|
PHP - Access Level From Database To Login In Myphpadmin
We have setup a member login page in CS5 using a myphpadmin database. We want to give members access to particular areas of our site depending on what username and password they enter. ie member 1 only requires access to specific documents/webpages - member 2 requires access to other documents/webpages. Not sure how to do this.
Similar TutorialsHello. Basically I have created a form that you fill in and an email gets sent to your in box and you have an access_level of 1. Within this email there is one field. A validation_id. Now what im trying to do is when you click this link it opens the webpage and updates your access_level to 2. I have wrote my query and array and i can see exactly which bit is wrong. Its where i have validation_id= $validation_id") Now its not working and I can see the error. Problem is im too new at this to understand why its wrong and how to fix it can anyone help? Here is the rest of the code. Also could you please explain? I would really like to understand it before i move any further. p.s. I have already selected my database in the included file <? include('database_name'); session_start(); $validation_id =$_GET['validation_id']; $FullRec__query=sprintf("SELECT * FROM Members WHERE validation_id= $validation_id"); $FullRec = mysql_query($FullRec__query, $database name) or die(mysql_error()); $FullRecArray = mysql_fetch_array($FullRec); $UdateAccessQuery = sprintf("UPDATE Members SET access_level = '2' WHERE validation_id = $validation_id"); mysql_query($UdateAccessQuery, $database_name) or die(mysql_error()); ?> Hi everyone, am developing an application that has two views 1 for administrator and 1 for staff. Administrator can perform all application tasks and Staff can ONLY perform certain task. I have implemented sessions quite alright and are working. Now the problem is that when I login as Staff and then I change the URL to point to an administrator's page the application is allowing that, How can I prevent that from happening. Staff MUST NOT see administrators pages. Here is my login code, logout code and code am using to protect webpages below. Here is my login code <?php //start the session session_start(); $username=$_POST['username']; $password=$_POST['password']; $encrypted=md5($password); // set connection to database $hostname="localhost"; // Host name $mysql_server_username="root"; // Mysql username $server_password=""; // Mysql password $db_name="db_inventory"; // Database name $table = "tbl_users"; // Table name // Connect to server and select database. mysql_connect("$hostname", "$mysql_server_username", "$server_password")or die("cannot connect to database server"); mysql_select_db("$db_name") or die ("Couldn't select the database."); $admin=("select * from $table where username='$username' AND password='$encrypted' AND type = 'admin'"); $staff=("select * from $table where username='$username' AND password='$encrypted' AND type = 'staff'"); //check that at least one row was returned $adminresult=mysql_query($admin); $admincount = mysql_num_rows($adminresult); $staffresult=mysql_query($staff); $staffcount = mysql_num_rows($staffresult); if($admincount> 0){ $_SESSION['valid_user'] = $username ; header( "Location: main_menu.php" ); } else if($staffcount> 0){ $_SESSION['valid_user'] = $username ; header( "Location: staff/main_menu.php" ); } else { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>title> | Login</title> </head> <body bgcolor="#FFFFFF" background-repeat:no-repeat; background="images/images1.jpg"> <div align="center"> <table width="800" height="501" border="0" cellpadding="1" cellspacing="1"> <tr> <td height="100"> </td> </tr> <tr> <td height="350"> <div align="center"> <form method="post" action="login_process.php"> <h4 align="center"><font color="red">Incorrect Username / Password ! Please Try Again</font></h4> <img name="" src=images/padlock_closed.gif width="34" height="32" alt="" /><br /><br /> <table width="314" border="0" cellspacing="1" cellpadding="1"> <tr> <td>Username:</td> <td><label> <input type="text" name="username" /> </label></td> </tr> <tr> <td>Password:</td> <td><label> <input type="password" name="password" /> </label></td> </tr> <tr> <td colspan="2"> <p> <input type="submit" name ="submit" value="Login" /> <input type="reset" value="Reset" /> </p> </td> </tr> </table> </form> </div> </td> </tr> <tr> <td height="100"> </td> </tr> </table> </div> </body> </html> <?php } ?> Here is my logout code <?php //start the session session_start(); //check to make sure the session variable is registered if(isset($_SESSION['valid_user'])){ //session variable is registered, the user is ready to logout session_unset(); session_destroy(); //the session variable isn't registered, the user shouldn't even be on this page header( "Location: index.php" ); } else { //check to see if the session variable is not registered if(!isset($_SESSION['valid_user'])){ //redirect to login page header( "Location: index.php" ); } } ?> Here is code I am using to protect pages <?php //start the session session_start(); //check to make sure the session variable is registered if(!isset($_SESSION['valid_user'])){ //redirect to login page header( "Location: index.php" ); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title> | Main Menu</title> <link rel="stylesheet" type="text/css" href="css.css" /> </head> <body> <div id="tabsF"> <ul> <!