Hola, tengo el siguiente codigo
Código PHP:
<?php
require('../include/database_connection.php');
session_start();
$ip=$_SERVER['REMOTE_ADDR'];
$username=$_POST['username'];
$password=$_POST['password'];
$securitycode='@$galvaxsecurity$@';
$encodedpass=md5($security.$password.$security);
$query= "SELECT * FROM admin WHERE username=$username";
$result=mysql_db_query($database,$query,$conn) or die (mysql_error());
//We verify if the username eists.
if(mysql_num_rows($result)==0)
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- saved from url=(0014)about:internet -->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Las Comas de Morales S.P.R. de R.S. - Sistema de Administracion</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
td img {display: block;}.Form_text {
font-family: Verdana, Geneva, sans-serif;
font-size: 12px;
color: #000;
}
.links {
font-family: Verdana, Geneva, sans-serif;
font-size: 12px;
color: #C90;
text-decoration: underline;
}
a:hover {
color: #FC0;
}
</style>
<!--Fireworks CS3 Dreamweaver CS3 target. Created Sat Jun 13 21:38:00 GMT-0500 (CDT) 2009-->
</head>
<body bgcolor="#ffffff">
<table width="800" border="0" align="center" cellpadding="0" cellspacing="0">
<!-- fwtable fwsrc="website.png" fwpage="Login" fwbase="index.jpg" fwstyle="Dreamweaver" fwdocid = "1302912333" fwnested="0" -->
<tr>
<td><img src="../images/spacer.gif" width="150" height="1" border="0" alt="" /></td>
<td><img src="../images/spacer.gif" width="108" height="1" border="0" alt="" /></td>
<td><img src="../images/spacer.gif" width="285" height="1" border="0" alt="" /></td>
<td><img src="../images/spacer.gif" width="108" height="1" border="0" alt="" /></td>
<td><img src="../images/spacer.gif" width="149" height="1" border="0" alt="" /></td>
<td><img src="../images/spacer.gif" width="1" height="1" border="0" alt="" /></td>
</tr>
<tr>
<td colspan="5"> </td>
<td><img src="../images/spacer.gif" width="1" height="48" border="0" alt="" /></td>
</tr>
<tr>
<td colspan="2"> </td>
<td><img name="indexr2_c3r2_c3" src="../images/indexr2_c3r2_c3.jpg" width="285" height="123" border="0" id="indexr2_c3r2_c3" alt="" /></td>
<td colspan="2"> </td>
<td><img src="../images/spacer.gif" width="1" height="123" border="0" alt="" /></td>
</tr>
<tr>
<td rowspan="4"> </td>
<td colspan="3"><img name="indexr3_c2r3_c2" src="../images/indexr3_c2r3_c2.jpg" width="501" height="34" border="0" id="indexr3_c2r3_c2" alt="" /></td>
<td rowspan="4"> </td>
<td><img src="../images/spacer.gif" width="1" height="34" border="0" alt="" /></td>
</tr>
<tr>
<td colspan="3" align="center" valign="middle">
<?php
$query_tries="SELECT FROM tries where ip ='$ip'";
$result_tries=mysql_db_query($database,$query_tries,$conn) or die (mysql_error());
// If username doesnt exists, we verify if the clients ip is saved on the database, if not we insert it.
if(mysql_num_rows($result_tries)==0)
{
$sql = 'INSERT INTO tries (ip, tries, time)
VALUES ("' . $ip . '",1, time());';
}
else
{
$array_tries=mysql_fetch_array($result_tries);
$tries=$array_tries["tries"];
$add_try=$tries+1;
$query_update_tries="UPDATE tries SET tries='$add_try' where ip ='$ip'";
}
$array_tries=mysql_fetch_array($result_tries);
$tries=$array_tries["tries"];
//We verify the number o login tries.
if($tries<3)
{
echo'El usuario y/o contraseña ingresados no son corrrectos. Haga click <a href="index.php" target="_self" class="links">aquí</a> para regresar he intentar de nuevo. Usted ha utilizado '.$tries.' de los 3 intentos de ingreso. Por razones de seguridad, cuando haya usado los 3 intentos su cuenta será bloqueada por 15 minutos.';
}
if($tries==3)
{
echo' Usted ha ingresado el usuario y/o contraseña incorrectamente 3 veces seguidas. Por razones de seguridad, el sistema se bloqueara por 15 minutos. Le sugerimos que revise sus datos antes de ingresarlos para evitar esto en el futuro. Gracias.';
exit();
}
}
else
$array=mysql_fetch_array($result);
if($array['password']==$encondedpassword)
{
$_SESSION["username"]=$username;
$_SESSION["admin"]=$array['name'];
}
else
{
$query_tries="SELECT FROM tries where ip ='$ip'";
$result_tries=mysql_db_query($database,$query_tries,$conn) or die (mysql_error());
// If username doesnt exists, we verify if the clients ip is saved on the database, if not we insert it.
if(mysql_num_rows($result_tries)==0)
{
$sql = 'INSERT INTO tries (ip, tries, time)
VALUES ("' . $ip . '",1, time());';
}
else
{
$array_tries=mysql_fetch_array($result_tries);
$tries=$array_tries["tries"];
$add_try=$tries+1;
$query_update_tries="UPDATE tries SET tries='$add_try' where ip ='$ip'";
}
$array_tries=mysql_fetch_array($result_tries);
$tries=$array_tries["tries"];
//We verify the number o login tries.
if($tries<3)
{
echo'El usuario y/o contraseña ingresados no son corrrectos. Haga click <a href="index.php" target="_self" class="links">aquí</a> para regresar he intentar de nuevo. Usted ha utilizado '.$tries.' de los 3 intentos de ingreso. Por razones de seguridad, cuando haya usado los 3 intentos su cuenta será bloqueada por 15 minutos.';
}
if($tries==3)
{
echo' Usted ha ingresado el usuario y/o contraseña incorrectamente 3 veces seguidas. Por razones de seguridad, el sistema se bloqueara por 15 minutos. Le sugerimos que revise sus datos antes de ingresarlos para evitar esto en el futuro. Gracias.';
exit();
}
}
?>
</td>
<td><img src="../images/spacer.gif" width="1" height="236" border="0" alt="" /></td>
</tr>
<tr>
<td colspan="3"><img name="indexr5_c2r5_c2" src="../images/indexr5_c2r5_c2.jpg" width="501" height="41" border="0" id="indexr5_c2r5_c2" usemap="#m_indexr5_c2r5_c2" alt="" /></td>
<td><img src="../images/spacer.gif" width="1" height="41" border="0" alt="" /></td>
</tr>
<tr>
<td colspan="3"> </td>
<td><img src="../images/spacer.gif" width="1" height="118" border="0" alt="" /></td>
</tr>
</table>
<p>
<map name="m_indexr5_c2r5_c2" id="m_indexr5_c2r5_c2">
<area shape="rect" coords="404,21,501,41" href="../galvax.net/systems" target="_blank" alt="Galvax Systems" />
<area shape="rect" coords="0,0,140,19" href="../lost_pass.php" target="_self" alt="Recuperar Contraseña" />
</map>
</p>
</body>
</html>
y me da el siguiente error
Código HTML:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
ya revise el codigo muchas veces y aun asi no encuentro el erro, me podrian ayudar?
gracias!