|
PHP - Login Script & Practical Application Question
Hello, I am slightly nervous about posting this because I am almost completely new to php, I have a few introductory books on the subject which I am working through at the moment as well as some reference books but I am still getting through the basics of it all.
I recently downloaded a login script, which allows a user to login and also allows the protection of some pages if users are not logged in. This script was a free one from easykiss123. it comes with other .php files and I have given them all a look over and I get the general idea of what's going on for the most part, and I THINK as I keep reading my books I will understand everything even more. However, what I really want to do right now is make it so a website would know which user is logged on, and then use this information elsewhere. For example if a particular user logged on and submitted something, I would like obviously the submission to be recorded but also the id of the user that submitted it, at the moment with this code, I do not think that is possible, however I could be wrong. I am looking for any pointers or a nudge in the right direction or link to a tutorial of how I would go about this, anything that may help. I think I would be storing the user ID in a global variable that can be used throughout the site, but again I am not sure. Thanks in advance for any help, I have included both the login script and the script used for protecting pages, as its already freely available online I see no issue with posting snippits of it here since the source has been referenced. Code: [Select] <?php # Script 16.8 - login.php // This is the login page for the site. require_once ('includes/config.inc.php'); $page_title = 'Login'; include ('includes/header.html'); if (isset($_POST['submitted'])) { require_once (MYSQL); // Validate the email address: if (!empty($_POST['email'])) { $e = mysqli_real_escape_string ($dbc, $_POST['email']); } else { $e = FALSE; echo '<p class="error">You forgot to enter your email address!</p>'; } // Validate the password: if (!empty($_POST['pass'])) { $p = mysqli_real_escape_string ($dbc, $_POST['pass']); } else { $p = FALSE; echo '<p class="error">You forgot to enter your password!</p>'; } if ($e && $p) { // If everything's OK. // Query the database: $q = "SELECT user_id, first_name, user_level FROM users WHERE (email='$e' AND pass=SHA1('$p')) AND active IS NULL"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); if (@mysqli_num_rows($r) == 1) { // A match was made. // Register the values & redirect: $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); mysqli_free_result($r); mysqli_close($dbc); $url = BASE_URL . 'index.php'; // Define the URL: ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } else { // No match was made. echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>'; } } else { // If everything wasn't OK. echo '<p class="error">Please try again.</p>'; } mysqli_close($dbc); } // End of SUBMIT conditional. ?> <h1>Login</h1> <p>Your browser must allow cookies in order to log in.</p> <form action="login.php" method="post"> <fieldset> <p><b>Email Address:</b> <input type="text" name="email" size="20" maxlength="40" /></p> <p><b>Password:</b> <input type="password" name="pass" size="20" maxlength="20" /></p> <div align="center"><input type="submit" name="submit" value="Login" /></div> <input type="hidden" name="submitted" value="TRUE" /> </fieldset> </form> <?php // Include the HTML footer. include ('includes/footer.html'); ?> Code: [Select] <?php require_once ('includes/config.inc.php'); $page_title = 'YOUR PAGE TITLE GOES HERE'; // Start output buffering: ob_start(); // Initialize a session: session_start(); // Check for a $page_title value: if (!isset($page_title)) { $page_title = 'User Registration'; } // If no first_name session variable exists, redirect the user: if (!isset($_SESSION['first_name'])) { $url = BASE_URL . 'index.php'; // Define the URL. ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } ?> Code: [Select] <?php // Flush the buffered output. ob_end_flush(); ?