PHP - Moved: Login, Register & Logout System

Hi,

I am having a bit of problem with my login/logout script. When user is logged in I want the script to show logout and if they are not login I want the script to show login. The problem is even when the user is logged in it says "you must be logged in Click here to login " here is the script Please help

Code: [Select]


<?php
session_start();
$_SESSION['username'] = $_POST['username'];
if ($_SESSION['username'])
echo "Welcome, ".$_SESSION['username']."!<br><a href='logout.php'>Logout</a>" ;
else
 die("you must be logged in <a href='Login.php'>Click here to login</a>");
?>


what did I do wrong in this script ?
Thanks

My issue is that I cannot get my user information to (1) upload to the database, and (2) if I manually put information in the data base I cannot retrive it when trying to log in..

I assume its a connection issue, but I cannot seem to find it.

Thanks in advance for the help!



This is my "init.inc.php" script...

Code: [Select]
<?php

session_start();

$exceptions = array('register','login');

$page =  substr(end(explode('/',$_SERVER['SCRIPT_NAME'])),0,-4);

if(in_array($page, $exceptions) === false){
if(isset($SESSION['username']) === false){
header('Location: login.php');
die();
}
}

mysql_connect('localhost','root','');
mysql_select_db('newlogin');

$path = dirname(__FILE__);

include("{$path}/inc/user.inc.php");


?>

This is my "user.inc.php" script...

Code: [Select]
<?php

// check is the given username exisits in the table
function user_exists($user){
$user = mysql_real_escape_string($user);
$total = mysql_query("SELECT COUNT('user_id') FROM 'user_tbl' WHERE 'user_name' = '{$user}'");
return (mysql_result($total, 0) == '1') ? true : false;
}

// checks is the username and password are valid
function valid_credentials($user, $pass){
$user = mysql_real_escape_string($user);
$pass = sha1($pass);

$total = mysql_query("SELECT COUNT('user_id') FROM 'user_tbl' WHERE 'user_name' = '{$user}' AND 'user_password' = '{$pass}'");
return (mysql_result($total, 0) == '1') ? true : false;
}

//adds user to the database
function add_user($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);

mysql_query("INSERT INTO 'user_tbl' ('user_name', 'user_password') VALUES ('{$user}', '{$pass}')");
}

?>


Finally this is my "register.php" Page...

Code: [Select]
<?php 
error_reporting(0);
include('core/init.inc.php');

$errors = array();

if(isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
if(empty($_POST['username'])){
$errors[] = "The username field cannot be empty!";
}

if(empty($_POST['password']) || empty($_POST['repeat_password'])){
$errors[] = "The password fields cannot be empty!";
}

if($_POST['password'] !== $_POST['repeat_password']){
$errors[] = "Password verification failed !";
}

if(user_exists($_POST['username'])){
$errors[] = "That username has already been taken!";
}

if(empty($errors)){
add_user($_POST['username'], $_POST['password']);

$_SESSION['username'] = htmlentities($_POST['username']);

header('Location: protected.php');
die();

}

}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<div>
    <?php

if( empty($errors) === false){
?>
        <ul>
        <?php

foreach($errors as $error){
echo "<li>{$error}</li>";
}

?>       
        </ul>
        <?php
}

?>
    </div>
<form action="" method="post">
    <p>
        <label for="username"> Username:</label>
            <input type="text" name="username" id="username" value="<?php if(isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
        </p>
        <p>
        <label for="password"> Password:</label>
            <input type="password" name="password" id="password" />
        </p>
        <p>
        <label for="repeat_password"> Repeat Password:</label>
            <input type="password" name="repeat_password" id="repeat_password" />
        </p>
        <p>
        <input type="submit" value="Register" />
        </p>
       
   
    </form>
</body>
</html>

Hello everyone,i was trying to make a register/login pages on my own and well i got stuck..and my good friend google couldn't help me :S

So well i came to ask proffesionals

Okay here is it:
First thing i don't get is about email activation that i wanted to use on my register page...
I got do_reg.php file that looks like this:
Code: [Select]
<?php

include 'connection.php';

