[HELP] Login Script

~~Hesorio1u~~ · 09/25/2012, 21:54

Hello guys! Today i tried make login script with DKcoins balance of account...
So i failed i really don't know why script is now working out. So anyone interest to help me and fix that script? I'll give u a big bit thanks for that.

So le'ts me show script here:

Quote:

<?php
// Edit your mssql info here
// BEGIN MSSQL INFO
$CONFIG['host'] = "IP HERE";
$CONFIG['user'] = "USER HERE";
$CONFIG['pass'] = "PASS HERE";
// END MSSQL INFO

//----------------------------- DO NOT EDIT ANYTHING BELOW HERE !!!!! ------------------------------------

$CONFIG['conn'] = mssql_connect( $CONFIG['host'], $CONFIG['user'], $CONFIG['pass']);

function anti_injection($sql) {
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = addslashes($sql);
return $sql;
}
//----------------------------------------------------------------------------------------------------------

if(isset($_GET['action']) && ($_GET['action'] == "login")){

$user = anti_injection($_POST['user']);
$pass = anti_injection($_POST['pass']);
$coins = anti_injection($_POST['coins']);
$crypt_pass = md5($pass);

$result1 = mssql_query("SELECT * FROM account.dbo.user_profile WHERE user_id = '".$user."'"); $count1 = mssql_num_rows($result1);
$result2 = mssql_query("SELECT user_pwd FROM account.dbo.user_profile WHERE user_id = '".$user."'");
$row2 = mssql_fetch_row($result2);
$founder = mssql_query ("Select * FROM account.dbo.user_no WHERE user_id ='".$user."'");
$result10 = mssql_query("SELECT * FROM account.dbo.user_profile WHERE user_no = '".$founder."'");
$userno = "Select * FROM cash.dbo.user_cash WHERE amount WHERE user_no =' '".$founder."'";
$pplist = mssql_query($userno);

if($count1 == '0') {

echo 'This game account is not' ;
echo '<br>';
echo 'founded in the our database!';
echo '<br>';
echo '<a href="index.php">Try again!</a>';

}
elseif($row2[0] != $crypt_pass) {

echo 'Wrong password!';
echo '<br>';
echo '<a href="index.php">Try again!</a>';
}
elseif($_GET['login'] != 'login' && $count1 == '0') {
echo '<br>Login Error, <a href="index.php">Try again</a>';
} else {

// Begin secure content
$_SESSION['user'] = $user;

$amount = $_POST['amount'];

if($name)
{
mssql_select_db('account', $conn);
$r = query("SELECT user_no FROM dbo.USER_PROFILE WHERE user_id='".$user."'");

if(!mssql_num_rows($r))
echo 'No Character found with name: '.$user.'</br></br>';
else
{
$user_no = mssql_fetch_array($r);
mssql_select_db('cash', $conn);
$r = query("SELECT dbo.user_cash SET amount = amount WHERE user_no = '".$user_no[0]."';");

$CONFIG['conn'] = mssql_connect( $CONFIG['host'], $CONFIG['user'], $CONFIG['pass']);
$result1 = mssql_query("SELECT user_no FROM account.dbo.account WHERE user_id = ".$_SESSION['user']."",conn);
$result2 = mssql_query("SELECT user_cash FROM character.dbo.cash WHERE amount = '".fdsfd."'",conn);
$coins55 = ($_POST['fdsfd']);

if($r)
echo "SOMETHING WRONG";
}
}

echo "<h3>Welcome, ".$_SESSION['user']."</h3>";
echo 'DK-coins: ".$coins55."
<img src="img/coins.gif" alt="" width="14" height="16" /> <a href="index.php">(Buy more)</a> ';
echo '<br>- - - - - - - - - - - - - - - - - - </br>';
echo '<a href="reborn.php">REBORN SYSTEM</a> | <a href="votenow.php">VOTE</a>';
echo '<form id="form1" method="post" action="index.php">
<p>         &n bsp;       &nbs p;  <input type="submit" name="Logout" id="Logout" value="Logout account" /></p>
</form>';

// Dont forget to and your session
// session_destroy();
// End secure content
}
} else {

echo '<h2> </h2>
<form name="" action="'.$_SERVER['php_self'].'?action=login" method="post">
Username: <input type="text" name="user" maxlength="16"><br/>
<br>
Password: <input type="password" name="pass" maxlength="16"><br/>
<br />
          &n bsp;       &nbs p;  <input type="submit" value="Login account">
</form>';
echo '<a href="forgetpassword.php">Forget password?</a> | <a href="forum.php">Tehnical support</a>';
}
?>

The bold word is that one what is insert from my know science

Also there is some excess "script commands" but i don't wanna Modify them cuz i don't know.. so it will disrupt...

So guys ?
// YES THIS IS DOUBLE TOPIC BUT I NEVER SAW THAT SCRIPT IS RELASED
// IF U SAW ANYPOST WHERE IS IT EXPLAINED PLZ URL ME
// ALSO I DON'T UNNOTICED ALL YOUR FAIL COMMENTS.

badboyfuck · 09/26/2012, 05:48

well if u want to just give auto coins then check this.But you might have to reg first.

~~Hesorio1u~~ · 09/26/2012, 06:53

I didn't request for giving dkcoins or money. I need help about Login Script with in (Dkcoins,My account, Forrget password, change password, reborn, donate,)

Xapphire · 09/26/2012, 09:46

I don't know much about arrays but why are you assigning a variable to look up a variable to use in the same variable?

$user_no = mssql_fetch_array($r);
mssql_select_db('cash', $conn);
$r = query("SELECT dbo.user_cash SET amount = amount WHERE user_no = '".$user_no[0]."';");

also don't see the point in this line here

if($r)
echo "SOMETHING WRONG";
}
}

There's no condition to trigger it so it has no use.

