Goedemorgen allemaal,
Ik ben bezig met een login script maar krijg wat foutjes.
Hij controleert het wachtwoord niet helemaal correct.
Heb zelf al aardig wat geprobeerd maar kom er niet meer uit.
Misschien dat jullie zien wat ik fout doe (hoop ik).
PHP
<?PHP
if(isset($_POST['login'],$_POST['pass']))
{
#Secure inputs
$user = checkInput($_POST['login']);
$pass = checkInput($_POST['pass']);
$passw = generateHash($pass); //Set salt tro password
$mysql = mysql_query("SELECT login,pass,status FROM `users` WHERE `login`='". $user ."' AND `pass`='". $passw ."' LIMIT 1") or die(mysql_error());
if(($data = mysql_fetch_object($mysql)) && $data->status == "alive")
{
mysql_query("UPDATE `users` SET `online`=NOW() WHERE `id`='". $data->id ."' LIMIT 1") or die(mysql_error());
$_SESSION['login'] = $data->login;
$_SESSION['IP'] = $_SERVER['REMOTE_ADDR'];
$mysql = mysql_query("SELECT *,DATE_FORMAT(`signup`,'%d %m %Y %H:%i:%s') FROM `users` WHERE `login`='". $_SESSION['login'] ."' LIMIT 1") or die(mysql_error());
$_SESSION['data'] = mysql_fetch_object($mysql);
}
}
if(isset($_GET['x']) && $_GET['x'] == "logout")
{
begintable("Logout");
#--------------------
echo("Goodbye <b>".$data->login."</b>,<br>
<br>
See you next time on Gangsterscity.eu!");
echo("<meta http-equiv=\"Refresh\" content=\"3;url=http://www.gangsterscity.eu/ENGLISH\" />");
#--------------------
closetable();
unset($_SESSION['data']);
unset($_SESSION['IP']);
unset($_SESSION['login']);
}
elseif(isset($_GET['x']) && $_GET['x'] == "lostpass")
{
if(isset($_GET['id'],$_GET['code']))
{
#Secure inputs
$id = checkInput($_GET['id']);
$code = checkInput($_GET['code']);
$mysql = mysql_query("SELECT id,code,area,login FROM `temp` WHERE `id`='". $id ."' AND `code`='". $code ."' AND `area`='lostpass'") or die(mysql_error());
if($data = mysql_fetch_object($mysql))
{
$mysql = mysql_query("SELECT login,email FROM `users` WHERE `login`='". $data->login ."'") or die(mysql_error());
$data = mysql_fetch_object($mysql);
include_once("include/rndPass.class.php");
$pass = new rndPass(6);
$passw = $pass->passGen();
$pass = generateHash($passw);
mysql_query("UPDATE `users` SET `pass`='". $pass ."' WHERE `id`='". $data->id ."' LIMIT 1") or die(mysql_error());
mysql_query("DELETE FROM `temp` WHERE `id`='". $id ."'") or die(mysql_error());
$subj = "Reset Password - Step 2/2";
$emess = "Dear ".$data->login.",
Your information was requested by ".$_SERVER['REMOTE_ADDR'].".
Username: ".$data->login."
Password: ".$passw."
You can log in with this information at www.gangsterscity.eu
Best regards,
http://www.gangsterscity.eu";
$head .= "From: Gangsterscity.eu<[email protected]>";
@mail($data->email, $subj, $emess, $head);
begintable("Reset password");
#----------------------------
echo("Your new password is sent to your email address.");
#----------------------------
returnForm();
closetable();
}
}
elseif(isset($_POST['submit']) && $_POST['login'] == true)
{
$login = checkInput($_POST['login']);
$mysql = mysql_query("SELECT login,email,status FROM `users` WHERE `login`='". $login ."'") or die(mysql_error());
if($data = mysql_fetch_object($mysql))
{
include_once("include/rndPass.class.php");
$code = new rndPass(6);
$code = $code->passGen();
mysql_query("INSERT INTO `temp`(login,code,area,time) values('".$data->login."','".$code."','lostpass',NOW())") or die(mysql_error());
$id = mysql_insert_id();
$subj = "Reset Password - Step 1/2";
$emess = "Your login information whas requested by: ".$_SERVER['REMOTE_ADDR'].".
If you did not requested this email please ignore this, no changes will be made.
Did you requested for a new password?
