Browser MMO Video #5

[Zerk]

Change:

Code: Select all

$query = "select name,password from players where name='$player' and '$password'";

to:

Code: Select all

$query = "select name,password from players where name='$player' and password = '$password'";

That is one problem - see if that fixes it, if not post back

I actually tried that before reporting...It didn't fix it so I changed it back.

EDIT: When I use that, my old account (first one I made) wont login. If I take the "password =" out, the first account can log in. My problem is that NEW accounts (ones made right now) can't log in. Should I post my Register and Reguser files?

[hallsofvallhalla]

yes post them and change it back to the way oldrod suggested.

[Jackolantern]

Also, exactly what error are you getting? Or are you just getting some kind of die() message? If you can tell us exactly what is being output to the browser when it messes up, that is usually the first step in finding the problem.

[Zerk]

@halls, if I change it to the way oldrod suggested, it wont even let my first user log in.

@jack, I thought I already said it...maybe I didn't. It gives me the "Wrong username or password.Try Again" error. I try to log in multiple times to make sure they match and I know they do.

Code: Select all

login.php


<?php
include_once('phpinclude/connect.php');
include_once('phpinclude/logo.php');
?>

<div id="loginfalse">
<form method="POST" action="authenticate.php">
<table border='0' align="center">
<tr align="right"><td>User Name: </td><td><input type="text" name="player" size="21"></td></tr>
<tr align="right"><td>Password: </td><td><input type="password" name="password" size="21" mask="x"></td></tr>

<tr align="right"><td colspan='2'><input type="submit" value="Login" name="submit"></td></tr>
</table><br>
<br>
Not Registered? <a href='register.php' title='Register page'>Register</a><br>
<br>
<a href='index.php' title='Index'>Return to the index</a>.
</div>

Code: Select all

authenticate.php


<?php
include_once ('phpinclude/connect.php');
session_start();
include_once ('phpinclude/logo.php');
?>


<div id="loginfalse">
<?php
if (isset($_POST['submit']))
{
  $player=$_POST['player'];
  $password=$_POST['password'];
  $player=strip_tags($player);
  $password=strip_tags($password);
  $password=md5($password);

  $query = "select name,password from players where name='$player' and '$password'";
  $result = mysql_query($query) or die("Could not query players");
  $result2 = mysql_fetch_array($result);
  if ($result2)
  {
    $_SESSION['player']=$player;
   
    echo "<big>Logged in successfully<br>";
    echo "<A href='index.php'>Continue</a></big>";
  }
  else
  {
   echo "<big>Wrong username or password.<A href='login.php'>Try Again</a></big>";
  }
}
?>
</div> /*for the Login False ID*/

Code: Select all

register.php

<?php
include_once('phpinclude/connect.php');
include_once('phpinclude/logo.php');
?>

<div id="loginfalse">
<?php

      print "<center><h3>Class Starting modifiers</h3></center>";
      print "<center>";
    /*  print "<table border='1' width='70%' cellspacing='20'>";
      print "<tr><td width='25%' valign='top'>";
      print "</td>";
      print "<td valign='top' width='75%'>";  */
      $selectclass="SELECT * from classes";
      $selectclass2=mysql_query($selectclass) or die("could not select Classes");
      print "<table border='1' bordercolor='#000066' bgcolor='#111111' width='80%'>";
      print "<tr><td><font color='#cc0033'>Class</font></div></td><td><font color='#cc0033'>Attack</font><td><font color='#cc0033'>Defense</font></td><td><font color='#cc0033'>Hit Points</font></td><td><font color='#cc0033'>Skill Points</font></td></tr>";
      while($selectclass3=mysql_fetch_array($selectclass2))
      {
       print "<tr><td>$selectclass3[name]</td><td>$selectclass3[attack]</td><td>$selectclass3[defense]</td><td>$selectclass3[hpoints]</td><td>$selectclass3[spoints]</td></tr>";
         
      }
      print "</table>";
   /*   print "</td></tr></table>"; */
      print "<!--</center>-->";
   
   
?>

<form method="post" action="reguser.php">
<?php
echo "Select class: ";
      print "<select name='classchoice' length='20' />";
      $classinfo="SELECT * from classes";
      $classinfo2=mysql_query($classinfo) or die("Could not select classes");
      while ($classinfo3=mysql_fetch_array($classinfo2))
      {
        print "<option>$classinfo3[name]</option>";
      }
      print "</select></center><!--center was from table start--><br><br>";
?>

<table border="0" align="center">

<tr align="right"><td>Username: </td> <td><input type="text" name="player" size="21"></td></tr>
<tr align="right"><td>Password: </td> <td><input type="password" name="password" size="21" mask="x"></td></tr>
<tr align="right"><td>Retype password: </td> <td><input type="password" name="pass2" size="21" mask="x"></td></tr>
<tr align="right"><td>E-mail address: </td> <td><input type="text" name="email" size="21"></td></tr>

