|
PHP - Login Code Issue
I have a pretty basic PHP log in code connected to a database of register users. However, it's not allowing any users to enter? Could someone please review the code and let me know if you find any errors?
//Create query $qry="SELECT * FROM customers WHERE username='$login' AND password='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['id']; $_SESSION['SESS_FIRST_NAME'] = $member['fname']; $_SESSION['SESS_LAST_NAME'] = $member['lname']; session_write_close(); header("location: key_catalog.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> Similar TutorialsI have this working code except I can't redirect to a thank you page when a new user registers. When they login it works without issue. I just don't know where or what to put for the registration part.
Here is my Code. Any help would be much appreciated.
<?php Hi experts,I have the following problem.I have a file login.php which is used to allow users to log in.When the form is submitted it is redirected to checkuserlogin.php.If the credentials are right he is redirected to main.php.But in main.php if the user clicks back browser button,he is redirected to login.php and in login.php if he presses forward button,he is redirected to main.php.Can any one tell he how to make sure the application is not redirected to main.php when user presses forward button and how to make sure the application is not redirected to login.php when user presses back button.
I have a problem with login issue that when i loggin as student from index.php it should bring me to student_home php.. but it doesnt show anything and just bring me to index.php back.. i mixed up about header and session part..
index.php
<?php
include('header.php');
//Start session
session_start();
//Unset the variables stored in session
unset($_SESSION['id']);
?>
<body>
<?php include('navhead.php'); ?>
<div class="container">
<div class="row-fluid">
<div class="span3">
<div class="hero-unit-3">
<div class="alert-index alert-success">
<i class="icon-calendar icon-large"></i>
<?php
$Today = date('y:m:d');
$new = date('l, F d, Y', strtotime($Today));
echo $new;
?>
</div>
</div>
<div class="hero-unit-1">
<ul class="nav nav-pills nav-stacked">
<li class="nav-header">Links</li>
<li class="active"><a href="#"><i class="icon-home icon-large"></i> Home
<div class="pull-right">
<i class="icon-double-angle-right icon-large"></i>
</div>
</a></li>
<li><a href="sitemap.php"><i class="icon-sitemap icon-large"></i> Site Map
<div class="pull-right">
<i class="icon-double-angle-right icon-large"></i>
</div>
</a></li>
<li><a href="contact.php"><i class="icon-envelope-alt icon-large"></i> Contact Us
<div class="pull-right">
<i class="icon-double-angle-right icon-large"></i>
</div>
</a>
</li>
<li class="nav-header">About US</li>
<li><a href="#mission" role="button" data-toggle="modal"><i class="icon-book icon-large"></i> Mission
<div class="pull-right">
<i class="icon-double-angle-right icon-large"></i>
</div>
</a></li>
<li><a href="#vision" role="button" data-toggle="modal"><i class="icon-book icon-large"></i> Vision
<div class="pull-right">
<i class="icon-double-angle-right icon-large"></i>
</div>
</a></li>
<li><a href="history.php"><i class="icon-list-alt icon-large"></i> History
<div class="pull-right">
<i class="icon-double-angle-right icon-large"></i>
</div>
</a></li>
</ul>
</div>
<br>
</div>
<div class="span9">
<section class="main">
<div class="custom-calendar-wrap">
<div id="custom-inner" class="custom-inner">
<div class="custom-header clearfix">
<nav>
<span id="custom-prev" class="custom-prev"></span>
<span id="custom-next" class="custom-next"></span>
</nav>
<h2 id="custom-month" class="custom-month"></h2>
<h3 id="custom-year" class="custom-year"></h3>
</div>
<div id="calendar" class="fc-calendar-container"></div>
</div>
</div>
</section>
<div class="alert alert-info">
<button type="button" class="close" data-dismiss="alert">×</button>
<strong>Head Up!</strong> Welcome to Morpheus.
