PHP - Check If User Has Login

Hi everyone i wonder if you can help me he

I need a script for a login and check login- create cookie.

Here is my form:

<form method="post" action="check_login.php">
<p>
<input type="submit" name="Submit2" value="go" />
</fieldset>
</p>
</form>

that sends it to check_login (which BEFORE i deleted something by accident, used to take me to a username and password box)

But now all it does is send me straight to the memebrs area???


Can i change the check_login.php script to make it work correctly:

Code: [Select]
<?php 
// Connects to your Database 
mysql_connect("server", "user", "password") or die(mysql_error()); 
mysql_select_db("DB") or die(mysql_error()); 

//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page
{ 
$username = $_COOKIE['ID_my_site']; 
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check )) 
{
if ($pass != $info['upassword']) 
{
}
else
 {
header("Location: members_area.php");

  }
  }
 }

 //if the login form is submitted 
 if (isset($_POST['submit'])) { // if form has been submitted

 // makes sure they filled it in
  if(!$_POST['username'] | !$_POST['upassword']) {
  die('You did not fill in a required field.');
  }
  // checks it against the database

  if (!get_magic_quotes_gpc()) {
  $_POST['email'] = addslashes($_POST['email']);
  }
  $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

 //Gives error if user dosen't exist
 $check2 = mysql_num_rows($check);
 if ($check2 == 0) {
  die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
  }
 while($info = mysql_fetch_array( $check )) 
 {
 $_POST['upassword'] = stripslashes($_POST['upassword']);
  $info['upassword'] = stripslashes($info['upassword']);
  $_POST['upassword'] = md5($_POST['upassword']);

 //gives error if the password is wrong
  if ($_POST['upassword'] != $info['upassword']) {
  die('Incorrect password, please try again.');
  }
  else 
 { 
 
 // if login is ok then we add a cookie 
   $_POST['username'] = stripslashes($_POST['username']); 
   $hour = time() + 3600; 
 setcookie(ID_my_site, $_POST['username'], $hour); 
 setcookie(Key_my_site, $_POST['upassword'], $hour);  
 
 //then redirect them to the members area 
 header("Location: members_area.php"); 
 } 
 } 
 } 
 else 
{  
 
 // if they are not logged in 
?>
 <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
 <table width="316" height="120" border="0">
 <tr><td colspan=2><h1>Login</h1></td></tr>
 <tr><td>Username:</td><td>
 <input type="text" name="username" maxlength="40">
 </td></tr>
 <tr><td>Password:</td><td>
 <input type="password" name="upassword" maxlength="50">
 </td></tr>
 <tr><td colspan="2" align="right">
 <input type="submit" name="submit" value="Login">
 </td></tr>
 </table>
 </form>
<?php 
 } 
 
?>

Hi all

I have the below login scripts which works great, I need to add a line in to give the user a message if the 'live' entry in the database is 0. Here's my code:

Code: [Select]
<?php
    if(isset($_POST['submit'])) {
        $error = false;
        $user_login = ($_POST['user_login']);
        $pass_login = ($_POST['pass_login']);
        if(!empty($user_login) && !empty($pass_login)) {
            $check_details=mysql_query("SELECT * FROM `members` WHERE email='".$user_login."' AND password='".sha1($pass_login)."' AND live = 1");
$getdetails=mysql_fetch_array($check_details);
            $status=mysql_num_rows($check_details);
            if($status >= "1") {
                $error = false;
                $_SESSION['wmmadmin_loggedin'] = "1";
                $_SESSION['wmmadmin_email'] = "".$user_login."";
$_SESSION['wmmadmin_username'] = "".$getdetails['name']."";
$_SESSION['wmmadmin_country'] = "".$getdetails['country']."";
$date = date('l jS \of F Y h:i:s A');
mysql_query(" INSERT INTO `logs` SET user = '".$getdetails['name']."', date = '".$date."'" );
header("Location: index.php");
            }
            if(!$status || $status == "0") {
                $error = true;
                echo "<div class=\"error\">Error! Login details were incorrect. </div>\n";
echo "<div class=\"error\">Forgot your password? Click the below link: </div>\n";
            }
        }
        if(empty($user_login) || empty($pass_login)) {
            $error = true;
            echo "<div class=\"error\"><strong>Please enter your username and password. </div>\n";
echo "<div class=\"error\">Forgot your password? Click the below link: </div>\n";
        }
    }
    ?>

Many thanks for your help.

Pete

Hello,

I have a PHP Login MySQL System which works perfect, however I would like to add a Functionality so that me as Admin can Login to Users Accounts. How can this be done, can you please help me?


