PHP - User Log In
Hi, I'm having some problems with this code. I have a password reset utility code which works and encrypts the password with md5 by using the password recovery page.
But in order for a user with a reset password to login I have to use this code in my page. Code: [Select] $username = addslashes($_POST['username']); $salt = 'random_stuff_15545'; $password = md5($_POST['password'].$salt); But when I have this code above the users that have NOT reset their passwords can NOT log in. So for these users who have not reset their password i use this code[But with this code the users that reset their pass cannot log in]: Code: [Select] $username = addslashes($_POST['username']); $password = md5($_POST['password']); How can I allow both types of users to log in? Cheers Similar Tutorialshi, i have made a website where people resgister their details of them and products. they have to enter the following details in form Name of company name of the product company address email id password mobile number contact and brief details about their company
user can then login with email id and pwd. now after login ..user will get a page where he can upload the photos of products images and their price, so now my question is that when he finishes uploading (|by clicking on upload button) the product images and price text box ..then on final uploaded webspage it should show all other things which he registerd before (company name , mobile number etc) along with images and price...hence the main question that user does not need to enter mobile and address while uploading images and filling proce ..but on the final page it should show mobile and address along with price and images..as user is not going to enter mobile and address again and again as he will have multiple products to upload.
I would appreciate your assistance, there are tons of login scripts and they work just fine. However I need my operators to login and then list their activities for the other operators who are logged in to see and if desired send their clients on the desired activity. I have the login working like a charm and the activities are listed just beautifully. How do I combine the two tables in the MySQL with PHP so the operator Logged in can only make changes to his listing but see the others. FIRST THE ONE script the member logges in here to the one table in MSQL: <?php session_start(); require_once('config.php'); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } $login = clean($_POST['login']); $password = clean($_POST['password']); if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); if($result) { if(mysql_num_rows($result) == 1) { session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: member-index.php"); exit(); }else { header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> ................................................. ................................ Now I need the person who logged in to the table above to be able to make multiple entries to the table below <? $ID=$_POST['ID']; $title=$_POST['title']; $cost=$_POST['cost']; $activity=$_POST['activity']; $ayear=$_POST['aday']; $aday=$_POST['ayear']; $seats=$_POST['special']; $special=$_POST['seats']; mysql_connect("xxxxxx", "xxx350234427", "========") or die(mysql_error()); mysql_select_db("xxxx") or die(mysql_error()); mysql_query("INSERT INTO `activity` VALUES ('ID','$title', '$cost','$activity', '$aday', '$ayear', '$special', '$seats')"); Print "Your information has been successfully added to the database!" ?> Click <a href="member-profile.php">HERE</a> to return to the main menu <?php ?> Actually, what i want to do is to use the email to fetch the $email,$password and $randomnumber from database after Hi, so far I have managed to set up a somewhat basic login website with a mysql database backend. Once they have logged on they go to a "main menu" page. What I need to define is that user A sees button A but only that button, etc. (Then of course that same rule would have to apply if they tried to directly go to the page, but I am guessing I can do that in the same way that I currently do to force a login). If anyone has any tutorials or sample code I would much appreciate it. Thanks, Hi guys, I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else. I have got the system to work up as far as: 1/ The user logs in 2/ Once logged in they are re-directed to their own page using 'theirusername.php' Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page. This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working! Please find below the code I am using: LOGIN <?php session_start(); function dbconnect() { $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error()); } ?> <?php if(isset($_SESSION['loggedin'])) { header("Location:" . strtolower($username) . ".php"); if(isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql) < 1) { die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again"); } $_SESSION['loggedin'] = "YES"; $_SESSION['username'] = $username; $_SESSION['name'] header("Location:" . strtolower($username) . ".php"); } ?