Go Back   nV News Forums > Software Forums > Software Development

Newegg Daily Deals

Thread Tools
Old 04-12-07, 04:33 AM   #1
Registered User
Join Date: Apr 2007
Posts: 1
Default Urgent help needed with PHP

Hey guys im new to nvnews forums and im stuck with my coursework i have to get finished before the easter holls, the teacher for php at uni is not that good.

I have to create a website wherein a critical bit is wherein users should be able to login to a database and access some features.
Basically i cant get the login and password verification (form validation using php) bit working (and god knows iv tried) , im very naive when it comes to php and need some help here.. heres the code for the login page (members.html):

<title>The Incredible Shoes Running Club - Member login</title>


<table border="0" cellspacing="0" width="600" height="100%" cellpadding="0">

<td align="left" width="200" height="100%" bgcolor="#C0C0C0" class="menucell" valign="top">

<br></br><a href="mainpage.html"><img src="home.bmp" title="Home" alt="Back to the Main Page" border=0></a>
<br></br><a href="aboutus.html"><img src="aboutus.bmp" title="Click here to know more about us" alt="About the club" border=0></a>
<br></br><a href="raceresults.html"><img src="raceresults.bmp" title="For latest results click here" alt="Race results" border=0></a>
<br></br><a href="latestpics.html"><img src="latestpics.bmp" title="Latest Pictures" alt="Latest Pictures" border=0></a>
<br></br><a href="organisers.html"><img src="organisers.bmp" title="Organisers enter here" alt="Organisers" border=0></a>

<td valign="top"> <table width="90%" border="0"> <tr>
<td valign="top"> <br> <p><font face="Century Gothic" color="#800000" size="4">
<br>The Incredible Shoes Running Club Members Login page</br></font><p>

<form method="post" name="LoginForm" action="loginform_validate.php"><input type="hidden" value="1"><table cellpadding="0">
<td class="label_cell"><font face="Century Gothic" color="#000000" size="3">E-Mail Address</td>
<td class="edit_cell"><input class="text_box" type="text" name="E-mail id" id="E-mail id" value=""></td>
<td align="left" valign="center"></td>

<td class="label_cell"><font face="Century Gothic" color="#000000" size="3">Password:</td>
<td class="edit_cell"><input type="password" id="Password" name="Password" value="" maxlength="20" size="15"></td>

<td class="label_cell"><font face="Century Gothic" color="#000000" size="3">Confirm Password:</td>
<td class="edit_cell"><input type="password" id="Password" name="Password" value="" maxlength="20" size="15"></td>

<td width="445"><p><font face="Century Gothic" color="#000000" size="3">Save my password on this computer<br>
<td width="39">
<input name="SavePassword" type="checkbox" value="1">
<input type="submit" class="Button" name="LoginSubmit" value="Login">

<i><font face="Verdana, Arial, Helvetica" color="#000000" size="1">
The Incredible Shoes Running Club 2006-2007</font></i>



And heres the code for lginfor_validate.php


$DBConnect = @mysql_connect("localhost", "root", "mitsubishi");

$dbselect = @mysql_select_db("runningclub");

$e = $_POST ['email'];
$p = $_POST['password'];
// Check that they've entered the right email address/password combination.
$query = "SELECT member_no FROM member WHERE (email='$e' AND password=SHA('$p') )";
if (mysql_num_rows == 1) { // Match was made.
echo "welcome to the website";
} else {
echo "you have entered incorrect data";

could anyone also tell me howi check wether the user has entered the username in a email format? any help/advise would be greatly appreciated!

P.S i have attatched the whole project as a rar file if anyone needs it , thank you.
Attached Files
File Type: zip cw1.zip (16.7 KB, 142 views)
mkswalia is offline   Reply With Quote
Old 04-12-07, 07:41 AM   #2
radekhulan's Avatar
Join Date: Apr 2005
Location: Prague
Posts: 749
Default Re: Urgent help needed with PHP

mysql_num_rows is a function, and should be called with resource parameter, in your case mysql_num_rows($query). There may be more bugs, but this one was standing out

There is also a security bug with not escaping $_POST data used in MySQL query, which can lead to XSS.

In your HTML, you have two "password" inputs with the same name (wrong!), and there is name="E-mail id" input, while in PHP you refer to $_POST ['email'], not "E-mail id".

Frankly, you should get back to school and learn basics, you code is something utterly horrible..
[size=1][b]CPU:[/b] Core 2 Quad Q6600 @ 3.2GHz | [b]Memory:[/b] 4x2GB Patriot DDR2-800 | 4GB A-Data PD7 ReadyBoost USB | [b]Sound:[/b] X-Fi FPS
[b]Board:[/b] Asus Commando | [b]GPU: 8800GTX @ 650/1050[/b] | [b]HDD:[/b] 3x WD3200KS 320GB + 500GB | [b]Power:[/b] Fortron EPSILON 600W-GLN
[b]Mouse:[/b] Logitech G5 | [b]Kbd:[/b] Logitech G15 | [b]DVD:[/b] Plextor 130B + LITE-ON LH-18A1H | [b]LCD[/b] [b]24" HP2465 1920x1200[/b] | Vista Ultimate x64
My websites: [url=http://hulan.cz/en][b]HULAN.cz[/b][/url], [url=http://radekhulan.cz/][b]RADEKHULAN.cz[/b][/url], [url=http://hulan.info/][b]HULAN.info[/b][/url], [url=http://blogcms.com/][b]BLOGCMS.com[/b][/url], [url=http://www.megablog.cz/][b]MEGABLOG.cz[/b][/url] | [url=http://hulan.cz/temp/games.png][b]Games played[/b][/url] | [URL=http://hulan.cz/temp/sestava.png][B]CPU-Z[/B][/URL] -- [URL="http://radekhulan.cz/img/stacker-830/stacker-830-bocnice.jpg"][B]case foto[/B][/URL][/size]
radekhulan is offline   Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Flame's crypto attack may have needed $200,000 worth of compute power News Archived News Items 0 06-11-12 09:40 PM
Anatomy of a hack: 6 separate bugs needed to bring down Google browser News Archived News Items 0 05-22-12 06:40 PM
9700 Pro OC app. needed PaiN Other Desktop Graphics Cards 5 10-11-02 12:46 PM
Powersupply help needed. Zarich General Hardware 7 09-25-02 01:45 AM
Help needed with MoBo Apoc CPUs, Motherboards And Memory 3 09-10-02 09:42 AM

All times are GMT -5. The time now is 06:54 AM.

Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.