</div>
<div class="slider-wrapper theme-default">
<?php include('slider.php'); ?>
</div>
<!-- end slider -->
</div>
</div>
</div>
<!---------------->
<div class="container">
<div class="row-fluid">
<div class="span12">
<div class="row-fluid">
<div class="span9">
<div class="alert alert-success"><i class="icon-file icon-large"></i> <strong>Mission</strong></div>
<div class="hero-unit-2">
Announcements
</div>
</div>
<div class="span3">
<div class="alert alert-info">
<i class="icon-building icon-large"></i> Faculty
</div>
<div class="hero-unit-3">
<p><a href=""><i class="icon-sign-blank"></i> Faculty</a></p>
<p><a href=""><i class="icon-sign-blank"></i> Faculty</a></p>
<p><a href=""><i class="icon-sign-blank"></i> Faculty</a></p>
<p><a href=""><i class="icon-sign-blank"></i> Faculty</a></p>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="alert alert-success"><i class="icon-file icon-large"></i> <strong>Project</strong></div>
<div class="hero-unit-2">
Project
</div>
<?php include('footer.php'); ?>
</div>
</body>
</html>
navhead.php
<div class="row-fluid">
<div class="span12">
<div class="navbar navbar-fixed-top navbar-inverse">
<div class="navbar-inner">
<div class="container">
<a class="btn btn-navbar" data-toggle="collapse" data-targer=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</a>
<div class="nav-collapse collapse">
<i class="icon-facebook-sign icon-large" id="color_white"></i>
<i class="icon-twitter icon-large" id="color_white"></i>
<i class="icon-google-plus icon-large" id="color_white"></i>
<i class="icon-github-alt icon-large" id="color_white"></i>
<i class="icon-linkedin-sign icon-large" id="color_white"></i>
<div class="pull-right">
<form class="navbar-search pull-left">
<i class="icon-search icon-large" id="color_white"></i>
<input type="text" class="search-query" placeholder="Search">
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="hero-unit-header">
<div class="container">
<div class="row-fluid">
<div class="span12">
<div class="row-fluid">
<div class="span6">
<img src="admin/images/head.png">
</div>
<div class="span6">
<div class="pull-right">
<!--- login button -->
<div class="btn-group">
<button class="btn btn-success"><i class="icon-signin icon-large"></i> Login</button>
<button class="btn dropdown-toggle" data-toggle="dropdown">
<span class="caret"></span>
</button>
<ul class="dropdown-menu">
<li><a href="#student" role="button" data-toggle="modal"><i class="icon-user icon-large"></i> Student</a></li>
<li><a href="#teacher" role="button" data-toggle="modal"><i class="icon-user-md icon-large"></i> Teacher</a></li>
</ul>
</div>
<!-- end login -->
<?php include('student_modal.php'); ?>
<?php include('teacher_modal.php'); ?>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
student_modal.php
<div id="student" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-header">
</div>
<div class="modal-body">
<div class="alert alert-info">
<button type="button" class="close" data-dismiss="alert">×</button>
<strong>Login Student!</strong> Please Enter the Details Below.
</div>
<form class="form-horizontal" method="post">
<div class="control-group">
<label class="control-label" for="inputEmail">Username</label>
<div class="controls">
<input type="text" name="username" id="inputEmail" placeholder="Username">
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputPassword">Password</label>
<div class="controls">
<input type="password" name="password" id="inputPassword" placeholder="Password">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" name="login" class="btn btn-info"><i class="icon-signin icon-large"></i> Sign in</button>
</div>
</div>
<?php
if (isset($_POST['login'])) {
function clean($str) {
$str = @trim($str);
if (get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
$username = clean($_POST['username']);
$password = clean($_POST['password']);
$query = mysql_query("select * from student where username='$username' and password='$password'") or die(mysql_error());
$count = mysql_num_rows($query);
$row = mysql_fetch_array($query);
if ($count > 0) {
session_start();
session_regenerate_id();
$_SESSION['id'] = $row['student_id'];
header('location:student_home.php');
session_write_close();
exit();
} else {
header('error_login.php');
?>
<?php
}
}
?>
</form>
<!-- teacher -->
</div>
<div class="modal-footer">
<button class="btn" data-dismiss="modal" aria-hidden="true"><i class="icon-remove-sign icon-large"></i> Close</button>
</div>
</div>
login_student.php
[php]<?php
include('header.php');
//Start session
session_start();
//Unset the variables stored in session
unset($_SESSION['id']);
?>
<body>
<?php include('navhead.php'); ?>
<div class="container">
<div class="row-fluid">
<div class="span10">
<ul class="breadcrumb">
<li class="active">Login<span class="divider">/</span></li>
<li><a href="login_student.php"><i class="icon-group icon-large"></i> Teacher</a><span class="divider">/</span></li>
<li class="active"><i class="icon-group icon-large"></i> Student</li>
<div class="pull-right">
<li>
<i class="icon-calendar icon-large"></i>
<?php
$Today = date('y:m:d');
$new = date('l, F d, Y', strtotime($Today));
echo $new;
?>
</li>
</div>
</ul>
<div class="alert alert-info">
<button type="button" class="close" data-dismiss="alert">×</button>
<strong>Login Student!</strong> Please Enter the Details Below.