> Similar TutorialsHello, all: I'm a newbie and I'm trying to understand the whole php security thing a bit better, and found this function that seems easy to implement, as well as easy to understand... my question is... Does this means I could use regular $_POST, $_GET, $_COOKIE, $_REQUEST variables without having to individually worry about escaping them every time I use them in queries... is this correct? or safe enough? see example below, along with how I'm using variable in a query... it seems to be working fine, as it does echo out the \ escape character when I test it, or when I try to inject it... Appreciate your input! Code: [Select] <?php $_POST=sanitize($_POST); $_GET=sanitize($_GET); $_COOKIE=sanitize($_COOKIE); $_REQUEST=sanitize($_REQUEST); function sanitize($input){ if(is_array($input)){ foreach($input as $k=>$i){ $output[$k]=sanitize($i); } } else{ if(get_magic_quotes_gpc()){ $input=stripslashes($input); } $output=mysql_real_escape_string($input); } return $output; } // mysql query then I could use be: $money = $_GET['money']; $result = mysql_query("SELECT * FROM countries WHERE currencies = '$money'"); ?> Hey, So I have a couple of files, and I'm trying to create a login script. There is a MySQL query that accesses a database with a list of usernames and passwords. I have a feeling something is wrong with my SQL query, because it's not working correctly. Code: [Select] <?php $connect = mysql_connect("localhost", "root", "root"); if(!$connect){//If user can't connect to database die('Could not connect: ' . mysql_error()); //Throw an error } mysql_select_db("colin_db", $connect); //Get given username and password from username field and password field $givenUsername = $_POST["usernameField"]; $givenPassword = $_POST["passwordField"]; $myQuery = "SELECT * FROM ADMINS WHERE USERNAME = $givenUsername AND PASSWORD = $givenPassword"; $queryResult = mysql_query($myQuery); $numRows = mysql_num_rows($queryResult); if($numRows == 1){ //If the details are correct... //Reload the page and login echo "<script type = 'text/javascript'> window.location.reload() </script>"; echo "Details correct"; } elseif($numRows == 0){ //Else if the details are not found //Display error accordingly echo "Details not correct!"; //This is what happens every time } mysql_close($connect); ?> The database is configured correctly, but I'm not sure how to correctly create a SQL query to determine if the given username and password are correct. In case you'd like to see it, the segment from the index.php file is below. Code: [Select] <form action = "login.php" method = "POST"> Admin Login: <br> Username: <input type = "text" name = "usernameField"/><br> <!-- Password field--> Password: <input type = "password" name = "passwordField"/><br> <!-- Username field --> <input type = "submit" value = "Login" name = "submitButton"/> <!-- Login button --> </form> Any ideas? Thanks, Jake I am new to PHP. I have been trying to do some research online for a few days and not getting very far. I feel like I know less now than I did before I started. Here's the story: I've set up a LAMP server that runs a Wiki and AppGini (http://www.bigprof.com/appgini/) - AppGini allows you to "Create web database applications instantly without writing any code" - The only downside we have with it, is it's got it's own set of user accounts. My team all logs in with the default admin account which isn't a big deal but we'd prefer to use LDAP to AD for reasons I won't get into right now. I emailed AppGini support and asked about LDAP integration. Their response was that it's "a little bit of work" and "You can modify the login authentication function to authenticate using LDAP ... please see the example code he http://code.activestate.com/recipes/101525-ldap-authentication/ (needs some modifications to work with AppGini)" I've googled around and found 2 dozen different LDAP PHP samples. I've gotten some of them to work. By work I mean they connect to my domain controller and say "success" I'm not actually logged into anything. So I'm looking for a little help from square one. I need to have a better understanding of how things are supposed to work so I know where I'm supposed to go with all of this. Where do I start? What do I do? What would YOU do? This is the current "index.php" that logs you into the site. Code: [Select] <?php error_reporting(E_ALL ^ E_NOTICE); $d=dirname(__FILE__); include("$d/defaultLang.php"); include("$d/language.php"); include("$d/incCommon.php"); $x->TableTitle=$Translation['homepage']; include("$d/header.php"); if($_GET['signOut']==1){ logOutMember(); } $tablesPerRow=2; $arrTables=getTableList(); ?> <div align="center"><table cellpadding="8"> <?php if($_GET['loginFailed']==1 || $_GET['signIn']==1){ ?> <tr><td colspan="2" align="center"> <?php if($_GET['loginFailed']){ ?> <div class="Error"><?php echo $Translation['login failed']; ?></div> <?php } ?> <form method="post" action="index.php"> <table border="0" cellspacing="1" cellpadding="4" align="center"> <tr> <td colspan="2" class="TableHeader"> <div class="TableTitle"><?php echo $Translation['sign in here']; ?