PHP - Problem With Admin Login
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\sas\shoppingcart\adminlogin.php on line 16
Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\sas\shoppingcart\adminlogin.php:16) in C:\xampp\htdocs\sas\shoppingcart\adminlogin.php on line 33 Similar Tutorialshi i need help an idea how can i separate members from admins since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 ) (its session login form only that i made it work other tutorials wre too old or something) how what i want to do is separate members and admins because admin need more rights to do now i have idea but dont know will it work like that what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work? and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag? Hi guys, Can anyone assist me. I am trying to create a login for admin and user (if user not a member click register link) below is my code: But whenever I enter the value as: Username: admin Password:123 - I got an error message "That user does not exist!" Any suggestion and help would be appreciated. Thanks. login.php <?php //Assigned varibale $error_msg as empty //$error_msg = ""; session_start(); $error_msg = ""; if (isset($_POST['submit'])) { if ($a_username = "admin" && $a_password = "123") { //Define $_POST from form text feilds $username = $_POST['username']; $password = $_POST['password']; //Add some stripslashes $username = stripslashes($username); $password = stripslashes($password); //Check if usernmae and password is good, if it is it will start session if ($username == $a_username && $password == $a_password) { session_start(); $_SESSION['session_logged'] = 'true'; $_SESSION['session_username'] = $username; //Redirect to admin page header("Location: admin_area.php"); } } $username = (isset($_POST['username'])) ? $_POST['username'] : ''; $password = (isset($_POST['password'])) ? $_POST['password'] : ''; if($username && $password) { $connect = mysql_connect("localhost", "root", "") or die ("Couldn't connect!"); mysql_select_db("friendsdb") or die ("Couldn't find the DB"); $query = mysql_query ("SELECT * FROM `user` WHERE username = '$username'"); $numrows = mysql_num_rows($query); if ($numrows != 0){ while ($row = mysql_fetch_array($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } //Check to see if they are match! if ($username == $dbusername && md5($password) == $dbpassword) { header ("Location: user_area.php"); $_SESSION['username'] = $username; } else $error_msg = "Incorrect password!"; //code of login }else $error_msg = "That user does not exist!"; //echo $numrows; } else $error_msg = "Please enter a username and password!"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login Page</title> </head> <body> <br /> <?php require "header.php"; ?><br /> <div align="center"> <table width="200" border="1"> <?php // If $error_msg not equal to emtpy then display error message if($error_msg!="") echo "<div id=\"error_message\"style=\"color:red; \">$error_msg</div><br />";?> <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post"> <!--form action="login_a.php" method="post"--> Username: <input type="text" name="username" /><br /><br /> Password: <input type="password" name="password" /><br /><br /> <input type="submit" name = "submit" value="Log in" /> </form> <p> </p> Register a <a href="register.php">New User</a> </table> </div> </body> </html> Hallo I have a problem.
