PHP - Login To One Page From Another
Hi,
On my website I have a booking calendar which you login to with a username and password. That interactive part of the website now looks very different from the rest of the website, but unfortunately it's not possible to recode that calendar to look like the rest of the site. As a workaround I'd like users to be able to login to that calendar from the home page, with just a simple username and password field at the top of the page. On submit this would then send the details to the existing login page, and also log them in straight away. My php knowledge is limited. I've searched a lot on Google but can't find any code that seems to do the trick. Does anyone know if this is even possible? thanks in advance Similar Tutorialshi i need help an idea how can i separate members from admins since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 ) (its session login form only that i made it work other tutorials wre too old or something) how what i want to do is separate members and admins because admin need more rights to do now i have idea but dont know will it work like that what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work? and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag? Can someoneplease help, I need to setup an error page like IF Username and Password are wrong then show an error also if there is no username or password in the fields and I just click LOGIN, I get a blank page?! Can someone please help me here or point me to a relevant tutorial? thanks here is my page: http://www.retroandvintage.co.uk/default.php here is my code: Code: [Select] <?php session_start(); include_once("config.php"); $ebits = ini_get('error_reporting'); error_reporting($ebits ^ E_NOTICE); /* Login script: This script does the following: Checks that the user is NOT already logged in - if they are they are redirected to the members page by the 'checkLoggedIn()' function. Checks if the login form has been submitted - if so, the 'login' and 'password' fields are checked to ensure they are of the correct format and length. If there are any problems here an error is added to the $messages array and then the script executes the 'doIndex()' function - this function basically outputs the main 'index' page for this script - ie the login form. If there are no problems with the previous step, the 'login' and 'password' field data is passed to the 'checkPass' function to check that an entry exists in the 'users' table for that login/password pair. If nothing is returned from the 'checkPass()' function, an error is added to the $messages array and the 'doIndex()' function is called as above. If a row of data is returned from the 'users' table, the data is passed to the 'cleanMemberSession()' function - which initializes session variables and logs the user in. The user is then forwarded to the members page. If the form hasn't yet been submitted, then the 'doIndex()' function is called and the login page is displayed. */ // Check user not logged in already: checkLoggedIn("no"); // Page title: $title="Member Login Page"; // if $submit variable set, login info submitted: if(isset($_POST["submit"])) { // // Check fields were filled in // // login must be between 4 and 15 chars containing alphanumeric chars only: field_validator("rsUser", $_POST["rsUser"], "alphanumeric", 4, 15); // password must be between 4 and 15 chars - any characters can be used: field_validator("rsPass", $_POST["rsPass"], "string", 4, 15); // if there are $messages, errors were found in validating form data // show the index page (where the messages will be displayed): if($messages){ doIndex(); // note we have to explicity 'exit' from the script, otherwise // the lines below will be processed: exit; } // OK if we got this far the form field data was of the right format; // now check the user/pass pair match those stored in the db: /* If checkPass() is successful (ie the login and password are ok), then $row contains an array of data containing the login name and password of the user. If checkPass() is unsuccessful however, $row will simply contain the value 'false' - and so in that case an error message is stored in the $messages array which will be displayed to the user. */ if( !($row = checkPass($_POST["rsUser"], $_POST["rsPass"])) ) { // login/passwd string not correct, create an error message: $messages[]="Incorrect login/password, try again"; } /* If there are error $messages, errors were found in validating form data above. Call the 'doIndex()' function (which displays the login form) and exit. */ if($messages){ doIndex(); exit; } /* If we got to this point, there were no errors - start a session using the info returned from the db: */ cleanMemberSession($row["rsUser"], $row["rsPass"]); // and finally forward user to members page (populating the session id in the URL): header("Location: main.php"); } else { // The login form wasn't filled out yet, display the login form for the user to fill in: doIndex(); } /* This function displays the default 'index' page for this script. This consists of just a simple login form for the user to submit their username and password. */ function doIndex() { /* Import the global $messages array. If any errors were detected above, they will be stored in the $messages array: */ global $messages; /* also import the $title for the page - note you can normally just declare all globals on one line - ie: global $messages, $title; */ global $title; } // drop out of PHP mode to display the plain HTML: ?> <!doctype html> <html> <head> <title>List of Pubs and Bars in the UK</title> <meta name="description" content="Pubs and bars in the UK, nightlife for food and drink" /> <meta name="keywords" content="Pubs, bars, List, uk, nightlife, drinking, drinks, beer, lager, food" /> <meta name="Content-Language" content="en-gb" /> <meta name="robots" content="FOLLOW,INDEX" /> <meta name="revisit-after" content="2 days" /> <meta name="copyright" content="jbiddulph.com" /> <meta name="author" content="John Biddulph - Professional web site design and development in the south of england mainly worthing and brighton" /> <meta name="distribution" content="Global" /> <meta name="resource-type" content="document" /> <link rel="stylesheet" type="text/css" href="css/reset.css" /> <link rel="stylesheet" type="text/css" href="css/ui-lightness/jquery-ui-1.8.6.custom.css" title="default" /> <link rel="alternate stylesheet" type="text/css" href="css/south-street/jquery-ui-1.8.6.custom.css" title="1" /> <link rel="alternate stylesheet" type="text/css" href="css/redmond/jquery-ui-1.8.6.custom.css" title="2" /> <script type="text/javascript" src="js/stylechanger.js"></script> <script type="text/javascript" src="js/jquery-1.4.2.min.js"></script> <script type="text/javascript" src="js/jquery-ui-1.8.6.custom.min.js"></script> <script type="text/javascript"> $(function(){ // Accordion $("#accordion").accordion({ header: "h3" }); // Tabs $('#tabs').tabs(); // Dialog $('#dialog').dialog({ autoOpen: false, width: 600, buttons: { "Ok": function() { $(this).dialog("close"); }, "Cancel": function() { $(this).dialog("close"); } } }); // Dialog Link $('#dialog_link').click(function(){ $('#dialog').dialog('open'); return false; }); // Datepicker $('#datepicker').datepicker({ inline: true }); //hover states on the static widgets $('#dialog_link, ul#icons li').hover( function() { $(this).addClass('ui-state-hover'); }, function() { $(this).removeClass('ui-state-hover'); } ); }); </script> <script type="text/javascript"> function lookup(inputString) { if(inputString.length == 0) { // Hide the suggestion box. $('#suggestions').hide(); } else { $.post("rpc.php", {queryString: ""+inputString+""}, function(data){ if(data.length >0) { $('#suggestions').show(); $('#autoSuggestionsList').html(data); } }); } } // lookup function fill(thisValue) { $('#inputString').val(thisValue); setTimeout("$('#suggestions').hide();", 200); } </script> </head> <body> <?php if($messages) { displayErrors($messages); }?> <header> <div id="title"> <h1>My Pub Space <a href="#" onClick="setActiveStyleSheet('default'); return false;"><img src="images/0.gif" width="15" height="15" border="0" alt="css style" /></a> <a href="#" onClick="setActiveStyleSheet('1'); return false;"><img src="images/1.gif" width="15" height="15" border="0" alt="css style" /></a> <a href="#" onClick="setActiveStyleSheet('2'); return false;"><img src="images/2.gif" width="15" height="15" border="0" alt="css style" /></a> <span> <form method="post" class="textbox" action="search.php"> Town/City: <input type="text" size="26" class="searchbox" value="" name="rsTown" id="inputString" onKeyUp="lookup(this.value);" onBlur="fill();" /> <div class="suggestionsBox" id="suggestions" style="display: none;"> <img src="images/upArrow.png" style="position: relative; top: -36px; left: 105px; z-index:1;" alt="upArrow" /> <div class="suggestionList" id="autoSuggestionsList"> </div> </div> <input type="image" src="images/go.png" height="30" with="30" value="GO" /> </form> </span> </h1> </div> </header> <nav> <ul> <li class="selected"><a href="default.php">Home</a></li> <li><a href="#">Pubs</a></li> <li><a href="#">Members</a></li> <li><a href="#">Events</a></li> <li><a href="register.php">Register</a></li> </ul> </nav> <section id="intro"> <header> <h2>Your social guide to going down the pub, online!</h2> </header> <p>Stuck in town with nowhere to go? Not sure if up the road or down the street is best? Need to be somewhere warm, cosy and friendly. Need a drink?....<br />You've come to the right place, mypubspace has it all!</p> <img src="images/pub.jpg" alt="pub" /> </section> <div id="content"> <div id="mainContent"> <section> <article class="blogPost"> <header> <h2>Pubs and Bars UK Listing</h2> </header> <?php $tableName="pubs"; $targetpage = "default.php"; $limit = 20; $query = "SELECT COUNT(*) as num FROM $tableName"; $total_pages = mysql_fetch_array(mysql_query($query)); $total_pages = $total_pages['num']; $stages = 3; $page = mysql_escape_string($_REQUEST['page']); if( isset($_REQUEST['page']) && ctype_digit($_REQUEST['page']) ) { $page = (int) $_GET['page']; $start = ($page - 1) * $limit; }else{ $start = 0; } // Get page data $query1 = "SELECT * FROM $tableName LIMIT $start, $limit"; $result = mysql_query($query1); // Initial page num setup if ($page == 0){$page = 1;} $prev = $page - 1; $next = $page + 1; $lastpage = ceil($total_pages/$limit); $LastPagem1 = $lastpage - 1; $paginate = ''; if($lastpage > 1) { $paginate .= "<div class='paginate'>"; // Previous if ($page > 1){ $paginate.= "<a href='$targetpage?page=$prev'>previous</a>"; }else{ $paginate.= "<span class='disabled'>previous</span>"; } // Pages if ($lastpage < 7 + ($stages * 2)) // Not enough pages to breaking it up { for ($counter = 1; $counter <= $lastpage; $counter++) { if ($counter == $page){ $paginate.= "<span class='current'>$counter</span>"; }else{ $paginate.= "<a href='$targetpage?page=$counter'>$counter</a>";} } } elseif($lastpage > 5 + ($stages * 2)) // Enough pages to hide a few? { // Beginning only hide later pages if($page < 1 + ($stages * 2)) { for ($counter = 1; $counter < 4 + ($stages * 2); $counter++) { if ($counter == $page){ $paginate.= "<span class='current'>$counter</span>"; }else{ $paginate.= "<a href='$targetpage?page=$counter'>$counter</a>";} } $paginate.= "..."; $paginate.= "<a href='$targetpage?page=$LastPagem1'>$LastPagem1</a>"; $paginate.= "<a href='$targetpage?page=$lastpage'>$lastpage</a>"; } // Middle hide some front and some back elseif($lastpage - ($stages * 2) > $page && $page > ($stages * 2)) { $paginate.= "<a href='$targetpage?page=1'>1</a>"; $paginate.= "<a href='$targetpage?page=2'>2</a>"; $paginate.= "..."; for ($counter = $page - $stages; $counter <= $page + $stages; $counter++) { if ($counter == $page){ $paginate.= "<span class='current'>$counter</span>"; }else{ $paginate.= "<a href='$targetpage?page=$counter'>$counter</a>";} } $paginate.= "..."; $paginate.= "<a href='$targetpage?page=$LastPagem1'>$LastPagem1</a>"; $paginate.= "<a href='$targetpage?page=$lastpage'>$lastpage</a>"; } // End only hide early pages else { $paginate.= "<a href='$targetpage?page=1'>1</a>"; $paginate.= "<a href='$targetpage?page=2'>2</a>"; $paginate.= "..."; for ($counter = $lastpage - (2 + ($stages * 2)); $counter <= $lastpage; $counter++) { if ($counter == $page){ $paginate.= "<span class='current'>$counter</span>"; }else{ $paginate.= "<a href='$targetpage?page=$counter'>$counter</a>";} } } } // Next if ($page < $counter - 1){ $paginate.= "<a href='$targetpage?page=$next'>next</a>"; }else{ $paginate.= "<span class='disabled'>next</span>"; } $paginate.= "</div>"; } echo $total_pages.' Results'; // pagination echo $paginate; ?> <div id="accordion"> <?php while($row = mysql_fetch_array($result)) { echo '<div><h3><a href=\"#\">'.$row['rsPubName'].'</a></h3><div>'.$row['rsAddress'].'<br />'.$row['rsTown'].', '.$row['rsCounty'].'<br />'.$row['rsPostCode'].'<br /><br />Region: '.$row['Region'].'<br /><br />Telephone: '.$row['rsTel'].'</div></div>'; } ?> </div> </article> </section> </div> <aside> <section> <header> <h3>Members Login Area</h3> </header> <form method="post" class="textbox" action="<?php print $_SERVER["PHP_SELF"]; ?>"> Username: <br /> <input type="text" class="textbox" name="rsUser" value="<?php print isset($_POST["rsUser"]) ? $_POST["rsUser"] : "" ; ?