Can anyone check what is wrong here.

[arkh]

Code: Select all

<?php
include 'connect.php';
?>

<?php
$player=$_GET['player'];
$password=$_GET['password'];



  $isplayer="SELECT * from players where name='$player'";
  $isplayer2=mysql_query($isplayer) or die("Could not query players table");
  $isplayer3=mysql_fetch_array($isplayer2);

  $ispassword="SELECT * from players where Password='$password'";
  $ispassword2=mysql_query($isplayer) or die("Could not quesry Players table");
  $ispassword3=mysql_fetch_array($ispassword2);
  
  if($password=='password')
  {
    echo "You have successfully logged in.";
  }
  elseif($player=='player')
  {
    echo "You can proceed to the main page.";
   echo " <A href='Welcome.php'>Main Page</a> ";
  }

  if($player=='player')
  {
  }
  elseif(!$password=='password')
  {
   echo "you have entered an incorrect password.";
    echo "Please try again.";
    echo " <A href='login.php'>Try Again</a>";

  if(!$player=='player')
  {
  echo "No Account with that username is found.";
    echo "Please try again or Register for a new Account.";
    echo "<A href='login.php'>Try Again</a><br><A href='register.php'>Register</a>";
  }

  elseif($password=='password')
  {
  }
  
  if(!$player=='player')
  {
      echo "Both username and password is incorrect";
    echo "Try again or Register an Account";
    echo " <A href='login.php'>Try Again</a>";
    echo " <A href='register.php'>Register</a>";
    exit;
  }
  elseif(!$password=='password')
  {
  }

?>

hi to all of you guys. im a new person in this forum and new to PHP scripting. i've watched the videos and i've since there is a register page, a battle page and fight page. i decided to try and make a login page.

oh and here is the login page. above was the loguser.php

Code: Select all

<?php
include 'connect.php';
?>

<html>
<head>
<title>Login Page</title>
</head>
<body background="http://i342.photobucket.com/albums/o426/NightD0ve/Background.jpg">



<form method="post" action="loguser.php">
<center>
<br>
<br>
<br>
<br>

Username: <input type="text" name="player" size="16"><br>
Password: <input type="text" name="password" size="15"><br>
<input type="submit" value="submit"></center>
</form>

</body>
</html>

it's my first time to make script a PHP and i keep getting error at the loguser.php at line 69 which is the ?> i can't seem to figure what i am doing wrong. i hope someone figures it out ^^

[arkh]

oh is there a way to allign objects in PHP using tables. i tried to use the table like in html but it won't work T_T

[Falken]

Looks like you forgot a }

Will leave it unsaid where, you will probably learn more of how the code work if you find where the } is missing

[hallsofvallhalla]

yep you are missing a }

also div tags are far better than tables imo. I am not sure what you mean aligning the tables in php. As long as the php is inside the table it should align fine. I have a game, planetary wars where I used all tables
http://forsakensanctum.com/planetarywars/login.php

its free and easy to register, register and see the main page and tell me if this is what you mean.

If it is I can give you the coding behind it so that you can see how did it.

[arkh]

found it and fixed it. but now there seems to be another error appearing.

i get error from these two

Code: Select all

$player=$_GET['player'];
$password=$_GET['password'];

but if i changed it to

Code: Select all

$player=$_POST['player'];
$password=$_POST['password'];

it shows a blank page

i was thinking it would be like the reguser.php in the video. and i was kinda hoping to make this one look at the database for an exact match and returns an error if the data inputted is false.

but im still new and can't seem to figure how to do it.

oh and yeah i was looking for something like that. i was hoping to use tables to place objects in their respective places. like menu to the left and some other stuff. other than that, that's all im not getting. and for the rest of what i have in plan is going to be based on the what i saw in the video. but im still trying to figure a training script.

well i got school tommorow and it's 11 midnight here so i guess i'll be able to continue after school. oh and great site you have here

[hallsofvallhalla]

yes since use used the post method on the register page you must use the $post variable

also you are missing something here or rather have too much

Code: Select all

 $isplayer="SELECT * from players where name='$player'";
  $isplayer2=mysql_query($isplayer) or die("Could not query players table");
  $isplayer3=mysql_fetch_array($isplayer2);