-- CSS Tabs --> <li id="current"><a href="main_menu.php"><span>MAIN MENU</span></a></li> <li><a href="stockmaster.php"><span>STOCK MASTER</span></a></li> <li><a href="controlpanel.php"><span>CONTROL PANEL</span></a></li> <li><a href="logout.php"><span>LOGOUT</span></a></li> </ul> </div> </body> </html> Thank you. i try to create login page with two different user level for example admin and staff. i did not get any error on my code but it just did not direct to the page it been set to. it just display wrong username or password. i not really sure what is wrong. here is the code loginForm.php Code: [Select] <form action="login.php" method ="post"> <table> <tr><td>Usernama</td> <td><input name="username" type="text" size = "15" maxlength = "15"/></td></tr> <tr><td>Password</td> <td><input name="password" type="password" size = "15" maxlength = "15"/></td></tr> </table> <br><input name="submit" type ="submit" value ="Login"/></td> </form> login.php Code: [Select] <?php ob_start(); $host="localhost"; $user="root"; $pass=""; $db_name="office"; $tbl_name="login"; mysql_connect("$host", "$user", "$pass")or die("cannot connect"); mysql_select_db("$db_name")or die("Cannot Select Database"); // username and password sent from form $sername=$_POST['username']; $password=$_POST['password']; $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $sql="SELECT * FROM daftarPenyelia WHERE user='$username' AND pass='$password' AND userLevel='$userLevel'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); if ($count == $userLevel) { if ($userLevel == 1) { $_SESSION['username'] = $username; $_SESSION['password'] = $password; header("location:adminMenu.php"); } else if ($userLevel == 2) { $_SESSION['username'] = $username; $_SESSION['password'] = $password; header("location:staffMenu.php"); } } else { echo "Wrong Username or Password"; } ?> can someone help me with this code and tell me what is wrong so that i can fix them Hi, I would like to make a login page with 2 different user level, Admin & Staff. How can i do it using d code below. Thank u. <?php $host="localhost"; $username="root"; $password=""; $db_name="profile"; $tbl_name="company"; mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("Cannot Select Database"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); if($count==1){ session_register("myusername"); session_register("mypassword"); header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?> please is there anyone who can help me with a working login script(code) for different user level(e.g admin and user). Hi guy's, I'm having problems adjusting a script to add a level (user rights) function. When i login with a admin or normal user it gives a blank page (not redirecting to home.php). It even does'nt return an echo that user / pass is incorrect. I'm breaking my head over this for day's now. Can you help me out? Code: [Select] <?php session_start(); //Login form (index.php) include "db_connect.php"; if(!$_POST['submit']) { ?> <html> <head> <!--[if IE]> <link rel="stylesheet" type="text/css" href="style.css" /> <![endif]--> <![if !IE]> <link rel="stylesheet" type="text/css" href="firefox.css" /> <![endif]> </head> <body> <div id="wrapper"> <div id="header"> <?php include('header.php'); ?> </div> <div class="divider"> <strong>Login</strong> <form method="post" action="index.php"> <div class="formElm"> <label for="username">Klantnummer:</label> <input id="username" type="text" name="username" maxlength="16"> </div> <div class="formElm"> <label for="password">Wachtwoord:</label> <input type="password" name="password" maxlength="16"> </div> <input type="submit" name="submit" value="Login"> </form> </div> <div id="footer"> <?php include('footer.php'); ?> </div> </div> </html> <?php } else { $user = protect($_POST['username']); $pass = protect($_POST['password']); $level = protect($_POST['level']); if($user && $pass && $level) { $pass = md5($pass); //compare the encrypted password $sql1 ="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass' AND `level`='1'"; $sql2 ="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass' AND `level`='9'"; $queryN=mysql_query($sql1) or die(mysql_error()); $queryA=mysql_query($sql2) or die(mysql_error()); if(mysql_num_rows($queryN) == 1) { $resultN = mysql_fetch_assoc($queryN); $_SESSION['id'] = $resultN['id']; $_SESSION['username'] = $resultN['username']; header("location:home.php"); } elseif(mysql_num_rows($queryA) == 1) { $resultA = mysql_fetch_assoc($queryA); $_SESSION['id'] = $resultA['id']; $_SESSION['username'] = $resultA['username']; header("location:home.php"); } else{ echo "Wrong Username or Password"; } } } ?> and the mysql code: Code: [Select] CREATE TABLE `user` ( `id` int(4) unsigned NOT NULL auto_increment, `username` varchar(32) NOT NULL, `password` varchar(32) NOT NULL, `level` int(4) default '1', PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=27 DEFAULT CHARSET=latin1; This has been an ongoing issue from the start. When I try to login I enter the username and password and click login, then get taken back to the login page to reenter the same details and the second time I click login I get logged in. Now if I then log out and close window and wait a few seconds, restart again and try to log in, I get in first time. I believe this could be a session issue but I thought unsetting the unset($_SESSION['admin']); would cause the session to be lost and have to start again. I just can not get my head around what is causing it. Can anyone tell me what I might be doing wrong ? I have a redirect to originating page, so if I was to view a previous page within the admin area I have to log in and then once loggeed in it will redirect to the page I was on before. Here are my scripts.