></div> </td> </tr> <tr> <td align="right" class="TableHeader"> <?php echo $Translation['username']; ?> </td> <td align="left" class="TableBody"> <input type="text" name="username" value="" size="20" class="TextBox"> </td> </tr> <tr> <td align="right" class="TableHeader"> <?php echo $Translation['password']; ?> </td> <td align="left" class="TableBody"> <input type="password" name="password" value="" size="20"class="TextBox"> </td> </tr> <tr> <td colspan="2" align="right" class="TableHeader"> <span style="margin: 0 20px;"><input type="checkbox" name="rememberMe" id="rememberMe" value="1"> <label for="rememberMe"><?php echo $Translation['remember me']; ?></label></span> <input type="submit" name="signIn" value="<?php echo $Translation['sign in']; ?>"> </td> </tr> <tr> <td colspan="2" align="left" class="TableHeader"> <?php echo $Translation['go to signup']; ?> <br /><br /> </td> </tr> <tr> <td colspan="2" align="left" class="TableHeader"> <?php echo $Translation['forgot password']; ?> <br /><br /> </td> </tr> <tr> <td colspan="2" align="left" class="TableHeader"> <?php echo $Translation['browse as guest']; ?> <br /><br /> </td> </tr> </table> </form> <script>document.getElementsByName('username')[0].focus();</script> </td></tr> <?php } ?> <?php if(!$_GET['signIn'] && !$_GET['loginFailed']){ if(is_array($arrTables)){ if(getLoggedAdmin()){ ?><tr><td colspan="<?php echo ($tablesPerRow*3-1); ?>" class="TableTitle" style="text-align: center;"><a href="admin/"><img src=table.gif border=0 align="top"></a> <a href="admin/" class="TableTitle" style="color: red;"><?php echo $Translation['admin area']; ?></a><br /><br /></td></tr><?php } $i=0; foreach($arrTables as $tn=>$tc){ $tChk=array_search($tn, array()); if($tChk!==false && $tChk!==null){ $searchFirst='?Filter_x=1'; }else{ $searchFirst=''; } if(!$i % $tablesPerRow){ echo '<tr>'; } ?><td valign="top"><a href=<?php echo $tn; ?>_view.php<?php echo $searchFirst; ?>><img src=<?php echo $tc[2];?> border=0></a></td><td valign="top" align="left"><a href=<?php echo $tn; ?>_view.php<?php echo $searchFirst; ?> class="TableTitle"><?php echo $tc[0]; ?></a><br /><?php echo $tc[1]; ?></td><?php if($i % $tablesPerRow == ($tablesPerRow - 1)){ echo '</tr>'; }else{ echo '<td width="50"> </td>'; } $i++; } }else{ ?><tr><td><div class="Error"><?php echo $Translation['no table access']; ?><script language="javaScript">setInterval("window.location='index.php?signOut=1'", 2000);</script></div></td></tr><?php } } ?> </table><br /><br /><div class="TableFooter"><b><a href=http://bigprof.com/appgini/>BigProf Software</a> - <?php echo $Translation['powered by']; ?> AppGini 4.61</b></div> </div> </html> I'm having a problem with passing the error checking in this script into the url. It's basically checking to see if the entry has a value and if doesn't give an error messaage. All the error messages (technically a error number to trigger the error message on the original page) should be combined into one array, and sent via the URL so the original page can get the information from the URL. All it produces right now is index.php?investors=register2&error=array. I thought serializing the array should stop that from happening. Code: [Select] <?php $host="localhost"; // Host name $username="username"; // Mysql username $password="password"; // Mysql password $db_name="db_name"; // Database name $tbl_name="application"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $error= array(); $name=$_POST['name']; $name = stripslashes($name); $name = mysql_real_escape_string($name); if(!isset($name)){ $error[0]=1; } $organization=$_POST['organization']; $organization = stripslashes($organization); $organization = mysql_real_escape_string($organization); $email=$_POST['email']; $email = stripslashes($email); $email = mysql_real_escape_string($email); if(!isset($email)){ $error[1]=1; } $area_code=$_POST['area_code']; $area_code = stripslashes($area_code); $area_code = mysql_real_escape_string($area_code); if(!isset($area_code) || is_int($area_code)){ $error[2]=1; } $phone3=$_POST['phone3']; $phone3 = stripslashes($phone3); $phone3 = mysql_real_escape_string($phone3); if(!isset($phone3) || is_int($phone3)){ $error[3]=1; } $phone4=$_POST['phone4']; $phone4 = stripslashes($phone4); $phone4 = mysql_real_escape_string($phone4); if(!isset($phone4) || is_int($phone4)){ $error[4]=1; } $ext=$_POST['ext']; $ext = stripslashes($ext); $ext = mysql_real_escape_string($ext); $phone="(".$area_code.") ".$phone3." - ".$phone4." Ext. ".