|
PHP - Get Username After Login
I have created a simple login system but need help getting the username after login is successfull.
The login page <?php session_start(); require_once 'classes/Membership.php'; $membership = new Membership(); // If the user clicks the "Log Out" link on the index page. if(isset($_GET['status']) && $_GET['status'] == 'loggedout') { $membership->log_User_Out(); } // Did the user enter a password/username and click submit? if($_POST && !empty($_POST['username']) && !empty($_POST['pwd'])) { $response = $membership->validate_User($_POST['username'], $_POST['pwd']); } ?> <div id="login"> <form method="post" action=""> <table width="200" border="0" align="center"> <tr> <th scope="col">Username:</th> <th scope="col"><input type="text" name="username" /></th> </tr> <tr> <td>Password:</td> <td><input type="password" name="pwd" /></td> </tr> <tr> <td colspan="2"><input type="submit" id="submit" value="Login" name="submit" /></td> </tr> </table> <p> </p> <p> <?php if(isset($response)) echo "<h4 class='alert'>" . $response . "</h4>"; ?> </p> </form> </div> Membership.php file <?php require 'Mysql.php'; class Membership { function validate_user($un, $pwd) { $mysql = New Mysql(); $ensure_credentials = $mysql->verify_Username_and_Pass($un, md5($pwd)); if($ensure_credentials) { $_SESSION['status'] = 'authorized'; header("location: myaccount.php"); } else return "Please enter a correct username and password"; } function log_User_Out() { if(isset($_SESSION['status'])) { unset($_SESSION['status']); if(isset($_COOKIE[session_name()])) setcookie(session_name(), '', time() - 1000); session_destroy(); } } function confirm_Member() { session_start(); if($_SESSION['status'] !='authorized') header("location: login.php"); } } myaccount page <?php require_once 'classes/Membership.php'; $membership = New Membership(); $membership->confirm_Member(); ?> <p>Welcome <?= $_SESSION['status'] ?></p Similar Tutorials
Using Inline Php; <h1><font Color="000088">the Username <?php '.$username.' ?> Already Exists";</h1>
How to add the ability to login with username or email for login?
<?php
ob_start();
include('../header.php');
include_once("../db_connect.php");
session_start();
if(isset($_SESSION['user_id'])!="") {
header("Location: ../dashboard");
}
if (isset($_POST['login'])) {
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$result = mysqli_query($conn, "SELECT * FROM users WHERE email = '" . $email. "' and pass = '" . md5($password). "'");
if ($row = mysqli_fetch_array($result)) {
$_SESSION['user_id'] = $row['uid'];
$_SESSION['user_name'] = $row['user'];
$_SESSION['user_email'] = $row['email'];
header("Location: ../dashboard");
} else {
$error_message = "Incorrect Email or Password!!!";
}
}
?>
I want to limit the number of incorrect login attempts within a specified time period (e.g. 15 minutes). I'm wondering what I should tie those attempts to. e.g. If too many attempts from one ip address for a specific username, lock them out for 15 minutes? Or too many attempts from any ip address for a specific username? Or too many attempts for an ip address matched loosely (i.e. 255.255.255.0 matching) with a specific username? What's the best choice? Just too many attempts for a username? Or also use the ip address? And should I store the attempts in the session, or the DB? Hello Im making a secure php login system and ideally wanted to also md5 hash the username as well as the password. My reasons for doing this is to completey stop sql injections as i can combine the md5 hash with salt for the $_POST['username']. Now my problem is i need to be able to de-hash (if this is a word) the username for admin purposes of the business. For password reset i will just send a new password. Is there anyway that i can do this easily whilst keeping my username secure and stop sql injection for username? Hi all,
I have been reading in almost everywhere that we should not use our own custom login and password validations ( like regex etc.) but instead use the filter_var and filter_input built in functions provided by PHP 5 and above. However even after searching for more than an hour for with different search strings, I have not found even a single example that shows how we may validate for a username/login and password in a login form. Can someone be kind enough to provide a strong secure validations for username and login.
Additionally I would also like to clarify if the username and login fields in a Login form be manipulated in any manner to pose a security threat? I mean can a hacker craft a username/login or password in such a manner as to pose an injection or any other threat?
Thanks all.