</div>
<form class="form-horizontal" method="post">
<div class="control-group">
<label class="control-label" for="inputEmail">Username</label>
<div class="controls">
<input type="text" name="username" id="inputEmail" placeholder="Username">
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputPassword">Password</label>
<div class="controls">
<input type="password" name="password" id="inputPassword" placeholder="Password">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" name="login" class="btn btn-info"><i class="icon-signin"></i> Sign in</button>
</div>
</div>
<?php
if (isset($_POST['login'])) {
function clean($str) {
$str = @trim($str);
if (get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
$username = clean($_POST['username']);
$password = clean($_POST['password']);
$query = mysql_query("select * from user where username='$username' and password='$password'") or die(mysql_error());
$count = mysql_num_rows($query);
$row = mysql_fetch_array($query);
if ($count > 0) {
session_start();
session_regenerate_id();
$_SESSION['id'] = $row['user_id'];
header('location:student_home.php');
session_write_close();
exit();
} else {
session_write_close();
?>
<div class="pull-right">
<button type="button" class="close" data-dismiss="alert">×</button>
<div class="alert alert-danger"><i class="icon-remove-sign"></i> Access Denied</div>
</div>
<?php
exit();
}
}
?>
</form>
</div>
<div class="span2">
<div class="hero-unit-1">
<ul class="nav nav-pills nav-stacked">
<li class="nav-header">Links</li>
<li><a href="index.php"><i class="icon-home icon-large"></i> Home</a></li>
<li><a href="#"><i class="icon-file-alt icon-large"></i> New And Events</a></li>
<li><a href="#"><i class="icon-sitemap icon-large"></i> Site Map</a></li>
<li><a href="#"><i class="icon-envelope-alt icon-large"></i> Contact Us</a></li>
<li class="nav-header">About US</li>
<li><a href="#"><i class="icon-book icon-large"></i> Mission</a></li>
<li><a href="#"><i class="icon-book icon-large"></i> Vision</a></li>
<li><a href="#"><i class="icon-list-alt icon-large"></i> History</a></li>
</ul>
</div>
</div>
</div>
<?php include('footer.php'); ?>
</div>
</body>
</html>
login_student.php
<?php
include('header.php');
//Start session
session_start();
//Unset the variables stored in session
unset($_SESSION['id']);
?>
<body>
<?php include('navhead.php'); ?>
<div class="container">
<div class="row-fluid">
<div class="span10">
<ul class="breadcrumb">
<li class="active">Login<span class="divider">/</span></li>
<li><a href="login_student.php"><i class="icon-group icon-large"></i> Teacher</a><span class="divider">/</span></li>
<li class="active"><i class="icon-group icon-large"></i> Student</li>
<div class="pull-right">
<li>
<i class="icon-calendar icon-large"></i>
<?php
$Today = date('y:m:d');
$new = date('l, F d, Y', strtotime($Today));
echo $new;
?>
</li>
</div>
</ul>
<div class="alert alert-info">
<button type="button" class="close" data-dismiss="alert">×</button>
<strong>Login Student!</strong> Please Enter the Details Below.
</div>
<form class="form-horizontal" method="post">
<div class="control-group">
<label class="control-label" for="inputEmail">Username</label>
<div class="controls">
<input type="text" name="username" id="inputEmail" placeholder="Username">
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputPassword">Password</label>
<div class="controls">
<input type="password" name="password" id="inputPassword" placeholder="Password">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" name="login" class="btn btn-info"><i class="icon-signin"></i> Sign in</button>
</div>
</div>
<?php
if (isset($_POST['login'])) {
function clean($str) {
$str = @trim($str);
if (get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
$username = clean($_POST['username']);
$password = clean($_POST['password']);
$query = mysql_query("select * from user where username='$username' and password='$password'") or die(mysql_error());
$count = mysql_num_rows($query);
$row = mysql_fetch_array($query);
if ($count > 0) {
session_start();
session_regenerate_id();
$_SESSION['id'] = $row['user_id'];
header('location:student_home.php');
session_write_close();
exit();
} else {
session_write_close();
?>
<div class="pull-right">
<button type="button" class="close" data-dismiss="alert">×</button>
<div class="alert alert-danger"><i class="icon-remove-sign"></i> Access Denied</div>
</div>
<?php
exit();
}
}
?>
</form>
</div>
<div class="span2">
<div class="hero-unit-1">
<ul class="nav nav-pills nav-stacked">
<li class="nav-header">Links</li>
<li><a href="index.php"><i class="icon-home icon-large"></i> Home</a></li>
<li><a href="#"><i class="icon-file-alt icon-large"></i> New And Events</a></li>
<li><a href="#"><i class="icon-sitemap icon-large"></i> Site Map</a></li>
<li><a href="#"><i class="icon-envelope-alt icon-large"></i> Contact Us</a></li>
<li class="nav-header">About US</li>
<li><a href="#"><i class="icon-book icon-large"></i> Mission</a></li>
<li><a href="#"><i class="icon-book icon-large"></i> Vision</a></li>
<li><a href="#"><i class="icon-list-alt icon-large"></i> History</a></li>
</ul>
</div>
</div>
</div>
<?php include('footer.php'); ?>
</div>
</body>
</html>
In my login form I'm getting the error Code: [Select] Notice: Use of undefined constant Errors - assumed 'Errors' in /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php on line 91 Warning: Cannot modify header information - headers already sent by (output started at /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php:91) in /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php on line 91 Warning: Cannot modify header information - headers already sent by (output started at /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php:91) in /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php on line 92 //if the name exists it gives an error if ($check2 != 0) { //Line 85 $error="<span style="; $error .="color:red"; $error .=">"; $error .= "Sorry, the username is already in use."; $error .="</span>"; setcookie(Errors, $error, time()+20); //Line 91 header('Location: /YBK/'); //Line 92 exit; } i just discovered a hole in my scripts relating to access . 1. have a simple login form 2. based on the type of user , he is directed to a page for his options . 