//grab data from form
$name = $_POST['username'];
$pass = $_POST['password'];
$pass_conf = $_POST['pass_conf'];
$email = $_POST['email'];
$ip = $_POST['ip'];

//if else
if($name == false || $pass == false || $pass_conf == false || $email == false){
echo "Please fill in all the required fields.";
};
if($pass != $pass_conf){ 
   echo "Blah..Passwords do not match."; 
}else{
//generate random code
$code = rand(11111111,99999999);
//send email
$subject = "Activate your account";
$headers = "From: admin@mysite.com";
$body = "Hello $name,\n\nYou registered and need to activate your account. Click the link below or paste it into the URL bar of your browser\n\n http://localhot/login/activate.php?code=$code\n\nThanks!";
if (!mail($email,$subject,$body,$headers))
echo "Error,what a shame!";
else {
$sql = mysql_query("INSERT INTO users (username,password,email,code,active,ip)
VALUES('$name','$pass','$email','$code',0,'$ip')") or die(mysql_error());
$result = mysql_query($sql);
echo "Thank you for registering! But your account is not still active :'( Please check your email ($email) for activation code! :)";
}
};
?>I went through thousands of erros and still couldn't make it work,i am using xampp localhost server for now and maybe that is the reason it wont work even if i tried to activate SMTP and that stuff in php.ini conf file (as my friend google told me)..
So this is one of the errors:
Quote

Warning: mail() [function.mail]: SMTP server response: 550 relaying denied in C:\xampp\htdocs\login\do_reg.php on line 25
Error,what a shame!


Now the next thing i couldn't understand is where is the error inside this script... (do_login.php)
Code: [Select]
<?php

include 'connection.php';

$session_username = $_SESSION['username'];

if($_POST['login']) 
{
//get form data
$username = $_POST['username'];
$password = $_POST['password'];
}
if(!$username||!$password)
echo "Username and password missing!";
else {
//login
$login = mysql_query("SELECT * FROM users WHERE username='$username'");
}
if (mysql_query($login)==0)
echo "No souch user!";
else 
{
while ($login_row = mysql_fetch_assoc($login)) 
{
$password_db = $login_row['password'];
$password = md5($password);

if ($password!=$password_db)
echo "Incorect password!";
else 
{
//check if active
$active = $login_row['active'];
$email = $login_row['email'];

if ($active==0)
echo "You haven't activated your account, please check your email ($email) for activation!";
else 
{
$_SESSION['username']=$username; //assign session
header("Location: index.php");//refresh
}
}
}
   }
?>
Thank you for your spent time and help..

Hello,   i got a problem with a part of my code :   <?php

Hi there, I've just registered here and had a quick look around but couldn't find the answer I was looking for so I hope I'm posting this question in the right place.

I want to write a PHP Login/Registration script that I can run on a website I am developing for a client but this website has more than one piece of software on it (each with it's own user-tables) and this is the first time I have had to integrate software before so I need a bit of help.

When a user fills in the registration form, that data needs to be sent to the relevent user-tables for each application running on the website & when a user logs in, they need to be authenticated for each of the applications also so that we can have a one-click login process.

I hop

Hey I would just like to release a simple login/register script that will work just fine and has some nice systems in it.

The Login. (I will post the code then below tell you what you need to do to get it to work with MYSQL DATABASE)
Create a file and call it login with the suffix .php so if you have file extensions showing on your computer it will look like "login.php" then put this code inside of it.
Code: [Select]
<?php session_start(); ?>
<?php
function mysql_prep($value) {
$magic_quotes_active = get_magic_quotes_gpc();
$new_enough_php = function_exists("mysql_real_escape_string"); // i.e PHP >= v4.3.0
if($new_enough_php){ // PHP v4.3.0 or higher
if ($magic_quotes_active){ $value = stripslashes($value); }
$value = mysql_real_escape_string($value);
}else{ //Before PHP v4.3.0
//if magic quotes aren't already on then add slahes manually
if(!$magic_quotes_active){ $value = addslashes($value); }
// if magic quotes are active then the slashes already exist
}
return $value;
}

