PHP - Login System Not Recording Cookies?
Heyyy, First time poster long time readerr
I have a problem with my login system that i'm currently creating for a game. I've never been good with cookies so was hoping to grab some advice on this problem and anything to make my system work better with cookies . login.php ----------------------------------------- <?php ob_start(); if(isset($_COOKIE['id']) && isset($_COOKIE['password'])) { echo(" <br /> - <font color='#dddddd'>Welcome $username!</font><br /> - <a href='?x=bank'>Bank</a><br /> - <a href='?x=levelup'>Level Up</a><br /> - <a href='?x=members&r=edit'>Edit Profile</a><br /> - <a href='?x=members'>Member List</a><br /> - <a href='?x=logout'>Logout</a><br /> <br /> "); if($_POST['login']) { $username = safe($_POST['username']); $password = safe(md5($_POST['password'])); $check = mysql_query("SELECT * FROM `users` WHERE username='$username'") or die(mysql_error()); $info = mysql_fetch_array($check) or die(mysql_error()); if(mysql_num_rows($check) == 1 && $pass == $info['password']) { setcookie(id, $info['id'], time() + 3600, "/"); setcookie(password, $password, time() + 3600, "/"); echo("<meta http-equiv='refresh' content='4;url=http://www.simplydollclothes.com/matty/index.php'>"); echo("You have successfully logged in!"); } } else { echo(" <form name='login' method='POST'> <table width='100%'> <tr> <td width='25%'><font color='#dddddd'>Username</font></td> <td width='75%'><input type='text' name='username' size='17' /></td> </tr> <tr> <td width='25%'><font color='#dddddd'>Password</font></td> <td width='75%'><input type='password' name='password' size='17' /></td> </tr> <tr> <td width='25%'><input type='submit' name='login' value='Login' /></td> <td width='75%'><a href='?x=forgotpass'>Forgot password?</a> <a href='?x=register'>Register</a></td> </tr> </table> </form> "); } } ?> After pressing login the page just refreshes lightning fast and no cookies are set. Any help will be much appreciated Similar TutorialsSince it appears my login system is broken i have been trying to fix it. The problem is that it isnt loggin people in. This is what im doing: The user visits login.php they enter their details and click login the posted data gets sent to login_process.php via jQuery login_process.php checks to see if the details are correct if they are it sets a cookie called uid with their user id if they clicked the remember me box then this cookie is set for a year if not then it is set as a session cookie login_process echos a success back to the jQuery in login.php when jQuery gets this success status it redirects to login_success.php the user should now be logged in. to show a logged in user i echo their username by running a query on the cookie uid but somewhere along the lines cookie uid isnt being set so the user is never logged in. here is the code:(shortened) $username = $_POST['user_name']; $password = asf_hash($_POST['password']); $remember_me = $_POST['remember_me']; //check the values with a query then: if($remember_me == 'yes' && !isset($_COOKIE['uid'])) { setcookie('uid', $_SESSION['uid'], time()+(((60*60)*24)*365)); } elseif($remember_me == 'no' && !isset($_COOKIE['uid'])) { setcookie('uid', $_SESSION['uid'], 0); } else { setcookie('uid', '', time()-3600); } login_success just contains a like to go back to the page they were originally viewing. and in my init script which is run when a page loads: $user = new user; $user->setup($_COOKIE['uid']); // this basically sets info like the username and such from a query run on the cookie. so why isnt the cookie being set? any ideas? also any ideas on making this more secure if it isnt? Thanks Hi guys. What I want to create is really complicated. Well I have a login system that works with post on an external website. I have my own website, but they do not give me access to the database for security reasons, therefore I have to use their login system to verify my users. What their website does is that it has a post, with username and password. The POST website is lets say "https://www.example.com/login". If login is achieved (i.e. username and password are correct), it will redirect me to "https://www.example.com/login/success" else it will redirect me to "https://www.example.com/login/retry". So I want a PHP script that will do that post, and then according to the redirected website address it will return me TRUE for success, FALSE for not successful login. Any idea?? Thanks Not sure if everything is working right because I am in the school computer and here I can not install apache / php / etc. I'm not sure about how to use cookies. Here is my code, any errors or suggestions just talk. Probably does not work, because as I said, not yet tested. login.php Code: [Select] <?php session_start(); include 'class.php'; if (isset($_POST['username']) && isset($_POST['password'])) { $user = new User($_POST['username']); if ($user->exists()) { $login = $user->login($_POST['password']); if ($login) { $_SESSION['user_id'] = $login; session_write_close(); } else { echo "Login failed."; } } else { header("Location: register.php"); } } ?> <!DOCTYPE html> <html> <head> <title>Login Form</title> </head> <body> <form action="" method="post"> <label for="username">Username: </label> <input type="text" name="username" /><br /> <label for="password">Password: </label> <input type="password" name="password" /><br /> <input type="submit" value="Submit" /> </form> </body> </html> class.php Code: [Select] <?php class User { protected $id; protected $username; protected $email; protected $sql; private $exists = FALSE; public function __construct($username) { if (empty($username)) { throw new Exception('Username cannot be blank.'); } $this->username = $username; $this->sql = new PDO(DSN, DBUSER, DBPASS); $this->exists = $this->validate(); } private function createLoginToken($id) { $token = $id . md5(microtime()); $expires = new DateTime(); $expires->add(new DateInterval('P30D')); $query = "INSERT INTO sessions (userID, token, expires) VALUES (:id, :token, :expires)"; $stmt = $this->sql->prepare($query); $stmt->execute(array(':id' => $id, ':token' => $token, ':expires' => $expires->format('Y-m-d H:i:s'))); setcookie('token', $token, $expires->getTimestamp(), '/'); } private function hashPassword($password, $salt) { $string = PASSWORD_SALT . $password . md5($salt); $hashed = crypt($string, '$2a$12$' . substr(md5($salt), 0, 22)); return $hashed; } private function validate() { $query = "SELECT COUNT(id) FROM users WHERE username = :username"; $stmt = $this->sql->prepare($query); $stmt->execute(array(':username' => $this->username)); $count = $stmt->fetchColumn(); return ($count > 0) ? TRUE : FALSE; } public function exists() { return $this->exists; } public function login($password, $remember = FALSE) { $query = "SELECT id, password, UNIX_TIMESTAMP(created) AS salt FROM users WHERE username = :username"; $stmt = $this->sql->prepare($query); $stmt->execute(array(':username' => $this->username)); $row = $stmt->fetch(PDO::FETCH_OBJ); $hashed = $this->hashPassword($password, $row->salt); if ($row->password == $hashed) { if ($remember) { $this->createLoginToken($row->id); } return $row->id; } return FALSE; } public function random() { $random = mt_random(1000,9999); return $random; } public function registerUser($email) { if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { throw new Exception('Email does not appear to be valid.'); } $this->email = $email; $date = new DateTime(); $hashed = $this->hashPassword($pass->random(), $date->getTimestamp()); $query = "INSERT INTO users (username, password, email, created) VALUES (:username, :password, :email, :created)"; $stmt = $this->sql->prepare($query); $success = $stmt->execute(array(':username' => $this->username, ':password' => $hashed, ':email' => $email, ':created' => $date->format('Y-m-d H:i:s'))); return ($success === TRUE) ? $this->sql->lastInsertId() : FALSE; } public function verifyCookie($token) { $query = "SELECT userID FROM sessions WHERE token = :token AND expires > NOW()"; $stmt = $this->sql->prepare($query); $stmt->execute(array(':token' => $token)); return $stmt->fetchColumn(); } } ?> db.sql Code: [Select] CREATE TABLE IF NOT EXISTS `users` ( `id` int(11) DEFAULT NULL AUTO_INCREMENT, `username` varchar(30) DEFAULT NULL, `password` varchar(60) DEFAULT NULL, `email` varchar(100) DEFAULT NULL UNIQUE, `created` datetime DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB; CREATE TABLE IF NOT EXISTS `sessions` ( `id` int(11) DEFAULT NULL AUTO_INCREMENT, `userID` int(10) DEFAULT NULL, `token` varchar(50) DEFAULT NULL, `expires` datetime DEFAULT NULL, KEY `userID` (`id`,`userID`,`token`,`expires`), KEY `token` (`id`,`userID`,`token`,`expires`), PRIMARY KEY (`id`) ) ENGINE=InnoDB; Hey All, I have been struggling with this for the last few days and really cannot work out why this is not working. I am building a PHP login system and cannot get the Set Cookies function when I add the it to the website template. I have created a PHP file with nothing but a login form and the code to set a cookie, then divert to index.php page. This works perfectly! But when I use this within the website template i have it suddenly stops working! Any input would be much appreciated as I am running out of things to try.
