Tweet
Alright i implemented captcha code on my index.php which users will be logging in from. Here is the source for that:
Alright now i have added some code to the login-exec.php so that the captcha can validate on login attempts. My problem is that when i go to login under a registered username it brings me back to the index again (refreshes the page basically). But when i type incorrect login information it submit's the verification saying what is incorrect. I am missing some line of code i am thinking but i cannot seem to get what i have missed. Can someone shed some light on my incorrect code?
PHP Code:
<?php
$cryptinstall="./cryptographp.fct.php";
include $cryptinstall;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>DigiChat Member</title>
<link rel="stylesheet" href="images/main.css" media="screen">
<link rel="stylesheet" href="images/colors.css" media="screen">
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
<style type="text/css">
.style1 {
color: #CCCCCC;
font-style: italic;
font-weight: bold;
}
a:link {
color: 0893FF;
}
body,td,th {
color: 0893FF;
}
.style3 {color: #1f9dff}
a:hover {
color: 0893FF;
}
.style4 {color: #666666}
.style5 {color: #666666#666666; }
body {
background-image: url(images/bg.jpg);
}
</style>
</head>
<body>
<div id="container">
<div id="header">
<a id="logo" href="#" title="Support Center"><img src="images/head.png" alt="Support Center" width="801" height="64" border="0"></a></div>
<ul id="nav">
<li><a class="ticket_status" href="./index.php">Home</a></li>
<li><a class="new_ticket" href="./members.php">Members</a><a class="new_ticket" href="./register.php">Register</a><a class="new_ticket" href="./news.php">News</a></li>
<li></li>
</ul>
<div id="content">
<div id="index">
<h1 class="style3">Welcome to DigiScript MemberShip</h1>
<p class="big style4">DigiScript Membership is a php/msql web based membership script. It's sole purpose is to provide a simple and easy database to allow new and old users to sign into your chat server. By allowing users to register and login, thsey can pick a variety of setting's for their profile and be able to login to your chat only as a member. </p>
<hr>
<table width="773" height="147" border="0" align="left">
<tr>
<td width="407"><h3 align="center"><span class="style3 rcol"><strong>Login To Your Account! </strong></span></h3>
<p align="center" class="style5">Please be sure to login to your free account with the correct detail's you inserted when registering, Thank You. </p>
<?php
if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
echo '<ul class="err">';
foreach($_SESSION['ERRMSG_ARR'] as $msg) {
echo '<li>',$msg,'</li>';
}
echo '</ul>';
unset($_SESSION['ERRMSG_ARR']);
}
?>
<form id="loginForm" name="loginForm" method="post" action="login-exec.php">
<table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<td width="112"><b>Login</b></td>
<td width="188"><input name="login" type="text" class="msg" id="login" /></td>
</tr>
<tr>
<td><b>Password</b></td>
<td><input name="password" type="password" class="msg" id="password" /></td>
</tr>
<tr>
<td> </td>
<td><div align="center">
<table cellpadding=1>
<tr>
<td align="center"><?php dsp_crypt(0,1); ?></td>
</tr>
<tr>
<td align="center">Enter Code Below: <br>
<input type="text" name="code"></td>
</tr>
<tr>
<td align="center"><input type="submit" name="submit" value="Login Now!"></td>
</tr>
</table>
</div></td>
</tr>
</table>
<p align="center"> </p>
</form>
</td>
<td width="407"><h3 align="center"><span class="style3 rcol"><strong>Register Now! </strong></span></h3>
<p align="center" class="style4">Registering an account is free and safe to use. Without registering, you cannot access our chat system. </p>
<form>
<div align="center">
<input name="BUTTON" type="BUTTON" onClick="window.location.href='./register.php'" value="Register">
</div>
</form>
</td>
</tr>
</table>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p><br>
</p>
</div>
<div style="clear:both"></div>
</div>
<div id="footer"></div>
</div>
<div align="center">
<img src="images/poweredby.png" alt="Powered by osTicket" height="38" width="802"></div>
</body></html>
PHP Code:
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = true;
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);
$code = ($_POST['code']);
//Input Validations
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
if($code == '') {
$errmsg_arr[] = 'Incorrect captcha Code';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: index.php");
exit();
}
//Create query
$qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
$_SESSION['SESS_SITE_ID'] = $member['SiteID'];
$_SESSION['SESS_URL'] = $member['Url'];
$_SESSION['SESS_AGE'] = $member['Age'];
$_SESSION['SESS_EXIT_MESSAGE'] = $member['exitmessage'];
$_SESSION['SESS_COMMENTS'] = $member['comments'];
$_SESSION['SESS_REAL_NAME'] = $member['realname'];
session_write_close();
header("location: user.php");
exit();
}else {
//Login failed
header("location: failed.php");
exit();
}
}else {
die("Query failed");
}
?>
lol
Comment