Website Login Script for your players

12/22/2011 15:20 Angellinho#1
Hello! I want to release a sample Login Script for players.
Let`s start making the Configurations. Open a Text editor and create a file configuration.php

PHP Code:
<?php
    // MySQL connect information.
    $c_username "root";
    $c_password "mysql password";
    $c_host "localhost"//leave this
    $c_database "yourdatabase";

    // Connect.
    $connection mysql_connect($c_host$c_username$c_password)
    or die ("It seems this site's database isn't responding.");

    mysql_select_db($c_database)
    or die ("It seems this site's database isn't responding.");

?>
Save it into your web directory.

Now let`s make the Login.php

Add this code above your <head> tag element.

PHP Code:
<?php
session_start();
// Check if he wants to login:
if (!empty($_POST[username]))
{
    require_once("configuration.php");

    // Check if he has the right info.
    $query mysql_query("SELECT * FROM accounts
                            WHERE Username = '$_POST[username]'
                            AND Password = '$_POST[password]'")
    or die ("Error, something wrong.");
    
    $row mysql_fetch_array($query)
    or die ("Error, somethign wrong.");
    
    if (!empty($row[Username])) // he got it.
    {
        $_SESSION[username] = $row[Username];
        echo "Welcome $_POST[username]! You've been successfully logged in click <a href=login.php>Here</a>.";
        exit();
    }
    else // bad info.
    {
        echo "Error - Couldn't login user.<br /><br />
            Please try again.";
        exit();
    }
}

?>
Below, add this:

PHP Code:
<?php
session_start();
require_once("configuration.php");

$query "select Name FROM entities WHERE Owner='$_SESSION[username]'";
$result mysql_query($query);

while($row mysql_fetch_assoc($result))
{
$c=$row['Name'];
}

$query2 "select ConquerPoints FROM entities WHERE Owner='$_SESSION[username]'";
$result2 mysql_query($query2);

while($row2 mysql_fetch_assoc($result2))
{
$cp=$row2['ConquerPoints'];
}


// Check his status.
if (!empty($_SESSION[username])) // he got it.
{
    echo "You are currently logged in, <b>$_SESSION[username]</b>. <a href=logout.php>Logout</a>";
        echo "Users Login script by Angell<a href='http://*************/forum/'>(4Botters)</a><br>";
        echo "<br>";
        echo "Char name: <font color=red>$c</font>";
        echo "ConquerPoints: <font color=red>$cp</font>";
}

else // bad info.
{
    echo "You are currently <b>NOT</b> logged in.";


echo'                                            <p>Please Login First</p>
                                            <p>
                                            <form action=Login.php method=post>
                                            <table width=300 border=0 align=center cellpadding=0 cellspacing=1>
                                           <tr>
                                            <td><p><h3>Username:</h3></p></td>
                                            <td><p><input type=text name=username STYLE="color: #FFFFFF; font-family: Verdana; font-weight: bold; font-size: 12px; background-color: #72A4D2;"></p></td>
                                            </tr>
                                            <tr>
                                            <td><p><h3>Password:</h3></p></td>
                                            <td><p><input type=password name=password STYLE="color: #FFFFFF; font-family: Verdana; font-weight: bold; font-size: 12px; background-color: #72A4D2;"></p></td>
                                            </tr>
                                            <tr>
                                            <td><input type="submit" value="Login"></td>
                                            </tr>
                                            </table>
                                            </form></p>';
}

?>
You may have to modify the query to show your Char name, Coins(in this case CPs, first time was designed for conquer) or anything you want.
Example:
PHP Code:
$query "select VIP FROM account WHERE name='$_SESSION[username]'";
$result mysql_query($query);

while($row mysql_fetch_assoc($result))
{
$vip=$row['VIP'];

And then to make it show, add below
Code:
// Check his status.
if (!empty($_SESSION[username])) // he got it.
{
this code:
PHP Code:
echo "VIP: <font color=red>$vip</font>"
That`s everything. Close your <body>, there should be no <html> element.
Thanks for reading this.
12/22/2011 16:36 NotEnoughForYou#2
Why do you use a loop , when there is just 1 user with this name ? Also you can select both statements in one query
12/22/2011 18:04 JacK le chilla#3
Uh very nice for exploiting <3 :D bsp: Username: 'or1=1' Password: 'or1=1' :DD

in this script you can use very much exploits, pls check your variables on valid characters with preg_match for example :)
12/22/2011 22:37 Angellinho#4
I just wanted to release a sample login script I made, whatever.
12/22/2011 22:42 NotEnoughForYou#5
if you use this script everybody can delete your database
02/21/2012 10:49 Angellinho#6
I`m not that sure as you are, Isn`t that vulnerable to SQLi.

and that thing with 'or1=1' isn`t working on it.
02/21/2012 20:21 galaxyo#7
Its not safe. Just google "SQL-Injection".
02/22/2012 20:19 JacK le chilla#8
Quote:
and that thing with 'or1=1' isn`t working on it.
it works, but if you want to fix it simple, use mysql_real_escape_string() to safe your SQL querys.

MfG JacK