Basic PHP File (that works): <?php //login.php include 'db_const.php'; if(isset($_COOKIE["user_id"])) { header("location:index.php"); } $message = ''; if(isset($_POST["login"])) { if(empty($_POST["user_email"]) || empty($_POST["user_password"])) { $message = "<div class='alert alert-danger'>Both Fields are required</div>"; } else { $query = " SELECT * FROM user_details WHERE user_email = :user_email"; $statement = $connect->prepare($query); $statement->execute( array( 'user_email' => $_POST["user_email"] ) ); $count = $statement->rowCount(); if($count > 0) { $result = $statement->fetchAll(); foreach($result as $row) { if(password_verify($_POST["user_password"], $row["user_password"])) //// Check PHP HASH ///////////// { setcookie("user_id", $row["user_id"], time()+86400); header("location:index.php"); } else { $message = '<div class="alert alert-danger">Wrong Password</div>'; } } } else { $message = "<div class='alert alert-danger'>Wrong Email Address</div>"; } } } ?> <!DOCTYPE html> <html> <head> <title>How to create PHP Login Script using Cookies</title> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js"></script> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" /> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> </head> <body> <br /> <div class="container"> <h2 align="center">How to create PHP Login Script using Cookies</h2> <br /> <div class="panel panel-default"> <div class="panel-heading">Login</div> <div class="panel-body"> <span><?php echo $message; ?></span> <form method="post"> <div class="form-group"> <label>User Email</label> <input type="text" name="user_email" id="user_email" class="form-control" /> </div> <div class="form-group"> <label>Password</label> <input type="password" name="user_password" id="user_password" class="form-control" /> </div> <div class="form-group"> <input type="submit" name="login" id="login" class="btn btn-info" value="Login" /> </div> </form> </div> </div> <br /> <p>Admin email - john_smith@gmail.com</p> <p>Admin Password - password</p> <p>All user password is 'password'</p> </div> </body> </html> PHP file with design: <?php include 'db_const.php'; if(isset($_COOKIE["id"])) { header("location:index.php"); } $message = ''; if(isset($_POST["login"])) { if(empty($_POST["user_email"]) || empty($_POST["user_password"])) { $message = "<div class='alert alert-danger'>Both Fields are required</div>"; } else { $query = " SELECT * FROM user_details WHERE user_email = :user_email"; $statement = $connect->prepare($query); $statement->execute( array( 'user_email' => $_POST["user_email"] ) ); $count = $statement->rowCount(); if($count > 0) { $result = $statement->fetchAll(); foreach($result as $row) { if(password_verify($_POST["user_password"], $row["user_password"])) //// Check PHP HASH ///////////// { setcookie("user_id", $row["user_id"], time()+86400); header("location:index.php"); } else { $message = '<div class="alert alert-danger">Wrong Password</div>'; } } } else { $message = "<div class='alert alert-danger'>Wrong Email Address</div>"; } } } ?> <!DOCTYPE html> <html lang="en"> <head> <!--[if IE]> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <![endif]--> <meta name="description" content=""> <meta name="author" content="ScriptsBundle"> <title>AdForest | Largest Classifieds Portal</title> <!-- =-=-=-=-=-=-= Favicons Icon =-=-=-=-=-=-= --> <link rel="icon" href="images\favicon.ico" type="image/x-icon"> <!-- =-=-=-=-=-=-= Mobile Specific =-=-=-=-=-=-= --> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <!-- =-=-=-=-=-=-= Bootstrap CSS Style =-=-=-=-=-=-= --> <link rel="stylesheet" href="css\bootstrap.css"> <!-- =-=-=-=-=-=-= Template CSS Style =-=-=-=-=-=-= --> <link rel="stylesheet" href="css\style.css"> <!-- =-=-=-=-=-=-= Font Awesome =-=-=-=-=-=-= --> <link rel="stylesheet" href="css\font-awesome.css" type="text/css"> <!-- =-=-=-=-=-=-= Flat Icon =-=-=-=-=-=-= --> <link href="css\flaticon.css" rel="stylesheet"> <!-- =-=-=-=-=-=-= Et Line Fonts =-=-=-=-=-=-= --> <link rel="stylesheet" href="css\et-line-fonts.css" type="text/css"> <!-- =-=-=-=-=-=-= Menu Drop Down =-=-=-=-=-=-= --> <link rel="stylesheet" href="css\forest-menu.css" type="text/css"> <!-- =-=-=-=-=-=-= Animation =-=-=-=-=-=-= --> <link rel="stylesheet" href="css\animate.min.css" type="text/css"> <!-- =-=-=-=-=-=-= Select Options =-=-=-=-=-=-= --> <link href="css\select2.min.css" rel="stylesheet"> <!-- =-=-=-=-=-=-= noUiSlider =-=-=-=-=-=-= --> <link href="css\nouislider.min.css" rel="stylesheet"> <!-- =-=-=-=-=-=-= Listing Slider =-=-=-=-=-=-= --> <link href="css\slider.css" rel="stylesheet"> <!-- =-=-=-=-=-=-= Owl carousel =-=-=-=-=-=-= --> <link rel="stylesheet" type="text/css" href="css\owl.carousel.css"> <link rel="stylesheet" type="text/css" href="css\owl.theme.css"> <!-- =-=-=-=-=-=-= Check boxes =-=-=-=-=-=-= --> <link href="skins\minimal\minimal.css" rel="stylesheet"> <!-- =-=-=-=-=-=-= Responsive Media =-=-=-=-=-=-= --> <link href="css\responsive-media.css" rel="stylesheet"> <!-- =-=-=-=-=-=-= Template Color =-=-=-=-=-=-= --> <link rel="stylesheet" id="color" href="css\colors\defualt.css"> <!-- =-=-=-=-=-=-= For Style Switcher =-=-=-=-=-=-= --> <link rel="stylesheet" id="theme-color" type="text/css" href="#"> <!-- =-=-=-=-=-=-= Check boxes =-=-=-=-=-=-= --> <link href="skins\minimal\minimal.css" rel="stylesheet"> <!-- JavaScripts --> <script src="js\modernizr.js"></script> <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries --> <!-- WARNING: Respond.js doesn't work if you view the page via file:// --> <!--[if lt IE 9]> <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script> <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> <![endif]--> </head> <body> <!-- =-=-=-=-=-=-= Light Header =-=-=-=-=-=-= --> <div class="colored-header"> <!-- Top Bar --> <div class="header-top"> <div class="container"> <div class="row"> <!-- Header Top Left --> <div class="header-top-left col-md-8 col-sm-6 col-xs-12 hidden-xs"> <ul class="listnone"> <li><a href="about.html"><i class="fa fa-heart-o" aria-hidden="true"></i> About</a></li> <li><a href="faqs.html"><i class="fa fa-folder-open-o" aria-hidden="true"></i> FAQS</a></li> </ul> </div> <!