PHP - User Privileges

Actually, what i want to do is to use the email to fetch the $email,$password and $randomnumber from database after

Hi,

I am getting frustrated beyond belief at the moment with trying to get a very simple script to run, I am using PHP 5.3.3 and MySQL 5.1 on a Win2k8 server with IIS7.5. Basically my script is connecting to a local database, running a single select query, returning those rows and building up a string from them.

The problem is that I am receiving complete BS responses from PHP that the access is denied for the user being specified. This is complete rubbish since the user can connect via mysql, sqlyog, ASP.NET MVC without issue but for some bizarre reason it is not working via PHP.

The code for the script is here :

Code: [Select]
<?php

$mysql = mysql_connect('127.0.0.1:3306', 'myuser', 'mypass', 'mydatabase');


if (!$mysql) {
  die(mysql_error());
  $content = "<nobr></nobr>";
} else {
  
  $result = mysql_query('SELECT * FROM tblEventGroup'); 
  $content = "<nobr>";
  
  if ($result) {     
      while($row = mysql_fetch_assoc($result)) {
       $content .= "<span>";
       $content .= $row['GroupName'];
       $content .= "</span>";
       $content .= "<a href=\"../Event/EventSearch?groupid=";
       $content .= $row['GroupId'];
       $content .= "\" target=\"_blank\">Book here</a> ";
      }
  }
  
  mysql_close($mysql);
  $content .= "</nobr>";

}

?>
I cannot for the life of me understand what the problem is, the return error is

Access denied for user 'myuser'@'localhost' (using password: YES)

Hi guys,

I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else.

I have got the system to work up as far as:

1/ The user logs in
2/ Once logged in they are re-directed to their own page using 'theirusername.php'

Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page.

This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working!

Please find below the code I am using:


LOGIN

<?php
session_start();


function dbconnect()
{
    $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error());

}
?>

<?php
if(isset($_SESSION['loggedin']))
{
    header("Location:" . strtolower($username) . ".php");
if(isset($_POST['submit']))
{
   $username = mysql_real_escape_string($_POST['username']);
   $password = mysql_real_escape_string($_POST['password']);
   $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'");
   if(mysql_num_rows($mysql) < 1)
   {
     die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again");
   }   $_SESSION['loggedin'] = "YES";
   $_SESSION['username'] = $username;
 $_SESSION['name']
   header("Location:" . strtolower($username) . ".php");
}
?> 

HEADER ON EACH PHP PAGE

<?php
session_start();
if(!isset($_SESSION['loggedin']))
{
    die(Access to this page is restricted without a valid username and password);
?>

---------------------------------------------------

Am I right in thinking it is something to do with the "loggedin" part?

The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php"

Any help would be greatly appreciated! 

Ta

Hallo everybody, the user is in the table, but i get error (user not found!).   thank you very much for your help Rafal

<!DOCTYPE html>
<html>
<head>
<title>index</title>
<meta http-EQUIV="CONTENT-LANGUAGE" content="en">
<?php
SESSION_START();
include("abc.php");
$link2 = mysqli_connect("$hoster", "$nameuser", "$password", "$basedata")
or die ("connection error" . mysqli_error($link2));
$email = $_POST["inp_email"];
$pwd = $_POST["inp_pwd"];
if($email && $pwd)
{
$chkuser = mysqli_query("SELECT email FROM $table2 WHERE email = '$email' ");
$chkuserare = mysqli_num_rows($chkuser);
if ($chkuserare !=0)
{
$chkpwd = mysqli_query("SELECT pwd FROM $table2 WHERE email = '$email'");
$pwddb = mysqli_fetch_assoc($chkpwd);
if (md5($pwd) != $pwddb["pwd"])
{
echo "Password is wrong!";
}
else
{
$_SESSION['username'] = $email;
header ('Location:list.php');
}
}
else
{
echo "user not found!";
}
}
else
{
echo "enter your Email and Password!";
}
mysqli_close($link2);
?>
</head>
<body style="font-family: arial;margin: 10; padding: 0" bgcolor="silver">
<font color="black">
<br>
<form action="index.php" method="post">
<b>Login</b><br><br>
<table width="100%">
<tr><td>
Email:<br><input type="text" name="inp_email" style="width:98%; padding: 4px;"><br>
Password:<br><input type="password" name="inp_pwd" style="width:98%; padding: 4px;"><br>
<br>
<input type="submit" name="submit" value="Login" style="width:100%; padding: 4px;">
</td></tr>
</table>
</form>
</font>
</body>
</html>

