jonasvermeulen
%Europe/Berlin %713 %2009, 18:07
hoi,
er is een probleempje met de codering vn d wachtwoorden en d login
het regiser scriptje
<?php
//get vars from flash
$username = $_POST['username'];
$password1 = $_POST['password1'];
$password2 = $_POST['password2'];
$email = $_POST['email'];
$captcha = $_POST['captcha'];
$submitted = $_POST['submitted'];
// include shared code
include '../lib/common.php';
include '../lib/db.php';
include '../lib/functions.php';
include '../lib/User.php';
// start or continue session so we can access captcha text stored in $_SESSION
session_start();
// prepare the registration form
ob_start();
?>
<form method="post"
action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>">
<table>
<tr>
<td><label for="username">Username</label></td>
<td><input type="text" name="username" id="username"
value="<?php if (isset($_POST['username'])) echo htmlspecialchars(
$_POST['username']); ?>"/></td>
</tr><tr>
<td><label for="password1">Password</label></td>
<td><input type="passowrd" name="password1" id="password1"
value="<?php if (isset($_POST['password1'])) echo htmlspecialchars(
$_POST['password1']); ?>"/></td>
</tr><tr>
<td><label for="password2">Password Again</label></td>
<td><input type="password" name="password2" id="password2"
value="<?php if (isset($_POST['password2'])) echo htmlspecialchars(
$_POST['password2']); ?>"/></td>
</tr><tr>
<td><label for="email">Email Address</label></td>
<td><input type="text" name="email" id="email"
value="<?php if (isset($_POST['email'])) echo htmlspecialchars(
$_POST['email']); ?>"/></td>
</tr><tr>
<td><label for="captcha">Verify</label></td>
<td>Enter text seen in this image<br/ >
<img src="img/captcha.php?nocache=<?php echo time(); ?>" alt=""/><br />
<input type="text" name="captcha" id="captcha"/></td>
</tr><tr>
<td> </td>
<td><input type="submit" value="Sign Up"/></td>
<td><input type="hidden" name="submitted" value="1"/></td>
</tr><tr>
</table>
</form>
<?php
$form = ob_get_contents();
ob_end_clean();
// show the form if this is the first time the page is viewed
if (!isset($_POST['submitted']))
{
$GLOBALS['TEMPLATE']['content'] = $form;
}
// otherwise process incoming data
else
{
// validate password
$password1 = (isset($_POST['password1'])) ? $_POST['password1'] : '';
$password2 = (isset($_POST['password2'])) ? $_POST['password2'] : '';
$password = ($password1 && $password1 == $password2) ?
sha1($password1) : '';
// validate captcha
$captcha = (isset($_POST['captcha']) &&
strtoupper($_POST['captcha']) == $_SESSION['captcha']);
// add the record if all input validates
if (User::validateUsername($_POST['username']) && password &&
User::validateEmailAddr($_POST['email']) && $captcha)
{
// make sure the user doesn't already exist or if the email is not already in use
$user = User::getByUsername($_POST['username']);
if ($user->userId)
{
echo 'status= Sorry, that ' .
'account already exists. Please try a ' .
'different username.';
}
else
{
// create an inactive user record
$user = new User();
$user->username = $_POST['username'];
$user->password = $password;
$user->emailAddr = $_POST['email'];
$token = $user->setPending();
$message = 'Thank you for signing up for an account! Before you '.
' can login you need to verify your account. You can do so '.
'by visiting http://yourgamerpage.byethost10.com/verify.php?uid=' .
$user-> userId . ' & token=' . $token . '.';
if (@mail($user-> emailAddr, 'Activate your new account', $message))
{
echo 'status= Thank you for ' .
'registering. You will be receiving an ' .
'email shortly with instructions on activating your ' .
'account. ';
}
else
{
echo 'status= There was an ' .
'error sending you the activation link. ' .
' Please contact the site administrator at < a href=”' .
'mailto:admin@yougamerpage.com” > admin@yourgamerpage.com < /a > for ' .
'assistance. ';
}
}
}
// there was invalid data
else
{
echo 'status= You provided some ' .
'invalid data. Please fill in all fields ' .
'correctly so we can register your user account.';
}
}
?>
en het login scriptje
<?
