PHP - Php Code For Geting Login/ Sig In Url

<?php
$user = $_GET['user'];
$request_url ="http://www.domain.com/logs.shtml";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $request_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);

//THIS NEEDS CHANGED!!!!!
$regex='|$user - (.*?) - $user|';

preg_match_all($regex,$result,$parts);
$logs=$parts[1];
foreach($logs as $log){
echo "<B>".$log."</B><br>";
}
curl_close($ch);
?>

The logs file looks like

username - log info - log info - log info - username

For a URL like

http-//www.domain.com/view-logs.php?user=strago

I want it to spit out just the lines from the log file that got

strago - log info - log info - log info - strago

Hey guys

I've been writing this login code and ive been having some minor problems i dunno what seemds to be the problem ive tried everything :s
Here's the html part of the login, the username and pass are sent by post to login.php below to compare with the ones in the database
Code: [Select]
<form method="POST" action="login.php">
Username : <input type="text" name="username">
Password : <input type="password" name="password">
<input type="submit" value="Login">
</form>$connect=mysql_connect("localhost","swcri_tarakji","xxxxxxxxxx");
mysql_select_db("swcri_working",$connect) or die (mysql_errno().":<b> ".mysql_error()."</b>");

$select_user = 
mysql_query('select * from users where username = "' . 
$_POST['username'] . '" and password = "' . 
md5($_POST['password'] . '"'));

if (mysql_num_rows($select_user) != 0) 
{
    session_start();
    session_register('authorized');
    $_SESSION['authorized'] = true;

    header("Location: protected.php");
    exit;
} 
else 
{
    header("Location: login_form.php");
    exit;
}

i get the following errors when i try to login :


Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/swcri/public_html/working/login.php on line 19

Warning: Cannot modify header information - headers already sent by (output started at /home/swcri/public_html/working/login.php:10) in /home/swcri/public_html/working/login.php on line 30

Pleaassseee help me

So I am new to all this coding and I am making a small website, which has to have a login and something is not working properly. My login user/pass processing code looks like this

<?php
$host = 'xxxx'; // Host name Normally 'LocalHost'
$user = 'xxxx'; // MySQL login username
$pass = 'xxxx'; // MySQL login password
$database = 'members'; // Database name
$table = 'members'; // Members name


$username = $_POST["username"];
$password = $_POST["password"];

    $connection = mysql_connect("xxxx", "$user", "$pass");
    if (!$connection) {
        die("Database connection failed: " . mysql_error());
    }
    else {
        echo "Everything is fine!<br />";
    }
 
mysql_select_db("xxxx",$connection) or die(mysql_error());


$result = mysql_query("SELECT * FROM members WHERE usr='$username' and pass='$password'",$connection) or die(mysql_error()); 
$count=mysql_num_rows($result);

if($count==1){
    session_start();
session_register("myusername");
session_register("mypassword");
header("location:Login_Success.php");
}
else {
echo "Wrong Username or Password";
}

?>

So it all continues well and transfers me to Login_Success.php, where the code looks like this

<?

if(!session_is_registered(myusername)){
header("location:MainPage.htm");
}

?>

<html>
-----my html code here, which makes no difference----

The problem is that it sends me to MainPage.htm and I can't really figure out why. As ive said im new to all of this. I figured that the session did not stay logged in, when it changed pages for some odd reason?


THANK YOU!

I created a login form for my system and I don't sure that it's enought for security to protect my website?

 include("database.php");
   session_start();
   
   if($_SERVER["REQUEST_METHOD"] == "POST") {
      // username and password sent from form 
      
      $stmt = $conn->prepare("SELECT Sale_ID FROM tb_sales WHERE Login_Name = ? AND Login_Password = ? LIMIT 1");
      $stmt->bind_param("ss", $_POST['username'], $_POST['password']);

      $stmt->execute();
      $res = $stmt->get_result(); 
     
  
      $count = mysqli_num_rows($res);
      
      if($count == 1) {
        // session_register("myusername");
         $_SESSION['login_user'] = $_POST['username'];
         echo "Login Succcess";
         //header("location: index.php");
      }else {
         echo "Your Login Name or Password is invalid";
      }
   }

 

