PHP - User Login Validation From Two Databse In My Website

I have a question for some more advanced developers out there. I am creating a user login class that I want to make secure. Now without cookies, no problem but everyone wants a remember me  . So what I was planning on doing was storing a single unique value in a cookie. Now when the user visits the page it will check there unique value against the values in the database. Then what I wanted to do was have some other data that is unique to that user to see if they are the same person or not. For example when user A with ip address 0.0.0.0 goes to access my page and has a cookie stored it will check the database for user with ip address 0.0.0.0 and the unique value in there cookie.

Now my question is, what values should I check against. It is my understanding that users can spoof ip addresses so that isnt exactly the best check. I was also going to use the hostname as well but you have to have the right ip address in order to check it so that isnt really reliable either. Another option is securing it another way. If anyone has any other suggestions that are secure to do a user login please let me know. I am open to anything at this point because I am creating the system from scratch. However, only secure systems are the way I want to go. I have advanced experience in php so dont worry about me not understanding .

Any help is appreciated.

I am having trouble finding a tutorial on how to have a login system like facebook and many other sites where when you login you get taken to your own profile with your own information using PHP and Mysql.

Any help would be much appreciated.

Thanks

Ok. I would like to be able to do this  ::  http://webdeveloper.50webs.com/js.login.htm   in PHP and with a database. I know it may look like a simple login script, but I would like it to redirect to a specific URL based on each user. I.E. "http://example.com/users/index.php" is the login page, and once the user logs in, it would redirect them to "http://example.com/users/username/" Unless someone has a better idea. I know this isn't secure (because someone could just change the url to a different username, and they now have access to that users account.) The only reason I would like to do it this way, is because I have an upload script, and because of the way it uploads, the files are placed in a folder (So username/files is were the files are stored) and I have a file browser (username/browser.php) And I don't know how to display only the files the user has uploaded. (I.E. if I had one main file that the users see once they login, they would all see everyones uploads.) I would forfeit a tiny bit of security if users had there files not publicly visible. (People still have to login to see the files, and they would have to know the URL to a specific username.) So basically what I would like to do, is have a database (I.E. "Users") and have a table in that database with "username" "password" "email" "URL" and the PHP script looks up the database, and checks the username, and the password, and if they match, looks at the URL and sees were its supposed to redirect the user. I have attached the PHP code I have found, and use. If anyone knows how to do this, please let me know!

Thanks in advance!
Cheers!

------
Anders

Hello,

I have a PHP Login MySQL System which works perfect, however I would like to add a Functionality so that me as Admin can Login to Users Accounts. How can this be done, can you please help me?


Many Thanks

Hello can someone point me into the right direction? I've got this code:

if ($userdata["user_level"] <> 1 ){
   die();
}

The above code works but now I want to give users with level 3 also acces but not the users having level 2.
Anyone has an idea?

Regards Richard

Hi Guys, just been writing this script up but for some reason the validation is messing up creating account, apparently nothing is valid that i put in

Any ideas?

the .phps are below and the .inc ar all below.

Also when i try to log in with an existing user it says i cant because the username or password is incorrect which is isn't.

Any help will be much appreciated.

Enlighten




Code: [Select]
<?php
/* File: login_reg_form.inc
 * Desc: Contains the code for a web page that displays two html forms, side by side. One is a login form, and the second is a registration form.
 */
 
include("functions.inc");
?>

<head><title>Customer Login page</title>
    <style type='text/css'>
        <!--
        label {
            font-weight: bold;
            float: left;
            width: 27%;
            margin-right: .5em;
            text-align: right;
        }
        legend {
            font-weight: bold;
            font-size: 1.2em;
            margin-bottom: .5em;
        }
        #wrapper {
            margin: 0;
            padding: 0;
        }
        #login {
            position: absolute;
            left: 0;
            width: 40%;
            padding: 1em 0;
        }
        #reg {
            position: absolute;
            left: 40%;
            width: 60%;
            padding: 1em 0;
        }
        #field {
            padding-bottom: .5em;
        }
        .errors {
            font-weight: bold;
            font-style: italic;
            font-size: 90%
            color: red;
            margin-top: 0;
        }
        -->
    </style>
</head>
<body style="margin: 0">
    <?php
    $fields_1 =     array("fusername" => "User Name",
                          "fpassword" => "Password");
    $fields_2 =     array("user_name"   => "User Name",
                          "password"   => "Password",
                          "email"   => "Email",
                          "first_name"   => "First Name",
                          "last_name"   => "Last Name",
                          "street"   => "Street",
                          "city"   => "City",
                          "county"   => "County",
                          "post_code"   => "Post Code",
                          "phone"   => "Phone",
                          "fax"   => "Fax");
    ?>
   