Hallo everybody, i have the following code. but i get allways this error while the user exist in the database. User not found! what do i do wrong?   thank you very much for your help Rafal

<html>
<head>
<?php
$connection = mysql_connect("db.xyz.com", "username", "password")
or die ("connection fehler");
mysql_select_db("db0123456789")
or die ("database fehler");
$email = $_POST["inp_email"];
$pwd = $_POST["inp_pwd"];
if($email && $pwd)
{
$chkuser = mysql_query("SELECT email FROM gbook WHERE email = '($email)' ");
$chkuserare = mysql_num_rows($chkuser);
echo $email;
echo $pwd;
if ($chkuserare !=0)
{
$chkpwd = mysql_query("SELECT pwd FROM gbook WHERE email = '($email)' ");
$pwddb = mysql_fetch_assoc($chkpwd);
if ($pwd != $pwddb["pwd"])
{
echo "password is wrong!";
}
else
{
echo "login successed";
}
}
else
{
echo "User not found!";
}
}
else
{
echo "Pleas enter your email and password!";
}
mysql_close($connection);
?>
</head>
<body>
<form action="login.php" method="post">
Email <input type="text" name="inp_email"><br>
Password <input type="text" name="inp_pwd"><br>
<input type="submit" name="submit" value="login">
</form>
</body>
</html>

Edited by rafal, 21 September 2014 - 04:33 PM.

Hello, i've got some shop script which has 2 payment modules which i'd like to use for something else, the payment modules only work if the user is logged in though, i tried to make them standalone scripts but that didn't work out too well.

So now i decided to go another way and just let everyone have the same session so everyone will be using the same username&password automatically.

the index file looks like this:
Code: [Select]
<?php
include('./inc/config.php');
include('./inc/functions.php');
include('./lang/'.$language.'.lng');
$id = addslashes($_REQUEST["id"]);
$user = addslashes($_REQUEST["username"]);
$pass = addslashes($_REQUEST["password"]);
$language = strtolower($language);
if(empty($id)) $id =1;
$file = mysql_query('SELECT * FROM navi_'.$language.' WHERE id="'.$id.'"');
if(mysql_num_rows($file)>0)
$file = mysql_fetch_array($file);
else
$file = mysql_fetch_array(mysql_query('SELECT * FROM navi_'.$language.' WHERE id="404"'));

if(!empty($user) AND !empty($pass))
{$query = mysql_query('SELECT * FROM users WHERE username="'.$user.'" AND pass="'.md6($pass).'"');
if(mysql_num_rows($query) == 1) {$_SESSION[$session_prefix."user"] = ucfirst($user); echo'<meta http-equiv="refresh" content="0; url=index.php?id=8">';}
else $error = 'Username oder Passwort ist falsch.';}

include('./designe/'.$designe.'/head.tpl');
include('./designe/'.$designe.'/navi.php');
include('./designe/'.$designe.'/middle.tpl');

if(file_exists('./pages/'.$file["file"]))
{echo'<h1>'.ucfirst($file["title"]).'</h1>';
include('./pages/'.$file["file"]);}
if(!empty($error)) echo '<font color="red">'.$error.'</font>'; 

include('./designe/'.$designe.'/foot.tpl');
?>

Now i tried alot of things including adding:
Code: [Select]
session_start();
$_SESSION["username"] = "peter";
$_SESSION["user"] = "peter";
$_SESSION["id"] = "1";
$_SESSION["pass"] = "peter";
$_SESSION["password"] = "peter";
or
Code: [Select]
$id = "1";
$user = "peter";
$username = "peter";
$pass = "peter";
$password = "peter";
also a combination of both, nothing works, but i don't understand why ? Any help is appreciated.