3. I now realise that altho each page therefter checks for sessions of the user , he can easily change the url to that of another user and there is no way to prevent it. 4. How can i make sure that each time a page is accessed it is only by the user whom it is meant for. Relevant code snippets below . Thanks ! Swati login.php --------- <?php //error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR); //Process this if statement only if form was submitted if($_POST['submit']){ session_start(); $username=$_POST['username']; $password=$_POST['password']; include ("link.php"); // contains db info //Test for login success $sql = "SELECT * FROM Users WHERE Username='$username' AND Password = '$password'"; $result = mysql_query($sql); if ($myrow = mysql_fetch_assoc($result)){ // echo $sql; $login_success = 'Yes'; $userid = $myrow["Userid"]; $usertype = $myrow["UTID"]; $status = "On"; $url = $PHP_SELF."?".$_SERVER['QUERY_STRING'];; $logout = 'logout.php'; $_SESSION['id']=session_id(); $_SESSION['userid']=$userid; $_SESSION['usertype']=$usertype; $sql2= "insert into Log (Sessionid,Userid,IP,Date,File, Status) values('$_SESSION[id]','$userid','$ip','$tm', '$url', '$status')"; $result2 = mysql_query($sql2) or die ('no access to database: ' . mysql_error()); // echo mysql_error(); } } } ?> Each subsequent page has this header ============================== <? header("Cache-Control: public"); include ("log.php"); //db info for DB along with session start if(!isset($_SESSION['userid'])){ echo "<center><font face='Calibri' size='2' color=red>Sorry, Please login and use this page </font></center>"; exit;} ?> The url of each page : Code: [Select] www.abc.com/example/type1.php?Userid=USER1ID and such a user can easily change the url to Code: [Select] www.abc.com/example/type2.php?Userid=USER1ID and access all the options of type2.php Hi all I have the below login scripts which works great, I need to add a line in to give the user a message if the 'live' entry in the database is 0. Here's my code: Code: [Select] <?php if(isset($_POST['submit'])) { $error = false; $user_login = ($_POST['user_login']); $pass_login = ($_POST['pass_login']); if(!empty($user_login) && !empty($pass_login)) { $check_details=mysql_query("SELECT * FROM `members` WHERE email='".$user_login."' AND password='".sha1($pass_login)."' AND live = 1"); $getdetails=mysql_fetch_array($check_details); $status=mysql_num_rows($check_details); if($status >= "1") { $error = false; $_SESSION['wmmadmin_loggedin'] = "1"; $_SESSION['wmmadmin_email'] = "".$user_login.""; $_SESSION['wmmadmin_username'] = "".$getdetails['name'].""; $_SESSION['wmmadmin_country'] = "".$getdetails['country'].""; $date = date('l jS \of F Y h:i:s A'); mysql_query(" INSERT INTO `logs` SET user = '".$getdetails['name']."', date = '".$date."'" ); header("Location: index.php"); } if(!$status || $status == "0") { $error = true; echo "<div class=\"error\">Error! Login details were incorrect. </div>\n"; echo "<div class=\"error\">Forgot your password? Click the below link: </div>\n"; } } if(empty($user_login) || empty($pass_login)) { $error = true; echo "<div class=\"error\"><strong>Please enter your username and password. </div>\n"; echo "<div class=\"error\">Forgot your password? Click the below link: </div>\n"; } } ?> Many thanks for your help. Pete I am createing a simply quiz site, where in order to participate in the quiz, you must first be logged in. While working on my local machine, the code works perfectly. I use the followin to create a session ID; $_SESSION['SESS_ID'] = $member['id']; Then, on my main page where i want dynamic code i include the following; if(!isset($_SESSION['SESS_ID']) || (trim($_SESSION['SESS_ID']) == '')) { print (" <div style='float:left; width:400px; height:215px; margin-left:500px;'> <form class='login' method='post' action='login-form.php' style='float:right; margin-top:120px;' > <input type='submit' class='button' name='submit' value='Sign In' style='float:right ; margin-right:20px;'> </form> <p style=' margin-top:170px; margin-left:160px;'>New Member? Start <a href='register-form.php'>Here</a></p> </div> " ); } else { print "<h4 style='float:right; text-align: right; margin-top:150px; margin-right:50px;'>Welcome ". $_SESSION['SESS_NAME']. " <a href='logout.php' style='float:right; text-align:right;'>Sign Out</a></h4> "; For some reason, when the site is on the server, the session ID does not seam to get passed along. Any Ideas how to remediy this? the website is kingdomquiz.com if anybody is interested. Hi all, Sorry to be a pain, but I've been out of the php game for quite a few years and have just come back to it briefly to help someone out. I've been using an old admin auth script that I used to use a long time ago but it's not working, and I can't for the life of me work it out :/ I apologise for the noobishness of the code, but as I said, it's been a long time. Any and all help would be very greatly appreciated. Here is the code: <? require("config.php"); mysql_connect($server,$login,$password) or die('Error connecting to server'); mysql_select_db($base) or die('Error connecting to database'); $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login'"); $data = @mysql_fetch_array($req); $member_name = $data["username"]; $member_pass = $data["mempass"]; $member_userlevel = $data["level"]; if($member_pass == $admin_pass) { SetCookie("mgdwebby","$member_name:$member_pass:$member_userlevel"); } include("header.php"); ?> <? if($action=="login") { if($admin_login==""){ echo"Wrong info. "; } elseif($admin_pass==""){ echo"Wrong info. "; } else{ require("config.php"); mysql_connect($server,$login,$password) or die('Error connecting to server'); mysql_select_db($base) or die('Error connecting to database'); $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login'"); $data = @mysql_fetch_array($req); $member_name = $data["username"]; $member_pass = $data["mempass"]; if($member_pass == $admin_pass) { echo"<head><meta http-equiv=\"refresh\" content=\"2;URL=admin.php\"></head><br><center>Please Wait.</center><br>"; $auth = explode(":",$HTTP_COOKIE_VARS["mgdwebby"]); if(empty($auth[0]) || empty($auth[1])) { } else { echo"Welcome<br>"; include("admin_left.php"); } } else { echo"Wrong info. "; } } } else { echo"<form method='post' action='?action=login'> <table width='307' align='center' cellspacing='0' cellpading='0' border='0'> <tr> <td width='200'> Login : </td> <td> <input type='text' name='admin_login'></td> </tr> <tr> <td width='200'> Password : </td> <td> <input type='password' name='admin_pass'></td> </tr> <tr> <td colspan='2' align='center'><center><input type='submit' value='Login'></center></td> </table> "; } ?> <? include("footer.php"); ?> Could anyone help me making a login function that checks the txt document if user and pw exists/are correct? -and if they are, sends you to a logged in page. This is for a assignment which is why I have to store the information in a text document, I know it's unsafe. Also i know i should use $_Sessions but I'm not sure how to use it and where to put it.