> HEADER ON EACH PHP PAGE <?php session_start(); if(!isset($_SESSION['loggedin'])) { die(Access to this page is restricted without a valid username and password); ?> --------------------------------------------------- Am I right in thinking it is something to do with the "loggedin" part? The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php" Any help would be greatly appreciated! Ta Hi, I am getting frustrated beyond belief at the moment with trying to get a very simple script to run, I am using PHP 5.3.3 and MySQL 5.1 on a Win2k8 server with IIS7.5. Basically my script is connecting to a local database, running a single select query, returning those rows and building up a string from them. The problem is that I am receiving complete BS responses from PHP that the access is denied for the user being specified. This is complete rubbish since the user can connect via mysql, sqlyog, ASP.NET MVC without issue but for some bizarre reason it is not working via PHP. The code for the script is here : Code: [Select] <?php $mysql = mysql_connect('127.0.0.1:3306', 'myuser', 'mypass', 'mydatabase'); if (!$mysql) { die(mysql_error()); $content = "<nobr></nobr>"; } else { $result = mysql_query('SELECT * FROM tblEventGroup'); $content = "<nobr>"; if ($result) { while($row = mysql_fetch_assoc($result)) { $content .= "<span>"; $content .= $row['GroupName']; $content .= "</span>"; $content .= "<a href=\"../Event/EventSearch?groupid="; $content .= $row['GroupId']; $content .= "\" target=\"_blank\">Book here</a> "; } } mysql_close($mysql); $content .= "</nobr>"; } ?> I cannot for the life of me understand what the problem is, the return error is Access denied for user 'myuser'@'localhost' (using password: YES) Hello, i've got some shop script which has 2 payment modules which i'd like to use for something else, the payment modules only work if the user is logged in though, i tried to make them standalone scripts but that didn't work out too well. So now i decided to go another way and just let everyone have the same session so everyone will be using the same username&password automatically. the index file looks like this: Code: [Select] <?php include('./inc/config.php'); include('./inc/functions.php'); include('./lang/'.$language.'.lng'); $id = addslashes($_REQUEST["id"]); $user = addslashes($_REQUEST["username"]); $pass = addslashes($_REQUEST["password"]); $language = strtolower($language); if(empty($id)) $id =1; $file = mysql_query('SELECT * FROM navi_'.$language.' WHERE id="'.$id.'"'); if(mysql_num_rows($file)>0) $file = mysql_fetch_array($file); else $file = mysql_fetch_array(mysql_query('SELECT * FROM navi_'.$language.' WHERE id="404"')); if(!empty($user) AND !empty($pass)) {$query = mysql_query('SELECT * FROM users WHERE username="'.$user.'" AND pass="'.md6($pass).'"'); if(mysql_num_rows($query) == 1) {$_SESSION[$session_prefix."user"] = ucfirst($user); echo'<meta http-equiv="refresh" content="0; url=index.php?id=8">';} else $error = 'Username oder Passwort ist falsch.';} include('./designe/'.$designe.'/head.tpl'); include('./designe/'.$designe.'/navi.php'); include('./designe/'.$designe.'/middle.tpl'); if(file_exists('./pages/'.$file["file"])) {echo'<h1>'.ucfirst($file["title"]).'</h1>'; include('./pages/'.$file["file"]);} if(!empty($error)) echo '<font color="red">'.$error.'</font>'; include('./designe/'.$designe.'/foot.tpl'); ?> Now i tried alot of things including adding: Code: [Select] session_start(); $_SESSION["username"] = "peter"; $_SESSION["user"] = "peter"; $_SESSION["id"] = "1"; $_SESSION["pass"] = "peter"; $_SESSION["password"] = "peter"; or Code: [Select] $id = "1"; $user = "peter"; $username = "peter"; $pass = "peter"; $password = "peter"; also a combination of both, nothing works, but i don't understand why ? Any help is appreciated. /Edit, i tried adding it to the paymentmodule .php aswell, but no luck. Hallo everybody,
i have the following code.
but i get allways this error while the user exist in the database.
User not found!
what do i do wrong?
thank you very much for your help
Rafal
<html> <head> <?php $connection = mysql_connect("db.xyz.com", "username", "password") or die ("connection fehler"); mysql_select_db("db0123456789") or die ("database fehler"); $email = $_POST["inp_email"]; $pwd = $_POST["inp_pwd"]; if($email && $pwd) { $chkuser = mysql_query("SELECT email FROM gbook WHERE email = '($email)' "); $chkuserare = mysql_num_rows($chkuser); echo $email; echo $pwd; if ($chkuserare !=0) { $chkpwd = mysql_query("SELECT pwd FROM gbook WHERE email = '($email)' "); $pwddb = mysql_fetch_assoc($chkpwd); if ($pwd != $pwddb["pwd"]) { echo "password is wrong!"; } else { echo "login successed"; } } else { echo "User not found!"; } } else { echo "Pleas enter your email and password!"; } mysql_close($connection); ?> </head> <body> <form action="login.php" method="post"> Email <input type="text" name="inp_email"><br> Password <input type="text" name="inp_pwd"><br> <input type="submit" name="submit" value="login"> </form> </body> </html> Edited by rafal, 21 September 2014 - 04:33 PM. Hallo everybody,
the user is in the table, but i get error (user not found!).
