Follow us on Twitter!
Things are more like they are now than they have ever been before. - Dwight D. Eisenhower
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 20
Guests Online: 16
Members Online: 4

Registered Members: 82885
Newest Member: ConiBE
Latest Articles
View Thread

HellBound Hackers | Computer General | Programming

Author

PHP question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-05-09 13:41
Hi everyone, I have a quick question about my PHP script.

I can't quite understand why its not working, Im getting that there is an unexpected " on line 29, this is line 29:

$query = mysql_query("SELECT user_name,pass_word FROM TrueCrypt_Users WHERE user_name='$_POST["username"]' AND pass_word='$_POST["password"]'"Wink;


Any help?

Thanks.


Author

RE: PHP question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-05-09 13:45
Ive taken out the $_POST[""] vars and it works, but will it still do the same thing?


Author

RE: PHP question

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 18-05-09 14:03
Try this:

Code

$username = mysql_real_escape_string( $_POST['username'] );
$password  = mysql_real_escape_string( $_POST['password'] );

$query = mysql_query("SELECT user_name,pass_word FROM TrueCrypt_Users WHERE user_name='{$username}' AND pass_word='{$password}'");






img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png

http://www.elites0ft.com/
Author

RE: PHP question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-05-09 14:17
Thanks system.
That got rid of the first problem, not it lets me login using whatever I want, not what i have SELECT.

Any suggestions?


Author

RE: PHP question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-05-09 14:18
Basically this is my whole script, I thought it may be easier to figure out:)

Code
 <HTML>
 <BODY>
 <LEGEND> Administration Login
 <table border="0">
 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
 <tr><td>Username:</td><td><input type="text" name="username" /></tr></td>
 <tr><td>Password:</td><td><input type="password" name="password" /></tr></td>
 <tr><td><input type="submit" name="submit" value="Login" /></tr></td>
 </table>
 </LEGEND>

<?php

$username = mysql_real_escape_string( $_POST['username'] );
$password = mysql_real_escape_string( $_POST['password'] );

$query = mysql_query("SELECT user_name,pass_word FROM TrueCrypt_Users WHERE user_name='{$username}' AND pass_word='{$password}'");

echo $query;

if($_POST["submit"]){
$query = $_POST["username"] & $_POST["password"]{

session_start();
$_SESSION["username"];
$_SESSION["password"];

echo "Thank you, Please Wait 5 Seconds for it to Load or Please Click <a href='/admin/index.php'>Here</a> " . "<META http-equiv='refresh' content='5;URL=/admin/index.php'>";
}else{
echo "Sorry, You're not allowed here." . "<META http-equiv='refresh' content='5;URL=/index.php'>";
}

?>



</BODY>
</HTML>







Edited by on 18-05-09 14:20
Author

RE: PHP question

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 18-05-09 14:37
Code
<?php

session_start();

if( !isset( $_POST['submit'] ) )
{
?>
  <HTML>
  <BODY>
  <LEGEND> Administration Login
  <table border="0">
  <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
  <tr><td>Username:</td><td><input type="text" name="username" /></tr></td>
  <tr><td>Password:</td><td><input type="password" name="password" /></tr></td>
  <tr><td><input type="submit" name="submit" value="Login" /></tr></td>
  </table>
  </LEGEND>
  </BODY>
  </HTML>
<?php
}
else
{
  $username = mysql_real_escape_string( $_POST['username'] );
  $password = mysql_real_escape_string( $_POST['password'] );

  $query = mysql_query( "SELECT user_name,pass_word FROM TrueCrypt_Users WHERE user_name='{$username}' AND pass_word='{$password}'" );
  $rows  = mysql_num_rows( $query );

  if( $rows > 0 )
  {
    $_SESSION["username"] = $username;
    $_SESSION["password"] = $password;

    header( "Location: /admin/index.php" );
  }
  else
    echo "Sorry, you're not allowed here. <META http-equiv='refresh' content='5;URL=/index.php'>";
}

?>





img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png



Edited by SySTeM on 18-05-09 14:38
http://www.elites0ft.com/
Author

RE: PHP question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-05-09 14:44
Thanks dude, but im not sure if you understand what i need,

basically, I want it to be a basic login page, nothing set before hand, if the username = the one in the database & password = one in the database then redirect to /admin/index.php else redirect to ../../index.php

It sounds really simple but it doesnt seem to be haha.

Thanks again though dude.


Author

RE: PHP question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-05-09 15:01
DarkMantis wrote:
Thanks dude, but im not sure if you understand what i need,

basically, I want it to be a basic login page, nothing set before hand, if the username = the one in the database & password = one in the database then redirect to /admin/index.php else redirect to ../../index.php

It sounds really simple but it doesnt seem to be haha.

Thanks again though dude.


Are you serious?

Meltdown just gave you the fucking script to do almost exactly that?




Author

RE: PHP question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-05-09 15:02
All Im saying is that it didnt work, maybe its user error. Idk, but I cant seem to get it to work... :/

Fritzo edit: Don't Question Meltdowns work.




Edited by on 18-05-09 15:52
Author

RE: PHP question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-05-09 15:21
Ahh sorry, it was my bad, I had the database configured wrong.


Sorry, and thanks loads system!

Fritzo Edit: I will learn to Google.




Edited by on 18-05-09 15:53
Author

RE: PHP question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-05-09 15:21
Fritzo edit: I will stop double posting.




Edited by on 18-05-09 15:52
Author

RE: PHP question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-05-09 15:55
Good you had your insanely simple login done.