This is my code:
<?php include 'connect.php'; ?> <html> <head> <title>Admin Insert page!</title> </head> <body> <?php error_reporting(-1);ini_set('display_errors',1); if (isset($_POST['submit'])){ $name = $_POST['name']; $password = $_POST['password']; $result = mysql_query("SELECT * FROM users WHERE user='$name' AND password='$password'"); $num = mysql_num_rows($result); if($num == 0){ echo "Bad login, go <a href='login.php'>back</a>"; }else{ session_start(); $_SESSION['name'] = $name; header("Location: admin.php"); } }else{ ?> <form action='login.php' methody='post'> Username: <input type='text' name='name'/><br /> Password: <input type='password' name='password'/><br /> <input type='submit' name='submit' value='Login' /> </body> </html>I try to use console to find the problem but I didn't.... I know that there is some problem with $num Can somebody help me? Thank you. Edited by Artur, 19 October 2014 - 12:11 PM. Any help would be greatly appreciated! <?php $host="localhost"; // Host name $username="user"; // Mysql username $password=""; // Mysql password $db_name=""; // Database name $tbl_name=""; // Table name mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $barcodeID=$_POST['barcode']; echo $barcodeID; $barcodeID = stripslashes($barcodeID); $barcodeID = mysql_real_escape_string($barcodeID); $sql="SELECT * FROM $tbl_name WHERE BarcodeID='$barcodeID'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); $count=mysql_num_rows($result); if($count==1){ $_SESSION['barcode'] = $barcodeSession; $_SESSION['userlevel'] = $row['Priority']; if($row['userlevel'] == "Admin") { header("location:AdminSection.php"); }else{ header("location:index.php"); } header("location:LoggedIn.php"); } else { header("location:index.php"); } ?> when the script has been run, I want it to redirect to either the user page or admin page depending on their priority level. if Priority field == "Admin" then go to admin page. Can you see anything missing? Thank You Ok.. I have made an admin section for a couple of sites, and it works fine, alough i'm almost certain that the way i have done it is not the "proper way". What I have done is had a form with a password field that sends the password via POST to another script that checks the password is correct via variable, something like this: Code: [Select] <?php $pass = $_POST["pass"]; $correct = "imapassword"; if($pass == $correct){ //display contents of page else{ //return user to login screen } ?> And then it saves the password into a cookie, that dies either over time or when the browser closes. And then on each page it tests wether that cookie is still there and is correct. When the user wants to log out it just destroys the cookie. This seems like a really hashed up way of doing it, could anybody let me know the bare essentials for making a similar system, but the "right way". Thankyou in advance hi guys how you doing? i new here so take it easy on me . basically just need some quick help and i thought this would be the best place to ask. ive been working on a admin login script but cant seem to get it right, i mean i can login in with random passwords :/ and also everytime i go to the index.php it shows the information i dont want it without being logged in. ive got the script running live just incase anyone wants to see what i mean its at http://www.lukerodham.co.uk/admin heres the code. Thanks in advance. index.php Code: [Select] <?php require_once("login.php"); $adminuser = $_SESSION['user']; ?> <html> <head> <title>hoonigans.co.uk</title> </head> <body> <h3 align="center">Welcome to the admin page.</h3> <span class="maintext"><br /> <p align="center">If you would like to post some news please <a href="news/post.php">click here</a>.<br /> To logout please <a href="logout.php">click here</a></p> </body> </html> login.php Code: [Select] <?php function loginpage($error){ echo " <html> <body> <div align='center'> <form method='post' action='".$_SERVER['REQUEST_URI']."'> <label>username: <input type='text' name='username' id='username'><br> <label>password: <input type='password' name='password' id='password'><br> </label> <label> <input type='submit' name='submit' id='submit' value='submit'> </label> </form> </div> </body> </html> "; } $username = $_POST['username']; $password = $_POST['password']; $login = $_post['login']; $host = *********; $dbuser = *********; $dbname = *********; $dbpass = *********; mysql_connect("$host","$dbuser","$dbpass"); mysql_select_db("$dbname"); session_start(); if($_SESSION['user'] != $username){ if(!