Invalid login my code looks like this now:
// Check membername and HWID
$query = "SELECT member, hwid FROM loginlist WHERE member = '$username'";
$result = mysql_query($query);
if ($result && mysql_num_rows($result)) {
$row = mysql_fetch_array($result);
if ($row['hwid']!=$hwid) {
print_r($row);
die();
echo "INVALID LOGIN";
exit;
In that snippet there change:
$query = "SELECT member, hwid FROM loginlist WHERE member = '$username'";
To:
$query = "SELECT member, hwid FROM loginlist WHERE member = '{$username}'";
Invalid login my code looks now like this :
// Check membername and HWID
$query = "SELECT member, hwid FROM loginlist WHERE member = '{$username}'";
$result = mysql_query($query);
if ($result && mysql_num_rows($result)) {
$row = mysql_fetch_array($result);
if ($row['hwid']!=$hwid) {
print_r($row);
die();
echo "INVALID LOGIN";
exit;
I have changed the last echo "INVALID LOGIN"; to echo "INVALID LOGIN2"; now it says INVALID LOGIN2
Try changing mysql_fetch_array to mysql_fetch_assoc()
Invalid Login2
code looks like this now :
// Check membername and HWID
$query = "SELECT member, hwid FROM loginlist WHERE member = '{$username}'";
$result = mysql_query($query);
if ($result && mysql_num_rows($result)) {
$row = mysql_fetch_assoc();
if ($row['hwid']!=$hwid) {
echo "INVALID LOGIN1";
exit;
It needs to be mysql_fetch_assoc($result)
Invalid Login2
code looks like this :
// Check membername and HWID
$query = "SELECT member, hwid FROM loginlist WHERE member = '{$username}'";
$result = mysql_query($query);
if ($result && mysql_num_rows($result)) {
$row = mysql_fetch_assoc($result);
if ($row['hwid']!=$hwid) {
echo "INVALID LOGIN1";
exit;
Ok, post your full code in php tags again
(2012-01-25, 12:00 AM)Tom K. Wrote: [ -> ]Ok, post your full code in php tags again
<?php
error_reporting(0);
// Database settings
$host = 'localhost';
$user = '';
$password = '';
$database = '';
$conn = mysql_connect($host,$user,$password) or die ('Error connecting to MySQL database.');
$conn = mysql_select_db($database) or die ('Error selecting database.');
$hwid = mysql_real_escape_string($_GET['hwid']);
if ($hwid == '') {$hwid='?';}
$author = mysql_real_escape_string($_GET['author']);
$username = mysql_real_escape_string($_GET['username']);
$password = mysql_real_escape_string($_GET['password']);
//get the user info
$query = "SELECT * FROM mybb_users WHERE LOWER(username) = '{$username}';";
//make it into a mysql_assoc_array
$result= mysql_query($query);
$resultarr = mysql_fetch_assoc($result);
$salt = $resultarr['salt'];
$hash = md5(md5($password.$salt).$salt);
//check your hash against the one in the table
if ($resultarr['hash'] == $hash)
{
// Check membername and HWID
$query = "SELECT member, hwid FROM loginlist WHERE member = '{$username}'";
$result = mysql_query($query);
if ($result && mysql_num_rows($result)) {
$row = mysql_fetch_assoc($result);
if ($row['hwid']!=$hwid) {
echo "INVALID LOGIN1";
exit;
}
}
// Update loginlist
$ip = $_SERVER['REMOTE_ADDR'];
$lastday = $firstday = time();
$cntr = 1;
$author = $author;
$query = "SELECT member, ip, author, cntr FROM loginlist WHERE member = '$username' AND ip = '$ip'";
$result = mysql_query($query);
if ($result && mysql_num_rows($result)) {
$row = mysql_fetch_array($result);
$row[cntr] += 1;
$lastday = time();
$row[author] = $author;
$query = "UPDATE loginlist SET lastday = '$lastday', cntr = '$row[cntr], author = '$row[author]' WHERE member = '$username' AND ip = '$ip'";
$result=mysql_query($query);
} else {
$query="INSERT INTO loginlist (member, hwid, ip, lastday, firstday, cntr, block) VALUES ('$username', '$hwid', '$ip', '$lastday', '$firstday', '$cntr', '$author', '0')";
$result=mysql_query($query);
}
// Check if IP address is blocked
$query = "SELECT * FROM loginlist WHERE ip = '$ip'";
$result = mysql_query($query);
if ($result && mysql_num_rows($result) == 1) {
$row = mysql_fetch_array($result);
if ($row[block] == 1) {
echo "INVALID LOGIN2";
exit;
}
}
echo "VALID LOGIN";
} else {
echo "INVALID LOGIN3";
}
?>
Ok this bit:
// Check if IP address is blocked
$query = "SELECT * FROM loginlist WHERE ip = '$ip'";
$result = mysql_query($query);
if ($result && mysql_num_rows($result) == 1) {
$row = mysql_fetch_array($result);
if ($row[block] == 1) {
echo "INVALID LOGIN2";
exit;
}
Replace with this:
// Check if IP address is blocked
$query = "SELECT * FROM loginlist WHERE ip = '{$ip}' LIMIT 1;";
$result = mysql_query($query);
if ($result) {
$row = mysql_fetch_assoc($result);
if ($row['block'] == 1) {
echo "INVALID LOGIN2";
exit;
}