>"> Password: <br /> <input type="password" class="textbox" name="rsPass"> <br /> <br /> <input name="submit" class="ui-button ui-widget ui-state-default ui-corner-all ui-button-text-only" type="submit" value="Login"> <br /> </form> <ul> <li><button id="button" class="ui-button ui-widget ui-state-default ui-corner-all ui-button-text-only" role="button" aria-disabled="false"><span class="ui-button-text"><a href="register.php">Sign up</a></span></button></li> <li><button id="button" class="ui-button ui-widget ui-state-default ui-corner-all ui-button-text-only" role="button" aria-disabled="false"><span class="ui-button-text"><a href="forgot.php">Forgot Password</a></span></button></li> </ul> </section> <section> <header> <h3>Quick Search</h3> </header> <ul> <li><a href="#">Coming Soon!</a></li> </ul> </section> </aside> </div> <footer> <div> <section id="about"> <header> <h3>About</h3> </header> <p>My Pub Space is one of the largest and newest UK Pubs and Bars Listing sites online. It is not just a list of pubs, we have added a touch of interactive social pubbing experience online! Once registered, you can view information on pubs in your area, write reviews, organise your evenings out!</p> </section> <section id="blogroll"> <header> <h3>Links</h3> </header> <ul> <li><a href="#">Coming Soon!</a></li> </ul> </section> <section id="popular"> <header> <h3>Popular</h3> </header> <ul> <li><a href="#">Coming Soon!</a></li> </ul> </section> </div> </footer> </body> </html> Hi, I am a php newbie, who has a page that relies on some php scripts, and to which I am trying to add a login page written in php. I took the example from he http://www.howtodothings.com/computers-internet/how-to-make-a-login-system-for-your-website Basically it consists of adding: <? require("log.php"); ?> to the top of any page I want to protect, a log.php file which performs the actions of the form, linking to a mySQL database, and a login.php file which contains the form. I have the login working fine, but it breaks one of the PHP scripts on the page that is protected. It is an upload script, called Weaverbox, based on FancyUpload. The uploads which are handled by a file called upload.php, aren't happening. The progress shows that they are being uploaded, but nothing is uploaded, and there is no success message. As soon as I remove the code from the top of the page requiring log.php all works fine again. I think I may have to add some rules/extensions to resolve this conflict, but I don't know how to go about this. Would someone be able to help me get it sorted? Thanks Nick ONE of my SESSION values isn't remaining after login while others do. This works fine on my localhost, it's on the live site that there is a problem and it just started yesterday. Before that it worked great. Out of the four SESSIONs made I can only echo three values on other pages, member id the most important doesn't transfered to other pages Notes: all these files are in the same folder, there is a SESSION started for the member id on the login page, you can see that it is used in the redirect below and the redirect works fine with the redirect going to the correct page " $home/member/index.php?user=$id_mem " Here is the login page // Here's the basic login page info <?php # login.php session_start(); ob_start() ...connect to db & header called... ...Form validation..... if ($e && $p) { // If everything's OK. // Query the database: $q = "SELECT id_mem, display_name, mem_group FROM sn_members WHERE (email='$e' AND password=SHA1('$p')) AND active IS NULL"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); // or die("Error: ".mysqli_error($dbc)); if (@mysqli_num_rows($r) == 1) { // If a match was made. // Register the values & redirect: // Give SELECTED elements a session $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); $_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']); mysqli_free_result($r); // Update db for last login $id_mem = $_SESSION['id_mem']; // <<< SESSION member id has a value here because it's used in the redirect below $ip = $_SERVER['REMOTE_ADDR']; // Get ip address of person logging in $q = "UPDATE sn_members SET last_login = Now(), ip = '$ip' WHERE id_mem = '$id_mem' LIMIT 1"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); header("Location: $home/member/index.php?user=$id_mem"); exit(); // Quit the script. } ?> Here is the main page that a user would be redirect to above <?php // /member/ all member info is through this folder session_start(); ob_start(); if (isset($_GET['user']) && is_numeric($_GET['user'])) { $user = $_GET['user']; $user = $user; if ($user < 0) { header("Location: $home/index.php"); exit(); } } if ((!isset($_SESSION['id_mem'])) && (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT'])))){ // If not a logged in member redirect header("Location: $home/index.php"); exit(); // Quit the script. } ?> Thanks in advance for the help SJ Hello, I am once again desperately asking for your help, I am working on a simple login page and I am having trouble actually getting it to login. I display error messages for if the user doesn't enter anything but I can't seem to get it to work for if the credentials are wrong. It logs the user in whether the information is right or not and i dont even know what to do now
This is the code any suggestions would be greatly appreciated <?php /* Name: Deanna Slotegraaf Course Code: WEBD3201 Date: 2020-09-22 */ $file = "sign-in.php"; $date = "2020-09-22"; $title = "WEBD3201 Login Page"; $description = "This page was created for WEBD3201 as a login page for a real estate website"; $banner = "Login Page"; require 'header.php'; $error = ""; if($_SERVER["REQUEST_METHOD"] == "GET") { $username = ""; $password = ""; $lastaccess = ""; $error = ""; $result = ""; $validUser = ""; } else if($_SERVER["REQUEST_METHOD"] == "POST") { $conn; $username = trim($_POST['username']); //Remove trailing white space $password = trim($_POST['password']); //Remove trailing white space if (!isset($username) || $username == "") { $error .= "<br/>Username is required"; } if (!isset($password) || $password == ""){ $error .= "<br/>Password is required"; } if ($error == "") { $password = md5($password); $query = "SELECT * FROM users WHERE EmailAddress='$username' AND Password='$password'"; $results = pg_query($conn, $query); //$_SESSION['username'] = $username; //$_SESSION['success'] = "You are now logged in"; header('location: dashboard.php'); }else { $error .= "Username and/or Password is incorrect"; } } ?> <div class = "form-signin"> <?php echo "<h2 style='color:red; font-size:20px'>".$error."</h2>"; ?> <form action = "<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <label for="uname"><b>Login ID</b></label> <input type="text" name="username" value="<?php echo $username; ?>"/> <br/> <label for="psw"><b>Password</b></label> <input type="password" name="password" value="<?php echo $password; ?>"/> <br/> <button type="submit" name="login_user">Login</button> <button type="reset">Reset</button></div> </form> </div> <?php require "footer.php"; ?>