$submit){ loginpage(false); } elseif($submit){ $get = mysql_query("SELECT * FROM users WHERE username='$username'"); while ($row = mysql_fetch_assoc($get)){ $admin = $row['admin']; $passwordmatch = $row['password']; if ($passwordmatch==$password&&$admin==1){ $_SESSION['user']="$username"; echo "this worked"; } else{ die("Sorry wrong information."); } } } } ?> Hello, I have a problem with my website, Admin login page (http://www.tranceprofile.com/storeadmin/admin_login.php I can not login to my Admin controle panel. Login information: Username: Mitch Password: schuur111 Username: Admin Password: poopoo Can someone help me ? Here is my admin_login.php source code. If you need some other source code in my /storeadmin folder please tell Code: [Select] <?php session_start(); if (isset($_SESSION["manager"])) { header("location: index.php"); exit(); } ?> <?php // Parse the log in form if the user has filled it out and pressed "Log In" if (isset($_POST["username"]) && isset($_POST["password"])) { $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); // filter everything but numbers and letters $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); // filter everything but numbers and letters // Connect to the MySQL database include "../storescripts/connect_to_mysql.php"; $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person // ------- MAKE SURE PERSON EXISTS IN DATABASE --------- $existCount = mysql_num_rows($sql); // count the row nums if ($existCount == 1) { // evaluate the count while($row = mysql_fetch_array($sql)){ $id = $row["id"]; } $_SESSION["id"] = $id; $_SESSION["manager"] = $manager; $_SESSION["password"] = $password; header("location: index.php"); exit(); } else { echo 'That information is incorrect, try again <a href="index.php">Click Here</a>'; exit(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Admin Log In </title> <link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" /> </head> <body> <div align="center" id="mainWrapper"> <?php include_once("../template_header.php");?> <div id="pageContent"><br /> <div align="left" style="margin-left:24px;"> <h2>Please Log In To Manage the Store</h2> <form id="form1" name="form1" method="post" action="admin_login.php"> User Name:<br /> <input name="username" type="text" id="username" size="40" /> <br /><br /> Password:<br /> <input name="password" type="password" id="password" size="40" /> <br /> <br /> <br /> <input type="submit" name="button" id="button" value="Log In" /> </form> <p> </p> </div> <br /> <br /> <br /> </div> <?php include_once("../template_footer.php");?> </div> </body> </html> Howdy colleagues,
Please help! I am writing a WP plugin the boss of the website to be notified when an admin logs in. So far so good, but I can't make the damn code to send the email when the user logs in. If I change the add_action to "admin_notices" the email is being sent, but if I put "wp_login" it does not Please help, here is the code so far...
function _emnoti_get_time_of_login(){ $time_of_login = date('l F Y'); return $time_of_login; } # Get the IP of the user that logged themselves as admin function _emnoti_get_ip(){ $sources = array( 'REMOTE_ADDR', 'HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', ); foreach ($sources as $source) { if(!empty($_SERVER[$source])){ $ip = $_SERVER[$source]; } } return $ip; } # Email all the info above to a pointed email address function emnoti_send_email($user_login, $user){ if(_emnoti_check_if_admin() === true){ // print _emnoti_get_time_of_login(); // print _emnoti_get_ip(); wp_mail("MY EMAIL!", "Test subject", 'test body'); } } add_action('wp_login', 'emnoti_send_email', 10, 2); ?> I am trying to learn php and I cannot figure out how to get a simple login form going. I am getting this error.
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given
I have no clue what I am doing wrong. I am following the "HowTo".
Here is my code
Index.php ( Login Form )