$user=$_POST['user'];
$pass=$_POST['pass'];
//connect to database
if ($user && $pass){
mysql_pconnect("sql205.byethost10.com","xxxxxxx","xxxxxxx") or die ("geen connectie naar mysql");
mysql_select_db("xxxxxxx_yourgamerpage") or die ("geen database gevonden");
//make query
$query = "SELECT * FROM users WHERE username = '$user' AND password = 'sha1($pass)'";
$result = mysql_query( $query ) or die ("didn't query");
//see if there's an EXACT match
$num = mysql_num_rows( $result );
if ($num == 1){
echo "status=Welcome!";
} else {
echo "status=no matching username and password found in database";
}
}
?>
wie vindt de fout?
alvast bedankt
Jonas
er is een probleempje met de codering vn d wachtwoorden en d login
het regiser scriptje
<?php
//get vars from flash
$username = $_POST['username'];
$password1 = $_POST['password1'];
$password2 = $_POST['password2'];
$email = $_POST['email'];
$captcha = $_POST['captcha'];
$submitted = $_POST['submitted'];
// include shared code
include '../lib/common.php';
include '../lib/db.php';
include '../lib/functions.php';
include '../lib/User.php';
// start or continue session so we can access captcha text stored in $_SESSION
session_start();
// prepare the registration form
ob_start();
?>
<form method="post"
action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>">
<table>
<tr>
<td><label for="username">Username</label></td>
<td><input type="text" name="username" id="username"
value="<?php if (isset($_POST['username'])) echo htmlspecialchars(
$_POST['username']); ?>"/></td>
</tr><tr>
<td><label for="password1">Password</label></td>
<td><input type="passowrd" name="password1" id="password1"
value="<?php if (isset($_POST['password1'])) echo htmlspecialchars(
$_POST['password1']); ?>"/></td>
</tr><tr>
<td><label for="password2">Password Again</label></td>
<td><input type="password" name="password2" id="password2"
value="<?php if (isset($_POST['password2'])) echo htmlspecialchars(
$_POST['password2']); ?>"/></td>
</tr><tr>
<td><label for="email">Email Address</label></td>
<td><input type="text" name="email" id="email"
value="<?php if (isset($_POST['email'])) echo htmlspecialchars(
$_POST['email']); ?>"/></td>
</tr><tr>
<td><label for="captcha">Verify</label></td>
<td>Enter text seen in this image<br/ >
<img src="img/captcha.php?nocache=<?php echo time(); ?>" alt=""/><br />
<input type="text" name="captcha" id="captcha"/></td>
</tr><tr>
<td> </td>
<td><input type="submit" value="Sign Up"/></td>
<td><input type="hidden" name="submitted" value="1"/></td>
</tr><tr>
</table>
</form>
<?php
$form = ob_get_contents();
ob_end_clean();
// show the form if this is the first time the page is viewed
if (!isset($_POST['submitted']))
{
$GLOBALS['TEMPLATE']['content'] = $form;
}
// otherwise process incoming data
else
{
// validate password
$password1 = (isset($_POST['password1'])) ? $_POST['password1'] : '';
$password2 = (isset($_POST['password2'])) ? $_POST['password2'] : '';
$password = ($password1 && $password1 == $password2) ?
sha1($password1) : '';
// validate captcha
$captcha = (isset($_POST['captcha']) &&
strtoupper($_POST['captcha']) == $_SESSION['captcha']);
// add the record if all input validates
if (User::validateUsername($_POST['username']) && password &&
User::validateEmailAddr($_POST['email']) && $captcha)
{
// make sure the user doesn't already exist or if the email is not already in use
$user = User::getByUsername($_POST['username']);
if ($user->userId)
{
echo 'status= Sorry, that ' .
'account already exists. Please try a ' .
'different username.';
}
else
{
// create an inactive user record
$user = new User();
$user->username = $_POST['username'];
$user->password = $password;
$user->emailAddr = $_POST['email'];
$token = $user->setPending();
$message = 'Thank you for signing up for an account! Before you '.
' can login you need to verify your account. You can do so '.
'by visiting http://yourgamerpage.byethost10.com/verify.php?uid=' .
$user-> userId . ' & token=' . $token . '.';
if (@mail($user-> emailAddr, 'Activate your new account', $message))
{
echo 'status= Thank you for ' .
'registering. You will be receiving an ' .
'email shortly with instructions on activating your ' .
'account. ';
}
else
{
echo 'status= There was an ' .
'error sending you the activation link. ' .
' Please contact the site administrator at < a href=”' .
'mailto:admin@yougamerpage.com” > admin@yourgamerpage.com < /a > for ' .
'assistance. ';
}
}
}
// there was invalid data
else
{
echo 'status= You provided some ' .
'invalid data. Please fill in all fields ' .
'correctly so we can register your user account.';
}
}
?>
en het login scriptje
<?
$user=$_POST['user'];
$pass=$_POST['pass'];
//connect to database
if ($user && $pass){
mysql_pconnect("sql205.byethost10.com","xxxxxxx","xxxxxxx") or die ("geen connectie naar mysql");
mysql_select_db("xxxxxxx_yourgamerpage") or die ("geen database gevonden");
//make query
$query = "SELECT * FROM users WHERE username = '$user' AND password = 'sha1($pass)'";
$result = mysql_query( $query ) or die ("didn't query");
//see if there's an EXACT match
$num = mysql_num_rows( $result );
if ($num == 1){
echo "status=Welcome!";
} else {
echo "status=no matching username and password found in database";
}
}
?>
wie vindt de fout?
alvast bedankt
Jonas