Please help with Ajax call, when clicking login button nothing happens when it should go to mainpageloggedin.php deano Hi im trying to create a sign up page for my website that contains different paths dependin on the membership that you select. I am an unexperienced programmer and need help as nothing is working at the moment. I would appreciate if people could reply to this post as soon as possible as I need it sorted today! Below is my code! Can you please send me suggestive improvement? Thanks <?php if (isset ($_POST['firstname'])){ //grab data from the form $username = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']); // filter everything but letters and numbers $firstname = preg_replace('#[^A-Za-z]#i', '', $_POST['firstname']); // filter everything but Letters $lastname = preg_replace('#[^A-Za-z]#i', '', $_POST['lastname']); // filter everything but Letters $phone = preg_replace('#[^0-9]#i', '', $_POST['phone']); // filter everything but numbers $address= preg_replace('#[^A-Za-z]#i', '', $_POST['address']); // filter everything but Letters $postcode= preg_replace('#[^A-Za-z]#i', '', $_POST['postcode']); // filter everything but Letters $town= preg_replace('#[^A-Za-z]#i', '', $_POST['town']); // filter everything but Letters $housenumber= preg_replace('#[^0-9]#i', '', $_POST['housenumber']); // filter everything but numbers $b_m = preg_replace('#[^0-9]#i', '', $_POST['birth_month']); // filter everything but numbers $b_d = preg_replace('#[^0-9]#i', '', $_POST['birth_day']); // filter everything but numbers $b_y = preg_replace('#[^0-9]#i', '', $_POST['birth_year']); // filter everything but numbers $email1 = $_POST['email1']; $email2 = $_POST['email2']; $pass1 = $_POST['pass1']; $pass2 = $_POST['pass2']; $email1 = stripslashes($email1); $pass1 = stripslashes($pass1); $email2 = stripslashes($email2); $pass2 = stripslashes($pass2); $email1 = strip_tags($email1); $pass1 = strip_tags($pass1); $email2 = strip_tags($email2); $pass2 = strip_tags($pass2); //connect to db $connection = mysql_connect('linuxproj.ecs.soton.ac.uk', 'db_alw3g08', 'pasta'); $db = mysql_select_db('db_alw3g08', $connection); $emailCHecker = mysql_real_escape_string($email1); $emailCHecker = str_replace("`", "", $emailCHecker); // Database duplicate username check setup for use below in the error handling if else conditionals $sql_uname_check = mysql_query("SELECT username FROM Members WHERE username='$username'"); $uname_check = mysql_num_rows($sql_uname_check); // Database duplicate e-mail check setup for use below in the error handling if else conditionals $sql_email_check = mysql_query("SELECT email FROM Members WHERE email='$emailCHecker'"); $email_check = mysql_num_rows($sql_email_check); // Error handling for missing data if ((!$username) || (!$firstname) || (!$lastname) || (!$address) || (!$postcode) || (!$town) || (!$b_m) || (!$b_d) || (!$b_y) || (!$email1) || (!$email2) || (!$pass1) || (!$pass2)) { $errorMsg = 'ERROR: You did not submit the following required information:<br /><br />'; if(!$username){ $errorMsg .= ' * User Name<br />'; } if(!$firstname){ $errorMsg .= ' * First Name<br />'; } if(!$lastname){ $errorMsg .= ' * Last Name<br />'; } if(!$address){ $errorMsg .= ' * Address<br />'; } if(!$postcode){ $errorMsg .= ' * postcode<br />'; } if(!$town){ $errorMsg .= ' * town<br />'; } if(!$b_m){ $errorMsg .= ' * Birth Month<br />'; } if(!$b_d){ $errorMsg .= ' * Birth Day<br />'; } if(!$b_y){ $errorMsg .= ' * Birth year<br />'; } if(!$email1){ $errorMsg .= ' * Email Address<br />'; } if(!$email2){ $errorMsg .= ' * Confirm Email Address<br />'; } if(!$pass1){ $errorMsg .= ' * Login Password<br />'; } if(!$pass2){ $errorMsg .= ' * Confirm Login Password<br />'; } } else if ($email1 != $email2) { $errorMsg = 'ERROR: Your Email fields below do not match<br />'; } else if ($pass1 != $pass2) { $errorMsg = 'ERROR: Your Password fields below do not match<br />'; } else if (strlen($username) < 6) { $errorMsg = "<u>ERROR:</u><br />Your User Name is too short. 6 - 20 characters please.<br />"; } else if (strlen($username) > 20) { $errorMsg = "<u>ERROR:</u><br />Your User Name is too long. 6 - 20 characters please.<br />"; } else if ($uname_check > 0){ $errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside of our system. Please try another.<br />"; } else if ($email_check > 0){ $errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside of our system. Please use another.<br />"; } else { // Error handling is ended, process the data and add member to database $email1 = mysql_real_escape_string($email1); $pass1 = mysql_real_escape_string($pass1); // Add MD5 Hash to the password variable $password = md5($pass1); // Convert Birthday to a DATE field type format(YYYY-MM-DD) out of the month, day, and year supplied $dateofbirth = "$b_y-$b_m-$b_d"; // Add user info into the database table for the main site table $sql = mysql_query("INSERT INTO members (username, firstname, lastname, email, password, dateofbirth, phone, lastlogin) VALUES('$username','$firstname','$lastname','$email1','$password', '$dateofbirth','$phone', now())") or die (mysql_error()); $sql = mysql_query("INSERT INTO address (address, postcode, town, housenumber) VALUES('$adress','$postcode,'$town','$housenumber'") or die (mysql_error()); $id = mysql_insert_id() } else { // if the form is not posted with variables, place default empty variables so no warnings or errors show $errorMsg = ""; $username = ""; $firstname = ""; $lastname = ""; $phone = ""; $address = ""; $postcode = ""; $town = ""; $housenumber = ""; $b_m = ""; $b_d = ""; $b_y = ""; $email1 = ""; $email2 = ""; $pass1 = ""; $pass2 = ""; } Hey guys i have a few question with this login script im trying to make. Ok so first im using php myadmin and i've created a simple login here that works fine but i want to tweak it so when i login i can login to a specific site where i've created tables and stuff. Is there anyone out there that can help me im a little stumped on how to do this. Thanks in regards. Here are my two scripts im using show_login.html Code: [Select] <html> <head> <title>Login Form</title> <h1>Login to Authorized Area</h1> <form method= "post" action= "login.php"> <br> Username: <input type= "text" name= "username"> <br> <br> Password: <input type= "password" name= "password"> <br> <p> <input type= "submit" name= "submit" value= "Login" </p><br> </html> </form> login.php Code: [Select] <? if ((!$_POST['username']) || (!$_POST['password'])) { header("Location: show_login.html"); exit; } $db_name="ryan"; $table_name="auth_users4"; $connection=@mysql_connect("localhost","RyanH","test1234")or die(mysql_error()); $db =@mysql_select_db($db_name, $connection)or die(mysql_error()); $sql= "SELECT * FROM $table_name WHERE username ='$_POST[username]' AND password = password('$_POST[password]')"; $result = @mysql_query($sql,$connection) or die(mysql_error()); $num=mysql_num_rows($result); if ($num != 0) { echo "<P>Congratulations, you're authorized!</p>"; }else{ echo "<P>You are not authorized to use this site</p>"; echo'<br/><a href="show_login.html">Try Again</a>'; exit; } ?