    <div id="wrapper">
        <div id="login">
            <form action=<?php echo $_SERVER['PHP_SELF']?> method="POST">
                <fieldset style='border: 2px solid #000000'>
                    <legend>Login Form</legend>
    <?php
            if (isset($message_1))
            {
                echo "<p class='errors'>$message_1</p>\n";
            }
            foreach ($fields_1 as $field => $value)
            {
                if(preg_match("/pass/i", $field))
                    $type = "password";
                else
                    $type = "text";
                echo "<div id ='field'>
                    <label for='$field'>$value</label>
                    <input id='$field' name='$field' type= '$type' value='".@$$field."' size='20' maxlength='50' />
                    </div>\n";
            }
        ?>
       
                <input type="submit" name="Button"
                    style='margin-left: 45%; margin-bottom: .5em' value="Login" />
                </fieldset>
            </form>
            <p style='text-align: center; margin: 1em'>
                If you already have an account, log in.</p>
            <p style='text-align: center; margin: 1em'>
                If you do not have an account, register now.</p>
        </div>
        <div id='reg'>
            <form action=<?php echo $_SERVER['PHP_SELF']?> method="POST">
                <fieldset style='border: 2px solid #000000'>
                    <legend>Registration form</legend>
    <?php
            if(isset($message_2))
            {
                echo "<p class='errors'>$message_2</p>\n";
            }
            foreach($fields_2 as $field => $value)
            {
                    if (preg_match("/pass/i", $field))
                        $type="password";
                    else
                        $type="text";
                    echo "<div id='field'>
                        <label for='$field'>$value</label>
                        <input id='$field' name='$field' type='$type' value='".@$$field."' size='40' maxlength='65' />
                        </div>\n";
            } // end foreach field
    ?>
            <input type="submit" name="Button"
                style='margin-left: 45%; margin-bottom: .5em' value="Register">
                </fieldset>
            </form>
        </div>
    </div>
</body></html>

Hi my code below checks for Username and password from a form and if they match those in database, it redirects to main.php However, I would like some help setting up error page?!
at the moment if the username or password are incorrect and teh form is submitted, the pages just goes white and blank?!

<?php
session_start();
include_once("config.php");
checkLoggedIn("no");
if(isset($_POST["submit"])) {

field_validator("rsUser", $_POST["rsUser"], "alphanumeric", 3, 15);

// password must be between 4 and 15 chars - any characters can be used:

field_validator("rsPass", $_POST["rsPass"], "string", 3, 15);

if($messages){

doIndex();

exit;

}
 if( !($row = checkPass($_POST["rsUser"], $_POST["rsPass"])) ) {

        $messages[]="Incorrect login/password, try again";
    }

if($messages){

doIndex();

exit;

}

cleanMemberSession($row["rsUser"], $row["rsPass"], $row["UserID"]);

if ($user = checkPass($_REQUEST['rsUser'], $_REQUEST['rsPass'])) {
  cleanMemberSession($user['rsUser'], $user['rsPass'], $user['UserID']);
} else {
  echo('Login failed');
}  

header("Location: main.php");
} else {

doIndex();
}
function doIndex() {

global $messages;

global $title;
}
?>


Login failed does not get shown if a username is entered wrong?!

Hi all.

I'm new to PHP language and I'd like to know which is the best way to handle the user login.

With cookies or with sessions?