Hi guys, <----- new to this forum and coding for that matter! I have a question. I have been asking around and reading up about how to make a forum with my current tools (dreamweaver/mysql/mysqlyog) for my website, and 90% of the time the answer i get is "if your asking the question, dont bother..... use mybb or some other premade forum" Which is fine, i dont mind! But know i have an issue. To get access to my website you are requierd to login before you can do anything, after login your able to use the whole site. But now if i use one of these ready made forums such as mybb or whatever users are required to make ANOTHER registration and login aswell! and me no likes this! So my question is, is there a way to make it so the forum runs off the same login used for my website? TIA Gromit Hello all; I have a client that has a members area. He asked me to password protect it, which I did simply by assigning one static password. Now he wants a full username/login system where the member can set their own password, which I have never done before. I assume I'd just set up a Table with three fields, (one for name, one for password, one for the type of access they have) then check against it for access, but experience has taught me that whenever something seems simple, it's actually very complex. Do any of you know of any good premade templates for this kind of thing? Ideally it'd be session-based (obviously). I found one system he http://frozenade.wordpress.com/2007/11/24/how-to-create-login-page-in-php-and-mysql-with-session/ but it's several years old, and the misspellings in the comments tend to scare me away a bit. Thanks for any help you might be able to provide. Is there a way to get current logged in username and based on that redirect to a different page? I’m using the following secure PHP login without MySql as a login system: https://sourceforge.net/projects/phploginbyvallastech/ Now I’m looking to redirect each logged in user to their personalized page. But I can’t figure out how to A) fetch the current logged in user and B) redirect multiple users. This code redirects to the latter address, but the username based redirect is not working: <?php session_start(); if ($_SESSION["username"]==User1){ header("location: user1content.php"); exit; } else { header("location: generalcontent.php"); exit; } { ?> <?php } ?>
So it’s clearly not fetching the logged in user. Though <?php echo $login->username; ?> fetches the username just fine. Alright, I've been assigned a project at work. I did not develop the application and the individual who did used CodeIgnited framework and mysql as the db.
Here's the problem, I'm not given much OT to do this and in our meeting the best way to proceed was to replicate the database for different parts of the organization. Basically we are a subsidiary and have been using an application that other groups within the organization want to use. Usually I would reconfigure the db schema and add org ids and in the user table add the appropriate organization to go to. However, they are not giving me enough time to do that.
So what I'm thinking is to just create a copy of the database we use (just the structure) and create a new database.
What I want to know is how to use mysql to check to see if a user exists in one database and if they don't then to go on to the next database. I understand this is a very sloppy way to do it, but it's the way we are moving forward.
I found the code to connect to the db in CodeIgnitor... how can I connect to a database, check to see if the user exists, then close that db connection and try the next database?
/**
* Select the database
*
* @access private called by the base class
* @return resource
*/
function db_select()
{
return @mysql_select_db($this->database, $this->conn_id);
}
Thanks in advance.
So basically my project is one where the user can log onto my website, and the page then checks if the ID and password are in my table in my microsoft access file. If the username and password are the same, the user continues, if it isnt, then it stays on the same page and says something like "username and/or password are incorrect" or something along the lines of that. the problem is right now im not sure how to make it say "ERROR username and/or password is incorrect" if the username and password dont match. Can someone help me with this? and also make sure if the username and password are correct that it goes to the next page, entitled searchpage.php here is the code Code: [Select] <html> <head> <style type="text/css"> </style> </head> <body style="text-align:center"> <div id='title'> </div> <?php print_r ($_POST) ; if if (isset($_POST['Login'])) { if(isset($_POST['username'])){ $username= $_POST['username'] ; } if(isset($_POST['password'])){ $TABLE= $_POST['password'] ; } $username = null ; $password = null ; $connection = odbc_connect('Olympics', '', ''); if (!$connection) {exit("Conection Failed: " . $connection);} $username = stripslashes($username); $password = stripslashes($password); $sql = "select * from users where users = '$username' and passwords = '$password'"; $rs=odbc_exec($connection,$sql); $count=odbc_num_rows($rs); if ($count == 1) { $_SESSION['loggedIn'] = "true"; header("Location: searchpage.php"); } else { $_SESSION['loggedIn'] = "false"; header("Location: index.php"); echo "Login failed" ; } } echo "<form action='index.php' method='post'> \n" ; echo" Please enter your username and password if you wish. <br/> \n" ; echo "Username: <input type='text' name='username' > \n " ; echo "Password: <input type='password' name='password' > \n" ; echo "<input type='submit' value='Login' name='Login'> <br/> \n" ; echo "<input type='submit' value='You may also continue you as a guest.'> \n" ; echo "</form>" ; ?> </body> </html> This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=318572.0 I have developed a code for a login and seems to work well (No syntax error according to https://phpcodechecker.com/ but when I enter a username and a password in the login form, I get an error HTTP 500. I think that everything is ok in the code but obviously there is something that I am not thinking about. The code (excluding db connection): $id="''"; $username = $_POST['username']; $password = md5($_POST['password']); $func = "SELECT contrasena FROM users WHERE username='$username'"; $realpassask = $conn->query($func); $realpassaskres = $realpassask->fetch_assoc(); $realpass= $realpassaskres[contrasena]; $func2 = "SELECT bloqueado FROM users WHERE username='$username'"; $blockedask = $conn->query($func2); $blockedres = $blockedask->fetch_assoc(); $bloqueado = $blockedres[bloqueado];
