08.09.2012, 09:12
Hello I got problem with my login.php file.When I input my password and Username and press login it`s show me this
And this is the code
Please help me..thanks 
And this is the code
PHP код:
<?php
session_start(); //Starts our session variables, more explained below.
//Firstly we need to check if the information is posted
if((!isset($_POST["user"]) || !isset($_POST["password"])) && !isset($_SESSION["username"])) //Session variable will be explained below
{
echo "There was no values for username or password posted!"; //Echoes that there is no username or password posted.
}
else
{
include("variables.php"); //This includes our variables, same type of style as PAWN
$connection = mysql_connect($dbservername, $dbusername, $dbpassword);
/*
We connect to the database here with the variables in our variables.php.
mysql_connect(HOST, USERNAME, PASSWORD)
*/
mysql_select_db($dbname, $connection);
/*
We have a separate function to connect to our database (a bit silly tbh).
mysql_select_db(DATABASE NAME, CONNECTION IDENTIFIER)
*/
//Below we are making sure the people submitting the information are not trying to MySQL inject or find a XSS vulnerability. We are going to strip it of html elements using mysql_escape_string.
if(!isset($_SESSION["username"]))
{
$username = mysql_escape_string($_POST["user"]); //This gets the user variable.
$password = mysql_escape_string($_POST["password"]); //This gets the password variable.
}
else $username = mysql_escape_string($_SESSION["username"]); //Sets the username to the saved session variable!
/*
Below we check if the user exists with the password that the user entered.
This is where you will have to change the variables if you are not using my
mysql tutorial as a guideline.
*/
if(!isset($_SESSION["username"])) $result = mysql_query("SELECT * FROM `playerdata` WHERE user='$username' AND password=SHA1('$password')");
/*Queries the database to see if there is a user and password the same as what we have entered.
Passwords are encoded with SHA1 so they have to be converted to that before we compare (My MySQL tutorial).
Explained further in further explanation */
else $result = mysql_query("SELECT * FROM `playerdata` WHERE user='$username'");
/*
If you are wondering why I've checked if the session variables
are set, read the further explanation at the bottom.
*/
if(!mysql_num_rows($result))
/*
Checks if it has returned anything with the password and username that we
have entered. If there is nothing, it will return 0. If there is a user the same
with the same password, it will return 1. mysql_num_rows requires the resource
result from mysql_query, this is one of the differences to PAWN.
*/
{
//No matches
echo "The password or username you have entered is incorrect.";
}
else
{
//We found a match! Now we are going to get the information
$row = mysql_fetch_assoc($result);
/*
The code above is just making it so we can retrieve the values such
as the players score and money so that we can print it to show the
user what their stats are. mysql_fetch_assoc pretty much allows us to
fetch the arrays by name rather than by the order that they are in.
$row['score'] instead of lets say $row[2]. This pretty much goes through
*/
$score = $row["score"]; //Sets the variables to the value of score
$money = $row["money"]; //Sets the variables to the value of score
$currentip = $row["IP"]; //Sets the variables to the value of IP
$_SESSION["username"] = $username;
/*
The code above is so that we don't have to log in every page.
Session variables are pretty much server sided variables for a
certain person. It's so we do not have to log in on every page
of the website that we visit.
*/
echo "Welcome $username to the user control panel! <br />"; //Will print "Welcome [HiC]TheKiller to the user control panel!" then it will go onto a new line.
echo "Score: $score <br />"; //Will print my score
echo "Money: $money <br />"; //Will print my cash
echo "Current IP address on your account: $currentip <br />"; //Will print my current IP. You can take this out if you want.
echo "<a href='changepass.html'>Change your password</a><br />"; //Links to the change password page.
echo "<a href='setip.php'>Set your auto login IP</a><br />"; //Links to the auto login IP page
echo "<a href='stats.html'>View another players statistics</a><br />"; //Links to the stats page.
echo "<a href='logout.php'>Logout</a><br />"; //Links to the logout page
mysql_close($connection); //Closes the MySQL connection.
}
}
?>