<form name="form1" method="post" action="checklogin.php"> <div id="wrappermiddle"> <h2>Login</h2> <div id="username_input"> <div id="username_inputleft"></div> <div id="username_inputmiddle"> <input name="myusername" type="text" id="myusername" value="Email Address"> <img id="url_user" src="./images/mailicon.png" alt=""> </div> <div id="username_inputright"></div> </div> <div id="password_input"> <div id="password_inputleft"></div> <div id="password_inputmiddle"> <input name="mypassword" type="text" id="mypassword" value="Password"> <img id="url_password" src="./images/passicon.png" alt=""> </div> <div id="password_inputright"></div> </div> <div id="submit"> <input type="image" src="./images/submit.png" name="Submit" value="Login"> </form> </div>checklogin.php <?php $host="localhost"; // Host name $username="MY DB USER"; // Mysql username $password="Password"; // Mysql password $db_name="MY DB Name"; // Database name $tbl_name="admin"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?>Any help would be greatly appreciated. Edited by Oblivion13, 07 October 2014 - 05:25 PM. Hi all, Sorry to be a pain, but I've been out of the php game for quite a few years and have just come back to it briefly to help someone out. I've been using an old admin auth script that I used to use a long time ago but it's not working, and I can't for the life of me work it out :/ I apologise for the noobishness of the code, but as I said, it's been a long time. Any and all help would be very greatly appreciated. Here is the code: <? require("config.php"); mysql_connect($server,$login,$password) or die('Error connecting to server'); mysql_select_db($base) or die('Error connecting to database'); $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login'"); $data = @mysql_fetch_array($req); $member_name = $data["username"]; $member_pass = $data["mempass"]; $member_userlevel = $data["level"]; if($member_pass == $admin_pass) { SetCookie("mgdwebby","$member_name:$member_pass:$member_userlevel"); } include("header.php"); ?> <? if($action=="login") { if($admin_login==""){ echo"Wrong info. "; } elseif($admin_pass==""){ echo"Wrong info. "; } else{ require("config.php"); mysql_connect($server,$login,$password) or die('Error connecting to server'); mysql_select_db($base) or die('Error connecting to database'); $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login'"); $data = @mysql_fetch_array($req); $member_name = $data["username"]; $member_pass = $data["mempass"]; if($member_pass == $admin_pass) { echo"<head><meta http-equiv=\"refresh\" content=\"2;URL=admin.php\"></head><br><center>Please Wait.</center><br>"; $auth = explode(":",$HTTP_COOKIE_VARS["mgdwebby"]); if(empty($auth[0]) || empty($auth[1])) { } else { echo"Welcome<br>"; include("admin_left.php"); } } else { echo"Wrong info. "; } } } else { echo"<form method='post' action='?action=login'> <table width='307' align='center' cellspacing='0' cellpading='0' border='0'> <tr> <td width='200'> Login : </td> <td> <input type='text' name='admin_login'></td> </tr> <tr> <td width='200'> Password : </td> <td> <input type='password' name='admin_pass'></td> </tr> <tr> <td colspan='2' align='center'><center><input type='submit' value='Login'></center></td> </table> "; } ?> <? include("footer.php"); ?> Login.php Code: [Select] <?php mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("Regis") or die(mysql_error()); if (isset($_POST["sub"])) { $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); $_POST['pass'] = addslashes($_POST['pass']); } $usercheck = $_POST["username"]; $check = mysql_query("SELECT username FROM registration WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('Sorry, the username" ." ".$usercheck." ". "is already in use.')</SCRIPT>"); echo ("<SCRIPT LANGUAGE='JavaScript'>setTimeOut(window.location = 'registration.php',1)</script>"); } else if($_POST['username'] && $_POST['pass'] && $_POST['pass2'] ) { $insert = "INSERT INTO registration (username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')"; $add_member = mysql_query($insert); echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('Registration had been succesfully added :)')</SCRIPT>"); } } ?