Hi,
I'm trying to login oscommerce with manual code. but unable to do that. all entries going to database but don't understand what is missing???
here is my code

Code: [Select]
$email_address = $_REQUEST['txtemail'];
       $password = $_REQUEST['password'];

    $check_customer_query = mysql_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from customers where customers_email_address = '" . $email_address . "'");
    if (mysql_num_rows($check_customer_query)> 0)
{
   $check_customer = mysql_fetch_assoc($check_customer_query);
  if (!tep_validate_password($password, $check_customer['customers_password']))
   {
     echo "password not found.";
   }else {

 

  tep_session_recreate();


$check_country_query = mysql_query("select entry_country_id, entry_zone_id from address_book where customers_id = '" . (int)$check_customer['customers_id'] . "' and address_book_id = '" . (int)$check_customer['customers_default_address_id'] . "'");
$check_country = mysql_fetch_array($check_country_query);

$customer_id = $check_customer['customers_id'];
$customer_default_address_id = $check_customer['customers_default_address_id'];
$customer_first_name = $check_customer['customers_firstname'];
$customer_country_id = $check_country['entry_country_id'];
$customer_zone_id = $check_country['entry_zone_id'];
tep_session_register('customer_id');
tep_session_register('customer_default_address_id');
tep_session_register('customer_first_name');
tep_session_register('customer_country_id');
tep_session_register('customer_zone_id');

mysql_query("update customers_info set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int)$customer_id . "'");


anyone have any idea about?

I have a pretty basic PHP log in code connected to a database of register users. However, it's not allowing any users to enter? Could someone please review the code and let me know if you find any errors?


//Create query
$qry="SELECT * FROM customers WHERE username='$login' AND password='".md5($_POST['password'])."'";

$result=mysql_query($qry);

//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['id'];
$_SESSION['SESS_FIRST_NAME'] = $member['fname'];
$_SESSION['SESS_LAST_NAME'] = $member['lname'];
session_write_close();
header("location: key_catalog.php");
exit();
}else {
//Login failed
header("location: login-failed.php");
exit();
}
}else {
die("Query failed");
}
?>

Registration.php

Code: [Select]
<html>
<head>
<script type="text/javascript">
 function a()
{
   var x = document.login.username.value;
   var y = document.login.pass.value;

   if(x==""&& y=="")
   {
    alert("Please insert all message!");
    return false;
   }
   if(x=="")
   {
     alert("Please insert an username!");
     return false;
   }
   if(y=="")
   {
     alert("Please insert an password!");
     return false;
   }
}
</script>
</head>
<?php
 session_start();
    mysql_connect("localhost","root") or die(mysql_error());
    mysql_select_db("cute") or die(mysql_error());
    //session_start();
    $username = $_POST['username'];
    $password = $_POST['pass'];
    if (isset($_POST["submit"]))
    {
     $log = "SELECT * FROM regis WHERE username = '$username'";
     $login = mysql_query($log);
     $number = mysql_num_rows($login);

     if ($number == 0)
     {
      print "That user does not exist in our database. <a href=registration.php><input type='button' value='Register'></a>";
     }
      if ($number > 0)
     {
      $_SESSION['is_logged_in'] = 1;
     }
     if(!isset($_SESSION['is_logged_in']))
     {
     }
     else
     {
        echo "<meta http-equiv='refresh' content='0; url=form2.php'>";
     }


    }
    else
    {


?>
 <body>
 <table border="0">
 <form name="login" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" onsubmit="return a()">
 <tr><td colspan=2><h1>Login</h1></td></tr>
 <tr><td>Username:</td>
 <td><input type="text" name="username" maxlength="40"></td></tr>
 <tr><td>Password:</td>
 <td><input type="password" name="pass" maxlength="50"></td></tr>
 <tr><td><input type="submit" name="submit" value="Register"></a></td>
 <td><input type="submit" name="submit" value="Login"></td></tr>
 </form>
 </body>
 <?php

  }

 