$ext.""; $company_description=$_POST['company_description']; $company_description = stripslashes($company_description); $company_description = mysql_real_escape_string($company_description); $nature_inquiry=$_POST['nature_inquiry']; $nature_inquiry = stripslashes($nature_inquiry); $nature_inquiry = mysql_real_escape_string($nature_inquiry); if(!isset($nature_inquiry)){ $error[5]=1; } $company_assets=$_POST['company_assets']; $natural_person=$_POST['natural_person']; $employee_benefit_plan=$_POST['employee_benefit_plan']; $bank_savings=$_POST['bank_savings']; $broker_dealer=$_POST['broker_dealer']; $development_company=$_POST['development_company']; $equity_owners=$_POST['equity_owners']; $confirm_agreement=$_POST['confirm_agreement']; if($confirm_agreement=="no"){ $error[6]=1; } if($employee_benefit_plan=="plan-fiduciary"){ $employee_benefit_plan="The investment decision is being made by a plan fiduciary, as defined in Section 3(21) of ERISA, which is either a bank, savings and loan association, insurance company or registered investment adviser"; } elseif($employee_benefit_plan=="participant-directed"){ $employee_benefit_plan="It is a participant-directed plan (i.e., a tax-qualified defined contribution plan in which a participant may exercise control over the investment of assets credited to his or her account and the decision to invest is made by those participants investing) and each such participant qualifies as an accredited investor."; } elseif($employee_benefit_plan=="na"){ $employee_benefit_plan="Neither of the Above."; } if(isset($error)){ rawurlencode(serialize($error)); header("Location: ./index.php?investors=register2&error=".$error.""); } else{ $sql="INSERT INTO $tbl_name VALUES ('$name', '$organization', '$email', '$phone', '$company_description', '$nature_inquiry', '$company_assets', '$natural_person', '$employee_benefit_plan', '$bank_savings', '$broker_dealer', '$development_company', '$equity_owners', '$confirm_agreement')"; mysql_query($sql); } ?> I have made a script that reads values from MySQL database and "Echo" them. When I run the script the variables from the DB are printed on the page as they should be. Now I want to make those variables accessible to my C++ application to read. I am using WinInet functions to communicate with the script. Can somebody explain to me what I have to do in my php script be able to access the variables directly. The below script gets the value $var = $_GET['Version']; that is sent from my C++ app. It then reads from the DB table the Version number entered in the table. Then compares the version number from my C++ app to the DB version number. Now I want to make the Version Number from the DB accessible to my C++ app. I want to be able to get the exact value stored in: $row['VersionNumber']; with my C++ app. <?php $dbhost = 'host'; $dbuser = 'dbusername'; $dbpass = 'dbpass'; mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql'); $dbname = 'MyDbsName'; mysql_select_db($dbname); $query = mysql_query("SELECT * FROM Users"); $var = $_GET['Version']; while($row = mysql_fetch_array($query)) { if($var == $row['VersionNumber']) { echo $row['VersionNumber']; } } ?> Hello guys, Is there on web any updated tutorial on how can I add Facebook login on my simple php login script? Hi, I need a small help. Here is my situation. I am using a MVC application (e.g. Joomla or Drupal) which has a .htaccess redirect rule that all requests are passed through index.php file. That's normal and this is my main application. Now I installed another application within the application folder structure. What I want do do here is to allow opening the third party application URLs after one logged into my main application. Can anybody provide me some pointers to do the same? Please let me know if you need any further information on this. Any solution irrespective of framework will work. Thanks! Anupam I must confess, I've not really done much unit testing at all in the last 3 years. Can anyone give me an idea of what they would test and why that would be faster or more efficient than running the code as a user? One area I can see it having huge benefits is when I'm testing methods which interact with a database, like user registration, which I would probably test by registering several times - fixing any bugs, making amendments and repeating. Ok, so I kinda sold the idea to myself there But, what about for small applications? I've seen people testing whether a variable is countable...why would I not just check the output immediately? Appreciate any advice. One major problem I want to fix is that as of right now any user who knows the link to my admin panel can go to it directly. What I want to do is see if the the user is logged in (session exists). And if they are not logged in meaning no session exists then to kick them back to the login.php script. index.php(admin page only php coding) <?php session_start(); // Access the existing session // Include the variables page include ('inc/variables.php'); // If no session is present, redirect the user: if(!isset($SESSION['id'])) { header("Location: login.php"); exit(); } ?