login script to a pay only part of a website not working
Posted by: Steven O
Date: December 21, 2005 06:05PM
Date: December 21, 2005 06:05PM
Hi,
I am using a script to make part of my website pay only. I think the script works. I have a correct user and pw in the mysql database. When I type in the correct user and pw all I get is the same login screen except without the error messge I would get if I typed the user and pw wrong.
I have figured out that I am getting stuck at the last login statement in this code:
echo $SHOW_LOGIN_FORM;
which I think is because the cookie function is not working properly:
function sec_setcookie
I could be wrong. I got this code from a website and it is supposed to be bug free and I am guessing that it is my inexperiance that is the problem. Any help would be greatly appreciated. Thanks,
Steven O.
Here is the code:
<?
define ("DBHOST", "localhost");
define ("DBNAME", "paypal_tutorial");
define ("DBUSER", "user");
define ("DBPASS", "pass");
define("PAYPAL_USER", "email@email.com");
define("PPLINK", "https://www.paypal.com/xclick/business=";.
PAYPAL_USER.
"&item_name=members_payment&item_number=1".
"&amount=50.00&no_note=1¤cy_code=USD");
$username = $_POST['username'];
$password = $_POST['password'];
//echo $username;
// our login form for user logins
$SHOW_LOGIN_FORM="
<center><form method='post' action='index.php'><table>
<tr>
<td>Username: </td>
<td><input name='username' type='text' value=''></td>
</tr>
<tr>
<td>Password: </td>
<td><input name='password' type='password' value=''></td>
</tr>
<tr>
<td colspan='2' align='center'>
<input type='submit' value='log in'>
</td>
</tr>
</table>
</form></center>
";
// a function to handle setting cookies.
function sec_setcookie($var, $val, $modify=3600)
{
$exp = gmstrftime("%A, %d-%b-%Y %H:%M:%S", time() + $modify);
$dom = $GLOBALS["HTTP_HOST"];
if (preg_match("/^(.*):(.*)$/", $dom, $arr)) {
print_r($arr);
$dom = $arr[1];
}
$parts = explode(".", $dom);
$dom = ".". $parts[count($parts)-2]. ".". $parts[count($parts) - 1];
setcookie($var, $val, time() + $modify,"/", $dom, 0);
${$var} = $val;
global ${$var};
} //end function
### CONNECT TO THE DATABASE
function DatabaseConnect()
{
if (!($mylink = mysql_connect(DBHOST, DBUSER, DBPASS))) {
echo mysql_error();
exit;
} //fi
mysql_select_db(DBNAME) or die(mysql_error());
} // end function
DatabaseConnect(); // this will automatically connect us
### NOW THE LOGIC
// first see if we have a post
if ($username && $password) {
$sql = "
SELECT *
FROM users
WHERE username = '$username'
AND password = '$password'
";
//echo $sql;
$result = mysql_db_query(DBNAME, $sql);
if (mysql_num_rows($result) > 0) {
$info = mysql_fetch_assoc($result);
if ($info[paid] == "Y") {
sec_setcookie("username", $username);
sec_setcookie("password", $password);
} else {
echo "<center><font color=red><b>ERROR, ACCOUNT NOT PAID</b></font><br>
<a href=".PPLINK.">CLICK HERE</a> to pay for service.</center>";
die();
} //fi
} else {
sec_setcookie("count", $count + 1);
echo "<center><font color=red><b>ERROR IN LOGIN - SIGN UP FOR AN ACCOUNT FIRST</b></font></center>";
if ($count > 3) {
echo "<center><font color=red><b>TOO MANY ATTEMPTS, TRY LATER</b></font></center>";
} else {
echo $SHOW_LOGIN_FORM;
} //fi
die();
} //fi
} //fi
if($_COOKIE['username'] && $_COOKIE['password']) {
$sql = "
SELECT *
FROM users
WHERE username = '$username'
AND password = '$password'
";
$result = mysql_db_query(DBNAME, $sql);
if (mysql_num_rows($result) == 0) {
# clear the cookies
sec_setcookie("username", "");
sec_setcookie("password", "");
echo $SHOW_LOGIN_FORM;
die();
} //fi
} else {
echo $SHOW_LOGIN_FORM;
die();
} //fi
?>
<html>
<head> <title> your in!</title> </head>
<body> This should be the paid for webpage but it is not showing up after putting in the correct user and pw </body>
</html>
I am using a script to make part of my website pay only. I think the script works. I have a correct user and pw in the mysql database. When I type in the correct user and pw all I get is the same login screen except without the error messge I would get if I typed the user and pw wrong.