<tr align="right"><td colspan="2"><input type="submit" value="  Submit  "></td></tr>
</table>
</form><br>
<br>
You don't want to register!?  <a href="index.php" title="index.php">Return to the index</a>.<!--'-->

</div> /*of Login False ID*/

Code: Select all

reguser.php

<?php
include_once('phpinclude/connect.php');
include_once('phpinclude/logo.php');
?>


<div id="loginfalse">
<!--Reguser start-->
<?php
$player=$_POST['player'];
$password=$_POST['password'];
$pass2=$_POST['pass2'];
$email=$_POST['email'];
  $player=strip_tags($player);
  $email=strip_tags($email);
$classchoice=$_POST['classchoice'];

if ($email == "")
{
  echo "You did not enter an email.  <A href='register.php'>Try again</a>.";
  exit;
}



if ($password == $pass2)
{
  
  /*querying username: checking if already used [see number 1]*/
$isplayer="SELECT * from players where name='$player'";  /*checks if player uses original name*/
$isplayer2=mysql_query($isplayer) or die("Could not query players table");
$isplayer3=mysql_fetch_array($isplayer2);

  /*checks if there are passwords set*/
  if(!$_POST['password'] || !$_POST['pass2'])
  {
    echo "You did not enter a password, your password was too big, or your password was too small.  <A href='register.php'>Try again</a>.";
    exit;
  }
  
  /*checks if player name is valid: between 4 and 20 chars and checks if already used [see number 1]*/
  else if($isplayer3 || strlen($player)>13 || strlen($player)<3)
  {
    echo "Your name is too large or too small.  <A href='register.php'>Try again</a>.";
    exit;
  }

  else
  {
    /*querying email: checking if already used [see number 2]*/
    $isaddress="SELECT * from players where email='$email'";
    $isaddress2=mysql_query($isaddress) or die("Could not query players table.........");
    $isaddress3=mysql_fetch_array($isaddress2);

    /*querying email: checking if already used [see number 2]*/
    if($isaddress3)
    {
      echo "Email has already been used.  <A href='register.php'>Try again</a>.";
      exit;
    }
    else
    {
      $password=md5($password);
    
    
      /////char. stat variable things....//////
      $classquery="SELECT * from classes where name='$classchoice'";
     $classquery2=mysql_query($classquery) or die("Could not query classes");
     $classquery3=mysql_fetch_array($classquery2);

      $SQL = "INSERT into players(name,password,email,level,exper,attack,defense,hpoints,maxhp,spoints,maxsp,pclass,gold) VALUES ('$player','$password','$email','1','0','$classquery3[attack]','$classquery3[defense]','$classquery3[hpoints]','$classquery3[hpoints]','$classquery3[spoints]','$classquery3[spoints]','$classquery3[name]','25')";
      mysql_query($SQL) or die ("Could not register...");

      echo "Thank you for registering!  Go have a jolly good time!<br><br>";
    }
  }
}



else
{
  echo "Your passwords did not match or you did not enter a password.  <A href='register.php'>Try again</a>.";
  exit;
}


echo "Go to the <a href='login.php' title='Click here to start playing'>Login page</a> to start playing.<br>";

?>

</div> /*for the loginfalse ID*/

[Jackolantern]

The only error I can find is the "and $password" part with the SQL query. Something is failing in that query to cause you to not have any results, which is why it is falling through to that message. Have you double checked your MySQL field names to ensure that they match what is in this query? It seems odd that it would sometimes work, and sometimes not.

[OldRod]

Check to make sure your password field is big enough to hold an encrypted password. If you are using md5, you need your password field to be at least 32 chars long.

[hallsofvallhalla]

Check to make sure your password field is big enough to hold an encrypted password. If you are using md5, you need your password field to be at least 32 chars long.

sounds like that is the problem.

[Zerk]

Check to make sure your password field is big enough to hold an encrypted password. If you are using md5, you need your password field to be at least 32 chars long.

THERE is the problem!! The tutorial originally uses 21 for password length in the database. When he introduced the md5, I don't think he told us to change it.

It works every time now! Thanks a lot^^

[hallsofvallhalla]

21 for the password? I dodnt catch that, I put that for the username. hmm will have to check that out.

[Zerk]

21 for the password? I dodnt catch that, I put that for the username. hmm will have to check that out.

I can't remember. You probably had it right but I made it the same length as the password just so things would be even: I'm a little ODC

Thanks a lot for taking the time to make these videos, man. I'm learning a lot and it's a lot of fun