> <html> <head> <script type="text/javascript"> function a() { var x = document.login.username.value; var y = document.login.pass.value; if(x==""&& y=="") { alert("Please insert all message!"); return false; } if(x=="") { alert("Please insert an username!"); return false; } if(y=="") { alert("Please insert an password!"); return false; } } </script> </head> <body> <table border="0"> <form name="login" method="post" action="form2.php" onsubmit="return a()"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td> <td><input type="text" name="username" maxlength="40"></td></tr> <tr><td>Password:</td> <td><input type="password" name="pass" maxlength="50"></td></tr> <tr><td><input type="submit" name="submit" value="Register"></a></td> <td><input type="submit" name="submit" value="Login"></td></tr> </form> </body></html> form2.php Code: [Select] <?php mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("cute") or die(mysql_error()); $message=$_POST['message']; $n=$_POST['username']; if(isset($_POST['submit'])) //if submit button push has been detected { if(strlen($message)>1) { $message=strip_tags($message); $IP=$_SERVER["REMOTE_ADDR"]; //grabs poster's IP $checkforbanned="SELECT IP from ipbans where IP='$IP'"; $checkforbanned2=mysql_query($checkforbanned) or die("Could not check for banned IPS"); if(mysql_num_rows($checkforbanned2)>0) //IP is in the banned list { print "You IP is banned from posting."; } else { $thedate = date("U"); //grab date and time of the post $insertmessage="INSERT into chatmessages (name,IP,postime,message) values('$n','$IP','$thedate','$message')"; mysql_query($insertmessage) or die("Could not insert message"); } } } ?> <html> <head> <script type="text/javascript"> function addsmiley(code) { var pretext = document.smile.message.value; this.code = code; document.smile.message.value = pretext + code; } function a() { var x = document.smile.message.value; if(x=="") { alert("Please insert an message!"); return false; } } </script> <style type="text/css"> body{ background-color: #d8da3d } </style> </head> <body> <form name="smile" method="post" action="form2.php" onSubmit="return a()" > Your message:<br><textarea name='message' cols='40' rows='2'></textarea><br> <img src="smile.gif" alt=":)" onClick="addsmiley(':)')" style="cursor:pointer;border:0" /> <img src="blush.gif" alt=":)" onClick="addsmiley('*blush*')" style="cursor:pointer;border:0" /> <input type="hidden" name="username" value="<?php echo $n;?>"> <input type='submit' name='submit' value='Send' class='biasa' ></form> <br> <br> </body> </html> My problem is in login.php in form section, can one form can be used user or admin because just now im doing is for user if user login it goes to form2.php but im want also in the same form if admin the form post to form3.php any way to do that thank you Hey guys, I'm kind of a n00b with PHP and i'm trying to practice by building a mock e-comm site, but i'm having a problem with my admin login form. When the information is submitted the form just clears and doesn't redirect me to the index.php file i have set-up. My knowledge of php isn't where i'd like it to be yet, so i'm here for help! I'll post the code for bpoth the admin login page and the index.php file. ADMIN LOGIN PAGE | | V <?php session_start(); if (isset($_SESSION["username"])) { header("location: index.php"); exit(); } ?> <?php if (isset($_POST["username"]) && isset($_POST["password"])){ $username = $_POST["username"]; // filter everything but numbers and letters $password = $_POST["password"]; // filter everything but numbers and letters include "../storescripts/connect_to_mysql.php"; $sql = mysql_query("SELECT id FROM admin WHERE username='$username' AND password='$password' LIMIT 1"); $existCount = mysql_num_rows($sql); // count the row nums if ($existCount == 1) { // evaluate the count while($row = mysql_fetch_array($sql)){ $id = $row["id"]; } $_SESSION["id"] = $id; $_SESSION["username"] = $username; $_SESSION["password"] = $password; header("location: index.php"); exit(); } else { echo 'That information is incorrect, try again <a href="index.php">Click Here</a>'; exit(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Store Admin Area</title> <link rel="stylesheet" type="text/css" href="../css/main_style.css" /> </head> <body> <div id="wrapper"> <div id="text"><br /> <div align="left" style="margin-left:100px; margin-top:100px;"> <h2>Please Login To Manage The Store</h2> <br /><br /> <form id="form1" name="form1" method="post" action="admin_login.php"> <strong>Username</strong> <input name="username" type="text" id="username" size="40" /> <br /><br /> <strong>Password</strong> <input name="password" type="password" id="password" size="40" /> <br /> <br /> <input type="submit" name="button" id="button" value="Login" /> </form> </div> </div><!