<?php
session_set_cookie_params(0, '/', '.****.com'); session_start(); error_reporting(-1);
define('site_title', 'Admin ');
define('pageTitle', 'Admin ');
$_SESSION['loginRedirect'] = "adminCreateCampaign.php";
include("functions-for-email.php");
$checkAdminStatus = checkAdminStatus($mysqli);
if(!isset($_SESSION['admin']) || $checkAdminStatus == "NOACCESS") {
$_SESSION['error'] = 'You must be logged in to view that page. (el.S1)';
//$_SESSION['loginRedirect'] = "showStats.php";
//echo("You must be logged in to view that page. (el.S1)<br>"); exit;
@mysqli_close($mysqli);
header('Location: ' . adminFullWebAddress . '/index.php'); exit;
} else {
if($_SESSION['admin']['account_type'] != 'admin') {
$_SESSION['error'] = 'You do not have the priviledges to view that page. (el.S2)';
@mysqli_close($mysqli);
header('Location: ' . adminFullWebAddress . '/index.php'); exit;
}
}
?>
<!DOCTYPE>
<html>
<head>
<link href="adminstyle.css" rel="stylesheet" type="text/css" />
<title><?php echo(site_title); ?></title>
</head>
<body>
<div id="container">
<div class="containerInner">
<div id="leftInner100">
<?php // start of leftInner ?>
<?php menu(); ?>
<h1 class="middleTitle">Admin </h1>
<?php
if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; unset($thisError); }
if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; unset($thisSuccess); }
?>
<br><br>
</div><?php // end of leftInner ?>
</div><?php // end of containerInner ?>
<div class="clearfix"></div>
</div><?php // container ?>
</body>
</html>
<?php @mysqli_close($mysqli); ?>
<?php
session_set_cookie_params(0, '/', '.****.com'); session_start(); error_reporting(-1);
include("functions.php");
$checkAdminStatus = checkAdminStatus($mysqli);
//$_SESSION['loginRedirect'] = adminFullWebAddress . "/index.php";
$fromlink4 = isset($_SERVER['REMOTE_ADDR']) ? (gethostbyaddr($_SERVER['REMOTE_ADDR'])) : "empty";
$ipAddress = $_SERVER['REMOTE_ADDR'];
if(isset($_POST['email'])) { $email = $_POST['email']; $email = strip_tags($email); } else { $email = ""; }
if(isset($_POST['pass'])) { $password = $_POST['pass']; $pass = $_POST['pass']; } else { $pass = ""; }
if(isset($_POST['login']) && trim($_POST['login']) == 'Login') {
$checkEmail = db_query($mysqli, "SELECT `adminid` FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($email) . "' LIMIT 1");
$checkBanned = db_query($mysqli, "SELECT `adminid` FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($email) . "' AND `suspended` = 'Yes' LIMIT 1");
$failedLoginCounter = 0;
if(!$email) {
$thisError = 'Please enter your e-mail address.';
} else if(! $checkEmail->num_rows) {
$thisError = 'Either the email address, password or both were not entered correctly.';
} else if(!$password) {
$thisError = 'Please enter your password.';
} else if($checkBanned->num_rows) {
$thisError = 'Your account has been suspended by Admin.';
} else {
$password = md5($password);
$checkAccount = db_query($mysqli, "SELECT * FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($email) . "' AND `password` = '" . $mysqli->real_escape_string($password) . "' LIMIT 1");
if($checkAccount->num_rows) {
$saveChanges = db_query($mysqli, "UPDATE `admins` SET `lastlogindatetime` = '" . $mysqli->real_escape_string(datetimenow) . "', `lastAccessSinceLogin` = '" . $mysqli->real_escape_string(datetimenow) . "', `lastloginip` = '" . $mysqli->real_escape_string($ipAddress) . "', `failedLoginCounter` = 0 WHERE `email` = '" . $mysqli->real_escape_string($email) . "' LIMIT 1");
// set lastlogindatetime
$_SESSION['admin'] = $checkAccount->fetch_assoc();
$loginRedirect = isset($_SESSION['loginRedirect']) ? $_SESSION['loginRedirect'] : "";
$_SESSION['success'] = 'You are now logged in. (ok.L2) ' . $loginRedirect;
header('Location: ' . adminFullWebAddress . '/' . $loginRedirect); exit;
} else {
$thisError = 'Your e-mail address and/or password is incorrect.<br>If you still face issues, you can <a href="startresetpw.php">reset your password</a>';
$saveChanges = db_query($mysqli, "UPDATE `admins` SET `failedLoginCounter` = `failedLoginCounter` + 1, `lastloginfailedip` = '" . $mysqli->real_escape_string($ipAddress) . "', `lastlogindatetimeFailed` = '" . $mysqli->real_escape_string(datetimenow) . "' WHERE `email` = '" . $mysqli->real_escape_string($email) . "' LIMIT 1"); // set lastlogindatetimeFailed
}
}
}
if(!isset($_SESSION['admin'])) {
define('site_title', 'Login');
define('pageTitle', 'Login');
} else {
define('site_title', 'Home');
define('pageTitle', 'Home');
}
?>
<!DOCTYPE>
<html>
<head>
<link href="adminstyle.css" rel="stylesheet" type="text/css" />
<title><?php echo(site_title); ?></title>
</head>
<body>
<div id="container">
<div class="containerInner">
<div id="leftInner100">
<?php // start of leftInner ?>
<div id="mainphoto"><?php //specialMessage($mysqli); mainPageImage(""); ?></div>
<div class="clear"></div><?php
if(isset($_SESSION['admin'])) {
menu();
}
if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; }