> i have downloaded a basic php site from "http://www.basiclogin.com/" when i deploy it i get a lot of errors... can you help me out??? Hi I want to make a simple login system which goes like this: a) the 1st page (login_form.php) will check if you are logged or not and give you the login form (username - password) b) when you submit a 2nd page (login_check) will check if you really typed anything . If it finds that the texts are null it will return you to the 1st page (without you pressing anything) and give you the form again with a error message written say above. Else it checks the mysql database.(on another page i think) i find it difficult to navigate through the pages cause header gives me error (headers allready sent) and meta tag doesnt keep the $_POST values. (for example the error meassage) Please help Sorry for my English it's not my native. I'm completely new to programming in PHP so I looked up a tutorial on youtube, came across the phpacademy tutorial for making a login page script. I followed everything as mentioned in the video but for some reason, I can login without a username or password entered and on top of that it's not displaying any of the messages I added in the code. I'm using Xampp for my Apache server and MySQL, configured everything I should of (as far as I know) but it still refuses to work. Here's the html for the login page, just a basic form. Code: [Select] <html> <form action='login.php' method='POST'> Username: <input type='text' name='username'><br> Password: <input type='password' name='password'><br> <input type='submit' value='Log in'> </html> And then we have the PHP code which isn't working AT ALL. It's like it's not reading it at all for some reason and I can't figure out why. Code: [Select] <?php $connect = mysql_connect("localhost", "root", "") or die("Couldn't connect!"); mysql_select_db("phplogin") or die("Couldn't find DB"); $connection =@ mysql_connect($db['server'], $db['user'], $db['password']) or die (include_once("offline.php")); $db =@ mysql_select_db($db['database']) or die (include_once("offline.php")); if($_POST['username'] && $_POST['password']){ $username = trim($_POST['username']); $password = trim($_POST['password']); $query = mysql_query("SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'"); $numrows = mysql_num_rows($query); if ($numrows > 0){ echo "Username & Password correct (Logged in)"; } else { echo "That user doesn't exist"; } } else { echo "Please enter a username and password!"; } ?> One thing I should mention is that, if I try to login on firefox it shows part of my php code as text, if I open it on Opera it displays the whole php code as text. Any ideas? -.-' Can anyone explain how i can create a registration and login page using PHP that doesnt use databases, sessions, or cookies? Is there a tutorial someone can point me to or could anyone tell me the method. Thanks first time php coder I always feel bad for my first post on a new forum being a question. But this has me stuck I am writing a very simple log-in script. To check I am using 'mysql_num_rows' and seeing that only one row is returned. I have tried debugging this, and using Google but to no avail. The page is saying 'Login unsuccessful' even when the values are correct. Any help is greatly appreciated. Code: [Select] <html> <head> <title> Log-in </title> </head> <body> <form action="login.php" method="POST"> Username: <input type="text" name=username"> Password: <input type="password" name="password"> <input type="submit" name="login" value="Login"> </form> <?php if(isset($_POST['username'])){ $un = $_POST['username']; } if(isset($_POST['password'])){ $pass = $_POST['password']; } $db = mysql_connect("127.0.0.1:3306", "root" , "password"); //Not actual password btw :P if(!$db) { die("Error connecting to database: " . mysql_error()); } $db_used = mysql_select_db("login", $db); if(!$db_used){ die("Could not select database: " . mysql_error()); } $user_name = mysql_real_escape_string($un); $password = mysql_real_escape_string($pass); $query = "SELECT * FROM details WHERE un=" . $user_name . " AND pwd=" . $password. ""; $query2 = "SELECT * FROM details WHERE un='$user_name' AND pwd='$password'"; //This was for debugging, seeing if it was the passing that was failing $result = mysql_query($query); if(!$result){ echo "There was an error processing your request: " . mysql_error() . ""; } $check = mysql_num_rows($result); if($check == 1){ echo "Login successful, welcome back " . $user_name . ""; } else{ echo "Login unsuccessful, please ensure you are using the correct details"; } ?> </body> </html> Thanks in advance guys.... --LiquidFusi0n Ok here is what I'm trying to do. There is a link in a email that is sent out to the people who use this app. When they click on the email link they are brought to this site which is password protected. So they have to enter their username and password. What I want to below script to do is to log them in while checking to see if the $id variable is set. If it is, then the script is to take them to the page in the email link. If not take them to the submit job page. <?php $id=$_POST["id"]; $cmd = $_POST['cmd']; $connection = mysql_connect("host", "user", "pass"); mysql_select_db("database", $connection) or die(mysql_error()); switch($cmd) { case "login": $u = $_POST['username']; $p = $_POST['password']; $query = "SELECT * FROM login WHERE username='$u' AND password='$p'"; $result = mysql_query($query); $row = mysql_fetch_array($result); if (isset($id))($row){ session_start(); $_SESSION['user_id'] = $row[0]; $_SESSION['residentname'] = $row[1]; $_SESSION['unit_num'] = $row[2]; setcookie("TestCookie", time()+3600); /* expire in 1 hour */ $resite = "submitjob.php?do=viewone&id=$id"; header("Location:$resite"); exit(); } else if ($row){ session_start(); $_SESSION['user_id'] = $row[0]; $_SESSION['residentname'] = $row[1]; $_SESSION['unit_num'] = $row[2]; setcookie("TestCookie", time()+3600); /* expire in 1 hour */ $resite = "submitjob.php"; header("Location:$resite"); exit(); } else { echo "Sorry the app didn't find a match."; } break; } ?> My main pages looks like this... <?php include "header.php"; CONTENT include "footer.php"; ?> On the header will be my login script so on every page the script will be there so they can log in from anywhere on the site. Also, I want it all done on one page instead of being directed somewhere else. This is the code below. <?php session_start(); $message = ""; //error message needs to be blank $loginstatus = ""; //error message needs to be blank //if $_POST "username" and "password" exist, check for consistency. if (isset($_POST['username'])&&($_POST['password'])) { include 'connect.php'; //connect $username = mysql_real_escape_string($_POST['username']); //set variables from session $password = mysql_real_escape_string($_POST['password']); //set variables from session //remove slashes and HTML $username = stripslashes($username); $password = stripslashes($password); $username = strip_tags($username); $password = strip_tags($password); $password = md5($password); //md5 encryption $query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); //checking if row exists that has $username and $password together. $num = mysql_num_rows($query); //number of rows. if not equal to one login will fail. if($num==1) { $_SESSION['username'] = $username; //store session data $message = "$username, you are logged in!"; } else { $message = "<font color='red'>Wrong Username or Password. Please try again.