So far I have created the form which has 2 buttons one for registering and one for logging in. I have also created the registration function which checks the text file if the username already exists if not it will register it.
<html lang="eng">
<head>
<link rel="stylesheet" href="style.css">
<title>name</title>
</head>
<body>
<div class="formdiv">
<h2>Log in or register</h2>
<form action="" method="post">
<p>Username<p style="color:black">*</p> <input type="text" name="user" placeholder="Type in your username" required>
<p>Password<p style="color:black">*</p> <input type="password" name="pw" placeholder="Type in your password" required>
<?php
if (isset($_POST['saveBtn'])){
$username = $_POST['user'];
$password = $_POST['pw'];
$error = register($username);
if ($error == '') {
echo "User: $username has been registered!<br/>";
}
else echo $error;
}
?>
<input type="submit" name="saveBtn" value="Save new user">
<input type="submit" name="loginBtn" value="Login">
</form>
</div>
<?php // Registration
function register($user){
$textError = '';
// Check and see if user exists
$UserPassTxt = fopen("userpwd.txt","a+"); // Opens text doc
rewind($UserPassTxt);
while (!feof($UserPassTxt)) {
$line = fgets($UserPassTxt);
$tmp = explode(':', $line);
if ($tmp[0] == $user) {
$textError = "Username already exists!";
break;
}
}
if ($textError == ''){
$hash = password_hash('', PASSWORD_DEFAULT);
fwrite($UserPassTxt, "\n$user: $hash");
}
fclose($UserPassTxt); // Closes txt doc
return $textError;
}
?>
<?php //Login
function login($user, $pass){
}
?>
</body>
///here's my best attempt at the function
<?php //Login
$error = '0';
if (isset($_POST['loginBtn'])){
$username = $_POST['user'];
$password = $_POST['pw'];
$error = login($username,$password);
}
function login($user, $pass){
$errorText = '';
$validUser = false;
$UserPassTxt = fopen("userpwd.txt","r");
rewind($UserPassTxt);
while (!feof($UserPassTxt)) {
$line = fgets($UserPassTxt);
$tmp = explode(':', $line);
if ($tmp[0] == $user) {
if (trim($tmp[1]) == trim(password_hash('', PASSWORD_DEFAULT))){
$validUser= true;
$_SESSION['user'] = $user;
}
break;
}
}
fclose($UserPassTxt);
if ($validUser != true) $errorText = "Not correct username or password";
if ($validUser == true) $_SESSION['validUser'] = true;
else $_SESSION['validUser'] = false;
return $errorText;
}
function logoutUser(){
unset($_SESSION['validUser']);
unset($_SESSION['user']);
}
function checkUser(){
if ((!isset($_SESSION['validUser'])) || ($_SESSION['validUser'] != true)){
header('Location: index.php');
}
}
?>
Hi All, I Have an issue validating and inserting the data in to the database. I am beginner and the error message is new to me however i have google it but unable to find hope any one can help Thanks in advanced. Error : "Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\signupck.php on line 32 Deprecated: Function eregi() is deprecated in C:\wamp\www\signupck.php on line 50 Welcome, You have successfully signed up Click here to login" Please find the Code Below: File name:signup.php Code: [Select] <!doctype html public "-//w3c//dtd html 3.2//en"> <html> <head> <title>Fast Fix Pro Signup</title> <script type="text/javascript"> function validate(form) { if(form1.userid.value == "") { alert('Please enter userid '); form1.userid.focus(); return false; } if(form1.userid.value == "") { alert('Please enter userid '); form1.userid.focus(); return false; } if(form1.password.value == "") { alert('Please enter password '); form1.password.focus(); return false; } if(form1.password2.value == "") { alert('Please renter the password '); form1.password2.focus(); return false; } if(form1.email.value == "") { alert('Please enter Email '); form1.email.focus(); return false; } if(form1.fname.value == "") { alert('Please enter First Name '); form1.fname.focus(); return false; } if(form1.lname.value == "") { alert('Please enter Last Name '); form1.lname.focus(); return false; } if (!document.form1.agree.checked) { alert("Please Read the guidlines and check the box below ."); return false; } return true; } </script> </head> <body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#800080" alink="#ff0000"> <br/> <br/> <table width='67%' height="454" border='0' align=center cellpadding='0' cellspacing='0'><form name="form1" method=post action="signupck.php" onsubmit='return validate(this)'><input type="hidden" name="todo" value=post> <tr bgcolor='#f1f1f1'><td align=center colspan=2><font face='Verdana' size='2' ><b>Signup</b></td></tr> <tr bgcolor='#f1f1f1'><td > <font face='Verdana' size='2' >User ID</td><td ><font face='Verdana' size='2'><input type=text name=userid></td></tr> <tr ><td > <font face='Verdana' size='2' >Password</td><td ><font face='Verdana' size='2'><input name=password type=password></td></tr> <tr bgcolor='#f1f1f1'><td > <font face='Verdana' size='2' >Re-enter Password</td><td ><font face='Verdana' size='2'><input name=password2 type=password></td></tr> <tr ><td ><font face='Verdana' size='2' > Email</td><td ><input type=text name=email></td></tr> <tr bgcolor='#f1f1f1'><td > <font face='Verdana' size='2' >First Name</td><td ><font face='Verdana' size='2'><input type=text name=fname></td></tr> <tr ><td > <font face='Verdana' size='2' >Last Name</td><td ><font face='Verdana' size='2'><input type=text name=lname></td></tr> <tr bgcolor='#f1f1f1' ><td > <font face='Verdana' size='2' >I agree to terms and conditions</td><td ><font face='Verdana' size='2'><input type=checkbox name=agree value='yes'></td></tr> <tr ><td align=center colspan=2><input type=submit value=Signup> <input name="Reset" type=reset value=Reset> <td colspan=2 align=left> </td></td></tr> </table> <center> <br><font face='Verdana' size='2' ><a href='login.php'>Already a member ? Please Login</a></font></center> </body> </html> File Name :signuppck.php Code: [Select] <?php include ("Connection.php");// database connection details stored here ?