Waksy Skrevet 30. desember 2007 Del Skrevet 30. desember 2007 (endret) Joa. Logg inn scriptet mitt har en verdifilisering som ikke funker helt på TOP! Derfor skal jeg ta vekk.. Men siden ikke jeg har lagd scriptet og dte er soppas rotete spørr jeg dere: Ossen får jeg det bort: <?php session_start(); //allows session include "config.php"; echo "<center>"; if($logged[id]){ //welcomes the member echo "Velkommen <a href='members.php?user=$logged[username]'>$logged[username]</a><br><br>"; //shows the user menu echo " - <a href='editprofile.php'>Editer Profilen din</a><br> - <a href='changepassword.php'>Bytt Passord (Kommer i Edit profil)</a><br> - <a href='krim.php'>Kriminalitet</a><br> - <a href='gta.php'>Stjel biler</a><br> - <a href='press.php'>Utpressing</a><br> - <a href='gara.php'>Garasje</a><br> - <a href='feng.php'>Fengsel</a><br> - <a href='home.php'>Bosted</a><br> - <a href='#'>....</a><br> - <a href='#'>....</a><br> - <a href='#'>....</a><br> - <a href='#'>....</a><br> - <a href='#'>....</a><br> - <a href='#'>....</a><br> - <a href='#'>.</a><br> - <a href='logout.php?logout'>Logg ut</a>"; } else //if there trying to login if(isset($_GET['login'])){ //removes sql injections from the data $username= htmlspecialchars(addslashes($_POST[username])); //encrypts the password $password = sha1(md5(md5(sha1(md5(sha1(sha1(md5($_POST[password])))))))); //gets the username data from the members database $uinfo = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error()); //see if the user exists $checkuser = mysql_num_rows($uinfo); //if user name not found in database error if($checkuser == '0') { echo "Brukernavnet var ikke funnet!"; } else { //fetch the sql $udata = mysql_fetch_array($uinfo); //checks see if the account is verified if($udata[userlevel] == 1) { echo "Denne brukeren har ikke blitt verdifilisert."; } //if it is continue else //if the db password and the logged in password are the same login if($udata[password] == $password) { $query = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error()); //fetchs the sql $user = mysql_fetch_array($query); //sets the logged session $_SESSION['id'] = "$user[id]"; $_SESSION['password'] = "$user[password]"; echo "Du er nå logget inn, vent litt. . ."; //redirects them echo "<meta http-equiv='Refresh' content='2; URL=login.php'/>"; } //wrong password else { echo "Feil Brukernavn eller Passord!"; } } } else { //If not the above show the login form echo "<form action='login.php?login' method='post'> <table width='312'> <tr> <td width='120'>Brukernavn:</td> <td width='180'><input type='text' name='username' size='30' maxlength='25'></td> </tr> <tr> <td>Passord:</td> <td><input type='password' name='password' size='30' maxlength='25'></td> </tr> <tr> <center><td><a href='#'>Glemt passord</a></td> <td><a href='register.php'>Registrer</a></td></center> </tr> <tr> <td colspan='2'><center><input type='submit' value='Login'></center></td> </tr> </table> </form>"; } echo "<center>"; ?> ja, dette er til mafiaspillet mitt Som bare har et par funksjoner enda XD Takk får svar Endret 30. desember 2007 av Waksy Lenke til kommentar
Pilot_ Skrevet 30. desember 2007 Del Skrevet 30. desember 2007 Slik som jeg ser det, er ikke det noen verifisering i denne koden, men kun en kode som sjekker om brukerne allerede er verifisert? Lenke til kommentar