function redirect_to($location = NULL){
if($location != NULL){
header("Location: {$location}");
exit;
}
}
define("DB_SERVER","localhost");
define("DB_USER","root");
define("DB_PASS","yourpassword");
define("DB_NAME","yourdatabasename");
$connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS);
if(!$connection){
die("Database Connection Failed: " . mysql_error());
}
$db_select = mysql_select_db("bcooperz", $connection);
if(!$db_select){
die("Connection to database failed: " . mysql_error());
}
?>
<?php
if(isset($_SESSION['user_id'])){
redirect_to("staff.php");
}
?>
<?php
if (isset($_POST['submit'])){
$errors = array();

// Perform validations on the form
$required_fields = array('username', 'password');
foreach($required_fields as $fieldname){
if(!isset($_POST[$fieldname]) || empty($_POST[$fieldname])){
$errors[] = $fieldname;
}
}

$field_with_lengths = array('username' => 30, 'password' => 30);
foreach($field_with_lengths as $fieldname => $maxlength) {
if (strlen(trim(mysql_prep($_POST[$fieldname]))) > $maxlength) {
$errors[] = $fieldname; }
}

$username = trim(mysql_prep($_POST['username']));
$password = trim(mysql_prep($_POST['password']));
$hashed_password = sha1($password);

if (empty($errors)){
// Checks database to see if username and password exist their
$query = "SELECT id, username FROM users WHERE username='$username' AND hashed_password='$hashed_password' LIMIT 1";
$result_set = mysql_query($query, $connection);
if(!$result_set){
die("Database Query Failed: " . mysql_error());
}
if (mysql_num_rows($result_set) == 1) {
// The Username and Password have been found in the database and the user is verified
// Only 1 Match
$found_user = mysql_fetch_array($result_set);
$_SESSION['user_id'] = $found_user['id'];
$_SESSION['username'] = $found_user['username'];
redirect_to("staff.php");
}else{
// Username and Password was not found in the database.
$message = "Username/Password Combination Incorrect.<br/>Please make sure your caps lock key is off and try again.";
echo $message;
}
}else{
$count = count($errors);
if($count == 1){
echo "Their Was {$count} Error In The Form" . "<br />";
print_r(implode(", ", $errors));
}else{
echo "Their Was {$count} Error's In The Form" . "<br />";
echo "<b>";
print_r(implode(", ", $errors));
echo "</b>";
}
}
}else{
// The Form Has Not Been Submitted
if(isset($_GET['logout']) && $_GET['logout'] == 1){
echo "You Are Now Logged Out";
}
if(isset($_GET['nowlogged']) && $_GET['nowlogged'] == 1){
echo "You Need to Login to reach this page.";
}
$username = "";
$password = "";
}
?>
<html>
<head>
<title>Register</title>
</head>
<body>

<form action="login.php" method="post">
Username : <input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /><br />
Password : <input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /><br /><br />
<input type="submit" name="submit" value="Login" /><br />
</form>
<p>Haven't got an account? register <a href="register.php">here!</a></p>
</body>
</html>
Now once you have a file called "login.php" with the above code inside of it you will need to goto your mysql database and create a database with a table that has 3 fields in the following format.
- id - int(11) - Auto increment
- username - varchar(50)
- hashed_password - varchar(40)

Now search for this in the login.php code
Code: [Select]
define("DB_SERVER","localhost");
define("DB_USER","root");
define("DB_PASS","yourpassword");
define("DB_NAME","yourdatabasename");
And This:
Code: [Select]
$db_select = mysql_select_db("bcooperz", $connection);
And change these to your settings.