thank you very much for your help
Rafal
<!DOCTYPE html> <html> <head> <title>index</title> <meta http-EQUIV="CONTENT-LANGUAGE" content="en"> <?php SESSION_START(); include("abc.php"); $link2 = mysqli_connect("$hoster", "$nameuser", "$password", "$basedata") or die ("connection error" . mysqli_error($link2)); $email = $_POST["inp_email"]; $pwd = $_POST["inp_pwd"]; if($email && $pwd) { $chkuser = mysqli_query("SELECT email FROM $table2 WHERE email = '$email' "); $chkuserare = mysqli_num_rows($chkuser); if ($chkuserare !=0) { $chkpwd = mysqli_query("SELECT pwd FROM $table2 WHERE email = '$email'"); $pwddb = mysqli_fetch_assoc($chkpwd); if (md5($pwd) != $pwddb["pwd"]) { echo "Password is wrong!"; } else { $_SESSION['username'] = $email; header ('Location:list.php'); } } else { echo "user not found!"; } } else { echo "enter your Email and Password!"; } mysqli_close($link2); ?> </head> <body style="font-family: arial;margin: 10; padding: 0" bgcolor="silver"> <font color="black"> <br> <form action="index.php" method="post"> <b>Login</b><br><br> <table width="100%"> <tr><td> Email:<br><input type="text" name="inp_email" style="width:98%; padding: 4px;"><br> Password:<br><input type="password" name="inp_pwd" style="width:98%; padding: 4px;"><br> <br> <input type="submit" name="submit" value="Login" style="width:100%; padding: 4px;"> </td></tr> </table> </form> </font> </body> </html> hello. I need your help please. I'm building logistics website with user panel and admin panel. I've done all login and register forms. now I want to : admin can add package with: tracking number , weight , cost , and declaration form. user can fill declaration form after admin add package to user panel. then admin can see the declared form. is it possible in php? thank you in advance I have a database which contains three users. But I can only access one of the user through PHP. When I try to enter other username I get a blank message. Anyone knows why?? hello, is it possible to get the logged in user id when using windows authentication? Hey guys im making a script which allows a user to log in. Then view some data from an SQL file, then click to a log out page and log out... However i cant seem to destroy the session. Any help? Heres logout.php <?php $_SESSION['adminlogin']; session_start(); $_SESSION = array(); session_destroy(); ?> <!DOCTYPE HTML> <html lang="en-GB"> <head> <meta charset="utf-8"> <!--Search Engine Meta Tags--> <meta name="author" content="Worldwide Lighthouses"> <meta name="keywords" content="Lighthouses,Lightships,Trinity House,Fog Signals,Fog Horns,Fresnel"> <meta name="description" content="Worldwide Lighthouses is the number 1 source of information, pictures and videos on the Subject of Lighthouses and Lightships"> <!--Stylesheets/Javascript--> <link rel="stylesheet" href="../../Page-Layout.css" media="screen and (min-width: 481px)"> <link rel="stylesheet" href="../../Mobile-Page-Layout.css" media="only screen and (max-width:480px)"> <!--Mobile Browser Support--> <meta name="viewport" content="width=320; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;"> <!--IE Support--> <!--[if lt IE 9]><script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script> <link rel="stylesheet" href="../Page-Layout.css"><![endif]--> <meta name="application-name" content="Worldwide Lighthouses"> <meta name="msapplication-starturl" content="http://worldwidelighthouses.com/"> <meta name="msapplication-tooltip" content="Worldwide Lighthouses: Your number one source of Lighthouse Information, Videos and Pictures"> <meta name="msapplication-task" content="name=Lighthouses;action-uri=http://worldwidelighthouses.com/Lighthouses.php;icon-uri=http://worldwidelighthouses.com/IE9/Lighthouses.ico"> <meta name="msapplication-task" content="name=Lightships;action-uri=http://worldwidelighthouses.com/Lightships.php;icon-uri=http://worldwidelighthouses.com/IE9/Lightships.ico"> <meta name="msapplication-task" content="name=Fog Signals;action-uri=http://worldwidelighthouses.com/Fog-Signals.php;icon-uri=http://worldwidelighthouses.com/IE9/Fog-Signals.ico"> <meta name="msapplication-task" content="name=Glossary;action-uri=http://worldwidelighthouses.com/Glossary.php;icon-uri=http://worldwidelighthouses.com/IE9/Glossary.ico"> <title>Mailing List Administration | Worldwide Lighthouses</title> </head> <body> <header> <h1 id="WWLH">Worldwide Lighthouses</h1> <form method="get" action="http://www.worldwidelighthouses.com/Search/search.php" id="Search-Box"> <input