I have figured out that I am getting stuck at the last login statement in this code:
echo $SHOW_LOGIN_FORM;
which I think is because the cookie function is not working properly:
function sec_setcookie
I could be wrong. I got this code from a website and it is supposed to be bug free and I am guessing that it is my inexperiance that is the problem. Any help would be greatly appreciated. Thanks,
Steven O.
Here is the code:
<?
define ("DBHOST", "localhost");
define ("DBNAME", "paypal_tutorial");
define ("DBUSER", "user");
define ("DBPASS", "pass");
define("PAYPAL_USER", "email@email.com");
define("PPLINK", "https://www.paypal.com/xclick/business=";.
PAYPAL_USER.
"&item_name=members_payment&item_number=1".
"&amount=50.00&no_note=1¤cy_code=USD");
$username = $_POST['username'];
$password = $_POST['password'];
//echo $username;
// our login form for user logins
$SHOW_LOGIN_FORM="
<center><form method='post' action='index.php'><table>
<tr>
<td>Username: </td>
<td><input name='username' type='text' value=''></td>
</tr>
<tr>
<td>Password: </td>
<td><input name='password' type='password' value=''></td>
</tr>
<tr>
<td colspan='2' align='center'>
<input type='submit' value='log in'>
</td>
</tr>
</table>
</form></center>
";
// a function to handle setting cookies.
function sec_setcookie($var, $val, $modify=3600)
{
$exp = gmstrftime("%A, %d-%b-%Y %H:%M:%S", time() + $modify);
$dom = $GLOBALS["HTTP_HOST"];
if (preg_match("/^(.*):(.*)$/", $dom, $arr)) {
print_r($arr);
$dom = $arr[1];
}
$parts = explode(".", $dom);
$dom = ".". $parts[count($parts)-2]. ".". $parts[count($parts) - 1];
setcookie($var, $val, time() + $modify,"/", $dom, 0);
${$var} = $val;
global ${$var};
} //end function
### CONNECT TO THE DATABASE
function DatabaseConnect()
{
if (!($mylink = mysql_connect(DBHOST, DBUSER, DBPASS))) {
echo mysql_error();
exit;
} //fi
mysql_select_db(DBNAME) or die(mysql_error());
} // end function
DatabaseConnect(); // this will automatically connect us
### NOW THE LOGIC
// first see if we have a post
if ($username && $password) {
$sql = "
SELECT *
FROM users
WHERE username = '$username'
AND password = '$password'
";
//echo $sql;
$result = mysql_db_query(DBNAME, $sql);
if (mysql_num_rows($result) > 0) {
$info = mysql_fetch_assoc($result);
if ($info[paid] == "Y") {
sec_setcookie("username", $username);
sec_setcookie("password", $password);
} else {
echo "<center><font color=red><b>ERROR, ACCOUNT NOT PAID</b></font><br>
<a href=".PPLINK.">CLICK HERE</a> to pay for service.</center>";
die();
} //fi
} else {
sec_setcookie("count", $count + 1);
echo "<center><font color=red><b>ERROR IN LOGIN - SIGN UP FOR AN ACCOUNT FIRST</b></font></center>";
if ($count > 3) {
echo "<center><font color=red><b>TOO MANY ATTEMPTS, TRY LATER</b></font></center>";
} else {
echo $SHOW_LOGIN_FORM;
} //fi
die();
} //fi
} //fi
if($_COOKIE['username'] && $_COOKIE['password']) {
$sql = "
SELECT *
FROM users
WHERE username = '$username'
AND password = '$password'
";
$result = mysql_db_query(DBNAME, $sql);
if (mysql_num_rows($result) == 0) {
# clear the cookies
sec_setcookie("username", "");
sec_setcookie("password", "");
echo $SHOW_LOGIN_FORM;
die();
} //fi
} else {
echo $SHOW_LOGIN_FORM;
die();
} //fi
?>
<html>
<head> <title> your in!</title> </head>
<body> This should be the paid for webpage but it is not showing up after putting in the correct user and pw </body>
</html>
Subject
Written By
Posted
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.