So i downloaded a forum script for my game, and it works perfectly except from when you login to the game, you have to login to the forum separately for it to work (the users are stored into the same database).
How would i go about making it so when you login to the game, it logs into the forum as well!
Sorry if i didn't explain it too well, i've been trying to find a solution for days
I've added all the scripts i could think the problem could be.
Forum sign in page :
Code: Select all
<?php
//signin.php
include 'connect.php';
include '/forum/header.php';
echo '<h3>Sign in</h3><br />';
//first, check if the user is already signed in. If that is the case, there is no need to display this page
if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true)
{
echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.';
}
else
{
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
/*the form hasn't been posted yet, display it
note that the action="" will cause the form to post to the same page it is on */
echo '<form method="post" action="">
Username: <input type="text" name="name" /><br />
Password: <input type="password" name="password"><br />
<input type="submit" value="Sign in" />
</form>';
}
else
{
/* so, the form has been posted, we'll process the data in three steps:
1. Check the data
2. Let the user refill the wrong fields (if necessary)
3. Varify if the data is correct and return the correct response
*/
$errors = array(); /* declare the array for later use */
if(!isset($_POST['name']))
{
$errors[] = 'The username field must not be empty.';
}
if(!isset($_POST['password']))
{
$errors[] = 'The password field must not be empty.';
}
if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
{
echo 'Uh-oh.. a couple of fields are not filled in correctly..<br /><br />';
echo '<ul>';
foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
{
echo '<li>' . $value . '</li>'; /* this generates a nice error list */
}
echo '</ul>';
}
else
{
//the form has been posted without errors, so save it
//notice the use of mysql_real_escape_string, keep everything safe!
//also notice the sha1 function which hashes the password
$sql = "SELECT
id,
name,
access
FROM
players
WHERE
name = '" . mysql_real_escape_string($_POST['name']) . "'
AND
password = '" . md5($_POST['password']) . "'";
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'Something went wrong while signing in. Please try again later.';
//echo mysql_error(); //debugging purposes, uncomment when needed
}
else
{
//the query was successfully executed, there are 2 possibilities
//1. the query returned data, the user can be signed in
//2. the query returned an empty result set, the credentials were wrong
if(mysql_num_rows($result) == 0)
{
echo 'You have supplied a wrong user/password combination. Please try again.';
}
else
{
//set the $_SESSION['signed_in'] variable to TRUE
$_SESSION['player'] = true;
//we also put the user_id and name values in the $_SESSION, so we can use it at various pages
while($row = mysql_fetch_assoc($result))
{
$_SESSION['id'] = $row['id'];
$_SESSION['name'] = $row['name'];
$_SESSION['access'] = $row['access'];
}
echo 'Welcome, ' . $_SESSION['name'] . '. <br /><a href="forum.php">Proceed to the forum overview</a>.';
}
}
}
}
}
include '/forum/footer.php';
?>
Game login authentication (using halls old mmorpg tuts for a base)
Code: Select all
<?php
include_once 'connect.php';
session_start();
if (isset($_POST['submit']))
{
$player=$_POST['player'];
$password=$_POST['password'];
$player=strip_tags($player);
$password=strip_tags($password);
$password=md5($password);
$bypass = 0;
$playerinfo="SELECT * from players where name='$player'";
$playerinfo2=mysql_query($playerinfo) or die("could not get player stats!");
$playerinfo3=mysql_fetch_array($playerinfo2);
$query = "select name,password from players where name='$player' and '$password'";
$result = mysql_query($query) or die("Could not query players");
$result2 = mysql_fetch_array($result);
if ($result2)
if($playerinfo3['ban'] == 1)
{
echo "<center>";
echo "<big>You're Banned.<br></big>";
echo "<A href='login.php'>Back to login page.</a></big>";
echo "</center>";
exit;