type="search" placeholder="Search Worldwide Lighthouses" name="query" id="query" size="30" value="" autocomplete="off"> <input type="submit" value="Search"> <input type="hidden" name="search" value="1"> </form> </header> <nav> <ul id="Nav"> <li class="MenuButton" id="Index"><a href="../Index.php"><p class="Nav">Home</p></a></li> <li class="MenuButton" id="Lighthouses"><a href="../Lighthouses.php"><p class="Nav">Lighthouses</p></a></li> <li class="MenuButton" id="Lightships"><a href="../Lightships.php"><p class="Nav">Lightships</p></a></li> <li class="MenuButton" id="FogSignals"><a href="../Fog-Signals.php"><p class="Nav">Fog Signals</p></a></li> <li class="MenuButton" id="Daymarks"><a href="../Daymarks.php"><p class="Nav">Daymarks</p></a></li> <li class="MenuButton" id="Buoys"><a href="../Buoys.php"><p class="Nav">Buoys</p></a></li> <li id="MenuButtonLast"><a href="../Glossary.php"><p class="Nav">Glossary</p></a></li> </ul> </nav> <article> <?php echo '<h1 class="Title">Successfully Logged Out</h1>'; ?> </article> <footer> <ul> <li><a href="../About.php">About</a></li> <li><a href="../Contact-us.php">Contact</a></li> <li><a href="../Use-Our-Media.php">Use our media</a></li> <li><a href="../Search/search.php">Search</a></li> <li><a href="../Social-Networking.php">Social</a></li> <li><a href="#Top">Back to top</a></li> </ul> <br> <br> &#169; Worldwide Lighthouses <?php echo date("Y"); ?> </footer> </body> If you need any of the other files, ask and ill provide. Thanks in advance. Danny I am having a bit of a problem with my log on scrip sense i moved to a different host. Users are able to log in but most of there info isn't passed. The way I have it set up right now if your logged in the home page says "You are signed in as: 'user'". But all its showing is "You are signed in as:". The only thing I can tell that is getting passed is there user rank. There are other areas where the email is not showing up ether. Here is what i have. This is on every page unless your logged in Code: [Select] <form name="form1" method="post" action="checklogin.php"> <span class="rulesub">Username:</span><input name="myusername" type="text" id="myusername" /> <span class="rulesub">Password:</span><input name="mypassword" type="password" id="mypassword" /> <input type="submit" name="Submit" value="Login" /> <div align="center">Not a member? <a class="nav" href="new_user.php">Sign up.</a> </form> This is my check log in script Code: [Select] <?php ob_start(); include"scripts/connect.php" ; mysql_connect('localhost',$username,$password); @mysql_select_db($database) or die( "Unable to select database"); $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $encrypted_password=md5($mypassword); $sql="SELECT * FROM user WHERE username='$myusername' and password='$encrypted_password' and active=1"; $result=mysql_query($sql); $count=mysql_num_rows($result); $row = mysql_fetch_assoc($result); $rank = $row['rank']; $loggedinusername = $row['username']; $loggedinuseremail = $row['email']; if($count==1){ session_start(); $_SESSION['login'] = "1"; $_SESSION['rank'] = $rank; $_SESSION['loggedinusername'] = $loggedinusername; $_SESSION['loggedinuseremail'] = $loggedinuseremail; header ("Location:index.php"); } else { $errorMessage = "Invalid Login"; session_start(); $_SESSION['login'] = ''; header ("Location:login.php"); } ?> This is what i have for the session part on every page Code: [Select] <?php session_start(); $_SESSION['login']; $_SESSION['rank']; $_SESSION['loggedinusername'] = $loggedinusername; $_SESSION['loggedinuseremail'] = $loggedinuseremail; $rank=$_SESSION['rank']; $loggedinusername=$_SESSION['loggedinusername']; $loggedinuseremail=$_SESSION['loggedinuseremail']; ?> And this is what I am using to show the user name. Code: [Select] <?php if($rank>=1){ ?> <p class="rulesub"> You are signed in as: <?php echo $loggedinusername; ?> <br /><a class="nav" href="logout.php" title="Log out" target="_self">Log Out</a> </p> <?php }?> Thanks in advance I have had a problem with people attacking my site and trying to gain access to users accounts so i beefed up security, however now users are complaining they keep getting logged out. Here are the variables i use to validate the users and i dont want to strip them down any more can anyone give me any ideas for changing them so its still secure but not so strict as to keep logging the users out? 1. Username & password is encrypted into a cookie and verified on every page they visit. 2. There ip address is recorded on login and is checked against there current ip, on every page they visit via MySql. 