 ?> </html>


form2.php

Code: [Select]
<?php
session_start();

if (!isset($_SESSION['is_logged_in'])) {
     header("Location:login.php");
     die();     // just to make sure no scripts execute
}
?>
<?php
mysql_connect("localhost","root") or die(mysql_error());
mysql_select_db("cute") or die(mysql_error());
$message=$_POST['message'];
$n=$_POST['username'];


if(isset($_POST['submit'])) //if submit button push has been detected

{


   if(strlen($message)>1)
   {
      $message=strip_tags($message);
      $IP=$_SERVER["REMOTE_ADDR"]; //grabs poster's IP
      $checkforbanned="SELECT IP from ipbans where IP='$IP'";
      $checkforbanned2=mysql_query($checkforbanned) or die("Could not check for banned IPS");

    if(mysql_num_rows($checkforbanned2)>0) //IP is in the banned list
    {
     print "You IP is banned from posting.";
    }

    else
    {
     $thedate = date("U"); //grab date and time of the post
     $insertmessage="INSERT into chatmessages (name,IP,postime,message) values('$n','$IP','$thedate','$message')";
     mysql_query($insertmessage) or die("Could not insert message");
    }
   }
}


 ?>
<html>
<head>
<script type="text/javascript">
function addsmiley(code)
{
var pretext = document.smile.message.value;
              this.code = code;
              document.smile.message.value = pretext + code;
}

function a()
{
 var x = document.smile.message.value;
 if(x=="")
 {
  alert("Please insert an message!");
  return false;
 }

}

</script>
<style type="text/css">
body{ background-color: #d8da3d }
</style>
</head>
<body>
  <form name="smile" method="post" action="form2.php" onSubmit="return a()" >
   Your message:<br><textarea name='message' cols='40' rows='2'></textarea><br>
   <img src="smile.gif" alt=":)" onClick="addsmiley(':)')" style="cursor:pointer;border:0" />
   <img src="blush.gif" alt=":)" onClick="addsmiley('*blush*')" style="cursor:pointer;border:0" />
   <input type="hidden" name="username" value="<?php echo $n;?>">
   <input type='submit' name='submit' value='Send' class='biasa'  ></form>

   
 
  <br> <br>
  </body>
</html>

My problem is after i login it redirect to login page although im had put after login page its need to go to form2.php page may i know which problem because now only im learning session

I have this working code except I can't redirect to a thank you page when a new user registers.  When they login it works without issue.  I just don't know where or what to put for the registration part.   Here is my Code.  Any help would be much appreciated.   <?php  

mysql_connect('', '', '');
mysql_select_db('');

if (isset($_POST['submit'])) {
  $user = mysql_real_escape_string($_POST['user']);
  $pass = mysql_real_escape_string($_POST['pass']);
  $sql = "SELECT id FROM login WHERE username = '$user' && `password` = MD5('$pass')";
  if ($result = mysql_query($sql)) {
    if (mysql_num_rows($result)) {
      // $user & $pass are valid
               echo "You Logged In $user";
    } else {
      // $user || $pass invalid
                echo "Invalid Login";
    }
  }
}

Hello, for some reason I am unable to get the following code to work:

Code: [Select]
<?php
echo "<h1>Login</h1>";

if ($_SESSION['uid']) {
    echo "&nbsp; &nbsp; You are already logged in, if you wish to log out, please <a href=\"./logout.php\">click here</a>!\n";
} else {

if (!$_POST['submit']) {
echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
echo "<form method=\"post\" action=\"./login.php\">\n";
echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\"Login\"></td></tr>\n";
echo "</form></table>\n";
}else {
$user = addslashes(strip_tags(($_POST['username'])));
$pass = addslashes(strip_tags($_POST['password']));
        
            if($user && $pass){
                $sql = "SELECT id FROM `users` WHERE `username`='".$user."'";
                $res = mysql_query($sql) or die(mysql_error());
                if(mysql_num_rows($res) > 0){
                    $sql2 = "SELECT id FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";
                    $res2 = mysql_query($sql2) or die(mysql_error());
                    if(mysql_num_rows($res2) > 0){

$query = mysql_query("SELECT locked FROM `users` WHERE `username`='".$user."'");
$row2 = mysql_fetch_assoc($query);
$locked = $row2['locked'];

$query = mysql_query("SELECT active FROM `users` WHERE `username`='".$user."'");
$row3 = mysql_fetch_assoc($query);
$active = $row3['active'];