</font>"; } } //if $_SESSION "username" and "password" exist, check for consistency. if (isset($_SESSION['username'])) { $username = $_SESSION['username']; $loginstatus = " <table cellspacing='0' cellpadding='0'> <tr> <td align='right'><b>$message</b> <a href='logout.php'>[logout]</a></td> </tr> </table> "; } else { $loginstatus = " <b>$message</b> <table cellspacing='0' cellpadding='0'> <form action='CURRENTPAGE.php' method='post'> <tr> <td><b>Username: </td> <td><input type='text' name='username' class='inputbox'></td> <td> <b>Password: </td> <td><input type='password' name='password' class='inputbox'></td> <td> <input type='submit' value='Log In' class='submitbutton'></td> </tr> </table> </form> "; } echo $loginstatus; ?> I have two questions... #1 How can I direct my page when entering the password to the current page the user is on? (look at CURRENTPAGE.php in the code for reference) #2 Security is obviously an issue at all times. How does my security look? What can I do to make this login script more secure? Thanks so much for all of those who help out. I'll be watching this forum all day everyday. I have written some php that forces login before accessing certain pages on my site. When a user sends an private message to another user, they are notified via email. In the email they can then click the view message link to take them right to the message, but if they aren't logged in they are sent to the login page. I'd like them to be redirected to the message after logging in, but I'm getting a php error. This is currently working for URL's like: domain.com/known-bugs Does NOT work: http://domain.com/messaging?action=read&cid=130&utm_source=new_message&utm_medium=email&utm_campaign=direct_mesage_link I think the query string is a problem in the script. To create this login feature. I am using... Code: [Select] $login = array( 'blogadd', 'messaging', 'company-settings', 'company-landing', 'company-create', 'company-join', 'account-settings', 'logout', 'home', 'newsadd', 'partnerRequest', 'known-bugs', 'reminders' ); $page = substr(end(explode(DIRECTORY_SEPARATOR, $_SERVER['PHP_SELF'])), 0, -4); if (in_array($page, $login)) { $urlSource = urlencode(curPageUrl()); header("Location: /login?onlogin=${urlSource}"); die(); } curPageURL is just the full url of the current page. WORKS: When I'm not logged in and I go to the known-bugs page I get redirected to http://domain.com/login?onlogin=http%3A%2F%2Fdomain.com%2Fknown-bugs DOESN'T WORK: When I try and access messaging by clicking... http://domain.com/messaging?action=read&cid=130&utm_source=new_message&utm_medium=email&utm_campaign=direct_mesage_link I get redirected to: http://domain.com/login?onlogin=http%3A%2F%2Fdomain.com%2Fmessaging%3Faction%3Dread%26cid%3D130%26utm_source%3Dnew_message%26utm_medium%3Demail%26utm_campaign%3Ddirect_mesage_link Any thoughts as to what I am doing wrong? This has been an ongoing issue from the start. When I try to login I enter the username and password and click login, then get taken back to the login page to reenter the same details and the second time I click login I get logged in. Now if I then log out and close window and wait a few seconds, restart again and try to log in, I get in first time. I believe this could be a session issue but I thought unsetting the unset($_SESSION['admin']); would cause the session to be lost and have to start again. I just can not get my head around what is causing it. Can anyone tell me what I might be doing wrong ? I have a redirect to originating page, so if I was to view a previous page within the admin area I have to log in and then once loggeed in it will redirect to the page I was on before. Here are my scripts.
<?php session_set_cookie_params(0, '/', '.****.com'); session_start(); error_reporting(-1); define('site_title', 'Admin '); define('pageTitle', 'Admin '); $_SESSION['loginRedirect'] = "adminCreateCampaign.php"; include("functions-for-email.php"); $checkAdminStatus = checkAdminStatus($mysqli); if(!isset($_SESSION['admin']) || $checkAdminStatus == "NOACCESS") { $_SESSION['error'] = 'You must be logged in to view that page. (el.S1)'; //$_SESSION['loginRedirect'] = "showStats.php"; //echo("You must be logged in to view that page. (el.S1)<br>"); exit; @mysqli_close($mysqli); header('Location: ' . adminFullWebAddress . '/index.php'); exit; } else { if($_SESSION['admin']['account_type'] != 'admin') { $_SESSION['error'] = 'You do not have the priviledges to view that page. (el.S2)'; @mysqli_close($mysqli); header('Location: ' . adminFullWebAddress . '/index.php'); exit; } } ?> <!DOCTYPE> <html> <head> <link href="adminstyle.css" rel="stylesheet" type="text/css" /> <title><?php echo(site_title); ?></title> </head> <body> <div id="container"> <div class="containerInner"> <div id="leftInner100"> <?php // start of leftInner ?> <?php menu(); ?> <h1 class="middleTitle">Admin </h1> <?php if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; unset($thisError); } if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; unset($thisSuccess); } ?> <br><br> </div><?php // end of leftInner ?> </div><?php // end of containerInner ?> <div class="clearfix"></div> </div><?php // container ?> </body> </html> <?php @mysqli_close($mysqli); ?>