-- Header Top Right Social --> <div class="header-right col-md-4 col-sm-6 col-xs-12 "> <div class="pull-right"> <ul class="listnone"> <?php if(empty($user_id)) { echo("<li><a href=\"login.php\"><i class=\"fa fa-sign-in\"></i> Log in</a></li> <li><a href=\"register.php\"><i class=\"fa fa-unlock\" aria-hidden=\"true\"></i> Register</a></li></ul>"); } else { echo("<li class=\"dropdown\"> <a href=\"#\" class=\"dropdown-toggle\" data-toggle=\"dropdown\" role=\"button\" aria-haspopup=\"true\" aria-expanded=\"false\"><i class=\"icon-profile-male\" aria-hidden=\"true\"></i>Test<span class=\"caret\"></span></a> <ul class=\"dropdown-menu\"> <li><a href=\"profile.php\">User Profile</a></li> <li><a href=\"archives.html\">Archives</a></li> <li><a href=\"active-ads.html\">Active Ads</a></li> <li><a href=\"pending-ads.html\">Pending Ads</a></li> <li><a href=\"favourite.html\">Favourite Ads</a></li> <li><a href=\"messages.html\">Message Panel</a></li> <li><a href=\"deactive.html\">Account Deactivation</a></li> <li><a href=\"logout.php\">Log Out</a></li>"); } ?> </ul> </div> </div> </div> </div> </div> <!-- Top Bar End --> <!-- Navigation Menu --> <nav id="menu-1" class="mega-menu"> <!-- menu list items container --> <section class="menu-list-items"> <div class="container"> <div class="row"> <div class="col-lg-12 col-md-12"> <!-- menu logo --> <ul class="menu-logo"> <li> <a href="index.html"><img src="images\logo.png" alt="logo"> </a> </li> </ul> <!-- menu links --> <ul class="menu-links"> <!-- active class --> <li> <a href="javascript:void(0)"> Home <i class="fa fa-angle-down fa-indicator"></i></a> <div class="drop-down grid-col-8"> <!--grid row--> <div class="grid-row"> <!--grid column 3--> <div class="grid-col-4"> <ul> <li><a href="index.html">Home 1 - Default </a></li> <li><a href="index-transparent.html">Home 2 (Transparent)</a></li> <li><a href="index-2.html">Home 3 (Variation)</a></li> <li><a href="index-3.html">Home 4 (Master Slider)</a></li> </ul> </div> <div class="grid-col-4"> <ul> <li><a href="index-4.html">Home 5 (With Map Listing)</a></li> <li><a href="index-5.html">Home 6 (Modern Style)</a></li> <li><a href="index-6.html">Home 7 (Variation)</a></li> <li><a href="index-7.html">Home 8 (Category Slider)</a></li> </ul> </div> <div class="grid-col-4"> <ul> <li><a href="index-10.html">Home 11 (Modern Home)</a></li> <li><a href="index-8.html">Home 9 (Landing Page)</a></li> <li><a href="index-9.html">Home 10 (Variation)</a></li> </ul> </div> </div> </div> </li> <li> <a href="javascript:void(0)">Listing <i class="fa fa-angle-down fa-indicator"></i></a> <!-- drop down multilevel --> <ul class="drop-down-multilevel"> <li> <a href="javascript:void(0)">Grid Style<i class="fa fa-angle-right fa-indicator"></i> <span class="label label-info">New</span></a> <!-- drop down second level --> <ul class="drop-down-multilevel"> <li><a href="listing.html">Listing Grid 1</a></li> <li><a href="listing-1.html">Listing Grid 2</a></li> <li><a href="listing-2.html">Listing Grid 3</a></li> <li><a href="listing-7.html">Listing Featured <span class="label label-info">New</span></a></li> </ul> </li> <li> <a href="javascript:void(0)">List Style<i class="fa fa-angle-right fa-indicator"></i> </a> <!-- drop down second level --> <ul class="drop-down-multilevel"> <li><a href="listing-3.html">List View 1</a></li> <li><a href="listing-4.html">List View 2</a></li> <li><a href="listing-5.html">List View 3</a></li> <li><a href="listing-6.html">List View 4</a></li> </ul> </li> <li> <a href="javascript:void(0)">Single Ad<i class="fa fa-angle-right fa-indicator"></i> <span class="label label-info">New</span></a> <!-- drop down second level --> <ul class="drop-down-multilevel"> <li><a href="single-page-listing.html">Single Ad Detail</a></li> <li><a href="single-page-listing-featured.html">Ad (Featured) <span class="label label-info">New</span></a></li> <li><a href="single-page-listing-2.html">Single Ad 2</a></li> <li><a href="single-page-listing-3.html">Single Ad (Adsense)</a></li> <li><a href="single-page-expired.html">Single Ad (Closed)</a></li> </ul> </li> <li><a href="icons.html">Classified Icons </a></li> </ul> </li> <li> <a href="javascript:void(0)">Categories <i class="fa fa-angle-down fa-indicator"></i></a> <!-- drop down multilevel --> <ul class="drop-down-multilevel"> <li><a href="category-2.html">Modern Variation</a></li> <li><a href="category-3.html">Minimal Variation</a></li> <li><a href="category-4.html">Fancy Variation</a></li> <li><a href="category-6.html">Flat Variation</a></li> </ul> </li> <li> <a href="javascript:void(0)">Dashboard <i class="fa fa-angle-down fa-indicator"></i></a> <!-- drop down multilevel --> <ul class="drop-down-multilevel"> <li><a href="profile.html">User Profile</a></li> <li><a href="profile-2.html">User Profile 2</a></li> <li><a href="archives.html">Archives</a></li> <li><a href="active-ads.html">Active Ads</a></li> <li><a href="pending-ads.html">Pending Ads</a></li> <li><a href="favourite.html">Favourite Ads</a></li> <li><a href="messages.html">Message Panel</a></li> <li><a href="deactive.html">Account Deactivation</a></li> </ul> </li> <li> <a href="javascript:void(0)">Pages <i class="fa fa-angle-down fa-indicator"></i></a> <!-- drop down full width --> <div class="drop-down grid-col-12"> <!--grid row--> <div class="grid-row"> <!--grid column 2--> <div class="grid-col-3"> <h4>Blog</h4> <ul> <li><a href="blog.html">Blog With Right Sidebar</a></li> <li><a href="blog-1.html">Blog With Masonry Style</a></li> <li><a href="blog-2.html">Blog Without Sidebar</a></li> <li><a href="blog-details.html">Single Blog </a></li> <li><a href="blog-details-1.html">Single Blog (Adsense) </a></li> </ul> </div> <!--grid column 2--> <div class="grid-col-3"> <h4>Miscellaneous</h4> <ul> <li><a href="about.html">About Us</a></li> <li><a href="cooming-soon.html">Comming Soon</a></li> <li><a href="elements.html">Shortcodes</a></li> <li><a href="error.html">404 Page</a></li> <li><a href="faqs.html">FAQS</a></li> </ul> </div> <!--grid column 2--> <div class="grid-col-3"> <h4>Others</h4> <ul> <li><a href="login.html">Login</a></li> <li><a href="register.html">Register</a></li> <li><a href="pricing.html">Pricing</a></li> <li><a href="site-map.html">Site Map</a></li> <li><a href="post-ad-1.html">Post Ad</a></li> </ul> </div> <!