PHP - Login Design Help

Hi everyone i wonder if you can help me he

I need a script for a login and check login- create cookie.

Here is my form:

<form method="post" action="check_login.php">
<p>
<input type="submit" name="Submit2" value="go" />
</fieldset>
</p>
</form>

that sends it to check_login (which BEFORE i deleted something by accident, used to take me to a username and password box)

But now all it does is send me straight to the memebrs area???


Can i change the check_login.php script to make it work correctly:

Code: [Select]
<?php 
// Connects to your Database 
mysql_connect("server", "user", "password") or die(mysql_error()); 
mysql_select_db("DB") or die(mysql_error()); 

//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page
{ 
$username = $_COOKIE['ID_my_site']; 
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check )) 
{
if ($pass != $info['upassword']) 
{
}
else
 {
header("Location: members_area.php");

  }
  }
 }

 //if the login form is submitted 
 if (isset($_POST['submit'])) { // if form has been submitted

 // makes sure they filled it in
  if(!$_POST['username'] | !$_POST['upassword']) {
  die('You did not fill in a required field.');
  }
  // checks it against the database

  if (!get_magic_quotes_gpc()) {
  $_POST['email'] = addslashes($_POST['email']);
  }
  $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

 //Gives error if user dosen't exist
 $check2 = mysql_num_rows($check);
 if ($check2 == 0) {
  die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
  }
 while($info = mysql_fetch_array( $check )) 
 {
 $_POST['upassword'] = stripslashes($_POST['upassword']);
  $info['upassword'] = stripslashes($info['upassword']);
  $_POST['upassword'] = md5($_POST['upassword']);

 //gives error if the password is wrong
  if ($_POST['upassword'] != $info['upassword']) {
  die('Incorrect password, please try again.');
  }
  else 
 { 
 
 // if login is ok then we add a cookie 
   $_POST['username'] = stripslashes($_POST['username']); 
   $hour = time() + 3600; 
 setcookie(ID_my_site, $_POST['username'], $hour); 
 setcookie(Key_my_site, $_POST['upassword'], $hour);  
 
 //then redirect them to the members area 
 header("Location: members_area.php"); 
 } 
 } 
 } 
 else 
{  
 
 // if they are not logged in 
?>
 <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
 <table width="316" height="120" border="0">
 <tr><td colspan=2><h1>Login</h1></td></tr>
 <tr><td>Username:</td><td>
 <input type="text" name="username" maxlength="40">
 </td></tr>
 <tr><td>Password:</td><td>
 <input type="password" name="upassword" maxlength="50">
 </td></tr>
 <tr><td colspan="2" align="right">
 <input type="submit" name="submit" value="Login">
 </td></tr>
 </table>
 </form>
<?php 
 } 
 
?>

Hello, I am once again desperately asking for your help,

I am working on a simple login page and I am having trouble actually getting it  to login. I display error messages for if the user doesn't enter anything but I can't seem to get it to work for if the credentials are wrong. It logs the user in whether the information is right or not and i dont even know what to do now

 

This is the code any suggestions would be greatly appreciated

<?php
    /*
    Name: Deanna Slotegraaf 
    Course Code: WEBD3201
    Date: 2020-09-22
    */

    $file = "sign-in.php";
    $date = "2020-09-22";
    $title = "WEBD3201 Login Page";
    $description = "This page was created for WEBD3201 as a login page for a real estate website";
    $banner = "Login Page";
    require 'header.php';

    $error = "";

    if($_SERVER["REQUEST_METHOD"] == "GET")
    {
        $username = "";
        $password = "";
        $lastaccess = "";        
        $error = "";
        $result = "";
        $validUser = "";
    }
    else if($_SERVER["REQUEST_METHOD"] == "POST")
    {        
    	$conn;
        $username = trim($_POST['username']); //Remove trailing white space
        $password = trim($_POST['password']); //Remove trailing white space

    if (!isset($username) || $username == "") {
      $error .= "<br/>Username is required";
    }
    if (!isset($password) || $password == ""){
      $error .= "<br/>Password is required";
    }
    if ($error == "") {
      $password = md5($password);
      $query = "SELECT * FROM users WHERE EmailAddress='$username' AND Password='$password'";
      $results = pg_query($conn, $query);
      //$_SESSION['username'] = $username;
        //$_SESSION['success'] = "You are now logged in";
        header('location: dashboard.php');
      }else {
        $error .= "Username and/or Password is incorrect";
      }

}

?>

<div class = "form-signin">
    <?php
             echo "<h2 style='color:red; font-size:20px'>".$error."</h2>";
    ?>
<form action = "<?php echo $_SERVER['PHP_SELF'];  ?>" method="post">

      <label for="uname"><b>Login ID</b></label>
      <input type="text" name="username" value="<?php echo $username; ?>"/>
      <br/>
      <label for="psw"><b>Password</b></label>
      <input type="password" name="password" value="<?php echo $password; ?>"/>
      <br/>
        <button type="submit" name="login_user">Login</button>
        <button type="reset">Reset</button></div>
</form>
</div>

<?php require "footer.php"; ?>

 

Okay, not sure what exactly I need but I need to store data in a MySQL database.