> However on my login page after I log in its as if with the top code goes right back to it for some reason? Any fixes? Hi. I'm new to this forum so it may be the wrong place i am posting. In school I'm working on a project where i have to make website with php and a database in MySQL. I have made one project. It was good (for one with my lack of skills), but now my teacher asks me to do it in another way. Problem is, I have no way how I can improve it. Right now i'm stuck on my login part. I figure that i have to post my code somewhere if I want some help, but how is the easiest way of doing that? Don't get me wrong. I'm not asking for anyone to make my project. All i need is a nod in the right direction Hi! So I know that when redirecting to administrator pages after login is very often done like this: header(location:admin.php); But what if I didnt want to use header? I'm asking because I would just like to include the admin section within the part of the website I'm currently residing, if that makes any sense. Also, I think using headers is a bit cumbersome. I have just recently started learning PHP, so please excuse me if this is a dumb question where do i download a login script like this used here at phpfreaks
Quote from: scootstah on November 30, 2011, 01:19:13 PM Code: [Select] function hash_password($password, $salt = null) { // create a salt if not already defined if (is_null($salt)) $salt = substr(sha1(uniqid(mt_rand(), true), 0, 10); // $password will be plaintext at this point // $site_key should be a large random string statically // located in a file with secure permissions $hash = hash_hmac('sha512', $password . $salt, $site_key); return array('hash' => $hash, 'salt' => $salt); } $password = 'abcdef'; $pass = hash_password($password); First off I just want to say thank you for the valuable information I have been reading in this topic (for a few days) and I have updated my pages accordingly. My passwords are now salted with a random encrypted string and I am using sha1 but would like to switch to sha512. So I am playing around with some code to learn more about how it works and have noticed that: sha1(test) returns a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 but sha512(test) just crashes the page. Can anyone help me understand why this is? Hello everyone, I am brand new to php and am starting off my journey by trying to create a simple login/register script. I have run into a bit of difficulty, however, and cannot seem to get this to work. I know that the register script is very basic (lacks strlen check, doesn't verify that both passwords are the same, etc.), but for the time being I simply want to have a functional script. Then I can continue learning by adding more components. Here are the login.php, checklogin.php, and register.php files (in this order). I believe that the login/checklogin files work, but the register file just shows the form without actually writing to DB when it is submitted. Thank you very much for your help. Code: [Select] <html> <body> <b> Member Login </b> <br /> <form name="input" action="checklogin.php" method="post"> Username : <input type="text" name="myusername" id="username"> <br /> Password : <input type="password" name="mypassword" id="password"> <br /> <input type="checkbox" name="remember" value="checkbox"> Remember me <br /> <input type="submit" value="Login"> Not a member? <a href="./register.php">Register!</a> </form> </body> </html> Code: [Select] <?php $host="localhost"; $usr="root"; $pwd=""; $db="MemberDB"; $tbl_name="members"; mysql_connect($host, $usr, $pwd) or die("Unable to connect"); mysql_select_db($db) or die("Unable to select database"); $myusr = $_POST['myusername']; $mypswd = md5($_POST['mypassword']); $myusername = stripslashes(strip_tags($myusr)); $mypassword = stripslashes(strip_tags($mypswd)); $myusername = mysql_real_escape_string($myusr); $mypassword = mysql_real_escape_string($mypswd); $sql="SELECT *FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if ($count==1) { session_register("myusername"); session_register("mypassword"); header("location:menu.php"); } else { echo "Incorrect Username or Password"; } ?