$query = mysql_query("SELECT email FROM `users` WHERE `username`='".$user."'");
$row3 = mysql_fetch_assoc($query);
$email = $row3['email'];


if ($active ==1){

if ($locked == 0){

$date = date("j")."^{".date("S")."} ".date("F, Y");

mysql_query("UPDATE users SET last_login='$date' WHERE username='$user'");

$row = mysql_fetch_assoc($res2);
$_SESSION['uid'] = $row['id'];
$previous = $_COOKIE['prev_url'];
echo "&nbsp; &nbsp; You have successfully logged in as " . $user . "<br><br><a href='" . $previous . "'>Click here</a> to go to the previous page.\n";
}else
{
echo "Your acount has been locked out due to a violation of the rules, if you think there has been a mistake please <a href='contact.php'>contact us</a>.";
}
} else {
echo "You need to activate your account! Please check your email ($email)";
}
   }else {
                        echo "&nbsp; &nbsp; Username and password combination are incorrect!\n";
                    }
                }else {
                    echo "&nbsp; &nbsp; The username you supplied does not exist!\n";
                }
            }else {
                echo "&nbsp; &nbsp; You must supply both the username and password field!\n";
            }
}

}
?>
It says that I have logged in successfully but the session is not created. You can find the script here and log in with the username "test" and the password "testing". I'm not sure what more information I should add.

Thanks,
Cameron

When I log in on my web-site it takes me to a php login-check page

This is the error code that I am getting;

Quote

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in D:\xampp\htdocs\login-check.php on line 26


This is the php code that i am using;

Code: [Select]
<?php
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="deliverpizza"; // Database name 
$tbl_name="customer, admin, staff"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_privelage.php");
}
else {

}
?>

well basically im trying to do that the 'subject says.
ive done my homework and had around 10 examples of using curl, but none of them worked in my case.
this is the final code i'm using

<?php
$cookiefile = '/temp/cookies.txt';


#2 ways ive tried doing

#$data = array('edit[username]' => 'REMOVED', 'edit[password]' => 'REMOVED', 'edit[submit]' => 'Login');
$data = array('username] => 'REMOVED', 'password' => 'REMOVED', 'submit' => 'Login');




$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, 'http://pokerrpg.com');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiefile);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiefile);

curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);

curl_exec($ch);

curl_setopt($ch, CURLOPT_URL, 'http://pokerrpg.com/furniture_store.php');
$contents = curl_exec($ch);
$headers = curl_getinfo($ch);

echo $contents;

curl_close($ch);
unlink($cookiefile);
?>

im not sure about the cookie file, but i just made a txt file to that location. and empty txt file.  hope it's fine.

the page i'm trying is http://pokerrpg.com, you can even look the source code that both of these fields do exist.

when i run it, the output is a login page without logging in, so it does not log in. 

<?php
session_start( );
include_once( dirname( __FILE__ )."/../inc/func/get_sth.php" );
include_once( _ABSPATH_."/inc/func/header.php" );
if ( $_GET["f"] == "login" )
{
    $adminuser = strtolower( strip_tags( trim( $_POST["adminuser"] ) ) );
    $r_0 = strtolower( strip_tags( trim( $_SESSION["r"] ) ) );
    $r_1 = strtolower( strip_tags( trim( $_POST["r"] ) ) );
    if ( $r_0 == $r_1 )
    {
        $result = mysql_query( "SELECT password FROM admin where adminuser='".$adminuser."'" );
        $val = mysql_fetch_array( $result );
        if ( !$val["password"] )
        {
            $loginfail = 1;
        }
        else
        {
            if ( $val[password] === md5( $_POST["password"] ) )
            {
                $_SESSION['admin'] = $adminuser;
                header( "Location: ./" );
                exit( );
            }
            $loginfail = 1;
        }
    }
    else
    {
        $loginfail = 2;
    }
}
$page_title = l( "Administration Login" )." | ".get_sitename( );
$smarty->assign( "page_title", $page_title );
$smarty->assign( "loginfail", $loginfail );
$smarty->display( "mgt/login.tpl" );
?>

i am new to curl .and i m trying to create create a script to log into yahoo and click the confermation link in emails.
but i am stuck witht he login process only
i made the code below . but still i cant make it work. the problem is yahoo is implementing a captcha challange for this kind of automated headers. do you have any idea ho to make it work again without alerting the captcha challange ?