if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; }
unset($thisError); unset($thisSuccess);
if(!isset($_SESSION['admin'])) { ?>
<div style="width: 100%; margin: 0em auto; text-align: center;">
<form method="POST" action="index.php" style="width: 15em; text-align: center;">
<div class="field"> E-mail Address </div>
<div class="value"> <input type="text" name="email" value="<?php if(isset($_POST['email'])) { echo $email; } ?>" style="width: 12.5em;" title="email"> </div>
<div class="field"> Password<br><span style="font-size: 0.8em;"><?php
if (isset($_POST['pass'])) { echo('<strong style="color: red;">'); } ?>(Please note: your password may be CaSe SeNSitIvE)<?php if (isset($_POST['pass'])) { echo('</strong>'); } ?></span>
</div>
<div class="value"> <input type="password" name="pass" value="" style="width: 12.5em;" title="pass"> </div>
<div><br><input type="submit" name="login" value="Login"> <input type="reset" value="Clear"><br></div>
</form><br>
<div class="clearFloat"></div>
</div>
<?php
} else { ?>logged in<?php } ?>
<br><br>
</div><?php // end of leftInner ?>
</div><?php // end of containerInner ?>
<div class="clearfix"></div>
</div><?php // container ?>
</body>
</html>
<?php
@mysqli_close($mysqli); ?>
functions.php
<?php
define('showOutput', 0);
include("/home/****/db_login_functions.php");
define('db_table_name', 'clientList');
define('mailHost', 'mail.****.com');
define('mailUsername', 'noreply@****.com');
define('mailPW', '****');
define('bounce', 'bounce@****.com');
define('fullDomain', 'https://www.admin.****.com');
define('adminFullWebAddress', 'https://www.admin.****.com');
define('adminEmail', 'admin@****.com');
define('fromEmail', 'noreply@****.com');
define('fromName', 'DO NOT REPLY');
define('REMOTEADDR', isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '');
define('PHPSELF', $_SERVER['PHP_SELF']);
define('HTTPREFERER', isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "not set");
define('unsub', 'https://www.****.com/unsub.php'); define('securityhash', 'abc'); // NEVER change this securityhash.
date_default_timezone_set('Europe/London');
define('datetimenow', date("Y-m-d H:i:s"));
/* check if user is allowed to access a certain page or not. */
function checkAdminStatus($mysqli) { $yesNo = "";
if(isset($_GET['action']) && $_GET['action'] == 'logout') {
unset($_SESSION['admin']);
$_SESSION['success'] = 'You have successfully logged out. (lo.1)';
header('Location: index.php'); exit;
}
if(isset($_SESSION['admin']) ) {
// need to add in code to check if logged in for more than 1 hour, if so log out on next refresh of page.
if ($_SESSION['admin']['lastAccessSinceLogin'] < date( 'Y-m-d H:i:s', strtotime("-5 minutes") )) { unset($_SESSION['admin']);
$_SESSION['error'] = 'You were logged out due to no activity, please login again to view that page. (lo.2)';
header('Location: index.php'); exit;
}
$checkBanned = db_query($mysqli, "SELECT `adminid` FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($_SESSION['admin']['email']) . "' AND `suspended` = 'Yes' LIMIT 1");
if($checkBanned->num_rows) { $yesNo = "NOACCESS"; //$_SESSION['error'] = 'You must be logged in to view that page.';
} else { $yesNo = "ACCESS"; // if logged in, update `users`.`lastAccessSinceLogin` with current datetime.
$updateLastAccessSinceLogin = db_query($mysqli, "UPDATE `admins` SET `lastAccessSinceLogin` = '" . $mysqli->real_escape_string(datetimenow) . "', `lastloginip` = '" . $mysqli->real_escape_string(REMOTEADDR) . "', `failedLoginCounter` = 0 WHERE `email` = '" . $mysqli->real_escape_string($_SESSION['admin']['email']) . "' LIMIT 1");
$_SESSION['admin']['lastAccessSinceLogin'] = datetimenow;
}
}
return $yesNo;
}
function menu() {
echo('<a href="index.php?action=logout">Log Out</a> ');
echo('
<a href="adminCreateCampaign.php">Create Campaign</a><br><br><br>');
}
?>
.htaccess (within the admin folder)
Header set Access-Control-Allow-Origin "*"
RewriteEngine On
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
### DON'T DELETE!! Below entry is MUST for your PHP sites like wordpress,joomla and etc to work properly.
suPHP_ConfigPath /home/****/php.ini
.htaccess (within the root folder)
Header set Access-Control-Allow-Origin "*"
RewriteEngine On
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
### DON'T DELETE!! Below entry is MUST for your PHP sites like wordpress,joomla and etc to work properly.
suPHP_ConfigPath /home/****/php.ini
the php.ini file allow_url_fopen = on allow_irl_include = on date.timezone = Europe/London safe_mode = off upload_max_filesize = 20M post_max_size = 20M upload_tmp_dir = "/home/****/tmp" session.save_path = "/home/****/sessions" session.use_only_cookies = on error_reporting = E_ALL log_errors = On display_errors = Off track_errors = On error_log = "/home/****/errors.log" sendmail_from = "server@****.com"
I am trying to connect to my database on xammp, Im trying to find info how to connect and set up for people that sign in to my website they can regsiter for it.