   $ispassword="SELECT * from players where Password='$password'";
  $ispassword2=mysql_query($isplayer) or die("Could not quesry Players table");
  $ispassword3=mysql_fetch_array($ispassword2);
 
  if($password=='password')
  {
    echo "You have successfully logged in.";
  }

$isplayer="SELECT * from players where name='$player'";
$isplayer2=mysql_query($isplayer) or die("Could not query players table");
$isplayer3=mysql_fetch_array($isplayer2);

you dont need the extra query

If (!$isplayer3[name])
{
echo "No player by that name";

}



if($password==$isplayer3[password])
{
echo "You have successfully logged in.";
}

if you are using a md5 encryption then you will have to do that first. If you would like my next video could be on a log in page.

is Password capitalized in the database? for you have it that way in the query.

[arkh]

tried it and it worked nicely. there is one problem. i tried making two accounts.
the password of the other account is password and the other one is pass.

username:test
password:password

username:test2
password:pass

i tried scrambling the formation and found that as long as the username is the same even if the password is different but is the same as another account it will still log in.
i'll just wait for your login tutorial.

Add:i figured out how to use tables with PHP.

Code: Select all

                           <link href="style.css" rel="stylesheet" type="text/css" />

<style type="text/css">
<!--
body,td,th {
	color: #FFFFFF;
	font-family: Times New Roman, Times, serif;
	font-size: 16px;
	font-weight: bold;
}
body {
	background-color: #000000;
	background-image: url(http://i119.photobucket.com/albums/o126/horseluvr1/green.jpg);
}
-->
</style>
<link rel="stylesheet" href="style.css" type="text/css">
<input type='hidden' name='id' value='144'><table width="700" height="279" border="0" align="center">
  <tr>
    <td><p>
           <br />Name: arkh<br />Level: 1<br />Gold: 0<br />Experience: 10<br />Sword Style:Shigure Shoen<br /><br />    <u><b>Menu</b></u><br />

	<A href='home.php'>home</a><br /><A href='Train.php'>Training</a><br /><A href='Travel.php'>Travel</a><br /><A href='Fight'>Fight</a><br /><br />
    </td>
    <td>
	<center><p><img src="http://i452.photobucket.com/albums/qq249/zaraki1991/Yamamoto_Takeshi.jpg" width="176" height="130" /><br />Title:Rain Guardian</p></center><br /></td>
	 
    </td>


    <td><center><u><b>Stats</b></u><br />Power:0<br />Speed:0<br />Stamina:0<br />Wisdom:0<br /><br /></center>
	 </tr>
  <tr>
      <td><p>
             <A href='logout.php'>Logout</a>
      </td>
      <td><center>
      Health:0/999<br />
      Energy:0/999<br />
      Stamina:0/999
      </center></td>

  <td><center>
      Sword:Shigure Kintoki<br />
      Armor:Vongola Coat<br />
      Accessory:Vongola Ring<br />
      <A href='Equip.php'>Change Equipment</a>
    </center></td>
     </tr>

</table>

here is the script that i have. but most of the stuff there was just placed like me, like level, name and others.
apparently the most obvious thing i want to learn is how to keep in track of one of every character data like level, items and other stuff. basically all that is shown there is what i will have at what im having in my mind.

im a graduating student in highschool and im not sure what collage course teaches this stuff.

[Noctrine]

One thing that is wrong is that you aren't cleaning your queries. SQL injection is a bitch.

[arkh]

this is a noobish answer but. cleaning queries??

[Noctrine]

Oh, and don't use gets for logins lol. Use posts.

But yes, you are grabbing user input and sending it straight to the DB. That means you are trusting your end user to not try and screw you over. NEVER DO THIS The end user is your enemy, that's rule one of software development.


You should run through some checks to strip html and mysql elements, so that people can break your query and input a new one to wipe your database, or get all the accounts or what not. Google Search SQL injection for the lowdown.


As for the other thing, don't use gets. Use posts.