--grid column 2--> <div class="grid-col-3"> <h4>Detail Page</h4> <ul> <li><a href="post-ad-2.html">Post Ad 2</a></li> <li><a href="single-page-listing.html">Single Ad Detail</a></li> <li><a href="single-page-listing-2.html">Single Ad 2</a></li> <li><a href="single-page-listing-3.html">Single Ad (Adsense)</a></li> <li><a href="single-page-expired.html">Single Ad (Closed)</a></li> </ul> </div> <!--grid column 2--> </div> </div> </li> <li> <a href="javascript:void(0)">Drop Down <i class="fa fa-angle-down fa-indicator"></i></a> <!-- drop down multilevel --> <ul class="drop-down-multilevel"> <li><a href="#">Item one</a></li> <li> <a href="javascript:void(0)">Items Right Side <i class="fa fa-angle-right fa-indicator"></i> </a> <!-- drop down second level --> <ul class="drop-down-multilevel"> <li> <a href="javascript:void(0)"> <i class="fa fa-buysellads"></i> Level 2 <i class="fa fa-angle-right fa-indicator"></i></a> <!-- drop down third level --> <ul class="drop-down-multilevel"> <li><a href="#">Level 3</a></li> <li><a href="#">Level 3</a></li> <li><a href="#">Level 3</a></li> </ul> </li> <li> <a href="javascript:void(0)"> <i class="fa fa-dashcube"></i> Level 2 <i class="fa fa-angle-right fa-indicator"></i></a> <!-- drop down third level --> <ul class="drop-down-multilevel"> <li><a href="#">Level 3</a></li> <li><a href="#">Level 3</a></li> <li><a href="#">Level 3</a></li> </ul> </li> <li> <a href="javascript:void(0)"> <i class="fa fa-heartbeat"></i> Level 2 <i class="fa fa-angle-right fa-indicator"></i></a> <!-- drop down third level --> <ul class="drop-down-multilevel"> <li><a href="#">Level 3</a></li> <li><a href="#">Level 3</a></li> <li><a href="#">Level 3</a></li> </ul> </li> <li> <a href="javascript:void(0)"> <i class="fa fa-medium"></i> Level 2 <i class="fa fa-angle-right fa-indicator"></i></a> <!-- drop down third level --> <ul class="drop-down-multilevel"> <li><a href="#">Level 3</a></li> <li><a href="#">Level 3</a></li> <li><a href="#">Level 3</a></li> </ul> </li> <li> <a href="javascript:void(0)"> <i class="fa fa-leanpub"></i> Level 2 <i class="fa fa-angle-right fa-indicator"></i> </a> <!-- drop down third level --> <ul class="drop-down-multilevel"> <li><a href="#">Level 3</a></li> <li><a href="#">Level 3</a></li> <li><a href="#">Level 3</a></li> </ul> </li> </ul> </li> <li><a href="#">Item 2</a></li> <li> <a href="javascript:void(0)">Items Left Side <i class="fa fa-angle-left fa-indicator"></i> </a> <!-- add class left-side --> <ul class="drop-down-multilevel left-side"> <li> <a href="#"> <i class="fa fa-forumbee"></i> Level 2</a> </li> <li> <a href="#"> <i class="fa fa-hotel"></i> Level 2</a> </li> <li> <a href="#"> <i class="fa fa-automobile"></i> Level 2</a> </li> <li> <a href="javascript:void(0)"> <i class="fa fa-heartbeat"></i> Level 2 <i class="fa fa-plus fa-indicator"></i> </a> <!--drop down second level--> <ul class="drop-down-multilevel"> <li><a href="#">Level 3</a></li> <li><a href="#">Level 3</a></li> <li><a href="#">Level 3</a></li> <li><a href="#">Level 3</a></li> </ul> </li> <li> <a href="#"> <i class="fa fa-bookmark"></i> Level 2</a> </li> <li> <a href="#"> <i class="fa fa-bell"></i> Level 2</a> </li> <li> <a href="#"> <i class="fa fa-soccer-ball-o"></i> Level 2</a> </li> <li> <a href="#"> <i class="fa fa-life-ring"></i> Level 2</a> </li> </ul> </li> <li><a href="#">Item 4</a> </li> </ul> </li> <li><a href="contact.html">Contact </a></li> </ul> <ul class="menu-search-bar"> <li> <a href="post-ad-1.html" class="btn btn-light"><i class="fa fa-plus" aria-hidden="true"></i> Post Free Ad</a> </li> </ul> </div> </div> </div> </section> </nav> </div> <!-- Navigation Menu End --> <!-- =-=-=-=-=-=-= Light Header End =-=-=-=-=-=-= --> <!-- =-=-=-=-=-=-= Transparent Breadcrumb =-=-=-=-=-=-= --> <div class="page-header-area"> <div class="container"> <div class="row"> <div class="col-lg-12 col-md-12 col-sm-12 col-xs-12"> <div class="header-page"> <h1>User Sign In</h1> </div> </div> </div> </div> </div> <!-- Small Breadcrumb --> <div class="small-breadcrumb"> <div class="container"> <div class=" breadcrumb-link"> <ul> <li><a href="index.html">Home Page</a></li> <li><a class="active" href="#">Sign In</a></li> </ul> </div> </div> </div> <!-- Small Breadcrumb --> <!-- =-=-=-=-=-=-= Transparent Breadcrumb End =-=-=-=-=-=-= --> <!-- =-=-=-=-=-=-= Main Content Area =-=-=-=-=-=-= --> <div class="main-content-area clearfix"> <!-- =-=-=-=-=-=-= Latest Ads =-=-=-=-=-=-= --> <section class="section-padding error-page pattern-bg "> <!-- Main Container --> <div class="container"> <!-- Row --> <div class="row"> <!-- Middle Content Area --> <div class="col-md-5 col-md-push-7 col-sm-6 col-xs-12"> <!-- Form --> <span><?php echo $message; ?></span> <div class="form-grid"> <form method="post"> <div class="form-group"> <label>Email</label> <input type="text" name="user_email" id="user_email" class="form-control" /> </div> <div class="form-group"> <label>Password</label> <input type="password" name="user_password" id="user_password" class="form-control" /> </div> <div class="form-group"> <div class="row"> <div class="col-xs-12"> <div class="skin-minimal"> <ul class="list"> <li> <input type="checkbox" id="minimal-checkbox-1"> <label for="minimal-checkbox-1">Remember Me</label> </li> </ul> </div> </div> </div> </div> <input type="submit" name="login" id="login" class="btn btn-info" value="Login" /> </form> </div> <!-- Form --> </div> <div class="col-md-7 col-md-pull-5 col-xs-12 col-sm-6"> <div class="heading-panel"> <h3 class="main-title text-left"> Sign In to your account </h3> </div> <div class="content-info"> <div class="features"> <div class="features-icons"> <img src="images\icons\chat.png" alt="img"> </div> <div class="features-text"> <h3>Chat & Messaging</h3> <p> Access your chats and account info from any device. </p> </div> </div> <div class="features"> <div class="features-icons"> <img src="images\icons\panel.png" alt="img"> </div> <div class="features-text"> <h3>User Dashboard</h3> <p> Maintain a wishlist by saving your favourite items. </p> </div> </div> <span class="arrowsign hidden-sm hidden-xs"><img src="images\arrow.png" alt=""></span> </div> </div> <!-- Middle Content Area End --> </div> <!-- Row End --> </div> <!-- Main Container End --> </section> <!