--closes wrapper--> </body> </html> INDEX.PHP FILE | | V <?php session_start(); if (!isset($_SESSION["username"])) { header("location: admin_login.php"); exit(); } $usernameID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); $username = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["username"]); $password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); include "../storescripts/connect_to_mysql.php"; $sql = mysql_query("SELECT * FROM admin WHERE id='$usernameID' AND username='$username' AND password='$password' LIMIT 1"); // query the person $existCount = mysql_num_rows($sql); // count the row nums if ($existCount == 0) { // evaluate the count echo "Your login session data is not on record in the database."; exit(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Store Admin Area</title> <link rel="stylesheet" type="text/css" href="../css/main_style.css" /> </head> <body> <div id="wrapper"> <div id="text"><br /> <div align="left" style="margin-left:100px; margin-top:100px;"> <h2>Hello store manager, what would you like to do today?</h2> <p><a href="inventory_list.php">Manage Inventory</a><br /> <a href="#">Manage Blah Blah </a></p> </div> <br /> <br /> <br /> </div><!--closes wrapper--> </body> </html> Any help and suggestions are greatly appreciated! Thanks! <?php session_start( ); include_once( dirname( __FILE__ )."/../inc/func/get_sth.php" ); include_once( _ABSPATH_."/inc/func/header.php" ); if ( $_GET["f"] == "login" ) { $adminuser = strtolower( strip_tags( trim( $_POST["adminuser"] ) ) ); $r_0 = strtolower( strip_tags( trim( $_SESSION["r"] ) ) ); $r_1 = strtolower( strip_tags( trim( $_POST["r"] ) ) ); if ( $r_0 == $r_1 ) { $result = mysql_query( "SELECT password FROM admin where adminuser='".$adminuser."'" ); $val = mysql_fetch_array( $result ); if ( !$val["password"] ) { $loginfail = 1; } else { if ( $val[password] === md5( $_POST["password"] ) ) { $_SESSION['admin'] = $adminuser; header( "Location: ./" ); exit( ); } $loginfail = 1; } } else { $loginfail = 2; } } $page_title = l( "Administration Login" )." | ".get_sitename( ); $smarty->assign( "page_title", $page_title ); $smarty->assign( "loginfail", $loginfail ); $smarty->display( "mgt/login.tpl" ); ?> Hello everyone: I wanted to see how I can make a simple login page (user name and password) that redirects to a page(s) if the login is correct. Also, I wanted to put protection on the page(s) that will send the user back to the login page if the credentials are nor correct. I would imagine the username/password would be stored in a database table (Admins), and the correct login info would be stored in a session ..? I am use to doing this with ASP, but never PHP. I want to make sure I understand how to do this properly and securely so I can use this as a model for other systems. In ASP I would do a protected page like this: a_login_check.asp Code: [Select] <% if session("admin_user_name") = "" then session.abandon response.redirect "login.asp" end if %> Protected-Page.asp Code: [Select] <!-- #include file="include/a_check_login.asp" --> <html> ... CONTENT ... </html> And of course there is the login page itself ... (I thought it would be nice to add a "Forgot Password" link on the login page, but if that is too complicated I can do that later .. or is it easy ??) Anyway, can someone point-out to me how to do this. I would appreciate it! Login.php Code: [Select] <?php session_start(); mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("cute") or die(mysql_error()); $username = $_POST['username']; $password = $_POST['pass']; if (isset($_POST["submit"])) { $log = "SELECT * FROM regis WHERE username = '$username'"; $login = mysql_query($log); $row = mysql_fetch_array($login); $number = mysql_num_rows($login); if ($number > 0) { $_SESSION['username'] = $row['username']; $_SESSION['userlevel'] = $row['userlevel']; if($_SESSION['userlevel']==1) { $_SESSION['is_logged_in'] == 1; header("Location: form2.php"); } else if($_SESSION['userlevel']== 0) { $_SESSION['is_logged_in'] == 1; header("Location: registration.php"); } } Registration.php Code: [Select] <?php echo 'Welcome:' .$_SESSION['is_logged_in'];?> form2.php Code: [Select] <?php session_start(); if (empty($_SESSION['is_logged_in'])) { header("Location:chatframe.php"); die(); // just to make sure no scripts execute } ?