webdevRefinery Forum: Not working - webdevRefinery Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

User is offline TheUnknown 

  • Group: Members
  • Posts: 48
  • Joined: 21-October 11
  • Expertise:HTML,PHP

Posted 06 November 2011 - 01:59 PM (#1)

Not working


Won't Update Properly. 
     $username = $_POST['Username'];
     $password = $_POST['Password'];
     $hashed = HashPassword($password);
     $ip = $_SERVER['REMOTE_ADDR'];

     
     $getdata = mysql_query("SELECT * FROM Login WHERE username='$username'");
     $data = mysql_fetch_array($getdata);
     if($data['username']==$username AND $hashed==$data['password'] AND $data['rank']!="Banned"){
     echo "Welcome to the website!";


     echo "<a href=/game.php>Go to game.</a>";
 mysql_query("UPDATE Login SET isLoggedIn = 'Yes' AND currentIp = '$ip' WHERE username = '$username' ");
          }else{
          echo "INVALID LOGIN CREDENTIALS. Please try again.";
     }


It won't update the isLoggedIn or currentIp
Owner and Head Developer of FreeReads
-http://freereads.bonplay.net

Owner and Developer of (Currently Dead) GamersRestStop
-http://gamersreststop.x10.mx
0

User is online NeilHanlon 

  • Group: Members
  • Posts: 889
  • Joined: 08-July 10
  • LocationRowley, Massachusetts
  • Expertise:HTML,CSS,PHP,Java,Graphics

Posted 06 November 2011 - 02:04 PM (#2)

Your problem is that you're using mysql_.

Other than that, UPDATE just uses commas. isLoggedIn = 'yes', currentIp = "$ip"

EDIT: Oh. and someone entering '"; DROP TABLE Login;

would seriously mess up your day.
Thanks,
兄ニール

Website | Blog | @NeilHanlon | About.Me | Facebook | LinkedIn
0

User is offline arronhunt 

  • I'm a httpster
  • Group: Moderators
  • Posts: 3400
  • Joined: 09-March 10
  • LocationLos Angeles, CA
  • Expertise:HTML,CSS,Javascript,Graphics,Flash

Posted 06 November 2011 - 02:20 PM (#3)

I'm not too good with PHP, but I believe your variables are just being read as strings. So whenever you have a variable in quotes you should do {$variable}.

Someone correct me if I'm wrong ;)
DO NOT OPEN THIS

Spoiler
0

User is offline Cyril 

  • Group: Members
  • Posts: 2545
  • Joined: 03-August 10
  • Expertise:HTML,CSS,PHP,Javascript,Graphics

Posted 06 November 2011 - 02:23 PM (#4)

View Postarronhunt, on 06 November 2011 - 02:20 PM, said:

I'm not too good with PHP, but I believe your variables are just being read as strings. So whenever you have a variable in quotes you should do {$variable}.

Someone correct me if I'm wrong ;)


You're wrong ;)
With double quotes, variables are parsed ;)

website :: github :: twitter :: dribbble :: forrst
html, css, php, javascript, graphics
0

User is offline TheUnknown 

  • Group: Members
  • Posts: 48
  • Joined: 21-October 11
  • Expertise:HTML,PHP

Posted 06 November 2011 - 03:38 PM (#5)

Thanks it works now :D
Owner and Head Developer of FreeReads
-http://freereads.bonplay.net

Owner and Developer of (Currently Dead) GamersRestStop
-http://gamersreststop.x10.mx
0

User is offline arronhunt 

  • I'm a httpster
  • Group: Moderators
  • Posts: 3400
  • Joined: 09-March 10
  • LocationLos Angeles, CA
  • Expertise:HTML,CSS,Javascript,Graphics,Flash

Posted 06 November 2011 - 04:29 PM (#6)

View Postcyrilmengin, on 06 November 2011 - 02:23 PM, said:

You're wrong ;)
With double quotes, variables are parsed ;)


Holy cats are you for real? My life just became easier.
DO NOT OPEN THIS

Spoiler
0

User is online NeilHanlon 

  • Group: Members
  • Posts: 889
  • Joined: 08-July 10
  • LocationRowley, Massachusetts
  • Expertise:HTML,CSS,PHP,Java,Graphics

Posted 06 November 2011 - 04:43 PM (#7)

Lol yep Aaron.

"$var" prints the value of $var,

'$var' prints well.. "$var"

and '' . $var prints the value of $var
Thanks,
兄ニール

Website | Blog | @NeilHanlon | About.Me | Facebook | LinkedIn
0

User is offline Imjoshholloway 

  • Group: Members
  • Posts: 28
  • Joined: 03-July 11
  • LocationHampshire, UK
  • Expertise:HTML,CSS,PHP,Javascript,SQL,MongoDB

Posted 06 November 2011 - 09:02 PM (#8)

View PostTheUnknown, on 06 November 2011 - 03:38 PM, said:

Thanks it works now :D


Just to clarify it was the AND that was the problem.

You can also optimize your code a bit more by doing the following:

$getdata = mysql_query("SELECT id, username, password FROM Login WHERE username='$username' WHERE rank != 'Banned' LIMIT 1");
     
// no point running if no results
if ($getdata)
{
    $data = mysql_fetch_array($getdata);
          
    // does the user password match
    if ($hashed==$data['password'])
    {
        $id = $data['id'];
        
        echo "Welcome to the website!";
        echo "<a href=/game.php>Go to game.</a>";

        // update the ip
        mysql_query("UPDATE Login SET isLoggedIn = 'Yes', currentIp = '$ip' WHERE id = '$id' ");
    }
}
else
{
    echo "INVALID LOGIN CREDENTIALS. Please try again.";
}


I'd also suggest looking at: Using PDO

(If you don't want to use PDO. Make sure you're escaping stuff using mysql_escape_real_string() before running queries etc.)

and the following for Storing IP's

:D
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users


IPB Skins by Skinbox

Enter your sign in name and password

Sign in options
  Or sign in with these services