-- =-=-=-=-=-=-= Ads Archives End =-=-=-=-=-=-= --> <!-- =-=-=-=-=-=-= FOOTER =-=-=-=-=-=-= --> <footer> <!-- Footer Content --> <div class="footer-top"> <div class="container"> <div class="row"> <div class="col-md-3 col-sm-6 col-xs-12"> <!-- Info Widget --> <div class="widget"> <div class="logo"> <img alt="" src="images\logo-1.png"> </div> <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Curabitur et dolor eget erat fringilla port.</p> <ul> <li><img src="images\appstore.png" alt=""></li> <li><img src="images\googleplay.png" alt=""></li> </ul> </div> <!-- Info Widget Exit --> </div> <div class="col-md-3 col-sm-6 col-xs-12"> <!-- Follow Us --> <div class="widget socail-icons"> <h5>Follow Us</h5> <ul> <li><a class="fb" href=""><i class="fa fa-facebook"></i></a><span>Facebook</span></li> <li><a class="twitter" href=""><i class="fa fa-twitter"></i></a><span>Twitter</span></li> <li><a class="linkedin" href=""><i class="fa fa-linkedin"></i></a><span>Linkedin</span></li> <li><a class="googleplus" href=""><i class="fa fa-google-plus"></i></a><span>Google+</span></li> </ul> </div> <!-- Follow Us End --> </div> <div class="col-md-6 col-sm-6 col-xs-12"> <!-- Newslatter --> <div class="widget widget-newsletter"> <h5>Singup for Weekly Newsletter</h5> <div class="fieldset"> <p>We may send you information about related events, webinars, products and services which we believe.</p> <form> <input class="" value="Enter your email address" type="text"> <input class="submit-btn" name="submit" value="Submit" type="submit"> </form> </div> </div> <!-- Newslatter --> </div> </div> </div> </div> <!-- Copyrights --> <div class="copyrights"> <div class="container"> <div class="copyright-content"> <div class="row"> <div class="col-lg-12 col-md-12 col-sm-12 col-xs-12"> <p>© 2017 AForest All rights reserved. Design by <a href="http://themeforest.net/user/scriptsbundle/portfolio" target="_blank">Scriptsbundle</a> </p> </div> </div> </div> </div> </div> </footer> <!-- =-=-=-=-=-=-= FOOTER END =-=-=-=-=-=-= --> </div> <!-- Main Content Area End --> <!-- Post Ad Sticky --> <a href="#" class="sticky-post-button hidden-xs"> <span class="sell-icons"> <i class="flaticon-transport-9"></i> </span> <h4>SELL</h4> </a> <!-- Back To Top --> <a href="#0" class="cd-top">Top</a> <!-- =-=-=-=-=-=-= JQUERY =-=-=-=-=-=-= --> <script src="js\jquery.min.js"></script> <!-- Bootstrap Core Css --> <script src="js\bootstrap.min.js"></script> <!-- Jquery Easing --> <script src="js\easing.js"></script> <!-- Menu Hover --> <script src="js\forest-megamenu.js"></script> <!-- Jquery Appear Plugin --> <script src="js\jquery.appear.min.js"></script> <!-- Numbers Animation --> <script src="js\jquery.countTo.js"></script> <!-- Jquery Smooth Scroll --> <script src="js\jquery.smoothscroll.js"></script> <!-- Jquery Select Options --> <script src="js\select2.min.js"></script> <!-- noUiSlider --> <script src="js\nouislider.all.min.js"></script> <!-- Carousel Slider --> <script src="js\carousel.min.js"></script> <script src="js\slide.js"></script> <!-- Image Loaded --> <script src="js\imagesloaded.js"></script> <script src="js\isotope.min.js"></script> <!-- CheckBoxes --> <script src="js\icheck.min.js"></script> <!-- Jquery Migration --> <script src="js\jquery-migrate.min.js"></script> <!-- Sticky Bar --> <script src="js\theia-sticky-sidebar.js"></script> <!-- Style Switcher --> <script src="js\color-switcher.js"></script> <!-- Template Core JS --> <script src="js\custom.js"></script> </body> </html>
Alright, I'm struggling a bit. I've succesfully set up a MySQL database and users can register. I also have a login script which works. However, what I want to do now is make it so a user has his information saved in a cookie for 100 days unless he logs out. (I will implement this into a remember me checkbox, but after I get it working this way first.) So a user logs in using a form which fills in appropriate variables, and this script is run: (obviously the stars are not in the script, I have correct log in there.) Code: [Select] <?php ob_start(); $host="localhost"; // Host name $username="****"; // Mysql username $password="****"; // Mysql password $db_name="users"; // Database name $tbl_name="users"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $myusername and $mypassword $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row setcookie('username', $_POST['myusername'], time()+60*60*24*365); setcookie('password', md5($_POST['mypassword']), time()+60*60*24*365); if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ob_end_flush(); ?> You'll see the cookie is near the end. I then go to a page which includes this: Code: [Select] <?php if(isset($_COOKIE['username'])) { echo 'You are logged in as', var_dump($_COOKIE); } else { echo 'you aren\'t logged in!'; } ?> Which simply looks for the cookie. However, no matter what I try, it seems to not detect the cookie, and it says I am not logged in. Does anyone spot the problem? ok i need directing to a tutorial, an easyish one that can help me do a secure login and registration system. Something that uses sessions and mysql. something with sql injection and other security. i need it very secure. hope you can help. I'm trying to build a login system and alot of the code is similar to what i used to make my news cms. basically all i wanna accomplish right now is to get the user input inserted into my database. I've already tested it out, and I get no errors, but like with the cms, the database isn't getting queryed. Here's the code: (process.php) Code: [Select] <?php $first_name=$_POST['first_name']; $last_name=$_POST['last_name']; $age=$_POST['age']; $city=$_POST['city']; $state=$_POST['state']; $country=$_POST['country']; $zip=$_POST['zip']; $birthdate=$_POST['birthdate']; $gender=$_POST['gender']; $sexuality=$_POST['sexuality']; $race=$_POST['race']; $religion=$_POST['religion']; $status=$_POST['status']; $about=$_POST['about']; $website=$_POST['website']; $user_name=$_POST['user_name']; $password=$_POST['password']; $email=$_POST['email']; mysql_connect("your hostname", "your database name", "your password") or die(mysql_error()); mysql_select_db("your database name") or die(mysql_error()); $sql = sprintf("INSERT INTO Users (first_name, last_name, age, city, state, country, zip, birthdate, gender, sexuality, race, religion, status, about, website, user_name, password, email) VALUES ('%s', '%s', '%s', '%s', '%s')", mysql_real_escape_string($first_name), mysql_real_escape_string($last_name), mysql_real_escape_string($age), mysql_real_escape_string($city), mysql_real_escape_string($state), mysql_real_escape_string($country), mysql_real_escape_string($zip), mysql_real_escape_string($birthdate), mysql_real_escape_string($gender), mysql_real_escape_string($sexuality), mysql_real_escape_string($race), mysql_real_escape_string($religion), mysql_real_escape_string($status), mysql_real_escape_string($about), mysql_real_escape_string($website), mysql_real_escape_string($user_name), mysql_real_escape_string($password), mysql_real_escape_string($email)); $result = mysql_query($sql); Print "Congratulations! You are now a registered member on yourwebsite.com!"; ?