/Edit, i tried adding it to the paymentmodule .php aswell, but no luck.

hello. I need your help please. I'm building logistics website with user panel and admin panel. I've done all login and register forms. now I want to : admin can add package with: tracking number , weight , cost , and declaration form. user can fill declaration form after admin add package to user panel. then admin can see the declared form. is it possible in php? thank you in advance

I have a database which contains three users. But I can only access one of the user through PHP. When I try to enter other username I get a blank message. Anyone knows why??

Hi, I'm having some problems with this code. I have a password reset utility code which works and encrypts the password with md5 by using the password recovery page.
But in order for a user with a reset password to login I have to use this code in my page.
Code: [Select]
$username = addslashes($_POST['username']);
   $salt = 'random_stuff_15545';
       $password = md5($_POST['password'].$salt);
But when I have this code above the users that have NOT reset their passwords can NOT log in.

So for these users who have not reset their password i use this code[But with this code the users that reset their pass cannot log in]:
Code: [Select]
$username = addslashes($_POST['username']);
       $password = md5($_POST['password']);
How can I allow both types of users to log in? Cheers

Hey guys im making a script which allows a user to log in.
Then view some data from an SQL file, then click to a log out page and log out...
However i cant seem to destroy the session.
Any help?

Heres logout.php
<?php
$_SESSION['adminlogin'];
session_start();
$_SESSION = array();
session_destroy();
?>
<!DOCTYPE HTML>
<html lang="en-GB">
<head>
            <meta charset="utf-8">
            <!--Search Engine Meta Tags--> 
            <meta name="author" content="Worldwide Lighthouses">
            <meta name="keywords" content="Lighthouses,Lightships,Trinity House,Fog Signals,Fog Horns,Fresnel">
            <meta name="description" content="Worldwide Lighthouses is the number 1 source of information, pictures and videos on the Subject of Lighthouses and Lightships">
            <!--Stylesheets/Javascript-->
            <link rel="stylesheet" href="../../Page-Layout.css" media="screen and (min-width: 481px)">
            <link rel="stylesheet" href="../../Mobile-Page-Layout.css" media="only screen and (max-width:480px)">
            <!--Mobile Browser Support-->
            <meta name="viewport" content="width=320; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;">
            <!--IE Support-->
            <!--[if lt IE 9]><script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script> <link rel="stylesheet" href="../Page-Layout.css"><![endif]-->
<meta name="application-name" content="Worldwide Lighthouses"> 
<meta name="msapplication-starturl" content="http://worldwidelighthouses.com/"> 
         <meta name="msapplication-tooltip" content="Worldwide Lighthouses: Your number one source of Lighthouse Information, Videos and Pictures"> 
         <meta name="msapplication-task" content="name=Lighthouses;action-uri=http://worldwidelighthouses.com/Lighthouses.php;icon-uri=http://worldwidelighthouses.com/IE9/Lighthouses.ico"> 
         <meta name="msapplication-task" content="name=Lightships;action-uri=http://worldwidelighthouses.com/Lightships.php;icon-uri=http://worldwidelighthouses.com/IE9/Lightships.ico"> 
<meta name="msapplication-task" content="name=Fog Signals;action-uri=http://worldwidelighthouses.com/Fog-Signals.php;icon-uri=http://worldwidelighthouses.com/IE9/Fog-Signals.ico"> 
        <meta name="msapplication-task" content="name=Glossary;action-uri=http://worldwidelighthouses.com/Glossary.php;icon-uri=http://worldwidelighthouses.com/IE9/Glossary.ico">
             <title>Mailing List Administration | Worldwide Lighthouses</title> 
            </head>
<body>
  <header>
  <h1 id="WWLH">Worldwide Lighthouses</h1>
<form method="get" action="http://www.worldwidelighthouses.com/Search/search.php" id="Search-Box">
<input type="search" placeholder="Search Worldwide Lighthouses" name="query" id="query" size="30" value="" autocomplete="off">
<input type="submit" value="Search">
            <input type="hidden" name="search" value="1"> 
   </form>
</header>  <nav>
   <ul id="Nav">
  <li class="MenuButton" id="Index"><a href="../Index.php"><p class="Nav">Home</p></a></li>
        <li class="MenuButton" id="Lighthouses"><a href="../Lighthouses.php"><p class="Nav">Lighthouses</p></a></li>
        <li class="MenuButton" id="Lightships"><a href="../Lightships.php"><p class="Nav">Lightships</p></a></li>
        <li class="MenuButton" id="FogSignals"><a href="../Fog-Signals.php"><p class="Nav">Fog Signals</p></a></li>
            <li class="MenuButton" id="Daymarks"><a href="../Daymarks.php"><p class="Nav">Daymarks</p></a></li>
            <li class="MenuButton" id="Buoys"><a href="../Buoys.php"><p class="Nav">Buoys</p></a></li>
        <li id="MenuButtonLast"><a href="../Glossary.php"><p class="Nav">Glossary</p></a></li>
</ul>
</nav>
<article>
<?php
echo '<h1 class="Title">Successfully Logged Out</h1>';
?>
</article>
    <footer>
    <ul>
     <li><a href="../About.php">About</a></li>
        <li><a href="../Contact-us.php">Contact</a></li>
        <li><a href="../Use-Our-Media.php">Use our media</a></li>
        <li><a href="../Search/search.php">Search</a></li>
        <li><a href="../Social-Networking.php">Social</a></li>
        <li><a href="#Top">Back to top</a></li>
    </ul>
    <br>
    <br>
     &#38;#169; Worldwide Lighthouses <?php echo date("Y"); ?>
</footer>
</body>