> <?php mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("cute") or die(mysql_error()); $message=$_POST['message']; $a=$_SESSION['username']; if(isset($_POST['submit'])) //if submit button push has been detected { if(strlen($message)>1) { $message=strip_tags($message); $IP=$_SERVER["REMOTE_ADDR"]; //grabs poster's IP $checkforbanned="SELECT IP from ipbans where IP='$IP'"; $checkforbanned2=mysql_query($checkforbanned) or die("Could not check for banned IPS"); if(mysql_num_rows($checkforbanned2)>0) //IP is in the banned list { print "You IP is banned from posting."; } else { $thedate = date("U"); //grab date and time of the post $insertmessage="INSERT into chatmessages (name,IP,postime,message) values('$a','$IP','$thedate','$message')"; mysql_query($insertmessage) or die("Could not insert message"); } } } ?> <html> <head> <script type="text/javascript"> function addsmiley(code) { var pretext = document.smile.message.value; this.code = code; document.smile.message.value = pretext + code; } function a() { var x = document.smile.message.value; if(x=="") { alert("Please insert an message!"); return false; } } </script> <style type="text/css"> body{ background-color: #d8da3d } </style> </head> <body> <form name="smile" method="post" action="form2.php" onSubmit="return a()" > Your message:<br><textarea name='message' cols='40' rows='2'></textarea><br> <img src="smile.gif" alt=":)" onClick="addsmiley(':)')" style="cursor:pointer;border:0" /> <img src="blush.gif" alt=":)" onClick="addsmiley('*blush*')" style="cursor:pointer;border:0" /> <input type='submit' name='submit' value='Send' class='biasa' ></form> <br> <br> </body> </html> In this registration.php when im called back its appear nothing im means the number is not showing and the login code even im had also put the "$_SESSION['is_logged_in'] == 1;" outside if else userlevel statement and then i put $d= $_SESSION['is_logged_in'] == 1; and im echoing back but it is nothing im thinks something wrong in session is login and also still it cannot redirect to admin -form2.php when session is login in is 1 Hi guy's, I'm having problems adjusting a script to add a level (user rights) function. When i login with a admin or normal user it gives a blank page (not redirecting to home.php). It even does'nt return an echo that user / pass is incorrect. I'm breaking my head over this for day's now. Can you help me out? Code: [Select] <?php session_start(); //Login form (index.php) include "db_connect.php"; if(!$_POST['submit']) { ?> <html> <head> <!--[if IE]> <link rel="stylesheet" type="text/css" href="style.css" /> <![endif]--> <![if !IE]> <link rel="stylesheet" type="text/css" href="firefox.css" /> <![endif]> </head> <body> <div id="wrapper"> <div id="header"> <?php include('header.php'); ?> </div> <div class="divider"> <strong>Login</strong> <form method="post" action="index.php"> <div class="formElm"> <label for="username">Klantnummer:</label> <input id="username" type="text" name="username" maxlength="16"> </div> <div class="formElm"> <label for="password">Wachtwoord:</label> <input type="password" name="password" maxlength="16"> </div> <input type="submit" name="submit" value="Login"> </form> </div> <div id="footer"> <?php include('footer.php'); ?> </div> </div> </html> <?php } else { $user = protect($_POST['username']); $pass = protect($_POST['password']); $level = protect($_POST['level']); if($user && $pass && $level) { $pass = md5($pass); //compare the encrypted password $sql1 ="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass' AND `level`='1'"; $sql2 ="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass' AND `level`='9'"; $queryN=mysql_query($sql1) or die(mysql_error()); $queryA=mysql_query($sql2) or die(mysql_error()); if(mysql_num_rows($queryN) == 1) { $resultN = mysql_fetch_assoc($queryN); $_SESSION['id'] = $resultN['id']; $_SESSION['username'] = $resultN['username']; header("location:home.php"); } elseif(mysql_num_rows($queryA) == 1) { $resultA = mysql_fetch_assoc($queryA); $_SESSION['id'] = $resultA['id']; $_SESSION['username'] = $resultA['username']; header("location:home.php"); } else{ echo "Wrong Username or Password"; } } } ?> and the mysql code: Code: [Select] CREATE TABLE `user` ( `id` int(4) unsigned NOT NULL auto_increment, `username` varchar(32) NOT NULL, `password` varchar(32) NOT NULL, `level` int(4) default '1', PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=27 DEFAULT CHARSET=latin1; hello. I need your help please. I'm building logistics website with user panel and admin panel. I've done all login and register forms. now I want to : admin can add package with: tracking number , weight , cost , and declaration form. user can fill declaration form after admin add package to user panel. then admin can see the declared form. is it possible in php? thank you in advance login system. why wont it work? Did same thing @ school it worked. this is my action page: <?php ob_start(); $host="host"; // Host name $username="user"; // Mysql username $password="pass"; // Mysql password $db_name="db"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $myusername and $mypassword $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "users/index.php" session_register("myusername"); session_register("mypassword"); header("location:users/index.php"); } else { echo "Error. Username or password incorrect. Have you <a href='#' onclick='alert()'>registered?