> <!doctype html public "-//w3c//dtd html 3.2//en"> <html> <head> <title>(Type a title for your page here)</title> <meta name="GENERATOR" content="Arachnophilia 4.0"> <meta name="FORMATTER" content="Arachnophilia 4.0"> </head> <body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#800080" alink="#ff0000"> <?php extract($_POST); //<---I don't recommand this really if(isset($todo) and $todo=="post") { $status = "OK"; $msg=""; // if userid is less than 3 char then status is not ok if(!isset($userid) or strlen($userid) <3) { $msg=$msg."User id should be =3 or more than 3 char length<BR>"; $status= "NOTOK"; } if(mysql_num_rows(mysql_query("SELECT userid FROM signup WHERE userid = '$userid LIMIT 1' "))) <-------------------(line 32) { $msg=$msg."Userid already exists. Please try another one<BR>"; $status= "NOTOK"; } if ( strlen($password) < 3 ) { $msg=$msg."Password must be more than 3 char legth<BR>"; $status= "NOTOK"; } if ( $password <> $password2 ) { $msg=$msg."Both passwords are not matching<BR>"; $status= "NOTOK"; } if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) <--------------- (Line 50) { $msg=$msg."enter valid email address<BR>"; $status= "NOTOK"; } if ($agree<>"yes") { $msg=$msg."You must agree to terms and conditions<BR>"; $status= "NOTOK"; } if($status<>"OK") { echo "<font face='Verdana' size='2' color=red>$msg</font><br><input type='button' value='Retry' onClick='history.go(-1)'>"; }else{ // if all validations are passed. $query=mysql_query("INSERT INTO signup(userid,password,email,Fname,Lname) values('$userid','$password','$email','$fname','$lname')");; echo "<font face='Verdana' size='2' color=green>Welcome, You have successfully signed up<br><br><a href=login.php>Click here to login</a><br></font>"; } } ?> </body> </html> File Name :<include file> Code: [Select] <HTML> <HEAD> <TITLE>Connecting to Database</TITLE> </HEAD> <BODY> <?php $db = "quantas"; mysql_connect("localhost","root","") or die (mysql_error()); mysql_select_db($db); ?> </BODY> </HTML> Is there a way to get current logged in username and based on that redirect to a different page? I’m using the following secure PHP login without MySql as a login system: https://sourceforge.net/projects/phploginbyvallastech/ Now I’m looking to redirect each logged in user to their personalized page. But I can’t figure out how to A) fetch the current logged in user and B) redirect multiple users. This code redirects to the latter address, but the username based redirect is not working: <?php session_start(); if ($_SESSION["username"]==User1){ header("location: user1content.php"); exit; } else { header("location: generalcontent.php"); exit; } { ?> <?php } ?>
So it’s clearly not fetching the logged in user. Though <?php echo $login->username; ?> fetches the username just fine. Hey guys I've been writing this login code and ive been having some minor problems i dunno what seemds to be the problem ive tried everything :s Here's the html part of the login, the username and pass are sent by post to login.php below to compare with the ones in the database Code: [Select] <form method="POST" action="login.php"> Username : <input type="text" name="username"> Password : <input type="password" name="password"> <input type="submit" value="Login"> </form>$connect=mysql_connect("localhost","swcri_tarakji","xxxxxxxxxx"); mysql_select_db("swcri_working",$connect) or die (mysql_errno().":<b> ".mysql_error()."</b>"); $select_user = mysql_query('select * from users where username = "' . $_POST['username'] . '" and password = "' . md5($_POST['password'] . '"')); if (mysql_num_rows($select_user) != 0) { session_start(); session_register('authorized'); $_SESSION['authorized'] = true; header("Location: protected.php"); exit; } else { header("Location: login_form.php"); exit; } i get the following errors when i try to login : Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/swcri/public_html/working/login.php on line 19 Warning: Cannot modify header information - headers already sent by (output started at /home/swcri/public_html/working/login.php:10) in /home/swcri/public_html/working/login.php on line 30 Pleaassseee help me So I am new to all this coding and I am making a small website, which has to have a login and something is not working properly. My login user/pass processing code looks like this <?php $host = 'xxxx'; // Host name Normally 'LocalHost' $user = 'xxxx'; // MySQL login username $pass = 'xxxx'; // MySQL login password $database = 'members'; // Database name $table = 'members'; // Members name $username = $_POST["username"]; $password = $_POST["password"]; $connection = mysql_connect("xxxx", "$user", "$pass"); if (!$connection) { die("Database connection failed: " . mysql_error()); } else { echo "Everything is fine!