The financial data for each user has to be stored for each day.

I.e. User 1 has 20 financial data columns say (rent, maintenance, wages, shopping... etc). I need to store each of those separately so they can be displayed in a report.

There is more than one user. Most likely a couple of hundred users although it needs to work for up to a few thousand users.

Also, each user's daily financial data has to be stored against the date of that data so the user can see the change in finances between day X and day Y for example.

So far my best idea has been to create a table for each user and then in that table store the financial data in the columns against the date as the primary key. Does anyone have a better way for this or should I do this?

Hi guys, I don't know if I'm over complicating things here and cannot see the wood for the trees, but I seem to have got myself confused. What I'm simply trying to do is get teamName and teamresults of a team from a database.  The code will perhaps explain better than I can (note I haven't included the DB class which is fine).

class TeamCollection {
    protected $database;
    protected $teamid;
    protected $team_name;
    
    // pass db by dependency injection...
    public function __construct(Database $database) {
            $this->database = $database;    
    }

    public function getTeam($teamid){
            $this->team_id = $teamid;
            $this->database->query("SELECT  team_name, nickname, founded FROM club WHERE team_id=:teamid");
            $this->database->bind(':teamid', $this->team_id);    
            
        // spawn a new Team object if query is valid, if not throw exception and end via try/catch...
        if ($result = $this->database->single()) {
                return new Team($result); // create new Team passing $result to Team constructor
        }
        else {
                throw new exception ('No Valid Team returned');
        }
    }
    
    public function getResults($teamid){
            $this->team_id = $teamid;
            $this->database->query("SELECT result FROM results WHERE team_id=:teamid");
            $this->database->bind(':teamid', $this->team_id);    
    
        // If a Team has valid results, return array of match scores..
        if ($scores = $this->database->results()) {
                return $scores;
        }
        else {
            throw new exception ('No Valid Team Results to return');
        }
    }

} //end class

// Team is abstracted from DB
class Team {
    
    private $team_name;
    private $result;
    private $scores;
    
    public function __construct(array $result) {
        $this->team_name = $result['team_name'];
    }
    
    public function getName() {
        $this->team_name;
    }
    
    public function getResults(array $scores) {
        foreach ($scores as $row){
            echo $row;    
        }
    }
}
// implementation

$team_id =9; // passed variable..

$database = new Database($server,$db_type); // create db..

$database->connect(); // connect to db..

$collection = new TeamCollection($database); // pass live DB link to TeamCollection Class

try {
    
    $team = $collection->getTeam($team_id); // try and spawn a valid Team Object..

    echo $name = $team->getName(); // If so lets return a Team name

    $scores = $team->getResults($team_id); // Now try and get Team Results..

    $display_results = $scores->getResults($scores); // Display results by passing them to Team class to

    }

catch (Exception $e) {
    Echo 'Exception Thrown: ' . $e->getMessage();    
}

My basic difficulty is where to put the getResults method and how to use it? I'm fine spawning a new Team as required, but is my logic for then moving on to getResults sound? I was trying to abstract my Team class from having any database association at all. Is this a wise approach or just not required? Am I overcomplicating the issue or missing something? Can anyone help? I guess my difficulty is between connecting classes and objects in the best manner. Thanks in advance.
Edited by mich2004, 19 May 2014 - 06:48 AM.

Hi All,

I currently have a ticketqueue that show's all tickets assigned to a group of people, but split into personal queues, but the way that I wrote it, means that it needs manually updating if a specific person leaves/joins the department. For example, to get the queue details, I use the following query:

Code: [Select]
$username1 = mssql_query("select id,subject,body,priority from queue where assignedto = username1";)
$username2 = mssql_query("select id,subject,body,priority from queue where assignedto = username2";)

I have repeated this code for all of the users in our team. Which seams a waste, as I have all the information on our team stored in a DB called "sysadminusers". Is there an array I could use that would look at all the usernames in the table, and then repeat the query for me?

I would also need this array to display the results on the page, currently I use the following:

Code: [Select]
while($username1_tickets = mssql_fetch_assoc($username1)){
echo $username1_tickets['id'],$username1_tickets['subject']$username1_tickets['body'],$username1_tickets['priority'];}
while($username2_tickets = mssql_fetch_assoc($username2)){
echo $username2_tickets['id'],$username2_tickets['subject']$username2_tickets['body'],$username2_tickets['priority'];}

I am just looking for some design advice and code examples that would help me tidy up my code for this page, it seams a lot of code for quite a simple page.