Follow this link:\nhttp://www.gangsterscity.eu/?gc=login&x=lostpass&id=".$id."&code=".$code."
Best regards,
http://www.gangsterscity.eu";
$head .= "From: Gangsterscity.eu<[email protected]>";
@mail($data->email, $subj, $emess, $head);
begintable("Reset Password");
#----------------------------
echo("There is an email sent to this account with further instructions<br>
<br>
See also <font color=red>your spam email!</font>");
#-----------------------------
returnForm();
closetable();
}
else
begintable("Reset Password");
#----------------------------
echo("there is no user with this username/email address!");
#----------------------------
returnForm();
closetable();
}
elseif(isset($_POST['submit']) && $_POST['email'] == true)
{
$email = checkInput($_POST['email']);
$mysql = mysql_query("SELECT login,email,status FROM `users` WHERE `email`='". $email ."'") or die(mysql_error());
if($data = mysql_fetch_object($mysql))
{
include_once("include/rndPass.class.php");
$code = new rndPass(6);
$code = $code->passGen();
mysql_query("INSERT INTO `temp`(login,code,area,time) values('".$data->login."','".$code."','lostpass',NOW())") or die(mysql_error());
$id = mysql_insert_id();
$subj = "Reset Password - Step 1/2";
$emess = "Your login information whas requested by: ".$_SERVER['REMOTE_ADDR'].".
If you did not requested this email please ignore this, no changes will be made.
Did you requested for a new password?
Follow this link:\nhttp://www.gangsterscity.eu/?gc=login&x=lostpass&id=".$id."&code=".$code."
Best regards,
http://www.gangsterscity.eu";
$head .= "From: Gangsterscity.eu<[email protected]>";
@mail($data->email, $subj, $emess, $head);
begintable("Reset Password");
#----------------------------
echo("There is an email sent to this account with further instructions<br>
<br>
See also <font color=red>your spam email!</font>");
#-----------------------------
returnForm();
closetable();
}
else
begintable("Reset Password");
#----------------------------
echo("there is no user with this username/email address!");
#----------------------------
returnForm();
closetable();
}
begintable("Forgot Password");
?>
Send your username and password to your email address<br>
Because it is possible that you can lose your login information for this multiplayer
game loses, you can retrieve your information here again. <br>
However, abuse of the this form will be punished.<br />
<br />
<form method='post'>
<table width='100%' cellpadding='0' cellspacing='3' border='0'>
<tr>
<td width='150'>Username:</td>
<td><input type='text' name='login' /></td>
</tr>
<tr>
<td colspan='2'><br />
<small>*If you do not remember your username, you
can ask it with your e-mail address to.*</small><br />
<br /></td>
</tr>
<tr>
<td width='150'>E-mail address:</td>
<td><input type='text' name='email' /></td>
</tr>
<tr>
<td width='150'> </td>
<td><input type='submit' name='submit' value='Sent password' /></td>
</tr>
</table>
</form>
<?PHP
endtable();
}
else if($data)
{
if($data->status == "killed")
{
include_once("secretError/killed.php");
}
if($data->status == "banned")
{
include_once("secretError/banned.php");
}
else
begintable("Log in ".$data->login);
#----------------------------------
echo("You are now logged in, please wait...");
echo("<meta http-equiv=\"Refresh\" content=\"3;url=http://www.gangsterscity.eu/ENGLISH\" />");
#----------------------------------
closetable();
}
else {
if(isset($_POST['login'],$_POST['pass']))
{
begintable("Log in - Error");
#----------------------------
echo("<font color='red'>Wrong username or password, please try again!</font>");
#----------------------------
returnForm();
closetable();
}
begintable("Log in");
?>
<form method='post'>
<table width='100%' cellpadding='0' cellspacing='3' border='0'>
<tr>
<td width='150'>Username:</td>
<td><input type='text' name='login' maxlength='16' style='width:150px;'></td>
</tr>
<tr>
<td width='150'>Password:</td>
<td><input type='password' name='pass' style='width:150px;'></td>
</tr>
<tr>
<td width='150'> </td>
<td><input type='submit' name='submit' style='width:100px;' value='Log in'></td>
</tr>
<tr>
<td colspan='2' align='center'><br><a href='?gc=login&x=lostpass'>Forgot password?</a><br><br></td>
</tr>
</table>
</form>
<?PHP
endtable();
}
?>