Browser MMO Video #5

[phq]

Hi,
My PC broke a while ago, so I decided to start again. It took me a long time to find the website but I've found it.
So, I got the same error when I enter the normal password it doesn't work, but when I enter the md5'd password it works.
I don't think there is something wrong.

My authenticate.php :

Code: Select all

<?php
include_once 'connect.php';
session_start();

if (isset($_POST['submit']))
{
  $player=$_POST['player'];
  $password=$_POST['password'];
  $player=strip_tags($player);
  $password=strip_tags($password);
  $password=md5($password);

  $query = "select name,password from players where name='$player' and '$password'";
  $result = mysql_query($query) or die ("Could not query players");
  $result2 = mysql_fetch_array($result);
  if ($result2)
  {
      $_SESSION['player']=$player;

      echo "<big>Logged in successfully<br />";
      echo "<a href='battle.php'>Continue</a></big>";
  }
  else
  {
    echo "<big>Wrong username or password.<a href='login.php'>Try Again</a></big>";
  }
}

?>

[OldRod]

Change:

$query = "select name,password from players where name='$player' and '$password'";

to:

$query = "select name,password from players where name='$player' and password='$password'";

and see if that helps.

[phq]

Ok,
thank you that helped

[Jackolantern]

You also don't have to make the password check part of the SQL query. It will run marginally faster if you simply search for the player name and then use the query results array to check the password. Always do everything you can in PHP instead of MySQL.

[Caleta]

so it's like this.

if i put something in the database with the title of Avatar and and entry was inserted there like an url.
like http://www.website.com/image.jpg then if i placed $playerinfo3['Avatar'] then does that mean it would show the image?

Code: Select all

<?php
include_once 'connect.php';
session_start();

if (isset($_SESSION['player']))
{
  $player=$_SESSION['player'];
}
$playerinfo="SELECT * from players where name='$player'";
$playerinfo2=mysql_query($playerinfo) or die("could not get player stats!");
$playerinfo3=mysql_fetch_array($playerinfo2);

$avatar = $playerinfo3['Avatar']
$Equipment = $playerinfo3['Equipment']

is this something like this??

i get what you said about the stats and other info. oh and what kind of script is used to modify data in database?

i am suck, i am unsure which code to use for the authenticate.php document!!

[hallsofvallhalla]

use the one int he tutorial

[Zerk]

My login is messed up...

I have checked register and reguser and they work fine. They set all the correct information in the data base.


But it only lets me log in every few people I create; sometimes it works, sometimes it doesn't...

Example: I create a user called "pleasework" with a password of "pleasework". It lets me log in.
But then I created a user called "iamawizard" with a password of "wizard" and it won't let me log in.
So I thought it must have to have the same password as username so I made a user called "1234" with a password of "1234" and he couldn't lot in! Even if I go into the database and change the MD5 password to 1234, it won't let him log in..There is something really weird with my script or something.

This is my login and authenticate scripts..what can I do to make them work?

Code: Select all

login.php


<?php
include_once('phpinclude/connect.php');
include_once('phpinclude/logo.php');
?>

<div id="loginfalse">
<form method="POST" action="authenticate.php">
<table border='0' align="center">
<tr align="right"><td>User Name: </td><td><input type="text" name="player" size="21"></td></tr>
<tr align="right"><td>Password: </td><td><input type="password" name="password" size="21" mask="x"></td></tr>

<tr align="right"><td colspan='2'><input type="submit" value="Login" name="submit"></td></tr>
</table><br>
<br>
Not Registered? <a href='register.php' title='Register page'>Register</a><br>
<br>
<a href='index.php' title='Index'>Return to the index</a>.
</div>

Code: Select all

authenticate.php


<?php
include_once ('phpinclude/connect.php');
session_start();
include_once ('phpinclude/logo.php');
?>


<div id="loginfalse">
<?php
if (isset($_POST['submit']))
{
  $player=$_POST['player'];
  $password=$_POST['password'];
  $player=strip_tags($player);
  $password=strip_tags($password);
  $password=md5($password);

  $query = "select name,password from players where name='$player' and '$password'";
  $result = mysql_query($query) or die("Could not query players");
  $result2 = mysql_fetch_array($result);
  if ($result2)
  {
    $_SESSION['player']=$player;
   
    echo "<big>Logged in successfully<br>";
    echo "<A href='index.php'>Continue</a></big>";
  }
  else
  {
   echo "<big>Wrong username or password.<A href='login.php'>Try Again</a></big>";
  }
}
?>
</div> /*for the Login False ID*/

[OldRod]

Change:

Code: Select all

$query = "select name,password from players where name='$player' and '$password'";

to:

Code: Select all

$query = "select name,password from players where name='$player' and password = '$password'";

That is one problem - see if that fixes it, if not post back

[Bust]

It's giving an error:

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\AgedBattles\connect.php:6) in C:\xampp\htdocs\AgedBattles\authenticate.php on line 3

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\AgedBattles\connect.php:6) in C:\xampp\htdocs\AgedBattles\authenticate.php on line 3

What can I do?

[OldRod]

Looks like you have two session_start statements - maybe one in connect.php and one in authenticate.php. Since connect.php is included, you don't need the one in authenticate.php