> (register/index.php) Code: [Select] <script language = "Javascript"> function Validate() { if (document.register.first_name.value == '') { alert('You have not specified your first name!'); return false; } if (document.register.last_name.value == '') { alert('You have not specified your last name!'); return false; } if (document.register.age.value == '') { alert('You have not specified your age!'); return false; } if (document.register.country.value == '') { alert('You have not entered a country!'); return false; } if (document.register.birthdate.value == '') { alert('You have not entered your date of birth!'); return false; } if (document.register.gender.value == '') { alert('You have not specified your gender!'); return false; } if (document.register.user_name.value == '') { alert('You have not entered a username!'); return false; } if (document.register.email.value == '') { alert('You have not entered an email!'); return false; } if (document.register.password.value == '') { alert('You have not entered a password!'); return false; } return true; } </script> <form name="register" method="post" action="http://www.djsmiley.net/register/process.php" onsubmit="return Validate();"> <table width="100%" border="0"> <tr> <td>First Name:</td> <td><label> <input type="text" name="first_name" id="first_name" /> </label></td> </tr> <tr> <td>Last Name:</td> <td><input type="text" name="last_name" id="last_name" /></td> </tr> <tr> <td>Age:</td> <td><input type="text" name="age" id="age" /></td> </tr> <tr> <td>City:</td> <td><input type="text" name="city" id="city" /></td> </tr> <tr> <td>State:</td> <td><input type="text" name="state" id="state" /></td> </tr> <tr> <td>Country:</td> <td><input type="text" name="country" id="country" /></td> </tr> <tr> <td>Zip:</td> <td><input type="text" name="zip" id="zip" /></td> </tr> <tr> <td>Birthdate:</td> <td><input type="text" name="birthdate" id="birthdate" /></td> </tr> <tr> <td>Gender:</td> <td><input type="text" name="gender" id="gender" /></td> </tr> <tr> <td>Sexuality:</td> <td><input type="text" name="sexuality" id="sexuality" /></td> </tr> <tr> <td>Race:</td> <td><input type="text" name="race" id="race" /></td> </tr> <tr> <td>Religion:</td> <td><input type="text" name="religion" id="religion" /></td> </tr> <tr> <td>Marital Status:</td> <td><input type="text" name="status" id="status" /></td> </tr> <tr> <td>About You:</td> <td><label> <textarea name="about" id="about" cols="45" rows="5"></textarea> </label></td> </tr> <tr> <td>Website:</td> <td><input type="text" name="website" id="website" /></td> </tr> <tr> <td width="13%">Username: </td> <td width="87%"><input type="text" name="user_name" id="user_name" /></td> </tr> <tr> <td>Email: </td> <td><input type="text" name="email" id="email" /></td> </tr> <tr> <td>Password: </td> <td><input type="password" name="password" id="password" /></td> </tr> <tr> <td> </td> <td><input name="Register Button" type="submit" class="Button1" id="Register Button" value="Register" /> <input name="Reset Button" type="reset" class="Button1" id="Reset Button" value="Clear" /></td> </tr> </table> <label></label> </form> I've abandoned my old script and switched to this one: http://www.evolt.org/node/60384 I got it working on my site just fine (djsmiley.net/members/register - you can test it out if u want). i just want to know how i can put all of the code into the pages i created using my template. It doesn't specify how this can be done in the tutorial, which is why im confused. I've tried everything but keep getting errors. Help? Hi, im getting alot of errors like so Deprecated: Function session_is_registered() is deprecated time to update some files, can you guys pls help im rubbish with PHP guess thats why I waited so long to update. here is the code I need to change checklogin.php // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:index.php"); } index.php <? session_start(); /*if(!session_is_registered(myusername)){ header("location:main_login.php"); }*/ ?> index.php (display username stuff) <?php if(session_is_registered(myusername)){ ?> Welcome: <?= $_SESSION['myusername'] ?><?php } ?> index.php (edit content stuff) <?php $file = file_get_contents('content/menu_header_a.txt', 'r'); if(session_is_registered(myusername)){ ?><a href="javascript:open4()"><?php echo $file ?></a><?php } else { echo $file; }?> Many thanks for any and all your help with this one. if you could keep it simple please like ( replace this with this ) . thanks Hi Everyone, Just a quick question before I take on this project. Basically the client has a secure server set up with folders for different clients. So they can store excel files, PDFs etc, What the client use to do was send the client an email with the http address of that clients particular folder to be able to login. What my job is to create a login system that redirects each client to their particular area on the secure system. Is this going to be difficult, What I was thinking of doing was when the administator is setting up the client details there would be an extra field saying address: they paste the address of the folder on the server. Then it will redirect them to their folder. Is this the correct way to do this. Any help or advice would be great. Hi could you help me get this login page working?
I made a form which posts to login.php the "user" and "pass".