~~Hesorio1u~~ · 09/26/2012, 19:05

Well bro i tryied make dkcoins balance script afther login... but as i said in my previous post

Quote:

The bold word is that one what is insert from my know science
Also there is some excess "script commands" but i don't wanna Modify them cuz i don't know.. so it will disrupt...

Also i can send u a "clean script" without excess commands and splodge scripts.

Here is clean Login Script(By Javnier123) BIG THANKS!

Quote:

<?php

// Edit your mssql info here
// BEGIN MSSQL INFO
$CONFIG['host'] = "localhost";
$CONFIG['user'] = "sa";
$CONFIG['pass'] = "server";
// END MSSQL INFO

//----------------------------- DO NOT EDIT ANYTHING BELOW HERE !!!!! ------------------------------------

$CONFIG['conn'] = mssql_connect( $CONFIG['host'], $CONFIG['user'], $CONFIG['pass']);

function anti_injection($sql) {
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = addslashes($sql);
return $sql;
}
//----------------------------------------------------------------------------------------------------------

if(isset($_GET['action']) && ($_GET['action'] == "login")){

$user = anti_injection($_POST['user']);
$pass = anti_injection($_POST['pass']);
$crypt_pass = md5($pass);

$result1 = mssql_query("SELECT * FROM account.dbo.user_profile WHERE user_id = '".$user."'");
$count1 = mssql_num_rows($result1);

$result2 = mssql_query("SELECT user_pwd FROM account.dbo.user_profile WHERE user_id = '".$user."'");
$row2 = mssql_fetch_row($result2);

if($count1 == '0') {
echo '<br>This game account is not found in the database.';
}
elseif($row2[0] != $crypt_pass) {
echo '<br>Wrong password. Try again.';
}
elseif($_GET['login'] != 'login' && $count1 == '0') {
echo '<br>Login Error, Please login again.';
} else {

// Begin secure content
$_SESSION['user'] = $user;
echo "<h3>Welcome, ".$_SESSION['user']."</h3>";
echo "<br>";
echo "Your content here";
// Dont forget to and your session
// session_destroy();
// End secure content
}
} else {

echo '<h2>Login here</h2><br />
<form name="" action="'.$_SERVER['php_self'].'?action=login" method="post">
Name: <input type="text" name="user" maxlength="16"><br />
Password: <input type="password" name="pass" maxlength="16"> <br />
<input type="submit" value="Login!">
</form>';
}
?>

Decima · 09/26/2012, 19:48

Quote:

if($r)
echo "SOMETHING WRONG";
}
}

actually, u are wrong, there is a very clear condition, its testing to see if the variable '$r' exists, and if it does it echo's, the real question here, is why would anything be wrong if the var does exist, not to mention the statement doesnt have an opening '{' which will always cause it to not do anything at all.

login scripts are per server, so u either need to learn php and make your own or hire someone who knows php to make it for you, there are really no generic scripts for this, becus every server is different.

and stop making edits to scripts if you dont know the language at all

~~Hesorio1u~~ · 09/26/2012, 21:54

Ok, i figured it! So i will relase

here we go that is true working script
If anyone need press thanks if i helped.

Quote:

<?php
// Script created by: Hesorio1u
// ENTER YOUR MSSQL INFO HERE:
$CONFIG['host'] = "YOUR IP / LOCAL HOST"; //EXPLAME: 12.123.144.2
$CONFIG['user'] = "YOUR USERNAME"; //USSUALLY: "sa"
$CONFIG['pass'] = "YOUR PASSWORD"; //USSUALLY: "1234"

$CONFIG['conn'] = mssql_connect( $CONFIG['host'], $CONFIG['user'], $CONFIG['pass']);

function anti_injection($sql) {
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = addslashes($sql);
return $sql;
}

if(isset($_GET['action']) && ($_GET['action'] == "login")){

$user = anti_injection($_POST['user']);
$pass = anti_injection($_POST['pass']);
$crypt_pass = md5($pass);

$result1 = mssql_query("SELECT * FROM account.dbo.user_profile WHERE user_id = '".$user."'");
$count1 = mssql_num_rows($result1);

$result2 = mssql_query("SELECT user_pwd FROM account.dbo.user_profile WHERE user_id = '".$user."'");
$row2 = mssql_fetch_row($result2);

$userno = mssql_query("SELECT user_no FROM account.dbo.user_profile WHERE user_id = '".$user."'");
$row5 = mssql_fetch_row($userno);

$coins = mssql_query ("SELECT amount FROM cash.dbo.user_cash WHERE user_no = '".$row5[0]."'");
$row6 = mssql_fetch_row($coins);

if($count1 == '0') {
echo '<br>This game account is not found in the database.';
}
elseif($row2[0] != $crypt_pass) {
echo '<br>Wrong password. Try again.';
}
elseif($_GET['login'] != 'login' && $count1 == '0') {
echo '<br>Login Error, Please login again.';
} else {

$_SESSION['user'] = $user;
$_SESSION['coins'] = $coins;
$_SESSION['userno'] = $userno;

echo "<h3>Welcome, ".$_SESSION['user']."</h3>";
echo "<br>";
echo "<h3>Your Coins Balance: , ".$row6[0]."</h3>";
echo "<br>";
}
} else {

echo '<h2>Login here</h2><br />
<form name="" action="'.$_SERVER['php_self'].'?action=login" method="post">
Name: <input type="text" name="user" maxlength="16"><br />
Password: <input type="password" name="pass" maxlength="16"> <br />
<input type="submit" value="Login!">
</form>';
}
?>

~~Hesorio1u~~ · 09/29/2012, 15:56

I'm really happy to hear this from people, Thanks u 2.