3. When the user logs in a unix time stamp (mySql) is generated an updated of every page they visit and if it has not been updated in the last 60 mins the user is logged out. 4.I also generate a random key which is stored in the DB and is passed on every page via GET. 5.If a user tries to login and fails an email is sent to them and if 3 unsuccessful attempts user is locked out for 30mins. I am having trouble finding a tutorial on how to have a login system like facebook and many other sites where when you login you get taken to your own profile with your own information using PHP and Mysql. Any help would be much appreciated. Thanks Hi, I am creating an application that manages movie information. I was wondering if there was a way of letting a user navigate to a directory and select it as their default movie directory. i will then scan the sub directory names and compare them to a table in the Db. This latter part I can manage, its letting a user define their own default directory that is causing me problems. Any examples I have found are relating to file uploading similar to this Code: [Select] <form name="file_uploader" action="upload.php" method="post" enctype="multipart/form-data"> <input type="file" name="data"><br /> <input type="submit" name="upload" value="Upload File"> </form> Thanks for your time and consideration. Ok. I would like to be able to do this :: http://webdeveloper.50webs.com/js.login.htm in PHP and with a database. I know it may look like a simple login script, but I would like it to redirect to a specific URL based on each user. I.E. "http://example.com/users/index.php" is the login page, and once the user logs in, it would redirect them to "http://example.com/users/username/" Unless someone has a better idea. I know this isn't secure (because someone could just change the url to a different username, and they now have access to that users account.) The only reason I would like to do it this way, is because I have an upload script, and because of the way it uploads, the files are placed in a folder (So username/files is were the files are stored) and I have a file browser (username/browser.php) And I don't know how to display only the files the user has uploaded. (I.E. if I had one main file that the users see once they login, they would all see everyones uploads.) I would forfeit a tiny bit of security if users had there files not publicly visible. (People still have to login to see the files, and they would have to know the URL to a specific username.) So basically what I would like to do, is have a database (I.E. "Users") and have a table in that database with "username" "password" "email" "URL" and the PHP script looks up the database, and checks the username, and the password, and if they match, looks at the URL and sees were its supposed to redirect the user. I have attached the PHP code I have found, and use. If anyone knows how to do this, please let me know! Thanks in advance! Cheers! ------ Anders Can somebody put a code that would show all the people that are online on the website? I'm new to this forum, and PHP in general. So, hello to everyone! I'm having a problem verifying whether or not my authentication script works. I'm not new to programming...just PHP. Here it is.. <?php //check if user is already logged in if(isset($_session['username'])) { //init database information $db_server = ""; $db_user = ""; $db_password = ""; $db_name = ""; //connect to the database $connection = mysql_connect($db_server, $db_user, $db_password); if(!$connection) { die('Failed to connect: ' . mysql_error()); } mysql_select_db($db_name, $connection); //verify login information $username = $_POST['username']; $password = $_POST['password']; $query = mysql_query("SELECT * FROM users WHERE username='$username'"); if($query) { $array = mysql_fetch_array($query); if($_POST['password'] = $array['password']) { $_session['username'] = $array['username']; $_session['email'] = $array['email']; $_session['user_level'] = $array['user_level']; $_session['ip'] = $array['ip']; $_session['date_registered'] = $array['date_registered']; echo $_session['username']; } else { echo 'Bad Login Information!'; } } else { die('Failed to login: ' . mysql_error()); } } ?> <form action="auth.php" method="post"> <input name="username" type="text" size="20" maxlength="16"> <input name="password" type="text" size="20" maxlength="20"> <input name="submit" type="submit" value="Submit"> </form> |