password login - validation

A

Anonymous

Guest
i have made a password login for my website, as tehre is only a few users to the site tat that log in, it uses a mysql backend and a switch function for different user areas, i am having a problem with the validation, at the moment anybody can log in:

Code: 
<html>
<head>
</head>
<body>
<center><iframe frameborder=0 src="http://to-j.com/ad2.htm" width="120" 
height="60" target="_blank" scrolling="no"> </iframe></center>
</body>
</html>


<?
//first we check to see if a session is open!!!
//the if statement is exectued if there is NO session present
if(!session_id())
{
//starting a session
session_start();
//registering the variale "user" to the session
session_register("user");

}
?>

<html>
<head>
</head>
<body bgcolor="#000000">
<center><iframe frameborder=0 src="http://to-j.com/ad2.htm" width="120" 
height="60" target="_blank" scrolling="no"> </iframe></center>

<table border="1" bordercolordark="#FFFFFF" bordercolorlight="#FFFFFF" bordercolor="#FFFFFF">
<tr><td><p><img src="..\images\logo.png" width="400" height="100"></p>
      <a href="..\index.php"><img src="..\images\news-button.png" width="185" height="49" border="0"></a><a href="..\reviews.php"><img src="..\images\reviews-button.png" width="182" height="49" border="0"></a><a href="..\feat.php"><img src="..\images\featured-button.png" width="180" height="49" border="0"></a><a href="..\profiles.php"><img src="..\images\profiles-button.png" width="180" height="49" border="0"></a><a href="..\http://punk-style.to-j.com/forum/phpBB2/"><img src="..\images\forums-button.png" width="180" height="49" border="0"></a><a href="..\links.php"><img src="..\images\Links-button.png" width="184" height="49" border="0"></a></p> 
      <p>&</p>
      <?php 

//connectiong to the database or if an error occers giving the reasons why..
$c=mysql_connect("localhost","","")  or die ("<font color=\"#FF00FF\">sorry unable to connect to database".mysql_error()."</font>");

//selecting the database:
$db=mysql_select_db("punk_style_to_j_com");

//setting the query: selecting all rows from users, where the user and pasword are the same as what the user entered
$query="SELECT * FROM `users` WHERE user='$_POST[user]' AND pw='$_POST[pw]'";

//running the query
$result=mysql_query($query) or die ("<font color=\"#FF00FF\">sorry unable to connect to database".mysql_error()."</font>"); 

//setting the variable login_check to the amount of rows that were affect during the last SQL statment, in case
//this variable should be one for the user to be able to log in
$login_check = mysql_num_rows($result);

//setting the results into an array for access later
$row=mysql_fetch_array($result);


//an IF statment that checks if loging_check is not greater or lower than 1
if(login_check == "1")
{
//switch statement, depending on what suer is logged in depends on what the page will do
	switch($_POST[user])
	{
		case paul: 
		session_start();
		session_register("$user");
		$session=session_id();
		
		echo("<font color=\"#FF00FF\">");
		echo("$_POST[user] you are now logged in");
		echo("<BR>");
		echo("Please choose a Reviews option:");
		echo("<BR>");
		echo("<a href='../members/band-add.php?".$session."'>Add New Band Review</a>");
		echo("<BR>");
		echo("<a href='../members/gig-add.php?".$session."'>Add New Gig Review</a>");
		echo("<br>");
		echo("<a href='../members/pauls-blag-add.php?".$session."'Add New Paul\'s Blag Section</a>");
		echo("<br>");
		echo("<a href='../profiles/edit-form.php?user=paul&&".$session."'>Change and View Profile</a>");
		echo("</font>");
		break;
		
		case punkboii:
		session_start();
		session_register("$user");
		$session=session_id();
		
		echo("<font color=\"#FF00FF\">");
		echo("$_POST[user] you are now logged in");
		echo("<BR>");
		echo("Please choose a Reviews option:");
		echo("<BR>");
		echo("<a href='../members/band-add.php?".$session."'>Add New Band Review</a>");
		echo("<BR>");
		echo("<a href='../members/gig-add.php?".$session."'>Add New Gig Review</a>");
		echo("<br>");
		echo("<a href='../members/admin/news.php?".$session."'>New news posting</a>");
		echo("<br>");
		echo("<a href='../profiles/edit-form.php?change=yes&&user=stu&&".$session."'>Change and View Profile</a>");
		echo("</font>");
		break;
		
		default:
		session_start();
		session_register("$user");
		$session=session_id();
		
		echo("<font color=\"#FF00FF\">");
		echo("$_POST[user] you are now logged in");
		echo("<BR>");
		echo("Please choose a Reviews option:");
		echo("<BR>");
		echo("<a href='../members/band-add.php?".$session."'>Add New Band Review</a>");
		echo("<BR>");
		echo("<a href='../members/gig-add.php?".$session."'>Add New Gig Review</a>");
		
		echo("</font>");
		break;
		}
}
//if the login_check variable does not =1 the user can not log in
else
{
echo("<font color=\"#FFFFFF\">Sorry that user name and/or password are invalid!!</font>");
}
?>	  <p> 
        
    </td></tr> 
</table>
</p>
All material is & Punk-Style 2003, All images are of Break the boarder are © Break The Boarder 2003. All images that are not of Break The Boarder are © there respective owners. All Band names are & there respective owners</p>
<a href="../login/logout.php">logout</a>
</body>
</html>

any help appreciated!!
 
