PHP - Simple Athentication Script
i already have the front page that calls the script, but its not letting me login, i don't see the problem i know its returning the rows from the database but i don't understand why its not letting me login and when i do get it to login messing around with the code everybody logs in as an admin, my database has, user, pass, and role inside admin, poweruser, and reg user but when i get it to log in everybody logs in as an admin, can someone please help me ? i even tried the error thing but that doesn't seem to work either
ini_set('display_errors', 1); error_reporting(E_ALL); //echo ini_set('display_errors'); session_start(); $username = $_POST['username']; $password = $_POST['password']; if (mysql_connect("localhost", "root", "")) { //echo 'connect'; } else { echo 'failure'; } if (mysql_select_db("athentication")) { //echo 'connect'; } else { echo 'no connect'; } $result = mysql_query("SELECT * FROM login WHERE user = '$username'"); $rows = mysql_num_rows($result); $role = $rows['role']; if ($rows != 0) { if ($role == 'admin') { header('Location: admin.php'); $_SESSION['username'] = $username; } elseif ($role == 'poweruser') { header('Location: poweruser.php'); $_SESSION['username'] = $username; } /*elseif ($role ==' reg') { echo "WHAT UP"; $_SESSION['username'] = $username; }*/ } else echo "enter a valid user name"; Similar TutorialsHello, im very green to php and I am having trouble creating a simple log in script. Not sure why this is not working, maybe a mysql_query mistake? I am not receiving any errors but nothing gets updated in the members table and my error message to the user displays. any help is appreciated! here is my php: <?php session_start(); $errorMsg = ''; $email = ''; $pass = ''; if (isset($_POST['email'])) { $email = ($_POST['email']); $pass = ($_POST['password']); $email = stripslashes($email); $pass = stripslashes($pass); $email = strip_tags($email); $pass = strip_tags($pass); if ((!$email) || (!$pass)) { $errorMsg = '<font color="#FF0000">Please fill in both fields</font>'; }else { include 'scripts/connect_db.php'; $email = mysql_real_escape_string ($email); $pass = md5($pass); $sql = mysql_query("SELECT * FROM members WHERE email='$email' AND password='$pass'"); $log_check = mysql_num_rows($sql); if ($log_check > 0) { while($row = mysql_fetch_array($sql)) { $id = $row["id"]; $_SESSION['id']; $email = $row["email"]; $_SESSION['email']; $username = $row["username"]; $_session['username']; mysql_query("UPDATE members SET last_logged=now() WHERE id='$id' LIMIT 1"); }//Close while loop echo "You are logged in"; exit(); } else { $errorMsg = '<font color="#FF0000">Incorrect login data, please try again</font>'; } } } ?> and the form: <?php echo $errorMsg; ?> <form action="log_in.php" method="post"> Email:<br /> <input name="email" type="text" /><br /><br /> Password:<br /> <input name="password" type="password" /><br /><br /> <input name="myBtn" type="submit" value="Log In" /> </form> Hi can someone pls help, im tryin a tutorial but keep getting errors, this is the first one i get after registering. You Are Registered And Can Now Login Warning: Cannot modify header information - headers already sent by (output started at /home/aretheyh/public_html/nealeweb.com/regcheck.php:43) in /home/aretheyh/public_html/nealeweb.com/regcheck.php on line 46 <html> <head></head> <body> My favourite bands a <ul> <?php // define arrays $morebands = array('Desturbed', 'Anthrax'); $artists = array('Metallica', 'Evanescence', 'Linkin Park', 'Guns n Roses', "$morebands"); // loop over it // print array elements foreach ($artists as $a) { if ($a != 'Array'){ echo '<li>'.$a; } Else { foreach ("${$a}" as $b){ echo '<li>'.$b; } } } ?> </ul> </body> </html> I can not figure out why this will not work:( I would like the foreach to run through the array as normal, but if it encounters a nested array, loop it as well. I know this likely is not the right, or best way to do this, but I am just learning PHP through a tutorial and I learn best by doing... So I take the lessons, make them more complicated, then figure out how to make it happen (like so). right now I am working on http://devzone.zend.com/node/view/id/635 anyhow thanks for any help! Good evening guys and gals, for some reason I cant get my head around something quite simple, basically I am trying to work out a way of simply recording referrals to my site when the potential user registers. This worded example is basically what I want: registered user a with a username of smithy invites his friend western to become a member of a site he has joined: I guess here I would basically use something like mysite.com?refid=smithy as the link he gives he's friend Now this is where my brain refuses to work, what if western decides to have a look around the site before he decides to register and clicks on a few internal pages? Obviously the referral id will no longer be in the address bar. So my 1st question is, how can I check to see if a referral is used when accessing the site? I could then store the username in a session or cookie. If I had something like this: <?php $refid = $_GET('refid') setcookie("user", $refid, time()+3600); ?> But how would I check that a refid exists in the url so it doesnt throw up a parse error? I have more questions but 1 thing at a time! Many Thanks There is a sql query happening if the item is not empty, what I NEED and can not seem to figure out is to re run the rand() function. The server is PHP 4 so it is not possible to use the goto statement... That would be to easy. So any help would be great... Here is the code... the script running after the script finds a empty sql row is ot included... it works... just this one part does not. Code: [Select] <?php $connection = mysql_connect(CREDENTIALS REMOVED) or die(mysql_error()); mysql_select_db("testingblock", $connection)or die(mysql_error()); $random_num = rand(1,10); if($random_num == 1){ $query = sprintf("SELECT email FROM access_codes WHERE id='1'", mysql_real_escape_string($email)); $result = mysql_query($query); $row = mysql_fetch_assoc($result); if(!empty($row['email'])){ header('Location: http://www.thestreetbeatint.com/Testing/blah.php'); } else { echo $recipient; } } else if ($random_num == 2){ $query = sprintf("SELECT email FROM access_codes WHERE id='2'", mysql_real_escape_string($email)); $result = mysql_query($query); $row = mysql_fetch_assoc($result); if(!empty($row['email'])){ header('Location: http://www.thestreetbeatint.com/Testing/blah.php'); } else { echo $recipient; } } else if ($random_num == 3){ $query = sprintf("SELECT email FROM access_codes WHERE id='3'", mysql_real_escape_string($email)); $result = mysql_query($query); $row = mysql_fetch_assoc($result); if(!empty($row['email'])){ header('Location: http://www.thestreetbeatint.com/Testing/blah.php'); } else { echo $recipient; } } else if ($random_num == 4){ $query = sprintf("SELECT email FROM access_codes WHERE id='4'", mysql_real_escape_string($email)); $result = mysql_query($query); $row = mysql_fetch_assoc($result); echo '<br />'; if(!empty($row['email'])){ header('Location: http://www.thestreetbeatint.com/Testing/blah.php'); } else { echo $recipient; } } else if ($random_num == 5){ $query = sprintf("SELECT email FROM access_codes WHERE id='5'", mysql_real_escape_string($email)); $result = mysql_query($query); $row = mysql_fetch_assoc($result); if(!empty($row['email'])){ header('Location: http://www.thestreetbeatint.com/Testing/blah.php'); } else { echo $recipient; } } else if ($random_num == 6){ $query = sprintf("SELECT email FROM access_codes WHERE id='6'", mysql_real_escape_string($email)); $result = mysql_query($query); $row = mysql_fetch_assoc($result); if(!empty($row['email'])){ header('Location: http://www.thestreetbeatint.com/Testing/blah.php'); } else { echo $recipient; } } else if($random_num == 7){ $query = sprintf("SELECT email FROM access_codes WHERE id='7'", mysql_real_escape_string($email)); $result = mysql_query($query); $row = mysql_fetch_assoc($result); if(!empty($row['email'])){ header('Location: http://www.thestreetbeatint.com/Testing/blah.php'); } else { echo $recipient; } } else if ($random_num == 8){ $query = sprintf("SELECT email FROM access_codes WHERE id='8'", mysql_real_escape_string($email)); $result = mysql_query($query); $row = mysql_fetch_assoc($result); if(!empty($row['email'])){ header('Location: http://www.thestreetbeatint.com/Testing/blah.php'); } else { echo $recipient; } } else if ($random_num == 9){ $query = sprintf("SELECT email FROM access_codes WHERE id='9'", mysql_real_escape_string($email)); $result = mysql_query($query); $row = mysql_fetch_assoc($result); echo '<br />'; if(!empty($row['email'])){ header('Location: http://www.thestreetbeatint.com/Testing/blah.php'); } else { echo $recipient; } } else if ($random_num == 10){ $query = sprintf("SELECT email FROM access_codes WHERE id='10'", mysql_real_escape_string($email)); $result = mysql_query($query); $row = mysql_fetch_assoc($result); if(!empty($row['email'])){ header('Location: http://www.thestreetbeatint.com/Testing/blah.php'); } else { echo $recipient; } } ?> [icode] I've tried Googling this for a long time but I only find complete member systems with ugly code, not something i'm looking for. What I am looking for is just a simple tutorial or commented code to make a admin login. What it's going to do is just: Loading a MD5 salt hasched password from my MYSQL database. You'll get to fill in one field: Password. If it validates with the MYSQL password it'll show the hidden content; if not it'll just give a "not correct error". That's basicly it. I have only one page of secret admin stuff so yeah.. it would be awesome to have the ability to logout and I of curse want to have everything in sessions! It would be to big help! If you look at the botton of http://getminecraft.net/ you see my latest tweets. The problem is that it shows http://getminecraft.net/%22http://twitter.com/PC_Gamer%22 instead of the original twitter url, that results to a wrong url and wrong site. How can I fix it? so it shows the original twitter url. Here is the script: <?php $username = "getminecraft"; $prefix = ""; $suffix = ""; $feed = "http://search.twitter.com/search.atom?q=from:" . $username . "&rpp=1"; function parse_feed($feed) { $stepOne = explode("<content type=\"html\">", $feed); $stepTwo = explode("</content>", $stepOne[1]); $tweet = $stepTwo[0]; $tweet = str_replace("<", "<", $tweet); $tweet = str_replace(">", ">", $tweet); return $tweet; } $twitterFeed = file_get_contents($feed); echo stripslashes($prefix) . parse_feed($twitterFeed) . stripslashes($suffix); ?> The attached script does everything I want it to do, but it's not very elegant. I could use some help cleaning it up. Any and all help is greatly appreciated. Thanks!!! I was told that you guys could probably help me with this, so heres my situation. I use this program called Activeworlds, and me and my buddies are makeing a "tv show" if you will within the program. To do so, you take screenshots, save the screenshots, and add the image files into a directory on your domain. You need a .php script to present them as a slideshow. Now the problem is, ive searched for scripts already made from other sites, but the thing is, they are all fancy slideshow viewers, meaning they come with control buttons to cycle through the pictures and all kinds of other banners and flashy looking things. The only script im needing, is a simple script that will display and cycle through the raw images, and nothing else, within the web browser, in a slideshow format. Id also like to have a value I can edit that will change how fast the pictures cycle through, 15 seconds or so would be perfect however. If someone could refer me to this code or even make it for me, it would be soo appreciated. I know im probably asking for alot, but it would help me soo much. I wish I knew a little more about .php files to do it myself, or else I would. If you do link me to a script, please give me simple instructions on what to do with it lol because like I said, I dont know anything about the world of .php yet. Thank you all for your time. Hi everybody, my goal is to get the IP of someone accesing the site, writing the time and date along with his IP into the database. Of course, I would be adding the script to my frontpage when I make it work. But I get this error: Quote Parse error: syntax error, unexpected T_VARIABLE in D:\Program Files\xampp\xampp\htdocs\script1.php on line 8 I've checked line 8, I dont find anything in it that is out of place. Here is the code: <?php $ip = $_SERVER['REMOTE_ADDR']; $date = date("m.d.y"); $time = time(); mysql_connect ("localhost", "root", "********") or die ('Error: '. mysql_error()); mysql_select_db ("ip"); $query = "INSERT INTO ipdo (time, date, ip) VALUES ('"$time"', '"$date"', '"$ip"')"; mysql_query($query) or die ('Error updating database'); echo "Database updated with: " .$ip. "" ; ?> This is the first script I write entirely on my own, so be gentle Help? Can someone show me a simple mail script that I can run in cli, I can enter a $to = email@email.com and then have it send to my email? just in cli.. Thanks I'm very new to PhP and one of my asignments in class is to create a simple login using php and mysql. I made a simple page using html, php, and mysql and i keep getting errors. Here is my code so far: This is my index.php page: <html> <form action = 'login.php' method='POST'> Username: <input type='text' name='username'><br> Password: <input type='password' name='password'><br> <input type='submit' value='Log in'> </form> </html> This is my login.php page: <?php $username = $_POST['username']; $password = $_POST['password']; if ($username&&$password) { &connect = mysql_connect("localhost", "root", " ") or die ("Couldnt connect"); mysql_selct_db("phplogin") or die("Couldn't find db"); } else die ("Please enter a username and password"); ?> mySql file is very basic: 3 columns, id, username, password I dont think my problem is with the mySQL page that was the easiest to make but everytime I hit login in the index.php, the entire script for login.php gets outputted on screen. I would appreciate all the help. Hi all, Im coding a simple script for my website which just changes the users rank. Code: [Select] <?php session_start(); include "../includes/db_connect.php"; include "../includes/functions.php"; logincheck(); ini_set ('display_errors', 1); error_reporting (E_ALL); $username=$_SESSION['username']; $get = mysql_query ("SELECT * FROM users WHERE username = '$username'"); $fetch = mysql_fetch_object($get); if ($fetch->userlevel >= "2"){ $newrank = $_POST['newrank']; $user1 = $_POST['user']; if (strip_tags($_POST['update'])){ mysql_query("UPDATE users SET `rank` = '$newrank' WHERE username='$user1'") or die (mysql_error()); echo ("You have updated $user1's rank to $newrank !"); } } else{ echo ("Your userlevel isnt high enouth to be here!"); } ?> <html> <head> <title>Change Rank</title> <link rel="stylesheet" href="../includes/in.css" type="text/css"> <style type="text/css"> .infobg { font-family: Arial; font-weight:normal; font-size:12px; border-top: 1px solid #000000; border-right: 1px solid #000000; border-bottom: 1px solid #000000; border-left: 1px solid #000000; background: URL(textbg1.png); font-weight:300; } .button { font-size: 12px; background:url(button.png); vertical-align: middle; border-top: 1px solid #000000; border-right: 1px solid #000000; border-bottom: 1px solid #000000; border-left: 1px solid #000000; color: #FFFFCC; height:23px; font-weight:300; border-radius: 10px; padding-bottom:2px; } </style> </head> <body> <form action='' method='post' name='form1'> <table width='30%' cellpadding='0' align='center' cellspacing='0' border='1' bordercolor='#000000' bgcolor='#808080' style='border-collapse: collapse'> <tr> <td background='../header.jpg' colspan='2' align='center'>Change Rank</td> <tr> <td>Username:</td><td><input type='text' name='user'></td> </tr> <tr> <td>Rank:</td><td><input type='text' name='newrank'></td> </tr> <tr> <td> </td><td><input type="submit" name="update" value="Update Rank"></td> </tr> </form> </table> </body> </html> But there seems to be something wrong with that code, which I carnt see or work out. When I click Update submit button it does nothing, but can anyone see why it does nothing? Thanks. Hiya! I need to create a simple PDF script that will always create A4 documents. I need the content to be controlled using HTML and CSS. Where do you start in creating such a script? Any help is greatly received. Hello, I'm trying to create a simple php blog thing, and I can't get the commenting to work.. blog.php?id=2 On that page, there is a form what is used to comment, it goes to send.php That php has this query in it: $yhteys = mysql_connect('10.5.49.32', '09A_user', 'pass'); mysql_select_db('09A_Jere', $yhteys); mysql_query("INSERT INTO `Blog_kommentit` (`kayttajat` , `kommentti` , `kirjid` ) VALUES ('$kayttajat', '$kommentti', '$id')") or die(mysql_error())$sql = "SELECT * FROM Blog_kommentit WHERE kirjid='$id' ORDER BY id";; mysql_close($yhteys); header('Location: ' . $_SERVER['HTTP_REFERER']); How can I make the $id to be previous pages id (2)? This shouldn't be anything hard and I'm kinda amazed why I am stuck in this, any help will be appreciated. If I just put $id I get this error: Code: [Select] Cannot add or update a child row: a foreign key constraint fails (`09A_Jere/Blog_kommentit`, CONSTRAINT `kommentti_kirjoitus` FOREIGN KEY (`kirjid`) REFERENCES `Blog_kirjoitukset` (`id`))Here is how my database works: (Kayttajat = username, kommentti = comment) I have a form on my website which actions login.php. The login.php code is below: <?php include('includes/classes.php.inc'); session_start(); $link = new BaseClass(); $data = $link->query("SELECT * FROM logins"); $pass_accepted = false; if($_REQUEST['username'] && $_REQUEST['password']){ $username = $_REQUEST['username']; $password = $_REQUEST['password']; while($row = mysql_fetch_array($data)){ if(($row['username']==$useranme)&&($row['password']==$password){ echo 'Password correct!'; $_SESSION['loggedin']=true; $pass_accepted = true; } } } else { echo 'You did not enter a username or password!'; } if(!$pass_accepted){ echo 'Your password is incorrect'; } echo '<br>Please <a href="index.php">click here</a> to return to page'; ?> I have checked that my references are all correct however even when I enter the correct password it returns saying the password is incorrect. Any idea on why this could be? I am happy to answer any follow up questions. Regards Ok, I submit the form, and when the next page displays, it says recieved with the persons name, but it wont post their email, and it wont ever send the message to the email address......... i've been playing with it all day long and just cannot figure it out, about to rip my hair out... any help would be appreciated. Contact.php page Code: [Select] <?php // Header Include include('includes/header.php'); ?> <!-- BEGIN SITE CONTENT INCLUDES HERE --> <!-- Index page included --> <table border="0" cellpadding="5" cellspacing="0" width="300" align="center"> <tr> <td><font face="verdana" size="2" color=#"000000"><b>Feedback Form</b></font></td> <tr> <td><form name="contact" method="post" action="contact_submit.php"> <font face="verdana" size="1" color="#1b4a1b">Your Name:<br /> <input type="text" name="name" size="25" /> <br /> Email:<br /> <input type="text" name"email" size="25" /> <br /> Comments:</font><br /> <textarea name="comments" rows="5" cols="30"></textarea> <br /><input type="submit" name="submit" value="Send" /> </form></td> </tr> </table> <br /><br /> <!-- / End Index Page --> <!-- / END SITE CONTENT INCLUDES HERE --> <!-- Footer Include --> <?php include('includes/footer.php'); ?> Form Processing Script contact_submit.php Code: [Select] <?php $to = "tonyagmatrix@gmail.com"; $re = "Feedback Form"; $msg = $comments; mail($to,$re,$msg); ?> <html><head><title>Message Recieved</title></head> <body> <h3>Thank you for your feedback <?PHP echo ($name); ?></h3> <br />We value your opinions and any questions will be replyed to your email address: <?php echo ($email); ?> </body></html> Does anyone have any idea wtf is wrong? Hello. i am writing an API for lua... that sends POST requests to a php script. this php script is malfunctioning. below is the code and error. Hi Everyone, Just wondered if someone could quickly help me out, im building a simple login system for my website but having a little bit of trouble, the error i keep getting is: Quote Cannot modify header information - headers already sent by (output started at /home/sites/cuju8.com/public_html/include.php:18) in /home/sites/cuju8.com/public_html/login.php on line 12 I have done some research but cant find the answer to this, my login script is as follows: Code: [Select] <?php require_once('include.php'); $error = ''; $form = $_POST['submit']; $email = $_POST['email']; $password = $_POST['password']; if( isset($form) ) { if( isset($email) && isset($password) && $email !== '' && $password !== '' ) { $sql = mysql_query("SELECT * FROM `usersystem` WHERE email='$email' and password='$password';"); if( mysql_num_rows($sql) != 0 ) { //success $_SESSION['logged-in'] = true; [b]header('Location: members.php');[/b] exit; } else { $error = "Incorrect login info"; } } else { $error = 'All information is not filled out correctly';} } ?> I think its the header location code thats causing the problem but im not sure where to move it too. If anyone could help i would really appreciate it. Cheers |