If you need any of the other files, ask and ill provide.
Thanks in advance.

Danny

hello, is it possible to get the logged in user id when using windows authentication? 

I'm new to this forum, and PHP in general. So, hello to everyone!

I'm having a problem verifying whether or not my authentication script works. I'm not new to programming...just PHP.

Here it is..
<?php
//check if user is already logged in
if(isset($_session['username']))
{
    //init database information
    $db_server = "";
    $db_user = "";
    $db_password = "";
    $db_name = "";

    //connect to the database
    $connection = mysql_connect($db_server, $db_user, $db_password);
    if(!$connection)
    {
        die('Failed to connect: ' . mysql_error());
    }
    mysql_select_db($db_name, $connection);
        
    //verify login information
    $username = $_POST['username'];
    $password = $_POST['password'];
    $query = mysql_query("SELECT * FROM users WHERE username='$username'");
    if($query)
    {
        $array = mysql_fetch_array($query);
        if($_POST['password'] = $array['password'])
        {
            $_session['username'] = $array['username'];
            $_session['email'] = $array['email'];
            $_session['user_level'] = $array['user_level'];
            $_session['ip'] = $array['ip'];
            $_session['date_registered'] = $array['date_registered'];
            echo $_session['username'];
        }
        else
        {
            echo 'Bad Login Information!';
        }
    }
    else
    {
        die('Failed to login: ' . mysql_error());
    }
}
?>

<form action="auth.php" method="post">
<input name="username" type="text" size="20" maxlength="16">
<input name="password" type="text" size="20" maxlength="20">
<input name="submit" type="submit" value="Submit">
</form>

i got my user login and register working with my sql but now if a non logged in user tries to access the shoutbox i want it to redirect them to the register page.

<?PHP

session_start();

if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
header ("Location: /login/main.php");
}

?>



im using that code but even if im logged in, it redirects me to the register page? 

my main site is on the root of the site. the login page and the logged in page is in "/login/

I am having trouble finding a tutorial on how to have a login system like facebook and many other sites where when you login you get taken to your own profile with your own information using PHP and Mysql.

Any help would be much appreciated.

Thanks

Can somebody put a code that would show all the people that are online on the website?