i have made a password login for my website, as there is only a few users at the site that can log in, it uses a mysql backend and a switch function for different user areas, i am having a problem with the validation, at the moment anybody help:

Code: 
<html>
<head>
</head>
<body>
<center><iframe frameborder=0 src="http://to-j.com/ad2.htm" width="120" 
height="60" target="_blank" scrolling="no"> </iframe></center>
</body>
</html>


<?
//first we check to see if a session is open!!!
//the if statement is exectued if there is NO session present
if(!session_id())
{
//starting a session
session_start();
//registering the variale "user" to the session
session_register("user");

}
?>

<html>
<head>
</head>
<body bgcolor="#000000">
<center><iframe frameborder=0 src="http://to-j.com/ad2.htm" width="120" 
height="60" target="_blank" scrolling="no"> </iframe></center>

<table border="1" bordercolordark="#FFFFFF" bordercolorlight="#FFFFFF" bordercolor="#FFFFFF">
<tr><td><p><img src="..\images\logo.png" width="400" height="100"></p>
      <a href="..\index.php"><img src="..\images\news-button.png" width="185" height="49" border="0"></a><a href="..\reviews.php"><img src="..\images\reviews-button.png" width="182" height="49" border="0"></a><a href="..\feat.php"><img src="..\images\featured-button.png" width="180" height="49" border="0"></a><a href="..\profiles.php"><img src="..\images\profiles-button.png" width="180" height="49" border="0"></a><a href="..\http://punk-style.to-j.com/forum/phpBB2/"><img src="..\images\forums-button.png" width="180" height="49" border="0"></a><a href="..\links.php"><img src="..\images\Links-button.png" width="184" height="49" border="0"></a></p> 
      <p>&</p>
      <?php 

//connectiong to the database or if an error occers giving the reasons why..
$c=mysql_connect("localhost","","")  or die ("<font color=\"#FF00FF\">sorry unable to connect to database".mysql_error()."</font>");

//selecting the database:
$db=mysql_select_db("punk_style_to_j_com");

//setting the query: selecting all rows from users, where the user and pasword are the same as what the user entered
$query="SELECT * FROM `users` WHERE user='$_POST[user]' AND pw='$_POST[pw]'";

//running the query
$result=mysql_query($query) or die ("<font color=\"#FF00FF\">sorry unable to connect to database".mysql_error()."</font>"); 

//setting the variable login_check to the amount of rows that were affect during the last SQL statment, in case
//this variable should be one for the user to be able to log in
$login_check = mysql_num_rows($result);

//setting the results into an array for access later
$row=mysql_fetch_array($result);


//an IF statment that checks if loging_check is not greater or lower than 1
if(login_check == "1")
{
//switch statement, depending on what suer is logged in depends on what the page will do
	switch($_POST[user])
	{
		case paul: 
		session_start();
		session_register("$user");
		$session=session_id();
		
		echo("<font color=\"#FF00FF\">");
		echo("$_POST[user] you are now logged in");
		echo("<BR>");
		echo("Please choose a Reviews option:");
		echo("<BR>");
		echo("<a href='../members/band-add.php?".$session."'>Add New Band Review</a>");
		echo("<BR>");
		echo("<a href='../members/gig-add.php?".$session."'>Add New Gig Review</a>");
		echo("<br>");
		echo("<a href='../members/pauls-blag-add.php?".$session."'Add New Paul\'s Blag Section</a>");
		echo("<br>");
		echo("<a href='../profiles/edit-form.php?user=paul&&".$session."'>Change and View Profile</a>");
		echo("</font>");
		break;
		
		case punkboii:
		session_start();
		session_register("$user");
		$session=session_id();
		
		echo("<font color=\"#FF00FF\">");
		echo("$_POST[user] you are now logged in");
		echo("<BR>");
		echo("Please choose a Reviews option:");
		echo("<BR>");
		echo("<a href='../members/band-add.php?".$session."'>Add New Band Review</a>");
		echo("<BR>");
		echo("<a href='../members/gig-add.php?".$session."'>Add New Gig Review</a>");
		echo("<br>");
		echo("<a href='../members/admin/news.php?".$session."'>New news posting</a>");
		echo("<br>");
		echo("<a href='../profiles/edit-form.php?change=yes&&user=stu&&".$session."'>Change and View Profile</a>");
		echo("</font>");
		break;
		
		default:
		session_start();
		session_register("$user");
		$session=session_id();
		
		echo("<font color=\"#FF00FF\">");
		echo("$_POST[user] you are now logged in");
		echo("<BR>");
		echo("Please choose a Reviews option:");
		echo("<BR>");
		echo("<a href='../members/band-add.php?".$session."'>Add New Band Review</a>");
		echo("<BR>");
		echo("<a href='../members/gig-add.php?".$session."'>Add New Gig Review</a>");
		
		echo("</font>");
		break;
		}
}
//if the login_check variable does not =1 the user can not log in
else
{
echo("<font color=\"#FFFFFF\">Sorry that user name and/or password are invalid!!</font>");
}
?>	  <p> 
        
    </td></tr> 
</table>
</p>
All material is & Punk-Style 2003, All images are of Break the boarder are © Break The Boarder 2003. All images that are not of Break The Boarder are © there respective owners. All Band names are & there respective owners</p>
<a href="../login/logout.php">logout</a>
</body>
</html>

any help appreciated!![/quote]
 
You must log in or register to reply here.
Back
Top