprintf("SELECT Email FROM users WHERE Email LIKE '%s';",
mysql_real_escape_string($email));
$query=mysql_query($query);
if(mysql_num_rows($query)){
$_SESSION['EmailTaken'] = true;
$_SESSION['UsedEmail'] = $email;
header("Location: SignUp.html");
}else{
$query = sprintf(" INSERT INTO users VALUES (
NULL , '%s', '%s' , '%s', '%s', '%s', CURRENT_TIMESTAMP , 0, $emailreplies);",
mysql_real_escape_string($name),
$userpassword,
mysql_real_escape_string($signature),
mysql_real_escape_string($image),
mysql_real_escape_string($email));
mysql_query($query);
$query = sprintf("SELECT JoinDate FROM users WHERE Name='%s';",
mysql_real_escape_string($name));
$vcode=md5(mysql_result(mysql_query($query),0));
mysql_close();
require_once "Mail.php";
$from = "PocketWoods Hunting Hall<pwoods#email.com>";
$to = $email;
$subject = "Welcome to Motes Blog";
$body = "<html>
<body>Thank you for your time. <br/>
To ensure a human made this account and not an
automated process please click the link below:<br>
<a href=\"http://site.com/MotesBlog/verifyaccount.php?vcode=".$vcode."&name=".$name."\">
Activate Account
</a>
</body>
</html>";
$host = "mail.root.com";
$username = "root#root.com";
$password = "root";
$headers = array ( 'From' => $from,
'To' => $to,
'Subject' => $subject,
'MIME-Version' => "1.0",
'Content-type' => "text/html; charset=iso-8859-1");
$smtp = Mail::factory('smtp',
array ( 'host' => $host,
'auth' => false,
'username' => $username,
'password' => $password));
$mail = $smtp->send($to, $headers, $body);
header("Location: success.html");
}
}
}
?>
Login.php
<?php
session_start();
$username="root";
$password="root";
$database="MotesBlog";
mysql_connect("localhost",$username,$password);
#mysql_select_db($database) or die( "Unable to select database");
$user_name = $_REQUEST['name'];
$user_password = $_REQUEST['password'];
if (!isset($_REQUEST['name'])) {
header( "Location: MotesBlog.php" );
}else{
if(isset($_SESSION['User'])){
if( ($_SESSION['CreatedTime'] + 3600) < time() ){
$_SESSION['Expired'] = true;
}
unset($_SESSION['User']);
}
$query = sprintf("SELECT Password FROM users WHERE Name='%s';",
mysql_real_escape_string($user_name));
$query=mysql_query($query);
if(mysql_num_rows($query)){
$real_password=mysql_result($query,0);
$query = sprintf("SELECT Email FROM users WHERE Name='%s';",
mysql_real_escape_string($user_name));
$query=mysql_query($query);
$email = mysql_result($query,0);
if($real_password == hash('sha512',$user_password)){
$query = sprintf("SELECT Validated FROM users WHERE Name='%s';",
mysql_real_escape_string($user_name));
$query=mysql_query($query);
mysql_close();
if(mysql_result($query,0)){
$_SESSION['User'] = $user_name;
$_SESSION['CreatedTime'] = time();
setcookie("User", $_REQUEST['name'], time() + 60*60*24*365);
header( "Location: MotesBlog.php" );
}else{
$_SESSION['resend_name'] = $user_name;
$_SESSION['resend_email'] = $email;
$_SESSION['NotValidated'] = true;
header( "Location: MotesBlog.php" );
}
}else{
$_SESSION['WrongPW'] = true;
$_SESSION['UsedEmail'] = $email;
header( "Location: MotesBlog.php" );
}
}else{
$_SESSION['WrongName'] = true;
header( "Location: MotesBlog.php" );
}
}
?>