Then this is my code for login.php: <?php include("mysql_connect.inc.php"); ?> <?php $user = $_POST['user']; $pass = $_POST['pass']; session_start(); $query = mysqli_query("SELECT * FROM users WHERE username='$user'"); $results = mysqli_query($con, $query) or die(mysqli_error($con)); $resultsarray = mysql_fetch_array($userresults); if (isset($_POST['user']) && $_POST['user'] == $query && isset($_POST['pass']) && $_POST['pass'] == $query) { $_SESSION['username'] = $_POST['user']; echo "<p>Login success. You are logged in as: " . $_SESSION['username'] . "</p>Return to mainpage, click <a href='index.php'>here</a>!"; } else { echo "<p>Wrong username or password.</p>"; } mysqli_close($con); ?> Hi All!
This is my first post here, so if there are some things I miss or something more I need to do please let me know.
I tried searching the forum for the answer first but could not find anything.
So here is the thing; I followed a tutorial I found about building a login system for my website. The tutorial worked perfectly, except I needed it to redirect to a user specific page instead of a static page on login. I made the necessary changes to the script, and now it redirects to the user specific page, but does not recognize that I am logged in so it will not show me the content.
In the interest of full disclosure, I am not very good at PHP and lack a fundamental understanding of it. I am enrolled in some Udemy courses to try to rectify that, but I needed the login system ASAP, so copy and paste programming was my only option. I know, I know. I am a terrible human being and should be thrown into the sun. I agree. I am in counseling to try to deal with it.
The tutorial I used can be found he http://www.wikihow.c...n-PHP-and-MySQL.
Here is the relevant code:
process_login.php:
<?php include_once 'db_connect.php'; include_once 'functions.php'; sec_session_start(); // Our custom secure way of starting a PHP session. if (isset($_POST['email'], $_POST['p'])) { $email = $_POST['email']; $password = $_POST['p']; // The hashed password. $page = login($email, $password, $mysqli); if ($page == true) { // Login success header('Location: '. $page); exit(); } else { // Login failed header('Location: ../error.php?error=1'); } } else { // The correct POST variables were not sent to this page. echo 'Invalid Request'; } First of all hello as I am new to this forum. Ok so, I am have been trying for the past few days to create a login system in PHP for a website I am creating, and I am having serious problems. I have tryed so many tutorials and they all are not working, my conclusion is they are outdated or not fully understandable. So what I want to create - Registration Forgot password Login page Email activation Member page My hosting has the latest php and mysql as far as I know so could someone please give me an up to date simple tutorial on creating this. Lastly the program I am using is Dreamweaver CS5 Thankyou. Hello everyone, I'd like to make a small object oriented login system. The problem is that I'm not very good at oop and i have only written these scripts the procedural way. So please, correct me if I'm wrong: class database - connect() class user - login() My problem is when i make a database connection in connect(), I can't use it in login(). class Database{ public function connect(){ $mysqli = new mysqli('localhost','root','','login'); } } class User{ public function login(){ // how do i use connect() from above and make a query to log the user in? } Hello: I am using this tutorial to make a secure login system (if there is a "better" way, please let me know): http://tinsology.net/2009/06/creating-a-secure-login-system-the-right-way/ I am having a problem with the login form - it keeps moving to the "a_Home.php" page (the one that is suppose to be password protected) without any login information being entered. This is the mmLogin.php page: Code: [Select] <?php include('../include/myConn.php'); include('include/myAdminCodeLib.php'); session_start(); $username = $_POST['username']; $password = $_POST['password']; $username = mysql_real_escape_string($username); $query = "SELECT password, salt FROM users WHERE username = '$username';"; $result = mysql_query($query); if(mysql_num_rows($result) < 1) { header('Location: mmLogin.php'); die(); } $userData = mysql_fetch_array($result, MYSQL_ASSOC); $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) ); if($hash != $userData['password']) { header('Location: mmLogin.php'); die(); } else { validateUser(); header('Location: a_Home.php'); } ?> <html> <head></head> <body> <form name="login" action="mmLogin.php" method="post"> Username: <input type="text" name="username" /> Password: <input type="password" name="password" /> <input type="submit" value="Login" /> </form> </body> </html> This is the a_Home.php page: Code: [Select] <?php include('include/myAdminCodeLib.php'); include('include/myCheckLogin.php'); ?> <html> <head></head> <body> <a href="mmLogin.php">Log Off</a> </body> </html> This is the myCheckLogin.php page: Code: [Select] <?php session_start(); if(!isLoggedIn()) { header('Location: mmLogin.php'); die(); } ?> This is the myAdminCodeLib.php page: Code: [Select] <?php function validateUser() { session_regenerate_id (); $_SESSION['valid'] = 1; $_SESSION['userid'] = $userid; } function isLoggedIn() { if(isset($_SESSION['valid']) && $_SESSION['valid']) return true; return false; } function logout() { $_SESSION = array(); session_destroy(); } ?> Can anyone tell me why this is not working? And, am I calling the functions properly? Thanks. I am using a login system in php and mySQL but only one page is potected. pages i am using: 1. login.php // inputing details (user name, password) 2. checkloginDetails.php // connect to db and check login details 3. logged_in.php // successfully login ...i need more than the one page protected for example; once the user has logged in there will be the main logged in page with other links, remove topics, add, user, remove user all these pages i want protecting but with out the user inputing his details again. Has anyone got an idear onhow i ould achive this? Hi, I made a login/register system and it was working fine, but now I seem to have broken it and I'm scratching my head as to why. I think it's something to do with the $_SESSION array, the error happens from going from the login.php page to members.php, I log in successfully, but when I get to the members page it says "you must be logged in". index.php has the form to login or a link to register.php to make an account Code: [Select] <?php session_start(); ?> <html> <head> <title>Lincs Crusade | Login page.</title> </head> <body> <form action="login.php" method="POST"> Username: <input type="text" name="username"><br /> Password: <input type="password" name="password"><br /> <input type="submit" value="Login"> </form> <a href="register.php">Click here to register!</a> </body> </html> The register.php page Code: [Select] <?php session_start(); echo "<h2>Register</h2>"; $submit = $_POST['submit']; $username = strip_tags($_POST['username']); $password = strip_tags($_POST['password']); $repeatpassword = strip_tags($_POST['repeatpassword']); $email = $_POST['email']; $date = date("Y-m-d"); if ($submit) { if ($username&&$password&&$repeatpassword&&$email) { if ($password==$repeatpassword) { if (strlen($username)>65) { echo "Length of username is too long!"; } elseif (strlen($email)>100) { echo "Length of email is too long!"; } elseif (strlen($password)>65||strlen($password)<8) { echo "Password must be between 8 and 65 characters long!"; } else { include('functions.php'); echo "All fields were accepted! "; $password = md5($password); $repeatpassword = ($repeatpassword); $email = md5($email); connect(); mysql_query(" INSERT INTO users VALUES ('','$username','$password','$email','$date') ") or die("Could not insert values into <em>users</em> table!"); mysql_query(" INSERT INTO stats VALUES ('$username',10,10,0,1) ") or die("Could not insert values into <em>stats</em> table!"); $_SESSION['username'] == $username; die("You have been registered! Please return to <a href=\"index.php\">homepage</a> and login."); } } else { echo "Your passwords do not match!"; } } else { echo "Please fill in <em>all</em> fields!"; } } ?