<?php session_set_cookie_params(0, '/', '.****.com'); session_start(); error_reporting(-1); include("functions.php"); $checkAdminStatus = checkAdminStatus($mysqli); //$_SESSION['loginRedirect'] = adminFullWebAddress . "/index.php"; $fromlink4 = isset($_SERVER['REMOTE_ADDR']) ? (gethostbyaddr($_SERVER['REMOTE_ADDR'])) : "empty"; $ipAddress = $_SERVER['REMOTE_ADDR']; if(isset($_POST['email'])) { $email = $_POST['email']; $email = strip_tags($email); } else { $email = ""; } if(isset($_POST['pass'])) { $password = $_POST['pass']; $pass = $_POST['pass']; } else { $pass = ""; } if(isset($_POST['login']) && trim($_POST['login']) == 'Login') { $checkEmail = db_query($mysqli, "SELECT `adminid` FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($email) . "' LIMIT 1"); $checkBanned = db_query($mysqli, "SELECT `adminid` FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($email) . "' AND `suspended` = 'Yes' LIMIT 1"); $failedLoginCounter = 0; if(!$email) { $thisError = 'Please enter your e-mail address.'; } else if(! $checkEmail->num_rows) { $thisError = 'Either the email address, password or both were not entered correctly.'; } else if(!$password) { $thisError = 'Please enter your password.'; } else if($checkBanned->num_rows) { $thisError = 'Your account has been suspended by Admin.'; } else { $password = md5($password); $checkAccount = db_query($mysqli, "SELECT * FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($email) . "' AND `password` = '" . $mysqli->real_escape_string($password) . "' LIMIT 1"); if($checkAccount->num_rows) { $saveChanges = db_query($mysqli, "UPDATE `admins` SET `lastlogindatetime` = '" . $mysqli->real_escape_string(datetimenow) . "', `lastAccessSinceLogin` = '" . $mysqli->real_escape_string(datetimenow) . "', `lastloginip` = '" . $mysqli->real_escape_string($ipAddress) . "', `failedLoginCounter` = 0 WHERE `email` = '" . $mysqli->real_escape_string($email) . "' LIMIT 1"); // set lastlogindatetime $_SESSION['admin'] = $checkAccount->fetch_assoc(); $loginRedirect = isset($_SESSION['loginRedirect']) ? $_SESSION['loginRedirect'] : ""; $_SESSION['success'] = 'You are now logged in. (ok.L2) ' . $loginRedirect; header('Location: ' . adminFullWebAddress . '/' . $loginRedirect); exit; } else { $thisError = 'Your e-mail address and/or password is incorrect.<br>If you still face issues, you can <a href="startresetpw.php">reset your password</a>'; $saveChanges = db_query($mysqli, "UPDATE `admins` SET `failedLoginCounter` = `failedLoginCounter` + 1, `lastloginfailedip` = '" . $mysqli->real_escape_string($ipAddress) . "', `lastlogindatetimeFailed` = '" . $mysqli->real_escape_string(datetimenow) . "' WHERE `email` = '" . $mysqli->real_escape_string($email) . "' LIMIT 1"); // set lastlogindatetimeFailed } } } if(!isset($_SESSION['admin'])) { define('site_title', 'Login'); define('pageTitle', 'Login'); } else { define('site_title', 'Home'); define('pageTitle', 'Home'); } ?> <!DOCTYPE> <html> <head> <link href="adminstyle.css" rel="stylesheet" type="text/css" /> <title><?php echo(site_title); ?></title> </head> <body> <div id="container"> <div class="containerInner"> <div id="leftInner100"> <?php // start of leftInner ?> <div id="mainphoto"><?php //specialMessage($mysqli); mainPageImage(""); ?></div> <div class="clear"></div><?php if(isset($_SESSION['admin'])) { menu(); } if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; } if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; } unset($thisError); unset($thisSuccess); if(!isset($_SESSION['admin'])) { ?> <div style="width: 100%; margin: 0em auto; text-align: center;"> <form method="POST" action="index.php" style="width: 15em; text-align: center;"> <div class="field"> E-mail Address </div> <div class="value"> <input type="text" name="email" value="<?php if(isset($_POST['email'])) { echo $email; } ?>" style="width: 12.5em;" title="email"> </div> <div class="field"> Password<br><span style="font-size: 0.8em;"><?php if (isset($_POST['pass'])) { echo('<strong style="color: red;">'); } ?>(Please note: your password may be CaSe SeNSitIvE)<?php if (isset($_POST['pass'])) { echo('</strong>'); } ?></span> </div> <div class="value"> <input type="password" name="pass" value="" style="width: 12.5em;" title="pass"> </div> <div><br><input type="submit" name="login" value="Login"> <input type="reset" value="Clear"><br></div> </form><br> <div class="clearFloat"></div> </div> <?php } else { ?>logged in<?php } ?> <br><br> </div><?php // end of leftInner ?> </div><?php // end of containerInner ?> <div class="clearfix"></div> </div><?php // container ?> </body> </html> <?php @mysqli_close($mysqli); ?> functions.php <?php define('showOutput', 0); include("/home/****/db_login_functions.php"); define('db_table_name', 'clientList'); define('mailHost', 'mail.****.com'); define('mailUsername', 'noreply@****.com'); define('mailPW', '****'); define('bounce', 'bounce@****.com'); define('fullDomain', 'https://www.admin.****.com'); define('adminFullWebAddress', 'https://www.admin.****.com'); define('adminEmail', 'admin@****.com'); define('fromEmail', 'noreply@****.com'); define('fromName', 'DO NOT REPLY'); define('REMOTEADDR', isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : ''); define('PHPSELF', $_SERVER['PHP_SELF']); define('HTTPREFERER', isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "not set"); define('unsub', 'https://www.****.com/unsub.php'); define('securityhash', 'abc'); // NEVER change this securityhash. date_default_timezone_set('Europe/London'); define('datetimenow', date("Y-m-d H:i:s")); /* check if user is allowed to access a certain page or not. */ function checkAdminStatus($mysqli) { $yesNo = ""; if(isset($_GET['action']) && $_GET['action'] == 'logout') { unset($_SESSION['admin']); $_SESSION['success'] = 'You have successfully logged out. (lo.1)'; header('Location: index.php'); exit; } if(isset($_SESSION['admin']) ) { // need to add in code to check if logged in for more than 1 hour, if so log out on next refresh of page. if ($_SESSION['admin']['lastAccessSinceLogin'] < date( 'Y-m-d H:i:s', strtotime("-5 minutes") )) { unset($_SESSION['admin']); $_SESSION['error'] = 'You were logged out due to no activity, please login again to view that page. (lo.2)'; header('Location: index.php'); exit; } $checkBanned = db_query($mysqli, "SELECT `adminid` FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($_SESSION['admin']['email']) . "' AND `suspended` = 'Yes' LIMIT 1"); if($checkBanned->num_rows) { $yesNo = "NOACCESS"; //$_SESSION['error'] = 'You must be logged in to view that page.'; } else { $yesNo = "ACCESS"; // if logged in, update `users`.`lastAccessSinceLogin` with current datetime. $updateLastAccessSinceLogin = db_query($mysqli, "UPDATE `admins` SET `lastAccessSinceLogin` = '" . $mysqli->real_escape_string(datetimenow) . "', `lastloginip` = '" . $mysqli->real_escape_string(REMOTEADDR) . "', `failedLoginCounter` = 0 WHERE `email` = '" . $mysqli->real_escape_string($_SESSION['admin']['email']) . "' LIMIT 1"); $_SESSION['admin']['lastAccessSinceLogin'] = datetimenow; } } return $yesNo; } function menu() { echo('<a href="index.php?action=logout">Log Out</a> '); echo(' <a href="adminCreateCampaign.php">Create Campaign</a><br><br><br>'); } ?>