Once you have done all this create a new file called register with the suffix .php as well so if you have file extensions turned on it will look like "register.php"
And add this code inside it:
Code: [Select]
<?php
function mysql_prep($value) {
$magic_quotes_active = get_magic_quotes_gpc();
$new_enough_php = function_exists("mysql_real_escape_string"); // i.e PHP >= v4.3.0
if($new_enough_php){ // PHP v4.3.0 or higher
if ($magic_quotes_active){ $value = stripslashes($value); }
$value = mysql_real_escape_string($value);
}else{ //Before PHP v4.3.0
//if magic quotes aren't already on then add slahes manually
if(!$magic_quotes_active){ $value = addslashes($value); }
// if magic quotes are active then the slashes already exist
}
return $value;
}

function redirect_to($location = NULL){
if($location != NULL){
header("Location: {$location}");
exit;
}
}
?>
<?php
define("DB_SERVER","localhost");
define("DB_USER","root");
define("DB_PASS","maxcooper");
define("DB_NAME","bcooperz");
$connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS);
if(!$connection){
die("Database Connection Failed: " . mysql_error());
}
$db_select = mysql_select_db("bcooperz", $connection);
if(!$db_select){
die("Connection to database failed: " . mysql_error());
}
?>

<?php
if(isset($_POST['submit'])){

$username = trim(mysql_prep($_POST['username']));
$password = trim(mysql_prep($_POST['password']));
$hashed_password = sha1($password);
$confirmpass=$_POST['confirmpass'];
$query2 = "SELECT * FROM users WHERE username='$username'";
$result2 = mysql_query($query2);
$counted=mysql_num_rows($result2);

$errors = array();

// Perform validations on the form
$required_fields = array('username', 'password', 'confirmpass');
foreach($required_fields as $fieldname){
if(!isset($_POST[$fieldname]) || empty($_POST[$fieldname])){
$errors[] = $fieldname;
}
}
if($confirmpass!=$_POST['password']){
$errors[] = "passdifference";
}
if($counted > 0){
$errors[] = "User Already Created";
}

$field_with_lengths = array('username' => 30, 'password' => 30);
foreach($field_with_lengths as $fieldname => $maxlength) {
if (strlen(trim(mysql_prep($_POST[$fieldname]))) > $maxlength) {
$errors[] = $fieldname; }
}


/* The Form Has Been Submitted */
if (empty($errors)){
$query = "INSERT INTO users (username,hashed_password) VALUES ('{$username}', '{$hashed_password}')";
$result = mysql_query($query, $connection);
if($result){
echo "User Successfully Created";
}else{
echo "The User Could Not Be Created" . "<br />";
echo mysql_error();
}
}else{
$count = count($errors);
if($count == 1){
echo "Their Was {$count} Error In The Form" . "<br />";
print_r(implode(", ", $errors));
}else{
echo "Their Was {$count} Error's In The Form" . "<br />";
echo "<b>";
print_r(implode(", ", $errors));
echo "</b>";
}
}
}else{
/* The Form Has Not Yet Been Submitted */
$username = "";
$password = "";
}
?>
<html>
<head>
<title>Register</title>
</head>
<body>

<form action="register.php" method="post">
Username : <input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /><br />
Password : <input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /><br />
Confirm Password: <input type="password" name="confirmpass" maxlength="30" value="" /><br /><br />
<input type="submit" name="submit" value="Register" /><br />
</form>
<p>Already have a account? login here <a href="login.php">here!</a></p>
</body>
</html>
Once you have done that and you have a file called "register.php" you will need to perform the final step which will be changing the database details once again on the second file ("register.php").

Thanks, Bcooperz. Please tell me if this works

If I wanted to create a custom CMS that will allow people to be able to upload files, register a new account, to be able to add to a blog article, edit one's article but not someone else's, edit one's profile, be able to leave comments, edit comments as well as edit their blog articles in something similar to this forum's post box (with Bold, Italic, etc options), how would I go about it?

Hi, currently in my registration code, the userId allows only six digits as the user ID.
I need help in performing the following task
1. Modify the account creation screen to allow users  to enter EITHER a 6-digit ID OR a 9 character ID.  Any 6-digit PLID will be stored with the perpended B11.
2.Modify the login utility for the users to allow them to use either the 6-digit or 9-character IDs which means you will need to prepend the B11 to any 6-digit PLID to find their record in the database.
3.Convert existing PLIDs in the database to the new format by prepending the B11.

 Any coding help will be greatly appreciated.

Hi guys.

