PDA

View Full Version : help with login screen (splitted)


zero_ZX
02 Dec 2007, 10:45
Hi there! i want to split my vb login, into two parts, where you first enter your username, then alot of detials comes up, such as: group, posts, join date, account name, avatar.
Then below you will enter your password.

I have already coded a very little piece of the code, but i dont know the sql very well, and i have some troubles intigrating it to vbulletin.. if some1 out there can help me, i would love it.

here the code ive already got:

<?php
//SPLIT script imprented

// first, let's see what step they're on...
$step = $_GET['step'];

// if a user is allready logged in, and he's not trying to log out, he has no bussiness on this file
if ( $step != 'logout' && $_SESSION['login'] === TRUE )
{
$step = 'loggedin';
}


switch($step)
{
//if step is not defined in the url, then they're going to this step
default:
case '1':

// ask for username
echo '<form action="login.php?step=2" method="POST">
Username : <input type="text" name="username">
<br> <input type="submit" value="Log me in">
</form>';

break;

case '2':
// get username from step 1
$username = $_POST['username'];

// now ask for the password
echo '<form action="login.php?step=3" method="POST">
Password : <input type="password" name="password">
<input type="hidden" name="username" value="'.$username.'">
<input type="submit" value="submit">';

break;

case '3':
// get username and password from step two
$username = $_POST['username'];
$password = $_POST['password'];

// connect to database, however you do it.. i use
require_once("DbConnect.class.php");
// define query
$sql = "SELECT username, password FROM users WHERE username =".$username." AND password =".$password."GROUP BY username";
if ( !$results = mysql_query($sql)) {
die('Username or password are incorrect!');
}
else {
$_SESSION['data'] = mysql_fetch_assoc($results);
$_SESSION['login'] = TRUE;


break;

case 'loggedin':
echo "You are allready logged in.";
break;

case 'logout':
if ( $_SESSION['login'] === TRUE )
{
if ( isset($_COOKIE[session_name()]) )
{
setcookie(session_name(), '', time()-42000, '/');
}

foreach ( $_SESSION as $k=>$v )
{
unset($_SESSION[$k]);
}

session_destroy();
echo "You've successfully logged out!";
}
break;

}
?>

Opserty
02 Dec 2007, 11:18
Can I just ask....why?

I don't see an advantage in doing any of this...also it gives people access to info (depending on how you set up your permissions) to which they may not normally want access to. For example I can find an Admin's username in the login box and get a lot of his info.

Furthermore the code you posted has fairly extensive sercurity holes in it, I suggest your read this article first before you think about creating code for your board. (Using the vBulletin Input Cleaner (http://www.vbulletin.org/forum/showthread.php?t=119372)).

Then you need to look at Using the vBulletin Database Class (http://www.vbulletin.org/forum/showthread.php?t=119350&highlight=Database+Class).