So I'm doing a project and I need to make a successful login form, where it checks in MS Access if the username and password are correct, and if they are the user is taken to a new page. If they are wrong, a message comes up and they stay on the same page. The user should first just see a blank form, but after submit is pressed, it should check if the username and password are correct. IF they are should be taken to a new page. It's been a while since I used php last, so I wasn't quite sure how to tackle this issue. I was wondering if someone could please help me? here is my code. Code: [Select] <html> <head> <style type="text/css"> </style> </head> <body style="text-align:center"> <div id='title'> </div> <?php print_r ($_POST) ; if (isset($_POST['submit'])) { if(isset($_POST['username'])){ $username= $_POST['username'] ; } if(isset($_POST['password'])){ $TABLE= $_POST['password'] ; } $username = null ; $password = null ; $connection = odbc_connect('Olympics', '', ''); if (!$connection) {exit("Conection Failed: " . $connection);} $username = stripslashes($username); $password = stripslashes($password); $sql = "select * from users where users = '$username' and passwords = '$password'"; $rs=odbc_exec($connection,$sql); $count=odbc_num_rows($rs); if ($count == 1) { $_SESSION['loggedIn'] = "true"; header("Location: searchpage.php"); } else { $_SESSION['loggedIn'] = "false"; header("Location: index.php"); echo "Login failed" ; } } echo "<form action='index.php' method='post'> \n" ; echo" Please enter your username and password if you wish. <br/> \n" ; echo "Username: <input type='text' name='username' > \n " ; echo "Password: <input type='password' name='password' > \n" ; echo "<input type='submit' value='Login' name='submit'> <br/> \n" ; echo "<input type='submit' value='You may also continue you as a guest.'> \n" ; ?> </body> </html> So basically my project is one where the user can log onto my website, and the page then checks if the ID and password are in my table in my microsoft access file. If the username and password are the same, the user continues, if it isnt, then it stays on the same page and says something like "username and/or password are incorrect" or something along the lines of that. the problem is right now im not sure how to make it say "ERROR username and/or password is incorrect" if the username and password dont match. Can someone help me with this? and also make sure if the username and password are correct that it goes to the next page, entitled searchpage.php here is the code Code: [Select] <html> <head> <style type="text/css"> </style> </head> <body style="text-align:center"> <div id='title'> </div> <?php print_r ($_POST) ; if if (isset($_POST['Login'])) { if(isset($_POST['username'])){ $username= $_POST['username'] ; } if(isset($_POST['password'])){ $TABLE= $_POST['password'] ; } $username = null ; $password = null ; $connection = odbc_connect('Olympics', '', ''); if (!$connection) {exit("Conection Failed: " . $connection);} $username = stripslashes($username); $password = stripslashes($password); $sql = "select * from users where users = '$username' and passwords = '$password'"; $rs=odbc_exec($connection,$sql); $count=odbc_num_rows($rs); if ($count == 1) { $_SESSION['loggedIn'] = "true"; header("Location: searchpage.php"); } else { $_SESSION['loggedIn'] = "false"; header("Location: index.php"); echo "Login failed" ; } } echo "<form action='index.php' method='post'> \n" ; echo" Please enter your username and password if you wish. <br/> \n" ; echo "Username: <input type='text' name='username' > \n " ; echo "Password: <input type='password' name='password' > \n" ; echo "<input type='submit' value='Login' name='Login'> <br/> \n" ; echo "<input type='submit' value='You may also continue you as a guest.'> \n" ; echo "</form>" ; ?> </body> </html> Hi all. I'm working on a PHP application that will serve several clients. After a discussion on another thread about compliance, I've decided that using tables with a client specific prefix would be the safest way to go. However, I'm having a lot of trouble wrapping my head around what the database connection script would look like. I have a generic one that connects with host, user, pwd, and db as arguments but I'm not sure how to modify it to incorporate the table prefix requirement. Thoughts on how I can incorporate the aforementioned requirement and enhance the script in general? function connect_mysql($host,$user,$pass,$database){ $conn=mysql_connect($host,$user,$pass)or die('Cannot create link'); mysql_select_db($database)or die('Cannot select database'); }; Hi all, I am working on PHP to create a email client using imap. I have got a problem with using imap because it will get very slow so I want to find a way to make it to go faster. I have been researching that I have seen alot of people are using mysql database to store their emails and get access to their emails pretty quick than using imap. And I have also seen that roundcube are using mysql database to store