What I want to create is really complicated. Well I have a login system that works with post on an external website.
I have my own website, but they do not give me access to the database for security reasons, therefore I have to use their login system to verify my users.
What their website does is that it has a post, with username and password. The POST website is lets say "https://www.example.com/login".
 If login is achieved (i.e. username and password are correct), it will redirect me to "https://www.example.com/login/success" else it will redirect me to "https://www.example.com/login/retry".

So I want a PHP script that will do that post, and then according to the redirected website address it will return me TRUE for success, FALSE for not successful login.

Any idea??

Thanks

I am having problems understanding the reason for why the user has to click logout twice, here's the bulk of the code:

<?php
ini_set('display_errors',0);

require_once 'header.html';

require_once 'db.functions.php';

require_once 'config.php';

$database = dbConnect($host, $username, $password, $database); // should output 1 or nothing at all!

if($database == true)
{

// now connected?

// carry on with logic of outputting the blog contents:

$result = entries("SELECT * FROM entries");

printf("<table>");

while($row = mysql_fetch_array($result))

{

printf("

<tr>

<td>%s</td>

<td>%s</td>

</tr>

<tr>

<td colspan=\"2\">%s</td>

</tr>

", $row[2], $row[4], $row[3]);

}

printf("</table>");

printf("\n\n");

session_name("jeremysmith_blog");

session_start();

if(array_key_exists('login',$_SESSION))

{

if($_SESSION['login'] == 1) // change this to correspond with session on the login.php script

{

printf("<p>Welcome %s</p>

<p>To logout, click <a href=\"index.php?action=logout\">here</a></p>

",$_SESSION['username']);

}

} else {

printf("<p>You are not logged in, please click <a href=\"login.php\">here</a> to login.</p>");

}

} else {

printf("\n<p id=\"error\">Could not connect to database, please try again later.</p>");

}

// init the logout script?
if(array_key_exists('action',$_GET))
{

if($_GET['action'] == 'logout')

{

// log user out of the system:

unset($_SESSION['login']);

unset($_SESSION['username']);

session_destroy();

}
}


printf("\n"); // just for output format!
require_once 'footer.html';

Why does the user have to click logout twice, have I missed anything?

Any helps appreciated thanks.

Hi Everyone,

Just a quick question before I take on this project.

Basically the client has a secure server set up with folders for different clients. So they can store excel files, PDFs etc, What the client use to do was send the client an email with the http address of that clients particular folder to be able to login.

What my job is to create a login system that redirects each client to their particular area on the secure system.

Is this going to be difficult,

What I was thinking of doing was when the administator is setting up the client details there would be an extra field saying address: they paste the address of the folder on the server. Then it will redirect them to their folder.

Is this the correct way to do this.

Any help or advice would be great.

ok i need directing to a tutorial, an easyish one that can help me do a secure login and registration system. Something that uses sessions and mysql. something with sql injection and other security. i need it very secure.


hope you can help.

I've abandoned my old script and switched to this one: http://www.evolt.org/node/60384

I got it working on my site just fine (djsmiley.net/members/register - you can test it out if u want). i just want to know how i can put all of the code into the pages i created using my template.

It doesn't specify how this can be done in the tutorial, which is why im confused. I've tried everything but keep getting errors. Help?

Hi, im getting alot of errors like so Deprecated: Function session_is_registered() is deprecated

time to update some files, can you guys pls help im rubbish with PHP guess thats why I waited so long to update.

here is the code I need to change
checklogin.php

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:index.php");
}


index.php
<?
session_start();
/*if(!session_is_registered(myusername)){
header("location:main_login.php");
}*/
?>

index.php (display username stuff)
<?php if(session_is_registered(myusername)){ ?>&nbsp;&nbsp; Welcome: <?= $_SESSION['myusername'] ?><?php } ?>

index.php (edit content stuff)
<?php $file = file_get_contents('content/menu_header_a.txt', 'r');  if(session_is_registered(myusername)){ ?><a href="javascript:open4()"><?php echo $file ?></a><?php } else { echo $file; }?>

Many thanks for any and all your help with this one.

if you could keep it simple please like  ( replace this with this ) . thanks