</a>"; } ob_end_flush(); ?> It comes up with this error: Warning: session_register() [function.session-register]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\external\index.php:59) in C:\xampp\htdocs\external\action.php on line 32 Warning: session_register() [function.session-register]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\external\index.php:59) in C:\xampp\htdocs\external\action.php on line 32 Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\external\index.php:59) in C:\xampp\htdocs\external\action.php on line 34 If you have not registered, please click here Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively in Unknown on line 0 Hello there, The problem is that my login system isn't consistent. There's an option of staying logged in, and if you check that a cookie gets created with a hash. When you visit the site again, you should be logged in automatically. But the thing is, that when you load the page, you aren't! But after a refresh you are logged in. So I'm guessing a problem in the order of things that get done... Here's the script: Code: [Select] <?php session_start(); if(isset($_COOKIE['LoginCookie'])) { $hash = $_COOKIE['LoginCookie']; mysql_select_db('database'); $sql = "SELECT all the info of the people FROM people WHERE cookie_hash = '".$hash."'"; if($result = mysql_query($sql)) { $row = mysql_fetch_array($result); if(empty($row)) { setcookie('LoginCookie','',time()-3600); } if(mysql_num_rows($result) == 1) { $_SESSION['loggedin'] = true; $_SESSION['loggedinnick'] = $row['nick']; $_SESSION['loggedinvoornaam'] = $row['voornaam']; $_SESSION['loggedinachternaam'] = $row['achternaam']; $_SESSION['loggedinid'] = $row['id']; $_SESSION['loggedintype'] = $row['type']; } } } if(isset($_POST['login'])) { if(empty($_POST['username']) || empty($_POST['wachtwoord'])) { $_SESSION['melding'] = 'ERROR'; header('Location: index.php'); exit(); } $username = CleanMyDirtyData($_POST['username']); $wachtwoord = sha1(CleanMyDirtyData($_POST['wachtwoord'])); mysql_select_db('database'); $sqlmail = mysql_query("SELECT * FROM people WHERE email='$username' AND wachtwoord = '$wachtwoord'"); $sqlnaam = mysql_query("SELECT * FROM people WHERE nick='$username' AND wachtwoord = '$wachtwoord'"); if(mysql_num_rows($sqlmail) == 1 || mysql_num_rows($sqlnaam) == 1) { if(mysql_num_rows($sqlmail) == 1) { $row = mysql_fetch_array($sqlmail); } else { $row = mysql_fetch_array($sqlnaam); } if(isset($_POST['remember'])) { $hash = sha1($username . 'Some secret thingys for your safety'); setcookie('LoginCookie',$hash,time()+30000000); mysql_query("UPDATE leden SET cookie_hash='" . $hash . "' WHERE id='" . $row['id'] . "'")or die(mysql_error()); } $_SESSION['loggedin'] = true; $_SESSION['loggedinnick'] = $row['nick']; $_SESSION['loggedinvoornaam'] = $row['voornaam']; $_SESSION['loggedinachternaam'] = $row['achternaam']; $_SESSION['loggedinid'] = $row['id']; $_SESSION['loggedintype'] = $row['type']; $_SESSION['melding'] = 'You are logged in now.'; } else { $_SESSION['melding'] = 'ERROR'; header('Location: index.php'); exit(); } } So if the checkbox that you want to stay logged in, there is no cookie made but the $_SESSION['loggedin'] is set to true. Throughout the rest of the page, this parameter is used to show either content for guests of private content for people that are logged in. BUT the problem is that if it is checked on the first page load the $_SESSION['loggedin'] doesn't seem to get set even though the cookie is set. Another slight problem with my script is that when a user logs in on another pc, the hash get's changed in the database and the user gets logged out of the site on the previous page. What is the easiest way to do that? And do you guys think this script is safe? Or do you see some holes? Thanks in advance! arbitter |