Waksy Skrevet 30. desember 2007 Forfatter Del Skrevet 30. desember 2007 (endret) Skal se i Members koden.. Kanskje noe der Edit: Fant ut at dte var i Registreringa <?php session_start(); //allows session include "config.php"; echo "<center>"; //checks if there trying to veriy there account if(isset($_GET['verify'])){ //gets the code and makes it safe $code = addslashes($_GET['code']); //gets the code from the database $getcode=mysql_query("SELECT * FROM `verification` WHERE `code` = '$code'"); //counts the number of rows $getcode = mysql_num_rows($getcode); //if the ammount of rows is 0 the code does not exist if ($getcode == 0) { echo "Feil verdifiliserings kode!"; } //or if the code does exist we will activiate there account else { //get the data from the database $getcode=mysql_query("SELECT * FROM `verification` WHERE `code` = '$code'"); //fetchs the data from the db $dat = mysql_fetch_array($getcode); //sets the users user level to 2 which means they can now use there account $update = mysql_query("UPDATE `members` SET `userlevel` = '2' WHERE `username` = '".$dat['username']."'") or die(mysql_error()); //deletes the code as there is no use of it now $delete = mysql_query("DELETE FROM `verification` WHERE code = '$code'"); //says thanks and your account is ready for use echo "Din bruker er verdifilisert, du kan nå logge inn."; } } else //if we have posted the register for we will register this user if(isset($_GET['register'])){ //check to see if any fields were left blank if((!$_POST[username]) || (!$_POST[password]) || (!$_POST[cpassword]) || (!$_POST[email])){ echo "A field was left blank please go back and try again."; } else { //posts all the data from the register form $username = $_POST[username]; $password = $_POST[password]; $cpassword = $_POST[cpassword]; $email = $_POST[email]; //check see if the 2 passwords are the same if($password == $cpassword) { //encrypts the password 8 times $password = sha1(md5(md5(sha1(md5(sha1(sha1(md5($password)))))))); $cname = mysql_query("SELECT `username` FROM `members` WHERE `username` = '$username'"); $cname= mysql_num_rows($cname); //checks to see if the username or email allready exist if ($cname>=1) { echo "Det brukernavnet er allerede registrert!"; } else { //gets rid of bad stuff from there username and email $username = addslashes(htmlspecialchars($username)); $email = addslashes(htmlspecialchars($email)); //adds them to the db $adduser = mysql_query("INSERT INTO `members` (`username`, `password`, `email`) VALUES('$username','$password','$email')"); //posible letters for the verification code $alphanum = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; //shuffles the letters around to create a 16 long code $code = substr(str_shuffle($alphanum), 0, 16); //adds there code along with there user name to the db $addcode = mysql_query("INSERT INTO `verification` (`username`, `code`) VALUES('$username','$code')"); //don't edit this, this is the link for there activication $link = "http://$host$self?verify&code=$code"; //sends the email to the person mail("$email", "Member-Ship Validation", "Takk får at du registrerte deg $sitename. Please copy the below link into you address bar, $link", "From: Side verdifilisering"); //message sent now lets tell them to check there email echo "Du er nå regsitrert,<br><br>Skjekk E-posten du har mottat får å Aktivere din bruker."; } } else { echo "Passordet stemmet ikke!"; } } } else { //none of the above so lets show the register form echo "<form action='register.php?register' method='post'> <fieldset style='width: 350'> <table width='350'> <tr> <td width='150'>Brukernavn:</td> <td width='200'><input type='text' name='username' size='30' maxlength='25'></td> </tr> <tr> <td>Passord:</td> <td><input type='password' name='password' size='30' maxlength='25'></td> </tr> <tr> <td>Gjenta passord:</td> <td><input type='password' name='cpassword' size='30' maxlength='25'></td> </tr> <tr> <td>Email:</td> <td><input type='text' name='email' size='30' maxlength='55'></td> </tr> <tr> <td colspan='2'><center><input type='submit' value='Register'></center></td> </tr> </table> </fieldset> </form>"; } echo "<center>"; ?> Endret 30. desember 2007 av Waksy Lenke til kommentar
onTop Skrevet 30. desember 2007 Del Skrevet 30. desember 2007 (endret) Du bør også ta en titt på mysql_real_escape_string() dersom du vil unngå sql injections. Endret 30. desember 2007 av onTop Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå