PHP - Having Login Issues
I'm going to post two scripts my login.php and my register.php
problem is i'm always getting usernamepassword don't match i think something to do with md5 but can't figure out where... or why? <?php session_start(); $login = $_POST['login']; $password = $_POST['password']; if ($login&&$password) { $connect = mysql_connect("localhost","heaven","jefF0614") or die ("could not connect to server"); mysql_select_db("heaven_users") or die ("could not find database"); $query = mysql_query("SELECT * FROM members WHERE username='$login'"); $numrows = mysql_num_rows($query); if($numrows!=0) { while ($row = mysql_fetch_assoc($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } // check to see if they match if($login==$dbusername&&$password==$dbpassword) { echo "Your In <a href='member.php'>click here to go to the member page</a>"; //start session $_SESSION['username']=$login; } else echo "Incorrect Password/Username Combination"; } else die("That username dose not exist"); } else die ("Please enter a username and password"); ?> and register.php <?php //check for submit $submit =$_POST['submit']; //gather POST variable $fullname =strip_tags($_POST['fullname']); $email =strip_tags($_POST['email']); $username =strip_tags($_POST['username']); $password =strip_tags($_POST['password']); $password2 =strip_tags($_POST['password2']); if ($submit) { //check that fields were filled in if ($fullname&&$email&&$username&&$password&&$password2) { //check to see if our two password fields match if ($password==$password2) { $password = md5($password); // register the user //open database $connect = mysql_connect("localhost", "heaven", "jefF0614"); mysql_select_db("heaven_users"); //begine insert $queryreg = mysql_query("INSERT INTO members VALUES ('','$fullname','$email','$username','$password')"); if ($queryreg) { echo "Thanks, For Registering! Click <a href=\"index.php\">HERE</a>To Login!"; } } //otherwise if passwords don't match else { echo "<font color='red'>The passwords you entered do not match</font>"; //end of checking password } } else { echo "<font color='red'>Please enter all fields!</font>"; } } //end check for submit ?> Similar TutorialsHi, Okay, i have no idea what's gone wrong here - yesterday my codes were working fine, and today they arent. I have not changed a single letter of the coding on these pages but my site just isnt accepting my passwords. When i went to create a new user i noticed this at the top of the page: Quote Warning: session_start() [function.session-start]: open(/tmp/sess_28f02ccd11ec3beb8ff8b5762400b605, O_RDWR) failed: Read-only file system (30) in /home/a9203152/public_html/PHP-Login/register-form.php on line 5 but i dont really know what it is telling me is wrong? i've tried changing the file permissions etc but like i say, nothing has changed even a little bit. maybe its my computer or something?? the site is www.cumbrianadverts.com if anybody wants to try making an account to see what im talking about. any help is appreciated Thanks Hi folks, me again. I am trying to create the login for the admin section of my project, but facing issues again. I can't seem to get the code to check to see if the username and password submitted through the login form is correct as per what is in the database. Here is the form: Code: [Select] <form action="authenticate.php" method="post" name="frmLogin" id="frmLogin"> <table width="400" border="1" align="center" cellpadding="2" cellspacing="2"> <tr> <td width="150">User Id</td> <td><input name="txtUserId" type="text" id="txtUserId"></td> </tr> <tr> <td width="150">Password</td> <td><input name="txtPassword" type="password" id="txtPassword"></td> </tr> <tr> <td width="150"> </td> <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td> </tr> </table> </form> The authenticate.php: <?php session_start(); // Start a new session require('../config/config.php'); // Holds all of our database connection information // Get the data passed from the form $username = $_POST['user']; $password = $_POST['password']; // Do some basic sanitizing $username = stripslashes($username); $password = stripslashes($password); $sql = "select * from users where username = '$username' and password = '$password'"; $result = mysql_query($sql) or die ( mysql_error() ); $count = 0; while ($line = mysql_fetch_assoc($result)) { $count++; } ?> The errors I get: Code: [Select] Warning: mysql_query() [function.mysql-query]: Access denied for user 'danoid'@'localhost' (using password: NO) in /home/danoid/public_html/admin/authenticate.php on line 14 Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/danoid/public_html/admin/authenticate.php on line 14 Access denied for user 'danoid'@'localhost' (using password: NO) Any one got any ideas? I'm completely new to programming in PHP so I looked up a tutorial on youtube, came across the phpacademy tutorial for making a login page script. I followed everything as mentioned in the video but for some reason, I can login without a username or password entered and on top of that it's not displaying any of the messages I added in the code. I'm using Xampp for my Apache server and MySQL, configured everything I should of (as far as I know) but it still refuses to work. Here's the html for the login page, just a basic form. Code: [Select] <html> <form action='login.php' method='POST'> Username: <input type='text' name='username'><br> Password: <input type='password' name='password'><br> <input type='submit' value='Log in'> </html> And then we have the PHP code which isn't working AT ALL. It's like it's not reading it at all for some reason and I can't figure out why. Code: [Select] <?php $connect = mysql_connect("localhost", "root", "") or die("Couldn't connect!"); mysql_select_db("phplogin") or die("Couldn't find DB"); $connection =@ mysql_connect($db['server'], $db['user'], $db['password']) or die (include_once("offline.php")); $db =@ mysql_select_db($db['database']) or die (include_once("offline.php")); if($_POST['username'] && $_POST['password']){ $username = trim($_POST['username']); $password = trim($_POST['password']); $query = mysql_query("SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'"); $numrows = mysql_num_rows($query); if ($numrows > 0){ echo "Username & Password correct (Logged in)"; } else { echo "That user doesn't exist"; } } else { echo "Please enter a username and password!"; } ?> One thing I should mention is that, if I try to login on firefox it shows part of my php code as text, if I open it on Opera it displays the whole php code as text. Any ideas? -.-' Hello, I created a simple login script, taht has a hard coded user/pass. Yet for some reason it will not work, keeps redirecting to the main login page Here is the code Login Page Code: [Select] <table width='400' border='0' align='center' cellpadding='0' cellspacing='0'> <tr> <td>UserName:</td> <td><form action="loginscript.php" method="post"> <input name="username" type="text" size="10"></td> </tr> <tr> <td>Password:</td> <td><input name="password" type="password" size="10"></td> </tr> <tr> <td colspan='2' align='center'><input name="Submit" type="submit" value="Submit"></form></td> </tr> </table> Login Script Code: [Select] <?php session_start(); $pass = strtolower($_POST['password']); $name = strtolower($_POST['username']); if($name == "test" && $pass == "test"){ header ("location: select.php"); } else{ // invalid login, so go back ... header ("location: index.php"); } ?> Select.php Code: [Select] <?php session_start(); if(isset($_SESSION['myuser'])){ } else{ header ("location: index.php"); } ?> ANy ideas why it is not working. It doesnt seem like it is going through the login on the loginscript as all it does is redirect back to index page over and over again hi again guys n gals. Ive just pre-built a website that works fine. ive just moved all files to another server and now when i try to login it does nothing , also if i try to signup it gives this error ................. Code: [Select] Warning: gethostbyaddr() [function.gethostbyaddr]: Address is not a valid IPv4 or IPv6 address in /home/content/70/6589670/html/gaming/signup.php on line 87 i have NOT edited the code in anyway so m guessing its a server issue ... or could i be wrong ??? any help welcome , thanks for reading hi i need help an idea how can i separate members from admins since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 ) (its session login form only that i made it work other tutorials wre too old or something) how what i want to do is separate members and admins because admin need more rights to do now i have idea but dont know will it work like that what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work? and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag? Hello guys, Is there on web any updated tutorial on how can I add Facebook login on my simple php login script? How to add the ability to login with username or email for login?
<?php ob_start(); include('../header.php'); include_once("../db_connect.php"); session_start(); if(isset($_SESSION['user_id'])!="") { header("Location: ../dashboard"); } if (isset($_POST['login'])) { $email = mysqli_real_escape_string($conn, $_POST['email']); $password = mysqli_real_escape_string($conn, $_POST['password']); $result = mysqli_query($conn, "SELECT * FROM users WHERE email = '" . $email. "' and pass = '" . md5($password). "'"); if ($row = mysqli_fetch_array($result)) { $_SESSION['user_id'] = $row['uid']; $_SESSION['user_name'] = $row['user']; $_SESSION['user_email'] = $row['email']; header("Location: ../dashboard"); } else { $error_message = "Incorrect Email or Password!!!"; } } ?>
Hi guys, Can anyone assist me. I am trying to create a login for admin and user (if user not a member click register link) below is my code: But whenever I enter the value as: Username: admin Password:123 - I got an error message "That user does not exist!" Any suggestion and help would be appreciated. Thanks. login.php <?php //Assigned varibale $error_msg as empty //$error_msg = ""; session_start(); $error_msg = ""; if (isset($_POST['submit'])) { if ($a_username = "admin" && $a_password = "123") { //Define $_POST from form text feilds $username = $_POST['username']; $password = $_POST['password']; //Add some stripslashes $username = stripslashes($username); $password = stripslashes($password); //Check if usernmae and password is good, if it is it will start session if ($username == $a_username && $password == $a_password) { session_start(); $_SESSION['session_logged'] = 'true'; $_SESSION['session_username'] = $username; //Redirect to admin page header("Location: admin_area.php"); } } $username = (isset($_POST['username'])) ? $_POST['username'] : ''; $password = (isset($_POST['password'])) ? $_POST['password'] : ''; if($username && $password) { $connect = mysql_connect("localhost", "root", "") or die ("Couldn't connect!"); mysql_select_db("friendsdb") or die ("Couldn't find the DB"); $query = mysql_query ("SELECT * FROM `user` WHERE username = '$username'"); $numrows = mysql_num_rows($query); if ($numrows != 0){ while ($row = mysql_fetch_array($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } //Check to see if they are match! if ($username == $dbusername && md5($password) == $dbpassword) { header ("Location: user_area.php"); $_SESSION['username'] = $username; } else $error_msg = "Incorrect password!"; //code of login }else $error_msg = "That user does not exist!"; //echo $numrows; } else $error_msg = "Please enter a username and password!"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login Page</title> </head> <body> <br /> <?php require "header.php"; ?><br /> <div align="center"> <table width="200" border="1"> <?php // If $error_msg not equal to emtpy then display error message if($error_msg!="") echo "<div id=\"error_message\"style=\"color:red; \">$error_msg</div><br />";?> <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post"> <!--form action="login_a.php" method="post"--> Username: <input type="text" name="username" /><br /><br /> Password: <input type="password" name="password" /><br /><br /> <input type="submit" name = "submit" value="Log in" /> </form> <p> </p> Register a <a href="register.php">New User</a> </table> </div> </body> </html> Hi guys. What I want to create is really complicated. Well I have a login system that works with post on an external website. I have my own website, but they do not give me access to the database for security reasons, therefore I have to use their login system to verify my users. What their website does is that it has a post, with username and password. The POST website is lets say "https://www.example.com/login". If login is achieved (i.e. username and password are correct), it will redirect me to "https://www.example.com/login/success" else it will redirect me to "https://www.example.com/login/retry". So I want a PHP script that will do that post, and then according to the redirected website address it will return me TRUE for success, FALSE for not successful login. Any idea?? Thanks Hi everyone i wonder if you can help me he I need a script for a login and check login- create cookie. Here is my form: <form method="post" action="check_login.php"> <p> <input type="submit" name="Submit2" value="go" /> </fieldset> </p> </form> that sends it to check_login (which BEFORE i deleted something by accident, used to take me to a username and password box) But now all it does is send me straight to the memebrs area??? Can i change the check_login.php script to make it work correctly: Code: [Select] <?php // Connects to your Database mysql_connect("server", "user", "password") or die(mysql_error()); mysql_select_db("DB") or die(mysql_error()); //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['upassword']) { } else { header("Location: members_area.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['upassword']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['upassword'] = stripslashes($_POST['upassword']); $info['upassword'] = stripslashes($info['upassword']); $_POST['upassword'] = md5($_POST['upassword']); //gives error if the password is wrong if ($_POST['upassword'] != $info['upassword']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['upassword'], $hour); //then redirect them to the members area header("Location: members_area.php"); } } } else { // if they are not logged in ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table width="316" height="120" border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="upassword" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> Hello, I am once again desperately asking for your help, I am working on a simple login page and I am having trouble actually getting it to login. I display error messages for if the user doesn't enter anything but I can't seem to get it to work for if the credentials are wrong. It logs the user in whether the information is right or not and i dont even know what to do now
This is the code any suggestions would be greatly appreciated <?php /* Name: Deanna Slotegraaf Course Code: WEBD3201 Date: 2020-09-22 */ $file = "sign-in.php"; $date = "2020-09-22"; $title = "WEBD3201 Login Page"; $description = "This page was created for WEBD3201 as a login page for a real estate website"; $banner = "Login Page"; require 'header.php'; $error = ""; if($_SERVER["REQUEST_METHOD"] == "GET") { $username = ""; $password = ""; $lastaccess = ""; $error = ""; $result = ""; $validUser = ""; } else if($_SERVER["REQUEST_METHOD"] == "POST") { $conn; $username = trim($_POST['username']); //Remove trailing white space $password = trim($_POST['password']); //Remove trailing white space if (!isset($username) || $username == "") { $error .= "<br/>Username is required"; } if (!isset($password) || $password == ""){ $error .= "<br/>Password is required"; } if ($error == "") { $password = md5($password); $query = "SELECT * FROM users WHERE EmailAddress='$username' AND Password='$password'"; $results = pg_query($conn, $query); //$_SESSION['username'] = $username; //$_SESSION['success'] = "You are now logged in"; header('location: dashboard.php'); }else { $error .= "Username and/or Password is incorrect"; } } ?> <div class = "form-signin"> <?php echo "<h2 style='color:red; font-size:20px'>".$error."</h2>"; ?> <form action = "<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <label for="uname"><b>Login ID</b></label> <input type="text" name="username" value="<?php echo $username; ?>"/> <br/> <label for="psw"><b>Password</b></label> <input type="password" name="password" value="<?php echo $password; ?>"/> <br/> <button type="submit" name="login_user">Login</button> <button type="reset">Reset</button></div> </form> </div> <?php require "footer.php"; ?>
<html> <head> <title>Admin Panel</title> <style> body {font-family:verdana; font-size:12; font-weight:bold; color:black; background-color:white} td {font-family:verdana; font-size:12; font-weight:bold; color:black} .style1 { font-size: 12px; font-weight: bold; } </style> </head> <body onLoad="document.f1.username1.focus();"> <!-- main table start here --> <table width=761 height=500 align=center border=0 bordercolor=black cellspacing=0 cellpadding=0> <tr> <td align=center> <!-- second table start here --> <table width="757" border="0" cellspacing="0" cellpadding="0" height="100%" bgcolor=white> <tr> <td align=center> <form method="post" action="login.php" name="f1"> <table align=center width=400 border=0 bordercolor=black cellspacing=0 cellpadding=5> <caption align=center><?=$MyError?></center> <tr bgcolor=#333333> <td colspan=2 align=center bgcolor="#333333"><span class="style1"><font color="#FFFFFF">Site Admin Login </font></span></td> </tr> <tr bgcolor=#77D2FF> <td bgcolor="#FFFFFF">Username: <font size="1"> </font></td> <td bgcolor="#FFFFFF"><input type="text" name="username1" maxlength="20"></td> </tr> <tr bgcolor=#77D2FF> <td bgcolor="#FFFFFF">Password: <font size="1"> </font></td> <td bgcolor="#FFFFFF"><input type="password" name="password1" maxlength="20"></td> </tr> </table> <br> <center> <input type="submit" name="s2" value="Login" style="background-color:#6598CD; font-size:11; color:black; font-family:verdana, arial; font-weight:bold; border-width:1; border-color:#333333"> </center> </form> </table> <!-- second table end here --> </td> </tr> </table> <!-- main table end here --> <? require_once("../conn.php"); if(isset($_POST[s2])) { $MyUsername1 = strip_tags($_POST[username1]); $MyPassword1 = strip_tags($_POST[password1]); if(empty($MyUsername1) || empty($MyPassword1)) { $MyError = "<center><font color=red size=2 face=verdana><b>All fields are required!</b></font></center>"; } else { //check the login info if exists $q1 = "select * from re2_admin where AdminID = '$MyUsername1' and AdminPass = '$MyPassword1' "; $r1 = mysql_query($q1); if(!$r1) { echo mysql_error(); header("Location:error1.php"); exit(); } else { if(mysql_num_rows($r1) == '1') { $a1 = mysql_fetch_array($r1); $_SESSION[AdminID] = $MyUsername1; $_SESSION[AdminEmail] = $a1[AdminEmail]; $_SESSION[AdminName] = $a1[AdminName]; header("location:index.php"); exit(); } } } } ?>I have listed the HTML then the PHP. In the actual file, the PHP comes before the HTML. I have a script I sell over again. I have installed it many times. The script has a 'site admin' backend to manage the site from. The default user and password to login to the script is 'admin.' It works everytime. But I installed it last night for a customer on their host and 'admin' does not work. I checked PHPMyAdmin to see if that was the username/password in there and it is. I would much appreciate your help in solving this. I am guessing the fact that my script is very old has something to do with it. hello every1
I am creating a login script using pdo.. The problem i;m facing is that inspite of giving the right login details, it shows "wrong username / password."
The pdo code is shown below
function login_members($uname,$pwd,$type) { $q = $this->connect()->prepare("SELECT * FROM members WHERE username='?' AND password='?' AND type='?' LIMIT 1"); $q->bindParam(1, $username,PDO::PARAM_STR); $q->bindParam(2, $pwd,PDO::PARAM_STR); $q->bindParam(3, $type,PDO::PARAM_STR); if($q->execute()) { $row = $q->fetch(PDO::FETCH_ASSOC); if(($row['username']===$uname) && ($row['password']===$pwd)) { return TRUE; } else { return FALSE; } } else { return FALSE; } }in the main page if($pdo->login_members($uname,$pwd,$type)) { echo "<div class='correct_message' style='display:block'>You have been successfully logged in...</div>"; } else { echo "<div class='error_message' style='display:block'>wrong username / password</div>"; }Any help will be greatly appreciated.... Alrite I have a script that creates a new php script for each user, but thats a huge security risk because i have the Username and Password box saved into the php script and checked against the login.php page; I am a total newb with MySQL, but i have the database, but i have no idea what tables to create with fields and datatype etc :3 Also, I dont know how to check the username and password via SQL; Any help would be greatly appreciated okay so i have a file called login.php but when you login it stay's on the same page... + i want it to go to a different page... so a user log's in from login.php and i want it to go to a new file called main.php i have some code below i was wondering if someone could help me separate the code to make it 2 pages... login.php Code: [Select] <?php include("include/session.php"); global $database; $config = $database->getConfigs(); ?> <html> <head> <link rel="stylesheet" href="include/style.css" type="text/css"> <title><?php echo $config['SITE_NAME']; ?> - Login Page</title> </head> <body> <div id="mainborder"> <tr> <td> <div class="image"> <p align="center"><a href="index.php"><img src="images/logo.gif" width="850" height="130"></a> <div class="sidebox"> </div> </div> <p align="left"> <table width="95%" class="topbar"> <tr> <td> <marquee scrollamount='3'>Welcome to pokemon RPG please report all bugs/errors to the site admin:) #Rate</marquee> </td> </tr> </table> <table width="100%" border="0" cellpadding="0" cellspacing="0"> </p> <tr> <td valign="top" width="150"> <div style="height:7px;"></div> <div class="headbox">Navigation</div> <a class="leftmenu" href="index.php">Home</a> <a class="leftmenu" href="login.php">Login</a> <a class="leftmenu" href="register.php">Register</a> <a class="leftmenu" href="#">About/FAQ</a> <a class="leftmenu" href="#">Forum</a> <a class="leftmenu" href="#">Chat Box</a><br> <br /> <td valign="top"> <table border="0" cellspacing="0" cellpadding="0" width="100%"> <tr> <td width="10"></td> <td valign="top" class="mainbox"> <div class="contentcontent"> </div> <div id="mainContent"> <table class="content"> <br /> <?php /** * User has already logged in, so display relavent links, including * a link to the admin center if the user is an administrator. */ if($session->logged_in){ echo "<h1>Logged In</h1>"; echo "Welcome <b>$session->username</b>, you are logged in. <br><br>" ."[<a href=\"userinfo.php?user=$session->username\">My Account</a>] " ."[<a href=\"useredit.php\">Edit Account</a>] "; if($session->isAdmin()){ echo "[<a href=\"admin/index.php\">Admin Center</a>] "; } echo "[<a href=\"process.php\">Logout</a>]"; } else{ ?> <?php /** * User not logged in, display the login form. * If user has already tried to login, but errors were * found, display the total number of errors. * If errors occurred, they will be displayed. */ if($form->num_errors > 0){ echo "<font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font>"; } ?> <div class="loginbox"> Member Login </div> <form action="process.php" method="POST" autocomplete="on"> <tr> <table class="contentcontent" align="left" border="0" cellspacing="0" cellpadding="3"> <tr><td>Username:</td><td><input type="text" name="user" maxlength="30" value="<?php echo $form->value("user"); ?>"></td><td><?php echo $form->error("user"); ?></td></tr> <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30" value="<?php echo $form->value("pass"); ?>"></td><td><?php echo $form->error("pass"); ?></td></tr> <tr><td colspan="2" align="left"><input type="checkbox" name="remember" <?php if($form->value("remember") != ""){ echo "checked"; } ?>> Remember me <input type="hidden" name="sublogin" value="1"> <input type="submit" value="Login"></td></tr> <tr><td colspan="2" align="left"><br><font size="2">[<a href="forgotpass.php">Forgot Password?</a>]</font></td><td align="right"></td></tr> </form> <table width="875"> <tr> <br /> <br /> <td width="902" height="20" colspan="2" align="center" class="maincontent"><br /><div class="contentcontent">This site is not affiliated with Nintendo, Creatures Ink, Gamefreak or any other organisation. Legal Info </br><?php } echo ""; include("include/view_active.php");?></div> </td> </tr> </table> </body> </html> process.php Code: [Select] <?php include("include/session.php"); class Process { /* Class constructor */ function Process(){ global $session; /* User submitted login form */ if(isset($_POST['sublogin'])){ $this->procLogin(); } /* User submitted registration form */ else if(isset($_POST['subjoin'])){ $this->procRegister(); } /* User submitted forgot password form */ else if(isset($_POST['subforgot'])){ $this->procForgotPass(); } /* User submitted edit account form */ else if(isset($_POST['subedit'])){ $this->procEditAccount(); } /** * The only other reason user should be directed here * is if he wants to logout, which means user is * logged in currently. */ else if($session->logged_in){ $this->procLogout(); } /** * Should not get here, which means user is viewing this page * by mistake and therefore is redirected. */ else{ header("Location: ".$config['WEB_ROOT'].$config['home_page']); } } /** * procLogin - Processes the user submitted login form, if errors * are found, the user is redirected to correct the information, * if not, the user is effectively logged in to the system. */ function procLogin(){ global $session, $form; /* Login attempt */ $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember'])); /* Login successful */ if($retval){ header("Location: ".$session->referrer); } /* Login failed */ else{ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ".$session->referrer); } } /** * procLogout - Simply attempts to log the user out of the system * given that there is no logout form to process. */ function procLogout(){ global $database, $session; $config = $database->getConfigs(); $retval = $session->logout(); header("Location: ".$config['WEB_ROOT'].$config['home_page']); } /** * procRegister - Processes the user submitted registration form, * if errors are found, the user is redirected to correct the * information, if not, the user is effectively registered with * the system and an email is (optionally) sent to the newly * created user. */ function procRegister(){ global $database, $session, $form; $config = $database->getConfigs(); /* Checks if registration is disabled */ if($config['ACCOUNT_ACTIVATION'] == 4){ $_SESSION['reguname'] = $_POST['user']; $_SESSION['regsuccess'] = 6; header("Location: ".$session->referrer); } /* Convert username to all lowercase (by option) */ if($config['ALL_LOWERCASE'] == 1){ $_POST['user'] = strtolower($_POST['user']); } /* Hidden form field captcha deisgned to catch out auto-fill spambots */ if (!empty($_POST['killbill'])) { $retval = 2; } else { /* Registration attempt */ $retval = $session->register($_POST['user'], $_POST['pass'], $_POST['conf_pass'], $_POST['email'], $_POST['conf_email']); } /* Registration Successful */ if($retval == 0){ $_SESSION['reguname'] = $_POST['user']; $_SESSION['regsuccess'] = 0; header("Location: ".$session->referrer); } /* E-mail Activation */ else if($retval == 3){ $_SESSION['reguname'] = $_POST['user']; $_SESSION['regsuccess'] = 3; header("Location: ".$session->referrer); } /* Admin Activation */ else if($retval == 4){ $_SESSION['reguname'] = $_POST['user']; $_SESSION['regsuccess'] = 4; header("Location: ".$session->referrer); } /* No Activation Needed but E-mail going out */ else if($retval == 5){ $_SESSION['reguname'] = $_POST['user']; $_SESSION['regsuccess'] = 5; header("Location: ".$session->referrer); } /* Error found with form */ else if($retval == 1){ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ".$session->referrer); } /* Registration attempt failed */ else if($retval == 2){ $_SESSION['reguname'] = $_POST['user']; $_SESSION['regsuccess'] = 2; header("Location: ".