Do you know some example on the web that I could inspire on? I just know how to do it in both way, I just wanna know which is the best way and like to read some code written by a pro.

i have homework about this but i don't know how to make it work,
after a few hours it stuck with every login will go to same place

i must create 4 id :
1.owner : can access all page , edit all id
2.chasier : report any item out, only access item out page (item.php)
3.warehouse : add item from purchasing department, add new item, get notification from chasier, tell purchasing department to buy item
4.purchasing department : get notification from warehouse, sent report to warehouse after add stock or add new item


login.php
Code: [Select]
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="cek_login.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="password" type="text" id="password"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
cek_login.php
Code: [Select]
<?php
$host="localhost";  
$username="root"; 
$password=""; 
$db_name="shop_system"; 
$tbl_name="members"; 

mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");


$username=$_POST['username']; 
$password=$_POST['password'];
$usertype=$_GET['usertype'];

$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password' ";
$result=mysql_query($sql);


$count=mysql_num_rows($result);



if($count==1){

session_register("username");
session_register("password");
header("location:sukses.php");
}
else {
echo "Wrong Username or Password";
}
?>
sukses.php
Code: [Select]
<?
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>

<html>
<body>
Login Successful
</body>
</html>

Hey guys, I have an issue with my php code. 

After registering in my site, i (the user) can't login again. It displays a message:
Quote

The email and password combination you entered is incorrect.


Code: [Select]
<?php 
if(logged_in()) {
    $user_data = user_data('name');
    echo 'Welcome, ', $user_data['name'];
    } else { 
?>
<form action="" method="post" >
    <p>
        Email: <input type="email" name="login_email" />
        Password: <input type="password" name="login_password" />
        <input type="submit" value="Log in" />
    </p>
   
</form>
<?php 
}
if (isset($_POST['login_email'], $_POST['login_password'])) {
    
        $login_email = $_POST['login_email'];
        $login_password = $_POST['login_password'];
        
        
     $errors = array();
    
if(empty($login_email) || empty($login_password)){
        $errors[] = 'Email and password are required!';
    } else { 
    
    $login = login_check($login_email, $login_password);
    
    if($login === false) {
        $errors[] = 'The email and password combination you entered is incorrect.';
        }
}
    if(!empty($errors)) {
        foreach ($errors as $error) {
            echo $error. '<br />';
            }
        } else { 
            $_SESSION['user_id'] = $login;
            header('Location: index.php');
            exit();
        }
            
    }
    
?>

And here's the function where I call check the login:
Code: [Select]
<?php 
function login_check($email, $password) {
            $email = mysql_escape_string($email);
            $login_query = mysql_query("SELECT COUNT(`user_id`) as `count`, `user_id` FROM `users` WHERE `email`='$email' AND `password`='".md5($password) ."'");
            return(mysql_result($login_query, 0) == 1) ? mysql_result($login_query, 0, 'user_id') : false;
            echo mysql_error();
    }
?>

Any clue of what this could be?

Hi, I would like to make a login page with 2 different user level, Admin & Staff.  How can i do it using d code below.

Thank u.



<?php
$host="localhost";
$username="root"; 
$password=""; 
$db_name="profile";
$tbl_name="company";


mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("Cannot Select Database");

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];


$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);


if($count==1){

session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

I am coding a php website and i have everything ready to start on the user interface, but now it wont get the data from the login to get data from the database.
I added some debugging code in to see if it even gets a session and it doesn't even get one, can someone please help me and tell me what i am doing wrong?.

My login code:
Code: [Select]
<?php

include('/home/sites/******/MasterConfig/Config.php'); 
$tbl_name='U_members'; // Table name </p>
session_start();
ob_start();

// Connect to server and select databse.
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['MYusername']; 
$rawpassword=$_POST['MYpassword'];
$mypassword=md5($rawpassword);
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE Username='$myusername' and Password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $_POST['MYusername'];
header("location:/welcome.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
Welcome.php:
Code: [Select]
<?php
include('/home/sites/*********MasterConfig/Config.php');
$tbl_name = "U_items"; // Table name </p>
ob_start();