<br />"; } mysql_select_db("xxxx",$connection) or die(mysql_error()); $result = mysql_query("SELECT * FROM members WHERE usr='$username' and pass='$password'",$connection) or die(mysql_error()); $count=mysql_num_rows($result); if($count==1){ session_start(); session_register("myusername"); session_register("mypassword"); header("location:Login_Success.php"); } else { echo "Wrong Username or Password"; } ?> So it all continues well and transfers me to Login_Success.php, where the code looks like this <? if(!session_is_registered(myusername)){ header("location:MainPage.htm"); } ?> <html> -----my html code here, which makes no difference---- The problem is that it sends me to MainPage.htm and I can't really figure out why. As ive said im new to all of this. I figured that the session did not stay logged in, when it changed pages for some odd reason? THANK YOU! I created a login form for my system and I don't sure that it's enought for security to protect my website?
include("database.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from form
$stmt = $conn->prepare("SELECT Sale_ID FROM tb_sales WHERE Login_Name = ? AND Login_Password = ? LIMIT 1");
$stmt->bind_param("ss", $_POST['username'], $_POST['password']);
$stmt->execute();
$res = $stmt->get_result();
$count = mysqli_num_rows($res);
if($count == 1) {
// session_register("myusername");
$_SESSION['login_user'] = $_POST['username'];
echo "Login Succcess";
//header("location: index.php");
}else {
echo "Your Login Name or Password is invalid";
}
}
i need help for writing a code that will get only the base url and will return you the login url, for example Base url = www.yahoo.com and in return you will get the yahoo login page url where you input the user name and password, remember the code should be dynamic i.e. what ever base url you give it will return the login/sign in url of the corrosponding url. please help in this regard. Regards Hi, I'm trying to login oscommerce with manual code. but unable to do that. all entries going to database but don't understand what is missing??? here is my code Code: [Select] $email_address = $_REQUEST['txtemail']; $password = $_REQUEST['password']; $check_customer_query = mysql_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from customers where customers_email_address = '" . $email_address . "'"); if (mysql_num_rows($check_customer_query)> 0) { $check_customer = mysql_fetch_assoc($check_customer_query); if (!tep_validate_password($password, $check_customer['customers_password'])) { echo "password not found."; }else { tep_session_recreate(); $check_country_query = mysql_query("select entry_country_id, entry_zone_id from address_book where customers_id = '" . (int)$check_customer['customers_id'] . "' and address_book_id = '" . (int)$check_customer['customers_default_address_id'] . "'"); $check_country = mysql_fetch_array($check_country_query); $customer_id = $check_customer['customers_id']; $customer_default_address_id = $check_customer['customers_default_address_id']; $customer_first_name = $check_customer['customers_firstname']; $customer_country_id = $check_country['entry_country_id']; $customer_zone_id = $check_country['entry_zone_id']; tep_session_register('customer_id'); tep_session_register('customer_default_address_id'); tep_session_register('customer_first_name'); tep_session_register('customer_country_id'); tep_session_register('customer_zone_id'); mysql_query("update customers_info set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int)$customer_id . "'"); anyone have any idea about? When I log in on my web-site it takes me to a php login-check page This is the error code that I am getting; Quote Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in D:\xampp\htdocs\login-check.php on line 26 This is the php code that i am using; Code: [Select] <?php $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="deliverpizza"; // Database name $tbl_name="customer, admin, staff"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_privelage.php"); } else { } ?> mysql_connect('', '', ''); mysql_select_db(''); if (isset($_POST['submit'])) { $user = mysql_real_escape_string($_POST['user']); $pass = mysql_real_escape_string($_POST['pass']); $sql = "SELECT id FROM login WHERE username = '$user' && `password` = MD5('$pass')"; if ($result = mysql_query($sql)) { if (mysql_num_rows($result)) { // $user & $pass are valid echo "You Logged In $user"; } else { // $user || $pass invalid echo "Invalid Login"; } } } Registration.php Code: [Select] <html> <head> <script type="text/javascript"> function a() { var x = document.login.username.value; var y = document.login.pass.value; if(x==""&& y=="") { alert("Please insert all message!"); return false; } if(x=="") { alert("Please insert an username!"); return false; } if(y=="") { alert("Please insert an password!"); return false; } } </script> </head> <?php session_start(); mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("cute") or die(mysql_error()); //session_start(); $username = $_POST['username']; $password = $_POST['pass']; if (isset($_POST["submit"])) { $log = "SELECT * FROM regis WHERE username = '$username'"; $login = mysql_query($log); $number = mysql_num_rows($login); if ($number == 0) { print "That user does not exist in our database. <a href=registration.php><input type='button' value='Register'></a>"; } if ($number > 0) { $_SESSION['is_logged_in'] = 1; } if(!isset($_SESSION['is_logged_in'])) { } else { echo "<meta http-equiv='refresh' content='0; url=form2.php'>"; } } else { ?