contacts, emails...etc. I am not really sure what to do but I need your advice and I need your opinion. I have got questions for you. Do you think if I am better off to use imap or use mysql database to get access to my emails pretty quicker? If you think I am better off to use mysql database, then I want to know how I could store my emails in mysql and do I need to delete the emails in imap after I store the emails in mysql? Please let me know your opinion so I will decide what to do next. Thank you. Edited September 15, 2019 by mark107Hi friends, a quick print_r() shows the following array while connecting to my database. How to get them as individual items and display on the website ? Array ( [0] => Array ( [id] => 52 [document_name] => xyz [document_ext] => gif [download_file_name] => ktm_impact.gif [upload_dt] => 2010-08-11 ) ) Hi Is it necessary to hash stored access and refresh tokens that are stored in a database. Both these tokens have limited lifespan (access token - 20 minutes but refresh token is 14 days). The reason I ask is I have hashed the tokens using the password_hash function but a user can have multiple active sessions if they want (so there is a sessions table with user id (not username), access token, token expiry date/time, refresh token and refresh token expiry date/time. So in order to refresh the access token I have to do a look up to see which session it relates to, what I have found is that I must retrieve all rows where the refresh token hasn't expired and then run password_verify against the tokens stored with the tokens provided to check each session to see if they match. What I have found is that it takes a while to run the password_verify function (by design I think) for each row (could be many if the users has been silly and logged in lots of time) which would cause an unacceptable delay when calling an API with an access token that needs refreshing (my tests resulted in times upwards of 30 seconds for a user who has around 10 active sessions). If both tokens were not hashed the same action to refresh a token for a user who has 10 active sessions takes less than a second which is much more acceptable. Edited December 15, 2018 by mds1256Hi everyone! I'm getting the error "Access denied for user ''@'localhost' to database 'crystalair'" (crystalair is the name of my database) whenever I submit my form which inserts a new row to the database table "order". The same happens when I try to retrieve data from the table using select query. However, I can successfully perform operations (select, insert) in my other pages which involves another database table "user". If this is a connection error, how can I successfully perform operations with another table? Also, my connection query does not return an error. I have also checked to make sure my user has been granted "All Privileges" in the phpmyadmin. I've run out of ideas. Can you please help? Thanks a lot. Hi, I'm trying to get a php webform to log onto the database automatically before it loads on the website page. In other words I don't want the customer having log onto the database or be a guest. I think I need the code below to do that. Question is, can I just add this code into the php file that is the webform or add the <?php ?> to it and have it above the webform php code. Also do I need to alter any other dbconnect php pages as well? Also do I need to edit the htaccess file also. function verify_code() { $connection = mysql_connect ("localhost", "fred", "kool3401") or die ('Error: ' . mysql_error()); $db = mysql_select_db ("october"); { echo "Authenticated"; } Many Thanks So I have to add data into my database for Olympic records for a school project. I have the sql statements and everything, but it will only enter the athlete's name and country into the table. My code is Code: [Select] <html> <head> <title> CSS </title> <style type="text/css"> p {font-family:arial; font-size:10pt;} body {margin: 0; padding: 0; text-align: center;} a:link {text-decoration: none} a:visited {text-decoration: overline; color:purple;} a:active {text-decoration: underline;} a:hover {text-decoration: line-through ; color:pink} input:hover {background: aqua; color:black} input:active { background: lime ; color: black; } input:focus { background: yellow; color: black; } .button {border: 1px dotted ; background:red; padding: 2px;} .button:hover {border: 2px dotted;background: url('submitbackground.jpg') no-repeat top left; } #main {margin: 0 auto; text-align: left; width: 800px;} #nav {clear: both; border: 1px solid; background-color:lightgreen; padding: 10px; width:auto; height: 8%;} #div1 {border: 1px solid; background-color:lightblue; padding: 10px; float: left; width:20%; height:92%;} #div2 {border: 1px solid; background-image: url('monkey.jpg'); background-repeat:no-repeat; background-position:center bottom ; padding: 10px; float:left; width:74.5%; height:92%;} </style> </head> <body> <?php session_start () ; print_r ($_REQUEST) ; if ($_SESSION['admin'] == 2) { echo " sorry" ; } else { echo $_SESSION['admin']; if(isset($_POST['athname'])){ $athname= $_POST['athname'] ; } if(isset($_POST['country'])){ $country = $_POST['country']; } if(isset($_POST['medal'])){ $medal= $_POST ['medal']; } if(isset($_POST['venueyear'])){ $venueyear= $_POST ['venueyear']; } if(isset($_POST['venuecity'])){ $venuecity= $_POST ['venuecity']; } if(isset($_POST['venuecountry'])){ $venuecountry= $_POST ['venuecountry']; } if(isset($_POST['event'])){ $event= $_POST ['event']; } if(isset($_POST['gender'])){ $gender= $_POST ['gender']; } echo "<div id='main'> " ; echo"<div id='nav'>"; echo"</div>" ; echo "<div id='div1'>" ; echo "<a href='index.php'>home</a><br/>" ; echo "<a href='search.php'>Search</a><br/>" ; echo "<a href='add-data.php'>Add Data</a><br/>" ; echo "<a href='DeleteData.php'>Delete Data</a>" ; echo "</div>" ; echo"<div id='div2'>" ; if (isset($_POST['search'])) { $connection = odbc_connect('Olympics', '', ''); if (!$connection) {exit("Conection Failed: " . $connection);} $enrID = null ; if ( $event == '100 meters' and $gender == 'M') { $enrID = 1 ; echo "$enrID" ; }elseif ($event == '200 meters' and $gender == 'M') { $enrID = 2 ; echo "$enrID" ; }elseif ($event == '400 meters'and $gender == 'M') { $enrID = 3 ; }elseif ($event == '800 meters' and $gender == 'M') { $enrID = 4 ; }elseif ($event == '1500 meters' and $gender == 'M') { $enrID = 5 ; }elseif ($event == 'Long Jump' and $gender == 'M') { $enrID = 6 ; }elseif ($event == 'High Jump' and $gender == 'M') { $enrID = 7 ; }elseif ($event == 'Shot put' and $gender == 'M') { $enrID = 8 ; }elseif ($event == 'basketball' and $gender == 'M') { $enrID = 13 ; }elseif ($event == 'rowing' and $gender == 'M') { $enrID = 14 ; }elseif ($event == 'volleyball(indoor)' and $gender == 'M') { $enrID = 15 ; }elseif ($event == 'volleyball(beach)' and $gender == 'M') { $enrID = 16 ; }elseif ($event == '100 meters' and $gender == 'F') { $enrID = 17 ; }elseif ($event == '200 meters' and $gender == 'F') { $enrID = 18 ; }elseif ($event == '400 meters'and $gender == 'F') { $enrID = 19 ; }elseif ($event == '800 meters' and $gender == 'F') { $enrID = 20 ; }elseif ($event == '1500 meters' and $gender == 'F') { $enrID = 21 ; }elseif ($event == 'Long Jump' and $gender == 'F') { $enrID = 22 ; }elseif ($event == 'High Jump' and $gender == 'F') { $enrID = 23 ; }elseif ($event == 'Shot put' and $gender == 'F') { $enrID = 24 ; }elseif ($event == 'basketball' and $gender == 'F') { $enrID = 25 ; }elseif ($event == 'rowing' and $gender == 'F') { $enrID =26 ; }elseif ($event == 'volleyball(indoor)' and $gender == 'F') { $enrID = 27 ; }elseif ($event == 'volleyball(beach)' and $gender == 'F') { $enrID = 28 ; } $EnrVenID = null ; if ($venueyear == '1984') { $EnrVenID = 1 ; echo "$EnrVenID" ; }elseif ($venueyear == '1988') { $EnrVenID = 2 ; }elseif ($venueyear == '1992') { $EnrVenID = 3 ; }elseif ($venueyear == '1996') { $EnrVenID = 4 ; }elseif ($venueyear == '2000') { $EnrVenID = 5 ; }elseif ($venueyear == '2004') { $EnrVenID = 6 ; }elseif ($venueyear == '2008') { $EnrVenID = 7 ; echo "$EnrVenID" ; }elseif ($venueyear == '2012') { $EnrVenID = 8 ; echo "$EnrVenID" ; } $sql="INSERT INTO Athletes (Athname, Athcountry) values ( '$athname', '$country') " ; $rs=odbc_exec($connection,$sql); $sql4="INSERT INTO Enrollments (EnrMedal, EnrYear, EnrEventID, EnrVenID) values ( '$medal', '$venueyear', '$enrID', '$EnrVenID') " ; $rs4=odbc_exec($connection,$sql4); } echo "<form method='post' action=''>\n"; echo"Please fill out all the fields with the data that you wish to be added: <br/>"; echo"Athelete Name:<input type ='text' Name='athname' > <br/> \n" ; echo"Athelete Country:<input type ='text' Name='country' > <br/> \n" ; echo "Medal: <select name='medal' value='medal'>\n"; echo "<option > </option>\n"; echo "<option $Gold> Gold </option>\n"; echo "<option $Silver> Silver </option>\n"; echo "<option $Bronze'> Bronze</option>\n"; echo "</select>\n" ; echo "Venue Year: <select name='venueyear' value= 'venueyear'>\n"; echo "<option ></option>\n"; echo "<option $1984> 1984 </option>\n"; echo "<option $1988> 1988 </option>\n"; echo "<option $1992>1992 </option>\n"; echo "<option $1996> 1996 </option>\n"; echo "<option $2000> 2000 </option>\n"; echo "<option $2004> 2004 </option>\n"; echo "<option $2008> 2008 </option>\n"; echo "<option $2012> 2012</option>\n"; echo "</select>\n" ; echo "Venue City: <select name='venuecity' value= 'venuecity'>\n"; echo "<option > </option>\n"; echo "<option $LA> Los Angeles </option>\n"; echo "<option $Seoul> Seoul </option>\n"; echo "<option $Barca> Barcelona </option>\n"; echo "<option $ATL> Atlanta</option>\n"; echo "<option $Syd> Sydney </option>\n"; echo "<option $Ath> Athens</option>\n"; echo "<option $Beij> Beijing </option>\n"; echo "<option $Lon> London</option>\n"; echo "</select>\n" ; echo "Venue City: <select name='venuecountry' value= 'venuecountry'>\n"; echo "<option > </option>\n"; echo "<option $USA> U.S.A. </option>\n"; echo "<option $SK> South Korea </option>\n"; echo "<option $Spain> Spain </option>\n"; echo "<option $Aus> Australia </option>\n"; echo "<option $Greece> Greece</option>\n"; echo "<option $Chin> China </option>\n"; echo "<option $UK> United Kingdom</option>\n"; echo "</select>\n" ; echo "Event: <select name='event' value='event>\n"; echo "<option value=''> </option>\n"; echo "<option > </option>\n"; echo "<option $100m> 100 meters</option>\n"; echo "<option $200m> 200 meters </option>\n"; echo "<option $400m>400 meters </option>\n"; echo "<option $800m> 800 meters </option>\n"; echo "<option $1500m> 1500 meters </option>\n"; echo "<option $LongJump> Long Jump</option>\n"; echo "<option $HighJump> High Jumo </option>\n"; echo "<option $Shotput> Shot put </option>\n"; echo "<option $Basketball> Basketball </option>\n"; echo "<option $Rowing> Rowing </option>\n"; echo "<option $Volleyball> Indoor Volleyball </option>\n"; echo "<option $Volley> Beach Volleyball</option>\n"; echo "</select>\n" ; echo "Gender: <select name='gender'>\n"; echo "<option value=''> </option>\n"; echo "<option $Male>M</option>\n"; echo "<option $Female>F</option>\n"; echo "</select>\n" ; echo "<input type='submit' name='search' value='Search' />\n"; echo "</form>\n"; echo "</div>" ; } ?> </body> </html> I have the really long IF statements in there so that it enters the correct EnrID and EnrVenID into the database, to make sure it fills out all fields. I am using Microsoft access for my database. The problem is that it will only fill in the athlete's name and country, and not his/her enrollment information (what medal they got, their enr ID, what year it was taken place, etc. The problem with my login system is that I want the user to login with a username and password if they wish to be an admin, but the login system doesn't work. the variables aren't passed through the system for some reason, even though it worked a week ago, but now it doesn't. The code is Code: [Select] if(isset($_POST['username'])){ $username= $_POST['username'] ; } if(isset($_POST['password'])){ $password= $_POST['password'] ; } $username = null ; $password = null ; Thanks for any help Could anyone help me making a login function that checks the txt document if user and pw exists/are correct? -and if they are, sends you to a logged in page. This is for a assignment which is why I have to store the information in a text document, I know it's unsafe. Also i know i should use $_Sessions but I'm not sure how to use it and where to put it.
So far I have created the form which has 2 buttons one for registering and one for logging in. I have also created the registration function which checks the text file if the username already exists if not it will register it.
<html lang="eng">
<head>
<link rel="stylesheet" href="style.css">
<title>name</title>
</head>
<body>
<div class="formdiv">
<h2>Log in or register</h2>
<form action="" method="post">
<p>Username<p style="color:black">*</p> <input type="text" name="user" placeholder="Type in your username" required>
<p>Password<p style="color:black">*</p> <input type="password" name="pw" placeholder="Type in your password" required>
<?php
if (isset($_POST['saveBtn'])){
$username = $_POST['user'];
$password = $_POST['pw'];
$error = register($username);
if ($error == '') {
echo "User: $username has been registered!<br/>";
}
else echo $error;
}
?>
<input type="submit" name="saveBtn" value="Save new user">
<input type="submit" name="loginBtn" value="Login">
</form>
</div>
<?php // Registration
function register($user){
$textError = '';
// Check and see if user exists
$UserPassTxt = fopen("userpwd.txt","a+"); // Opens text doc
rewind($UserPassTxt);
while (!feof($UserPassTxt)) {
$line = fgets($UserPassTxt);
$tmp = explode(':', $line);
if ($tmp[0] == $user) {
$textError = "Username already exists!";
break;
}
}
if ($textError == ''){
$hash = password_hash('', PASSWORD_DEFAULT);
fwrite($UserPassTxt, "\n$user: $hash");
}
fclose($UserPassTxt); // Closes txt doc
return $textError;
}
?>
<?php //Login
function login($user, $pass){
}
?>
</body>
///here's my best attempt at the function
<?php //Login
$error = '0';
if (isset($_POST['loginBtn'])){
$username = $_POST['user'];
$password = $_POST['pw'];
$error = login($username,$password);
}
function login($user, $pass){
$errorText = '';
$validUser = false;
$UserPassTxt = fopen("userpwd.txt","r");
rewind($UserPassTxt);
while (!feof($UserPassTxt)) {
$line = fgets($UserPassTxt);
$tmp = explode(':', $line);
if ($tmp[0] == $user) {
if (trim($tmp[1]) == trim(password_hash('', PASSWORD_DEFAULT))){
$validUser= true;
$_SESSION['user'] = $user;
}
break;
}
}
fclose($UserPassTxt);
if ($validUser != true) $errorText = "Not correct username or password";
if ($validUser == true) $_SESSION['validUser'] = true;
else $_SESSION['validUser'] = false;
return $errorText;
}
function logoutUser(){
unset($_SESSION['validUser']);
unset($_SESSION['user']);
}
function checkUser(){
if ((!isset($_SESSION['validUser'])) || ($_SESSION['validUser'] != true)){
header('Location: index.php');
}
}
?>
|
|||||||