?>
<!DOCTYPE html>
<html lang="en">
<head>
<?php
ob_start();
session_start();
?>
<meta charset="utf-8">

<link rel="stylesheet" href="css/all.css">

<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js"></script>
<script type="text/javascript" src="js/jquery.easing.1.3.js"></script>
<script type="text/javascript" src="js/jquery.quicksand.js"></script>
<script type="text/javascript" src="js/main.js"></script>

<title>Product Filter</title>
</head>

<body>
<?php
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) {

}
else {
mysql_close($_SESSION['connect']);
header("location:/index.php");
}
?>
<h1> Welcome <?php $_SESSION['username']; ?> </h1>
<div id="container">
  <ul id="filterOptions">
    <li class="active"><a href="#" class="all">All my products</a></li>
    <li><a href="#" class="Car">My cars</a></li>
    <li><a href="#" class="champ">My motorbikes</a></li>
    <li><a href="#" class="league1">My ECO</a></li>
    <li><a href="#" class="league2">My Art</a></li>
  </ul>
 
  <ul class="ourHolder">
    <li class="item" data-id="id-1" data-type="Car">
    <?php
mysql_select_db("$db_name")or die("cannot select DB");
$SQL = mysql_query('SELECT * FROM ' + $tbl_name + ' WHERE Owner = ' + $_SESSION['username']);
while($row = mysql_fetch_row($SQL));
$id=$row['ID'];
$photo=$row['PicLink'];
$ItemName=$row['Name'];

if(isset($_SESSION['userName']))
{
  print "Your session username: ".$_SESSION['username']. "<br>";
}
else
{
  print "Session does not exist";
}
?>
    <img src="<?php $Photo ?>" alt="<?php $ItemName ?>" />
    <h3> <?php $ItemName ?></h3>
   
    </li>
    </li>   
  </ul>
</div>

</body>
</html>

This topic has been moved to PHP Freelancing.

http://www.phpfreaks.com/forums/index.php?topic=330064.0

Hey guys,
How do I check to see if the user has been login on the page that they are on?
I have a login and I want users to login before then can go to other pages.
thanks guys,

i try to create login page with two different user level for example admin and staff. i did not get any error on my code but it just did not direct to the page it been set to. it just display wrong username or password. i not really sure what is wrong.

here is the code

loginForm.php

Code: [Select]
          <form action="login.php" method ="post">

          <table>
          <tr><td>Usernama</td>
              <td><input name="username" type="text" size = "15" maxlength = "15"/></td></tr>
     
      <tr><td>Password</td>
              <td><input name="password" type="password" size = "15" maxlength = "15"/></td></tr>
      </table>
 
          <br><input name="submit" type ="submit" value ="Login"/></td>
 
          </form>

login.php

Code: [Select]
<?php
ob_start();
$host="localhost"; 
$user="root"; 
$pass=""; 
$db_name="office"; 
$tbl_name="login"; 

mysql_connect("$host", "$user", "$pass")or die("cannot connect"); 
mysql_select_db("$db_name")or die("Cannot Select Database"); 

// username and password sent from form 
$sername=$_POST['username']; 
$password=$_POST['password']; 

$username = stripslashes($username); 
$password = stripslashes($password); 
$username = mysql_real_escape_string($username); 
$password = mysql_real_escape_string($password); 

$sql="SELECT * FROM daftarPenyelia WHERE user='$username' AND pass='$password' AND userLevel='$userLevel'"; 
$result=mysql_query($sql); 

// Mysql_num_row is counting table row 
$count=mysql_num_rows($result); 

if ($count == $userLevel)
{
   if ($userLevel == 1) 
  { 
        $_SESSION['username'] = $username; 
        $_SESSION['password'] = $password; 
        header("location:adminMenu.php"); 
   } 
   else if ($userLevel == 2)
  { 
        $_SESSION['username'] = $username; 
        $_SESSION['password'] = $password; 
        header("location:staffMenu.php"); 
   } 
 }
else
{ 
echo "Wrong Username or Password"; 
} 
?>

can someone help me with this code and tell me what is wrong so that i can fix them