undefined foutmeldingen
( ! ) Notice: Undefined variable: user in C:\xampp\htdocs\cosmicbattle\config.php on line 14
( ! ) Notice: Undefined variable: pass in C:\xampp\htdocs\cosmicbattle\config.php on line 14
dit is de config.php
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
<?php
//MySQL Gegevens
define('MYSQL_HOSTNAME', 'localhost');
define('MYSQL_USERNAME', 'root');
define('MYSQL_PASSWORD', '');
define('MYSQL_DATABASE', 'cosmicbattle');
//Verbind met de server en kies de juiste database, zo niet weergeef dan een error.
mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD) or die ('MySQL Error: Cannot connect to server');
mysql_select_db(MYSQL_DATABASE) or die ('MySQL Error: Cannot select database');
$stata = mysql_query("select * from users where name='$user' and pass='$pass'");
$stat = mysql_fetch_row($stata);
$statb = $stat['crewid'];
$crewa = mysql_query("select * from crews where id='$statb'");
$crew = mysql_fetch_row($crewa);
?>
//MySQL Gegevens
define('MYSQL_HOSTNAME', 'localhost');
define('MYSQL_USERNAME', 'root');
define('MYSQL_PASSWORD', '');
define('MYSQL_DATABASE', 'cosmicbattle');
//Verbind met de server en kies de juiste database, zo niet weergeef dan een error.
mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD) or die ('MySQL Error: Cannot connect to server');
mysql_select_db(MYSQL_DATABASE) or die ('MySQL Error: Cannot select database');
$stata = mysql_query("select * from users where name='$user' and pass='$pass'");
$stat = mysql_fetch_row($stata);
$statb = $stat['crewid'];
$crewa = mysql_query("select * from crews where id='$statb'");
$crew = mysql_fetch_row($crewa);
?>
het komt uit 2008 dus t is erg verouderd.
wat ik gebruik om in te loggen is :
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
<?php
session_start();
$need_to_login='no'; $title='Login'; include("config.php");
$tbl_name = "users";
$user=$_POST['name'];
$pass=$_POST['pass'];
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$sql="SELECT * FROM $tbl_name WHERE user='$user' and pass='$pass'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==0){
$_SESSION['name'] = $user;
$_SESSION['pass'] = $pass;
$date = date("d m Y");
$ip = $_SERVER['REMOTE_ADDR'];
mysql_query("UPDATE users SET logins=logins+1 WHERE id = $stat[id]");
mysql_query("UPDATE users SET days_inactive=0 WHERE id = $stat[id]");
mysql_query("insert into login_log (ip, account, date) values('$ip','$user','$date')")or die("Could not add to log.");
header ("Location: stats.php");
print "
<center>
Login Successful! Redirecting...
</center>
<META HTTP-EQUIV='Refresh'
CONTENT='1; URL=stats.php?ref=login'>
";
}else {
echo "fout";
}
include("footer.php"); ?>
session_start();
$need_to_login='no'; $title='Login'; include("config.php");
$tbl_name = "users";
$user=$_POST['name'];
$pass=$_POST['pass'];
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$sql="SELECT * FROM $tbl_name WHERE user='$user' and pass='$pass'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==0){
$_SESSION['name'] = $user;
$_SESSION['pass'] = $pass;
$date = date("d m Y");
$ip = $_SERVER['REMOTE_ADDR'];
mysql_query("UPDATE users SET logins=logins+1 WHERE id = $stat[id]");
mysql_query("UPDATE users SET days_inactive=0 WHERE id = $stat[id]");
mysql_query("insert into login_log (ip, account, date) values('$ip','$user','$date')")or die("Could not add to log.");
header ("Location: stats.php");
print "
<center>
Login Successful! Redirecting...
</center>
<META HTTP-EQUIV='Refresh'
CONTENT='1; URL=stats.php?ref=login'>
";
}else {
echo "fout";
}
include("footer.php"); ?>
kan iemand hier uitkomen? ik zit hier al de hele avond op te zoeken wat het is.
vandaar dat ik kijk of er een oplossing is voor ik ga herscripten :P
Wordt niet meer voorzien van updates, maar ik kan zeggen dat het vrij veilig is.
Wanneer je een variable gebruikt in een query moet je wel "escapen".
Dit doe je door de (dubbele)quotes die je gebruikt hebt om de query te openen, te sluiten, vervolgens een punt te zetten, dan je variable, dan weer een punt, en dan weer je (dubbele)quotes te openen.
Code (php)
1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
<?php
// jouw query:
$stata = mysql_query("select * from users where name='$user' and pass='$pass'");
//zoals die hoort:
$stata = mysql_query("SELECT * FROM users WHERE name='".$user."' and pass='".$pass."'");
?>
// jouw query:
$stata = mysql_query("select * from users where name='$user' and pass='$pass'");
//zoals die hoort:
$stata = mysql_query("SELECT * FROM users WHERE name='".$user."' and pass='".$pass."'");
?>
Edit: ----------------------
Probeer de (my)SQL(i) opdrachten in hoofdletters te schrijven, is overzichtelijker, en werkt altijd!
Gewijzigd op 20/09/2012 14:40:59 door Dean Evers