> Code: [Select] <?php $host="localhost"; $usr="root"; $pwd=""; $db="MemberDB"; $tbl_name="members"; mysql_connect($host, $usr, $pwd) or die("Unable to connect"); mysql_select_db($db) or die("Unable to select database"); if (isset($_POST['register'])) { $query = "INSERT INTO members ('username', 'password', 'email') VALUES('$_POST[username]', 'md5($_POST[password1])', '$_POST[email]')"; mysql_query($db,$query) or die(); mysql_close(); echo "You have successfully registered!"; } else{ ?> <html> <body> <b> Register</b> <br /> <form name="register" action="./register.php" method="post"> Username : <input type="text" name="username" id="username"> <br /> Password : <input type="password" name="password" id="password1"> <br /> Confirm Password : <input type="password" name="password2" id="password2"> <br /> Email: <input type="text" name="email" id="email"> <br /> <input type="submit" value="register"> </form> </body> </html> <?php } ?> Hi I need help with my login script it says invalid password even when its correct however if i take out the md5 encryption of the password and use the encrypted password saved on mysql table it works please help? here is the code im using thanks: Code: [Select] <? // Use session variable on this page. This function must put on the top of page. session_start(); ////// Logout Section. Delete all session variable. session_destroy(); $message=""; ////// Login Section. $Login=$_POST['submit']; if($Login){ // If clicked on Login button. $username=$_POST['username']; $md5_password=md5($_POST['password']); // Encrypt password with md5() function. // Connect database. $host="localhost"; // Host name. $db_user="removed"; // MySQL username. $db_password="removed"; // MySQL password. $database="removed"; // Database name. mysql_connect($host,$db_user,$db_password); mysql_select_db($database); // Check matching of username and password. $result=mysql_query("select * from signup where username='$username' and password='$md5_password'"); if(mysql_num_rows($result)!='0'){ // If match. session_register("username"); // Craete session username. header("location:main.php"); // Re-direct to main.php exit; }else{ // If not match. $message="--- Incorrect Username or Password ---"; } } // End Login authorize check. ?> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title></title> </head> <body> </tr> <? echo $message; ?> <form name="register" method="post" action="<? echo $PHP_SELF; ?>"> <tr> <td height="586" colspan="8" align="center" valign="top"><p> </p> <table> <tr> <td height="45" colspan="2" class="class2 style34"><div align="center"><a href="file:///F|/signin.html">Sign In</a>:</div></td> </tr> <tr> <td colspan="2"><div align="right"></div></td> </tr> <tr> <td width="76" height="45"><div align="right"><span class="class2 style34">Username<span class="style39">..</span></span></div></td> <td width="256"><div align="center"><span class="class2 style34"> <input name="username" type="text" id="username" size="20" height="14" /> </span></div></td> </tr> <tr> <td height="45"><div align="right"><span class="class2 style34">Password <span class="style39">..</span></span></div></td> <td><div align="center"><span class="class2 style34"> <input name="password" type="password" id="password" size="20" height="14" /> </span></div></td> </tr> <tr> <td height="45" colspan="2"><div align="center"><span class="class2 style34"> <input name="submit" type="submit" id="submit" value="Sign In" /> </span></div></td> </tr> </table></td> </tr> </form> </table> </div> </body> </html> MOD EDIT: Database credentials removed, [code] . . . [/code] tags added. hi guys, any help will be much appreciated!! basically i have a login script, that i want to check mutliple tables and i am stuggling to get it to work! what i have is basically: <?php session_start(); $_SESSION['loggedin'] = false; include("functions.php"); extract($_POST); $query = "SELECT * From table1 WHERE email='$email' and password='$password';"; $result = doQuery($query); if($result==false) { $query = "SELECT * From table2 WHERE email='$email' and password='$password';"; $result = doQuery($query); if($result==false) { $query = "SELECT * From table3 WHERE email='$email' and password='$password';"; $result = doQuery($query); if($result==false) { $query = "SELECT * From table4 WHERE email='$email' and password='$password';"; $result = doQuery($query); if($result==false) { } else { if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $_SESSION['loggedin'] = true; $_SESSION['id'] = $_POST['id']; header("Location:1"); } else { header("Location:wrong.php"); } } } else { if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $_SESSION['loggedin'] = true; $_SESSION['id'] = $_POST['id']; header("Location:2"); } else { header("Location:wrong.php"); } } } else { if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $_SESSION['loggedin'] = true; $_SESSION['id'] = $_POST['id']; header("Location:3"); } else { header("Location:wrong.php"); } } } else { if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $_SESSION['loggedin'] = true; $_SESSION['id'] = $_POST['id']; header("Location:4"); } else { header("Location:wrong.php"); } } ?