}
else
{
$_SESSION['player']=$player;
echo "<big>Logged in successfully<br>";
echo "<A href='index.php'>Continue</a></big>";
}
else
{
echo "<big>Wrong username or password.<A href='login.php'>Try Again</a></big>";
}
}
?>
Reply.php (when replying to a topic)
Code: Select all
<?php
//create_cat.php
include 'connect.php';
include '/forum/header.php';
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
//someone is calling the file directly, which we don't want
echo 'This file cannot be called directly.';
}
else
{
//check for sign in status
if(!$_SESSION['player'])
{
echo 'You must be signed in to post a reply.';
}
else
{
//a real user posted a real reply
$sql = "INSERT INTO
posts(post_content,
post_date,
post_topic,
post_by)
VALUES ('" . $_POST['reply-content'] . "',
NOW(),
" . mysql_real_escape_string($_GET['id']) . ",
" . $_SESSION['id'] . ")";
$result = mysql_query($sql);
if(!$result)
{
echo 'Your reply has not been saved, please try again later.';
}
else
{
echo 'Reply has been saved, check out <a href="topic.php?id=' . htmlentities($_GET['id']) . '">the topic</a>.';
header('Location: forum.php');
}
}
}
include '/forum/footer.php';
?>
Code: Select all
<?php
//create_topic.php
include 'connect.php';
include '/forum/header.php';
echo '<h2>Create a topic</h2>';
if($_SESSION['player'] == false)
{
//the user is not signed in
echo 'Sorry, you have to be <a href="/forum/signin.php">signed in</a> to create a topic.';
}
else
{
//the user is signed in
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
//the form hasn't been posted yet, display it
//retrieve the categories from the database for use in the dropdown
$sql = "SELECT
cat_id,
cat_name,
cat_description
FROM
categories";
$result = mysql_query($sql);
if(!$result)
{
//the query failed, uh-oh :-(
echo 'Error while selecting from database. Please try again later.';
}
else
{
if(mysql_num_rows($result) == 0)
{
//there are no categories, so a topic can't be posted
if($_SESSION['access'] == 3)
{
echo 'You have not created categories yet.';
}
else
{
echo 'Before you can post a topic, you must wait for an admin to create some categories.';
}
}
else
{
echo '<form method="post" action="">
Subject: <input type="text" name="topic_subject" /><br />
Category:';
echo '<select name="topic_cat">';
while($row = mysql_fetch_assoc($result))
{
echo '<option value="' . $row['cat_id'] . '">' . $row['cat_name'] . '</option>';
}
echo '</select><br />';
echo 'Message: <br /><textarea name="post_content" /></textarea><br /><br />
<input type="submit" value="Create topic" />
</form>';
}
}
}
else
{
//start the transaction
$query = "BEGIN WORK;";
$result = mysql_query($query);
if(!$result)
{
//Damn! the query failed, quit
echo 'An error occured while creating your topic. Please try again later.';
}
else
{
//the form has been posted, so save it
//insert the topic into the topics table first, then we'll save the post into the posts table
$sql = "INSERT INTO
topics(topic_subject,
topic_date,
topic_cat,
topic_by)
VALUES('" . mysql_real_escape_string($_POST['topic_subject']) . "',
NOW(),
" . mysql_real_escape_string($_POST['topic_cat']) . ",
" . $_SESSION['id'] . "
)";
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'An error occured while inserting your data. Please try again later.<br /><br />' . mysql_error();
$sql = "ROLLBACK;";
$result = mysql_query($sql);
}
else
{
//the first query worked, now start the second, posts query
//retrieve the id of the freshly created topic for usage in the posts query
$topicid = mysql_insert_id();
$sql = "INSERT INTO
posts(post_content,
post_date,
post_topic,
post_by)
VALUES
('" . mysql_real_escape_string($_POST['post_content']) . "',
NOW(),
" . $topicid . ",
" . $_SESSION['id'] . "
)";
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'An error occured while inserting your post. Please try again later.<br /><br />' . mysql_error();
$sql = "ROLLBACK;";
$result = mysql_query($sql);
}
else
{
$sql = "COMMIT;";
$result = mysql_query($sql);
//after a lot of work, the query succeeded!
echo 'You have succesfully created <a href="topic.php?id='. $topicid . '">your new topic</a>.';
}
}
}
}
}
include '/forum/footer.php';
?>