> <body> <table border="0"> <form name="login" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" onsubmit="return a()"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td> <td><input type="text" name="username" maxlength="40"></td></tr> <tr><td>Password:</td> <td><input type="password" name="pass" maxlength="50"></td></tr> <tr><td><input type="submit" name="submit" value="Register"></a></td> <td><input type="submit" name="submit" value="Login"></td></tr> </form> </body> <?php } ?> </html> form2.php Code: [Select] <?php session_start(); if (!isset($_SESSION['is_logged_in'])) { header("Location:login.php"); die(); // just to make sure no scripts execute } ?> <?php mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("cute") or die(mysql_error()); $message=$_POST['message']; $n=$_POST['username']; if(isset($_POST['submit'])) //if submit button push has been detected { if(strlen($message)>1) { $message=strip_tags($message); $IP=$_SERVER["REMOTE_ADDR"]; //grabs poster's IP $checkforbanned="SELECT IP from ipbans where IP='$IP'"; $checkforbanned2=mysql_query($checkforbanned) or die("Could not check for banned IPS"); if(mysql_num_rows($checkforbanned2)>0) //IP is in the banned list { print "You IP is banned from posting."; } else { $thedate = date("U"); //grab date and time of the post $insertmessage="INSERT into chatmessages (name,IP,postime,message) values('$n','$IP','$thedate','$message')"; mysql_query($insertmessage) or die("Could not insert message"); } } } ?> <html> <head> <script type="text/javascript"> function addsmiley(code) { var pretext = document.smile.message.value; this.code = code; document.smile.message.value = pretext + code; } function a() { var x = document.smile.message.value; if(x=="") { alert("Please insert an message!"); return false; } } </script> <style type="text/css"> body{ background-color: #d8da3d } </style> </head> <body> <form name="smile" method="post" action="form2.php" onSubmit="return a()" > Your message:<br><textarea name='message' cols='40' rows='2'></textarea><br> <img src="smile.gif" alt=":)" onClick="addsmiley(':)')" style="cursor:pointer;border:0" /> <img src="blush.gif" alt=":)" onClick="addsmiley('*blush*')" style="cursor:pointer;border:0" /> <input type="hidden" name="username" value="<?php echo $n;?>"> <input type='submit' name='submit' value='Send' class='biasa' ></form> <br> <br> </body> </html> My problem is after i login it redirect to login page although im had put after login page its need to go to form2.php page may i know which problem because now only im learning session Hello, for some reason I am unable to get the following code to work: Code: [Select] <?php echo "<h1>Login</h1>"; if ($_SESSION['uid']) { echo " You are already logged in, if you wish to log out, please <a href=\"./logout.php\">click here</a>!\n"; } else { if (!$_POST['submit']) { echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n"; echo "<form method=\"post\" action=\"./login.php\">\n"; echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n"; echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n"; echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\"Login\"></td></tr>\n"; echo "</form></table>\n"; }else { $user = addslashes(strip_tags(($_POST['username']))); $pass = addslashes(strip_tags($_POST['password'])); if($user && $pass){ $sql = "SELECT id FROM `users` WHERE `username`='".$user."'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) > 0){ $sql2 = "SELECT id FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'"; $res2 = mysql_query($sql2) or die(mysql_error()); if(mysql_num_rows($res2) > 0){ $query = mysql_query("SELECT locked FROM `users` WHERE `username`='".$user."'"); $row2 = mysql_fetch_assoc($query); $locked = $row2['locked']; $query = mysql_query("SELECT active FROM `users` WHERE `username`='".$user."'"); $row3 = mysql_fetch_assoc($query); $active = $row3['active']; $query = mysql_query("SELECT email FROM `users` WHERE `username`='".$user."'"); $row3 = mysql_fetch_assoc($query); $email = $row3['email']; if ($active ==1){ if ($locked == 0){ $date = date("j")."<sup>".date("S")."</sup> ".date("F, Y"); mysql_query("UPDATE users SET last_login='$date' WHERE username='$user'"); $row = mysql_fetch_assoc($res2); $_SESSION['uid'] = $row['id']; $previous = $_COOKIE['prev_url']; echo " You have successfully logged in as " . $user . "<br><br><a href='" . $previous . "'>Click here</a> to go to the previous page.\n"; }else { echo "Your acount has been locked out due to a violation of the rules, if you think there has been a mistake please <a href='contact.php'>contact us</a>."; } } else { echo "You need to activate your account! Please check your email ($email)"; } }else { echo " Username and password combination are incorrect!\n"; } }else { echo " The username you supplied does not exist!\n"; } }else { echo " You must supply both the username and password field!\n"; } } } ?> It says that I have logged in successfully but the session is not created. You can find the script here and log in with the username "test" and the password "testing". I'm not sure what more information I should add. Thanks, Cameron |
|||||||