$session->referrer); } } /** * procForgotPass - Validates the given username then if * everything is fine, a new password is generated and * emailed to the address the user gave on sign up. */ function procForgotPass(){ global $database, $session, $mailer, $form; $config = $database->getConfigs(); /* Username error checking */ $subuser = $_POST['user']; $subemail = $_POST['email']; $field = "user"; //Use field name for username if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, "* Username not entered<br>"); } else{ /* Make sure username is in database */ $subuser = stripslashes($subuser); if(strlen($subuser) < $config['min_user_chars'] || strlen($subuser) > $config['max_user_chars'] || !preg_match("/^[a-z0-9]([0-9a-z_-])+$/i", $subuser) || (!$database->usernameTaken($subuser))){ $form->setError($field, "* Username does not exist<br>"); } else if ($database->checkUserEmailMatch($subuser, $subemail) == 0){ $form->setError($field, "* No Match<br>"); } } /* Errors exist, have user correct them */ if($form->num_errors > 0){ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); } /* Generate new password and email it to user */ else{ /* Generate new password */ $newpass = $session->generateRandStr(8); /* Get email of user */ $usrinf = $database->getUserInfo($subuser); $email = $usrinf['email']; /* Attempt to send the email with new password */ if($mailer->sendNewPass($subuser,$email,$newpass,$config)){ /* Email sent, update database */ $usersalt = $session->generateRandStr(8); $newpass = sha1($usersalt.$newpass); $database->updateUserField($subuser,"password",$newpass); $database->updateUserField($subuser,"usersalt",$usersalt); $_SESSION['forgotpass'] = true; } /* Email failure, do not change password */ else{ $_SESSION['forgotpass'] = false; } } header("Location: ".$session->referrer); } /** * procEditAccount - Attempts to edit the user's account * information, including the password, which must be verified * before a change is made. */ function procEditAccount(){ global $session, $form; /* Account edit attempt */ $retval = $session->editAccount($_POST['curpass'], $_POST['newpass'], $_POST['conf_newpass'], $_POST['email']); /* Account edit successful */ if($retval){ $_SESSION['useredit'] = true; header("Location: ".$session->referrer); } /* Error found with form */ else{ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ".$session->referrer); } } }; /* Initialize process */ $process = new Process; ?> Thankyou for your help in advance. Hey Guys, Im trying to work on my login script after successfully doing my register script. The problem im having trouble is that when i login with false details, it still prompts me with 'You have logged in". Also if the user is not activated it should say "Account has not been activated." Could someone help me out. Thanks. Code: [Select] <?php include"database.php";?> <html> <head> <title>Login</title> </head> <body> <h1>Manager Login</h1> <form action="login.php" method="post"> <TABLE BORDER="0"> <TR> <TD>Email:</TD> <TD> <input type="text" name="email" size="20"> </TD> </TR> <TR> <TD>Password:</TD> <TD><INPUT TYPE="password" NAME="password" SIZE="20"></TD> </TR> </table> <P> <input type="submit" name="login" value="Login" /> </form> <?php session_start(); if (isset($_POST['login'])) { if (empty($_POST['email']) || empty($_POST['password'])) { $errors[] = "Please fill out all fields."; } $email = $_POST['email']; $password = $_POST['password']; $level = 'level'; $check = mysql_query("SELECT * FROM users WHERE email='".$email."' AND password='".$password."'"); if (mysql_num_rows($check)>=1) { $errors[] = "Wrong Details. Try Again."; } $check = mysql_query("SELECT * FROM users WHERE level='".$level."'"); if (mysql_num_rows($check)>=1) { if ($level == '0') { $errors[] = "Account has not been activated."; }} if (empty($errors)) { echo "You have logged in!"; } else { foreach($errors as $nErrors){ echo $nErrors . "<br>"; } } } ?