> Hi, I am trying to make a login script that uses the user's id from the database, and tries to match it up with the user and password sent by the login form. My checklogin.php page, just jumps back to the index.php page for some reason. I don't know why. I get the following errors, any help greatly appreciated. thank you. Notice: Undefined index: myusername in /hermes/bosweb/web173/b1739/public_htmlchecklogin.php on line 19 Notice: Undefined index: mypassword in /hermes/bosweb/web173/b1739/public_html/checklogin.php on line 20 Wrong Username or Password Here is my code to check the id. I can't figure out what is wrong. Code: [Select] <?php ini_set ("display_errors", "1"); error_reporting(E_ALL); $host = ""; $database = ""; $username = ""; $password = ""; $tbl_name = "users"; $conn = mysql_connect($host, $username, $password) or die("Could not connect: " . mysql_error()); if($conn) { mysql_select_db($database); } else { echo "failed to select database"; } // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT id FROM $tbl_name WHERE username='$myusername' and password= SHA1('$mypassword')"; $result=mysql_query($sql); $query_data = mysql_fetch_row($result); // Mysql_num_row is counting table row $count=mysql_num_rows($result) ; // If result matched id, table row must be 1 row if($count==1){ session_start(); $_SESSION['userid']=$query_data[0]; header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?> I am looking to use this for an admin panel.
session_start.php
"session_start()" "if statement" where it checks if a successful login is givenIs it necessary to include "session_start.php" into the top of each script file? If I just include "session_start.php" into the top of the "main" file where the other script files are included inside of the "main" as well, then I have it in ways where the other script files could get called up through the URL.(?) I thought it is a bit too much to include "session_start.php" into each script file. Is there a way where this can be done with more simple ways? I would appreciate the suggestions a lot. Hey so this is my login script but when i enter something into the username and password box and submit it, the page just refreshes.
<?php
echo "
<h1>LOGIN</h1>
<form action='' method='POST'>
<table>
<tr>
<td>
<b>Username:</b>
</td>
<td>
<input type='text' name='username' placeholder='Enter your username'>
</td>
</tr>
<tr>
<td>
<b>Password:</b>
</td>
<td>
<input type='password' name='password' placeholder='Enter your password'>
</td>
<td>
<input type='submit' value='login' name='submit'>
</td>
</tr>
</form>
";
$host = "localhost";
$username = "root";
$password = "";
$db_name = "website";
mysql_connect("$host", "$username", "$password") or die("Could not connect");
mysql_select_db("$db_name") or die("Could not find database");
if(isset($_POST['submit'])) {
if(!empty($_POST['username'])) {
$sql = "SELECT * FROM members WHERE username='$username' AND password='$password'";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count==1) {
$row = mysql_fetch_array($sql);
$bancheck = mysql_query($row);
if($row['active']==0 && count==0) {
include 'userban.html';
} else if($count==1 && $bancheck==1) {
$_SESSION['username'] = "$username";
include '/home/user/index.php';
} else {
echo "You entered invalid information";
}
}
}
}
?>
Hello everybody! I am trying to make a forum for my class and I will do it from scratch I am from Denmark so my english could be a little wrong! Sorry! The problem is when i try to login, I allways get the error that I had defined to do.. But only if both password and username dosn't exist... Before i post the code i will give you a translation: Brugernavn = Username kodeord = password brugerid = userid My register.php file works fine! But I will post them both: This is the register form: http://pastebin.com/h6fgHSFB And here are the code for my login.php, the strange thing is, that i do not get any kind of error dont even mysql errors, that i had hope on so i could fix it! http://pastebin.com/Vc8Gt9SY Hope you guys would like to help me! Best Regards Jesper Jensen from denmark jesper@dh-data.dk |
|||||||