> <html> <head> <title>Lincs Crusade | Register an Account.</title> </head> <body> <form action="register.php" method="POST"> <p>Your username:</p> <p>Note: Do not use your real name.</p> <input type="text" name="username" value="<?php echo $username ?>"/>= <p>Choose a password:</p> <input type="password" name="password" /> <p>Please repeat password:</p> <input type="password" name="repeatpassword" /> <p>Your student email:</p> <p>Note: This is only used for recovering a lost or forgotten password.</p> <input type="text" name="email" /><br /> <input type="submit" value="Register" name="submit" /> <p> Note: Your password and email are md5 encrypted. This means neither I (the author) or anyone else will be able to view your information<br /> in plain text. For example, your password or email will look something like this "534b44a19bf18d20b71ecc4eb77c572f" once it has been encrypted. </p> </form> </body> </html> The login.php page that process the form data to access members.php page Code: [Select] <?php session_start(); $username = $_POST['username']; $password = $_POST['password']; if ($username&&$password) { include('functions.php'); connect(); $query = mysql_query("SELECT * FROM users WHERE username='$username'"); $numrow = mysql_num_rows($query); if ($numrow!=0) { while ($row = mysql_fetch_assoc($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } if ($username==$dbusername&&md5($password)==$dbpassword) { echo "You're in! - <a href=\"members.php\">Proceed to the members page</a>"; $_SESSION['username'] == $username; } else { echo "Incorrect password!"; } } else { die ("That user doesn't exist,<a href=\"register.php\">please register an account</a>"); } } else { die("Please enter a username and password!"); } ?> The members.php page Code: [Select] <?php session_start(); ?> <html> <head> <title>Lincs Crusade | Members page.</title> </head> <body> <?php if ($_SESSION['username']) { echo "Welcome," .$_SESSION['username']. "!<br />"; echo "<a href=\"stats.php\">View your stats.</a>"; } else { die ("You must be logged in."); } ?> </body> </html> and this is what is in the functions.php file Code: [Select] <?php function connect() { mysql_connect("localhost","root","password") or die ("Unable to connect"); mysql_select_db("database") or die ("Unable to find database"); } ?> Thanks for your help. This is my one page log in system. Using this on the header so guests can log in on ANY page. Let me know what you think needs improving for security. I'm also wondering if putting the include "disconnect.php"; where I have is correct. Thanks! Code: [Select] <?php session_start(); $message = ""; //error message needs to be blank $loginstatus = ""; //error message needs to be blank //if $_POST "username" and "password" exist, check for consistency. if (isset($_POST['username'])&&($_POST['password'])) { include 'connect.php'; //connect $username = mysql_real_escape_string($_POST['username']); //set variables from session $password = mysql_real_escape_string($_POST['password']); //set variables from session //remove slashes and HTML $username = stripslashes($username); $password = stripslashes($password); $username = strip_tags($username); $password = strip_tags($password); $password = md5($password); //md5 encryption $query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); //checking if row exists that has $username and $password together. $num = mysql_num_rows($query); //number of rows. if not equal to one login will fail. if($num==1) { $_SESSION['username'] = $username; //store session data $message = "$username, you are logged in!"; include "disconnect.php"; } else { $message = "<font color='red'>Wrong Username or Password. Please try again.</font>"; } } //if $_SESSION "username" and "password" exist, check for consistency. if (isset($_SESSION['username'])) { $username = $_SESSION['username']; $loginstatus = " <table cellspacing='0' cellpadding='0'> <tr> <td align='right'><b>$message</b> <a href='logout.php'>[logout]</a></td> </tr> </table> "; } else { $loginstatus = " <b>$message</b> <table cellspacing='0' cellpadding='0'> <form action='index.php' method='post'> <tr> <td><b>Username: </td> <td><input type='text' name='username' class='inputbox'></td> <td> <b>Password: </td> <td><input type='password' name='password' class='inputbox'></td> <td> <input type='submit' value='Log In' class='submitbutton'></td> </tr> </table> </form> "; } echo $loginstatus; ?> I tried Googling them and what not but all I could find was useless stuff that I couldn't get to work, so I thought I would give it a crack at making my own. I don't think its that secure though. Can someone have a geeza over it? I've pretty much made it up from bits and pieces I have seen and researched. Ignore the echoes they were just for testing. Well the code was working, now it just keeps redirecting me to index. So I dunno what I fucked. Heres all the code: Index.php Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <?php include 'functions.php'; Connect(); ?> <form method="post" action="login.php"> <input type="text" name="Username" /> <input type="password" name="Password" /> <input type="hidden" name="ip" value="<?php ipget(); ?>" /> <input type="submit" /> </form> </body> </html> Login.php <?php require_once 'standalone\HTMLPurifier.standalone.php'; include "functions.php"; Connect(); $purifier = new HTMLPurifier(); $result = mysql_query("SELECT Username, Password FROM login ") or die(mysql_error()); $sorted = mysql_fetch_array($result); $name = $purifier->purify(strtolower($_POST['Username'])); $pass = $purifier->purify(md5(strtolower($_POST['Password']))); $ip = md5($_POST['ip']); $stamp = date("Ymdhis"); if ( $name == $sorted['Username'] ){ Echo "Username Correct"; if ( $pass == $sorted['Password'] ) { echo "Password is correct"; session_start(); $_SESSION['ip'] = $ip; $_SESSION['Username'] = $name; $_SESSION['Password'] = $pass; setcookie('ip', $ip, time()+3600); setcookie('name', $name, time()+3600); $ipb = $_SERVER['REMOTE_ADDR']; $orderid = "$stamp-$ipb"; $orderid = str_replace(".", "", "$orderid"); $GUID = md5(orderid); setcookie('GUID', $GUID, time()+3600); mysql_query("UPDATE login SET GUID = $GUID WHERE Username = '$name'"); header("location: admin.php"); } else { echo "password is wrong"; } } else { Echo "wrong name"; } ?> Functions.php <?php function connect(){ mysql_connect("localhost", "test", "password") or die(mysql_error()); mysql_select_db("db344475103") or die(mysql_error()); echo "Connected"; } function ipget(){ $ip = $_SERVER['REMOTE_ADDR']; echo $ip; } function check(){ session_start(); if (md5($_SERVER['REMOTE_ADDR']) == $_SESSION['ip']) { if (md5($_SERVER['REMOTE_ADDR']) == $_COOKIE['ip']) { if ($_SESSION['Username'] == $_COOKIE['name']) { if ($_COOKIE['GUID'] == mysql_query("SELECT GUID FROM login")) { } else { header("location: index.php"); session_destroy(); } } else { header("location: index.php"); session_destroy(); } } else { header("location: index.php"); session_destroy(); } } else { header("location: index.php"); session_destroy(); } } function clean(){ } ?> Admin.php Code: [Select] <?php include 'functions.php'; check(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> Admin Area </body> </html> Yeah its a lot of code, probably most of it useless as well knowing me. |