//Login if(!empty($username)) { // Check the email with database ISSUE. A User enters information into a form. If the 'username' is already taken, a 'message' in Red and with larger font-size will be returned, for example, "The username $username already exists." If the username is 'mattd' then the message should say, "The username mattd already exists." Within my php application, I have included 'inline html'. Here is part of the code: .... if (mysql_num_rows($query_run)==1) { // it will never = more than one because only //one user will or will not exist ?> <html> </body> <h1><font color="#FF0066">The username <?php echo $username; ?>already exists.</h1> </body> </html> <?php }else{ //start the registration process $query = "INSERT INTO `Names` VALUES .... 1. At one point I did get this: "The username mattd already exists." 2. But now I only get "The username already exists." I am not retrieving the $username variable. This screenshot is found he http://imgur.com/lIwLZ1G thanks. While we're on the subject, is there a way to ensure that the first letter of a name is captalized, and the rest lowercase? Or is this best handled later on, when the name is being used and called from the DB. PS: some of us comment are code as to WHAT we are doing because we're just not that good yet, and we need to explain it to ourselves. hi i need help an idea how can i separate members from admins since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 ) (its session login form only that i made it work other tutorials wre too old or something) how what i want to do is separate members and admins because admin need more rights to do now i have idea but dont know will it work like that what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work? and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag? Hi guys. What I want to create is really complicated. Well I have a login system that works with post on an external website. I have my own website, but they do not give me access to the database for security reasons, therefore I have to use their login system to verify my users. What their website does is that it has a post, with username and password. The POST website is lets say "https://www.example.com/login". If login is achieved (i.e. username and password are correct), it will redirect me to "https://www.example.com/login/success" else it will redirect me to "https://www.example.com/login/retry". So I want a PHP script that will do that post, and then according to the redirected website address it will return me TRUE for success, FALSE for not successful login. Any idea?? Thanks Hi guys, Can anyone assist me. I am trying to create a login for admin and user (if user not a member click register link) below is my code: But whenever I enter the value as: Username: admin Password:123 - I got an error message "That user does not exist!" Any suggestion and help would be appreciated. Thanks. login.php <?php //Assigned varibale $error_msg as empty //$error_msg = ""; session_start(); $error_msg = ""; if (isset($_POST['submit'])) { if ($a_username = "admin" && $a_password = "123") { //Define $_POST from form text feilds $username = $_POST['username']; $password = $_POST['password']; //Add some stripslashes $username = stripslashes($username); $password = stripslashes($password); //Check if usernmae and password is good, if it is it will start session if ($username == $a_username && $password == $a_password) { session_start(); $_SESSION['session_logged'] = 'true'; $_SESSION['session_username'] = $username; //Redirect to admin page header("Location: admin_area.php"); } } $username = (isset($_POST['username'])) ? $_POST['username'] : ''; $password = (isset($_POST['password'])) ? $_POST['password'] : ''; if($username && $password) { $connect = mysql_connect("localhost", "root", "") or die ("Couldn't connect!"); mysql_select_db("friendsdb") or die ("Couldn't find the DB"); $query = mysql_query ("SELECT * FROM `user` WHERE username = '$username'"); $numrows = mysql_num_rows($query); if ($numrows != 0){ while ($row = mysql_fetch_array($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } //Check to see if they are match! if ($username == $dbusername && md5($password) == $dbpassword) { header ("Location: user_area.php"); $_SESSION['username'] = $username; } else $error_msg = "Incorrect password!"; //code of login }else $error_msg = "That user does not exist!"; //echo $numrows; } else $error_msg = "Please enter a username and password!"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login Page</title> </head> <body> <br /> <?php require "header.php"; ?><br /> <div align="center"> <table width="200" border="1"> <?php // If $error_msg not equal to emtpy then display error message if($error_msg!="") echo "<div id=\"error_message\"style=\"color:red; \">$error_msg</div><br />";?> <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post"> <!--form action="login_a.php" method="post"--> Username: <input type="text" name="username" /><br /><br /> Password: <input type="password" name="password" /><br /><br /> <input type="submit" name = "submit" value="Log in" /> </form> <p> </p> Register a <a href="register.php">New User</a> </table> </div> </body> </html> Hello guys, Is there on web any updated tutorial on how can I add Facebook login on my simple php login script? I want to accomplish two things: save some server overhead and create a friendlier user experience. Thus, prior to form submission, the user should have the opportunity to check whether the chosen username is available. As I've begun researching the topic, I've discovered AJAX, Vue, and XMLHttpRequest alternatives.
Any suggestions and alternatives that would give me guidance would be appreciated.
Additionally, are there any characters that should be expressly prohibited from use in a username (or other input field) that could aid malicious hackers in causing harm to my website, database, and files?
How to show the username of the person who uploaded something? I know how to make the upload script etc. but what is the script needed for the person's username and where do I put it? Thanks. Hi, I used to use the php session to get the username of the user that was logged on and use that variable on our intranet. Recently we are having to redevelop the site, and we can no longer use this variable. Is there another way of getting the username of the user who is logged onto the computer? Thanks in Advance, Stuart |
|||||||