the header i caught through the livehttp header is as follows:

Content-Length: 347
.tries=1&.src=ym&.md5=&.hash=&.js=&.last=&promo=&.intl=in&.bypass=&.partner=&.u=4ls6cr96lbs8e&.v=0&.challenge=W9w31pCrbdazCcY4mH41fVsyxwd8&.yplus=&.emailCode=&pkg=&stepid=&.ev=&hasMsgr=0&.chkP=Y&.done=http%3A%2F%2Fmail.yahoo.com&.pd=ym_ver%3D0%26c%3D%26ivt%3D%26sg%3D&pad=1&aad=1&login=myyahooid&passwd=mypassword&.persistent=y&.save=&passwd_raw=


<?php

    
    $authUrl    = "https: //login.  yahoo  .   com/config/login?";
    $userAgent  = "Mozilla/5.0 (Windows NT 5.1; rv:2.0b11) Gecko/20100101 Firefox/4.0b11";
    $referer    = "http  :  //  my  .  yahoo  .  com";
    $login      = "userid";
    $password   = "password";
    $numPostData = 22;
    $cookieFileJar  = "ycookie.txt";
    $cookie = 0;
    $postData = ".tries=1&.src=ym&.md5=&.hash=&.js=&.last=&promo=&.intl=in&.bypass=&.partner=&.u=4ls6cr96lbs8e&.v=0&.challenge=W9w31pCrbdazCcY4mH41fVsyxwd8&.yplus=&.emailCode=&pkg=&stepid=&.ev=&hasMsgr=0&.chkP=Y&.done=http%3A%2F%2Fmail.yahoo.com&.pd=ym_ver%3D0%26c%3D%26ivt%3D%26sg%3D&pad=1&aad=1&login=$login&passwd=$password&.persistent=y&.save=&passwd_raw=" ;

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_USERAGENT, $userAgent);

    // Set the referrer
    curl_setopt($ch, CURLOPT_REFERER, $referer);

    // Set the authentication url
    curl_setopt($ch, CURLOPT_URL, $authUrl);

    // Set number of post fields
    curl_setopt($ch, CURLOPT_POST, $numPostData);

    //Set post data in key=value pair such as login=yourusername
    curl_setopt($ch, CURLOPT_POSTFIELDS, $numPostData);

    //Set filename for storing cookie information
    curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFileJar);

    //Set ffilename for checking the stored cookie information
    curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFileJar);

    //Set option for cookie
    curl_setopt($ch, CURLOPT_COOKIE, $cookie);
 
 //set this to output the result as string and not output directly ot browser
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);

 //set this value to 1 if you want to redirect to the url you provided as service url
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
 
 //Set this option if you do not want to verify ssl
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
 
 //set this option if you do not want to verify peer's certificate
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
 
 //now execute the curl
    $res = curl_exec($ch);
     echo $res;
 //check if the username and password is valid
    if ((preg_match("/invalid/i", $res)) || (preg_match("/not yet taken/i", $res))) {
        echo "Invalid Login";
    }
    else {
  //if  CURLOPT_FOLLOWLOCATION is set to 1 then after logging in successfully user is directed to url that is specified as service url
        echo "Logged In";
    }
?>


then i have to work for clicking confermation links in mails. please suggest me some ways.i would be very grateful to you  

Hello -
I'm opening my website up to visitors for free, and trying to bypass a login screen to go straight into the data content that was appearing after a user logged in.  I have an index.php file that included the following code at the beginning:

 <?php
session_start();
include("database.php");
include("login.php");
include("/vservers/skyranks/db_connect.php");
?>
<?header("Cache-control: private"); ?>
<html>


I deleted the "include("login.php"); line, and was successful at bypassing the username and login screen.  However, the page that is supposed to display the data content is incomplete.  In fact, it only displays my company's logo.

Any ideas as to why the data content is not showing up? 

Thank you for any help with this, as my php is quite novice at this point.

Regards -

Joe