Thanks
Matt

Hello I have a question in regards to design. No need for example code just of how to approach the problem.

Issues and things that cannot change because they are part of the situation.
1. Cannot use any database like oracle, MySQL, or SQLite
2. The server does not run PHP5
3. The students do not have a unique field and cant have one because they have not my employers have not decided on one.

Here is the problem:
I have to make a form with the following fields

first name
last name
comments
date

I have stored the fields in a text file.
However, how can I relate date to the comment  without having duplicates records?
For example. Lets suppose my boss asked me  can you look up the comments that the counselor made in july 10 2010.

My answer: One must have duplicate records of each instance of a comment. Am I wrong?

I have a php file, call it "mypage.php"
it makes come calculations, create 5 different arrays,
and creates a table by using the arrays.

I found simpleXML to create XMLs easily.
I want to make an xml file by using the contents of mypage.php.

I want to do that with an argument like that "mypage?type=xml"
I'm aware that i should use "$_GET" or "$_POST"
But where should i put the php code in page,
so when i use argument "xml" it will create an xml file.
When i don't give argument it will create an html type file.

Or should i use another php that includes mypage.php??
And get arrays from that file?

Thank you.

Amazingly, threads about application design belong in the Application Design sub-forum.

This topic has been moved to Application Design.

http://www.phpfreaks.com/forums/index.php?topic=358384.0

sorry guys its been a long day and this is an extreme newbie question but for whatever reason right now I cant wrap my head around the concept right now...
say for instance one wanted to make a db for job postings, where one could go and see many different categories etc etc. Would you create a table "jobs" and then create rows for the types ie) Accounting, Business, Customer Service, etc. - or would those be all seperate tables as well? Cause im just thinking of the INSERT INTO query, and say I wanted to add a job but I only wanted to add one to the Customer service portion of the jobs table...thats why im curious if everything should be different tables so you could just do INSERT INTO customer_service etc etc and then have all of the persons names/creditials there? OR is it possible to create a table within a table? or am I simply going nuts here? lol. thanks

I have designed a database for my institute. Here I have attached my design for better understanding.   I am expecting your reviews who are professional for the database design.   Thank You.     Attached Files  Database Design for Institute Registration.jpg   61.29KB   0 downloads

This topic has been moved to Application Design.

http://www.phpfreaks.com/forums/index.php?topic=357188.0

Hi there,   This may not be the correct space to post this - but I'm very new to all this.   I've created a page that will run a php script to output a query. I would then like to send that same query via email - however from a design perspective I don't think the correct process is to click 'submit' to view the query and then 'submit' to send the result via email?   Can you please advise on some design solutions regarding this issue?   Thanks!  

Hi all!

I'm a real noob and this is my first time making a website and I haven't hosted it yet.
I'm trying to make a website that is fast and secure.
My pages look something like this.

Code: [Select]
<?php include("header.php");include("sidebar.php"); ?>
HTML CODES
<?php include("footer.php"); ?>

1. Are these php files cached after their first load? When I go to another page, those parts seem to stay still.
2. Is this code secure?

And now I'm starting to make product pages which will be around 40 pages.
So I'm considering something like  this...

Code: [Select]
<?php include("header.php");include("sidebar.php"); ?>
<a href="index.php?page=a">Page A</a>
<?php 
$page = $_GET['page'];
if (file_exists('pages/'.$page.'.php'))
{
   include('pages/'.$page.'.php');
}
?>
<?php include("footer.php"); ?>

3. Is it better to make every page like this since it will load header, sidebar, footer only once?
4. How should I protect from the user input data, by making an array of allowed files or by prohibiting "." and "/" ?

Thank you in advance.

This topic has been moved to Application Design.

http://www.phpfreaks.com/forums/index.php?topic=318519.0

Hello

I am looking to redesign an old poll system what approved to work effeciantly, however I now need to get the poll to work on my new site.

I am getting these errors.

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/gaogier/public_html/includes/polls.php on line 4

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/gaogier/public_html/includes/polls.php on line 4

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/gaogier/public_html/includes/polls.php on line 52

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/gaogier/public_html/includes/polls.php on line 52


Code is on pastebin - 24 hours.

http://pastebin.com/1u19Xwwk

Now here is where my files are located

includes/connect.php
includes/polls.php
pages/ - my pages.php - displayed as a new folder almost using mod rewrite.
tpl/sidebar.tpl - where my poll will be displayed using php - include.