> Hello, I have found this forum very useful and i hope i will get some help from here. I am nill in php so if someone help i am thankful, I actually want to know how to add facebook login in php files.. I have 2 pages of sms script one is index.php where is form like name, number, textbox and captcha then send button.. and second file is send.php where has api to send sms. I have seen some sites there is button login with facebook after login there sms form shows and in name field there person name already written and field locked and in number field there we have to write number and text box, captcha.. without login sms form not showing... So how to do this can someone help me? if some one really want to help i can also give him sample of site where i have seen this and i need exact like this pm me for sample... Hi, I want to store login info and create account, but when after I create account, I can't log in, it still displays: "Please register above!" login script: ======== Code: [Select] <html> <head> <title>Login</title> </head> <body> <hr /> <form method="post" action=""> <label>Username:</label> <input type="text" name="username"> <br /> <label>Password:</label> <input type="password" name="password"> <p> <input type="submit" value="Login" name="Login" /> <input type="reset" value="Reset" name="Reset" /> </p> </form> <?php //if username/password filled in and submitted, check db to find match login info if(array_key_exists("Login",$_POST) && !empty($_POST["username"]) && !empty($_POST["password"])) { $attemptedUsername=$_POST["username"]; $attemptedPassword=crypt($_POST["password"]); mysql_connect("localhost","root"); mysql_select_db("dummydpevx"); $getLoginInfoQuery=mysql_query("SELECT userName,userPassword FROM users WHERE userName='$attemptedUsername' AND userPassword='$attemptedPassword'"); $getLoginInfo=mysql_fetch_assoc($getLoginInfoQuery); $getUsername=$getLoginInfo["userName"]; $getPassword=crypt($getLoginInfo["userPassword"]); if($attemptedPassword==$getPassword) { session_start();//NB: Start session BEFORE doing any session stuff! $_SESSION["isAuthenticated"]="userAuthenticated"; header("Location: SecureSite.php"); exit; } else//"Please register above!" print "Please register above!"; } ?> </body> </html> here is register script: =============== Code: [Select] <html> <head> <title>Register</title> </head> <body> <form method="post" action="" > <p>Create a username <input type="text" name="newUsername" size="10" /> </p> <p>Create a password <input type="password" name= "newPassword" size="10" /> </p> <p> <input type="submit" value="Make account now" name="makeAccountSubmit" /> </p> </form> <?php if(array_key_exists("makeAccountSubmit",$_POST) && !empty($_POST["newUsername"]) && !empty($_POST["newPassword"]) ) { //IF username doesn't exist, then store new user login info to db dummydpevx mysql_connect("localhost","root"); mysql_select_db("someDB"); $newUserName=$_POST["newUsername"]; $newPassword=crypt($_POST["newPassword"]); $usernameQuery=mysql_query("SELECT userName FROM users WHERE userName='$newUserName'"); if(mysql_num_rows($usernameQuery)==0) { $makeNewAccountQuery=mysql_query("INSERT INTO users (userName,userPassword) VALUES('$newUserName','$newPassword')"); print "You are now registered, <a href='login.php'>proceed to login</a>"; } //ELSE IF username exists already, "Username already taken, please enter another BUT KEEP IN MIND user can have any passwords (EVEN IDENTICAL ONES b/c doesn't make sense to say password exists (this will help hackers have easier time hacking!) if(mysql_num_rows($usernameQuery)==1) print "Username taken. Please make another one. <br />"; } if(array_key_exists("makeAccountSubmit",$_POST) ) { if(empty($_POST["newUsername"]) && empty($_POST["newPassword"])) print "Please fill in a username and password! <br />"; else if(empty($_POST["newPassword"])) print "Please fill in a password!<br />"; else if(empty($_POST["newUsername"])) print "Please fill in a username! <br />"; } ?> </body> </html> Please I would appreciate any help, thanks! I am trying to change my web site to user only to public view. I still need users to be able to log in so they can edit things. I did a quick fix to allow everyone to view things by removing the ! from the sessions. How ever with that when i try to log in it just loops to login.php. There are links on the page that only admins will be able to see. Here is my session with the removed !. Code: [Select] <?php session_start(); if($_SESSION['login']){ $_SESSION['rank']; $_SESSION['loggedinusername'] = $loggedinusername; $_SESSION['loggedinuseremail'] = $loggedinuseremail; header("location:login.php"); } $rank=$_SESSION['rank']; $loggedinusername=$_SESSION['loggedinusername']; $loggedinuseremail=$_SESSION['loggedinuseremail']; ?> How would i got about allowing eveyone to see this page but the log in still work? If you need anymore code let me know Thank you |