.htaccess (within the admin folder) Header set Access-Control-Allow-Origin "*" RewriteEngine On RewriteCond %{HTTPS} off # First rewrite to HTTPS: # Don't put www. here. If it is already there it will be included, if not # the subsequent rule will catch it. RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # Now, rewrite any request to the wrong domain to use www. # [NC] is a case-insensitive match RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] ### DON'T DELETE!! Below entry is MUST for your PHP sites like wordpress,joomla and etc to work properly. suPHP_ConfigPath /home/****/php.ini .htaccess (within the root folder) Header set Access-Control-Allow-Origin "*" RewriteEngine On RewriteCond %{HTTPS} off # First rewrite to HTTPS: # Don't put www. here. If it is already there it will be included, if not # the subsequent rule will catch it. RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # Now, rewrite any request to the wrong domain to use www. # [NC] is a case-insensitive match RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] ### DON'T DELETE!! Below entry is MUST for your PHP sites like wordpress,joomla and etc to work properly. suPHP_ConfigPath /home/****/php.ini the php.ini file allow_url_fopen = on allow_irl_include = on date.timezone = Europe/London safe_mode = off upload_max_filesize = 20M post_max_size = 20M upload_tmp_dir = "/home/****/tmp" session.save_path = "/home/****/sessions" session.use_only_cookies = on error_reporting = E_ALL log_errors = On display_errors = Off track_errors = On error_log = "/home/****/errors.log" sendmail_from = "server@****.com"
hallo i cant seem to find whats worng with this login file i made that i include in my index page i keep on geting the "sorry, please enter your username and password to login" error while trying to log in with a valid username and password. Code: [Select] <?php require_once('db_login.php'); //the error massged $Login_error = "" ; //chacck if looged in, else check if trying to login if (!isset($_COOKIE['User_Id'])){ if (isset($_POST['submit'])){ //connect to db $connection = mysql_connect($db_host, $db_username, $db_password); //grabing user enterd details $user_username = mysqli_real_escape_string($connection, trim($_POST['UserName'])); $user_password = mysqli_real_escape_string($connection, trim($_POST['password'])); if (!empty($user_username) && !empty($user_password)){ $query = "SELECT User_Id, UserName FROM users WHERE UserName = '$user_username' AND ". "password = '$user_password'"; $data = mysqli_query($connection, $query); if(mysqli_num_rows($data) == 1){ //user name and pass are ok setcookie('User_Id', $row['User_Id']); setcookie('password', $row['password']); $home_url = 'http://' .$_SERVER['HTTP_HOST']. dirname($_SERVER['PHP_SELF']) . '/index.php'; header('Location: ' . $home_url) ; } else{ //worng username AND\OR password $Login_error ="the username or password are incorrect"; } } else{ //no username and'or password were enterd $Login_error = "sorry, please enter your username and password to login"; } } } ?> <?php //if the cookie is empty show errormsg and form if(empty($_COOKIE['User_Id'])) { echo $Login_error ; ; ?> <script type="text/javascript" > $(document).ready(function () { $("#login").ready(function () { $("#login").slideDown('slow'); }); }); </script> <div id="login" style="background-color:#09C;border:1px solid; width:100%; height:25px; display:none; margin-bottom:5px;"> לא חבר באתר? <a href="/Register.php"><span style="color:#9C3; font-style:oblique;">הרשם</span></a> עכשיו! <form style="float:right" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>"> <label> שם משתמש: <input type="text" id="UserName" name="UserName"/> </label> <label> סיסמה: <input type="password" id="password" name="password"/> </label> <input type="submit" name="submit" value="התחבר" /> </form> </div> <?php } else{ ?> <div id="login" style="background-color:#09C;border:1px solid; width:100%; height:25px; display:none; margin-bottom:5px;"> שלום <?php echo $_COOKIE['UserName']; ?> </div> <?php }?> thanks in advance I had a success page redirect after the login...but the login happens even if the username and password is not entered. you can check it in colonialcasa.org here's the code for the login.php page ( i have obviously changed the server name, database and password for privacy reasons ) <? /*simple checking of the data*/ if(isset($_POST['login']) & isset($_POST['pass'])) { /*Connection to database logindb using your login name and password*/ $db=mysql_connect('servername','login','password') or die(mysql_error()); mysql_select_db('mpahost_logindb'); /*additional data checking and striping*/ $_POST['login']=mysql_real_escape_string(strip_tags(trim($_POST['login']))); $_POST['pass']=mysql_real_escape_string(strip_tags(trim($_POST['pass']))); $q=mysql_query("SELECT * FROM login WHERE login='{$_POST['login']}' AND pass='{$_POST['pass']}'",$db) or die(mysql_error()); /*If there is a matching row*/ if(mysql_num_rows($q) > 0) { $_SESSION['login'] = $_POST['login']; $login='Welcome back '.$_SESSION['login']; } else { $login= 'Wrong login or password'; } mysql_close($db); } /*Use of Sessions*/ if(!session_id()) header("Location: advocates.html"); // success page. put the URL you want header("Cache-control: private"); //avoid an IE6 bug (keep this line on top of the page) $login='NO data sent'; //you may echo the data anywhere in the file echo $login; ?> This is my one page log in system. Using this on the header so guests can log in on ANY page. Let me know what you think needs improving for security. I'm also wondering if putting the include "disconnect.php"; where I have is correct. Thanks! Code: [Select] <?php session_start(); $message = ""; //error message needs to be blank $loginstatus = ""; //error message needs to be blank //if $_POST "username" and "password" exist, check for consistency. if (isset($_POST['username'])&&($_POST['password'])) { include 'connect.php'; //connect $username = mysql_real_escape_string($_POST['username']); //set variables from session $password = mysql_real_escape_string($_POST['password']); //set variables from session //remove slashes and HTML $username = stripslashes($username); $password = stripslashes($password); $username = strip_tags($username); $password = strip_tags($password); $password = md5($password); //md5 encryption $query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); //checking if row exists that has $username and $password together. $num = mysql_num_rows($query); //number of rows. if not equal to one login will fail. if($num==1) { $_SESSION['username'] = $username; //store session data $message = "$username, you are logged in!"; include "disconnect.php"; } else { $message = "<font color='red'>Wrong Username or Password. Please try again.</font>"; } } //if $_SESSION "username" and "password" exist, check for consistency. if (isset($_SESSION['username'])) { $username = $_SESSION['username']; $loginstatus = " <table cellspacing='0' cellpadding='0'> <tr> <td align='right'><b>$message</b> <a href='logout.php'>[logout]</a></td> </tr> </table> "; } else { $loginstatus = " <b>$message</b> <table cellspacing='0' cellpadding='0'> <form action='index.php' method='post'> <tr> <td><b>Username: </td> <td><input type='text' name='username' class='inputbox'></td> <td> <b>Password: </td> <td><input type='password' name='password' class='inputbox'></td> <td> <input type='submit' value='Log In' class='submitbutton'></td> </tr> </table> </form> "; } echo $loginstatus; ?> |