Many Thanks

Hello can someone point me into the right direction? I've got this code:

if ($userdata["user_level"] <> 1 ){
   die();
}

The above code works but now I want to give users with level 3 also acces but not the users having level 2.
Anyone has an idea?

Regards Richard

I am having trouble finding a tutorial on how to have a login system like facebook and many other sites where when you login you get taken to your own profile with your own information using PHP and Mysql.

Any help would be much appreciated.

Thanks

I have a question for some more advanced developers out there. I am creating a user login class that I want to make secure. Now without cookies, no problem but everyone wants a remember me  . So what I was planning on doing was storing a single unique value in a cookie. Now when the user visits the page it will check there unique value against the values in the database. Then what I wanted to do was have some other data that is unique to that user to see if they are the same person or not. For example when user A with ip address 0.0.0.0 goes to access my page and has a cookie stored it will check the database for user with ip address 0.0.0.0 and the unique value in there cookie.

Now my question is, what values should I check against. It is my understanding that users can spoof ip addresses so that isnt exactly the best check. I was also going to use the hostname as well but you have to have the right ip address in order to check it so that isnt really reliable either. Another option is securing it another way. If anyone has any other suggestions that are secure to do a user login please let me know. I am open to anything at this point because I am creating the system from scratch. However, only secure systems are the way I want to go. I have advanced experience in php so dont worry about me not understanding .

Any help is appreciated.

Ok. I would like to be able to do this  ::  http://webdeveloper.50webs.com/js.login.htm   in PHP and with a database. I know it may look like a simple login script, but I would like it to redirect to a specific URL based on each user. I.E. "http://example.com/users/index.php" is the login page, and once the user logs in, it would redirect them to "http://example.com/users/username/" Unless someone has a better idea. I know this isn't secure (because someone could just change the url to a different username, and they now have access to that users account.) The only reason I would like to do it this way, is because I have an upload script, and because of the way it uploads, the files are placed in a folder (So username/files is were the files are stored) and I have a file browser (username/browser.php) And I don't know how to display only the files the user has uploaded. (I.E. if I had one main file that the users see once they login, they would all see everyones uploads.) I would forfeit a tiny bit of security if users had there files not publicly visible. (People still have to login to see the files, and they would have to know the URL to a specific username.) So basically what I would like to do, is have a database (I.E. "Users") and have a table in that database with "username" "password" "email" "URL" and the PHP script looks up the database, and checks the username, and the password, and if they match, looks at the URL and sees were its supposed to redirect the user. I have attached the PHP code I have found, and use. If anyone knows how to do this, please let me know!

Thanks in advance!
Cheers!

------
Anders

When I log in on my web-site it takes me to a php login-check page

This is the error code that I am getting;

Quote

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in D:\xampp\htdocs\login-check.php on line 26


This is the php code that i am using;

Code: [Select]
<?php
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="deliverpizza"; // Database name 
$tbl_name="customer, admin, staff"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_privelage.php");
}
else {

}
?>

I want to limit the number of incorrect login attempts within a specified time period (e.g. 15 minutes). I'm wondering what I should tie those attempts to.

e.g. If too many attempts from one ip address for a specific username, lock them out for 15 minutes? Or too many attempts from any ip address for a specific username? Or too many attempts for an ip address matched loosely (i.e. 255.255.255.0 matching) with a specific username?

What's the best choice? Just too many attempts for a username? Or also use the ip address?

And should I store the attempts in the session, or the DB?

Hi, I want have this code (below), how would I check if a user is logged in?  I want to make it so they can only see 500 chars, or the full thing if they're logged in.  Thanks! 
Code: [Select]
  public function __construct( $data=array() ) {
    if ( isset( $data['id'] ) ) $this->id = (int) $data['id'];
    if ( isset( $data['publicationDate'] ) ) $this->publicationDate = (int) $data['publicationDate'];
    if ( isset( $data['title'] ) ) $this->title = preg_replace ( "/[^\.\,\-\_\'\"\@\?\!\:\$ a-zA-Z0-9()]/", "", $data['title'] );
    if ( isset( $data['summary'] ) ) $this->summary = preg_replace ( "/[^\.\,\-\_\'\"\@\?\!\:\$ a-zA-Z0-9()]/", "", $data['summary'] );
    if ( isset( $data['content'] ) ) $this->content = $data['content'];
if ( isset( $data['tags'] ) ) $this->tags = $data['tags'];
  }

So let's say if contact_name wants to add member_name as a friend, how would i make it say user is already pending? what variables to check? or should i make friends table and a friends_pending table?

hi, how can i check if a username exists? i tried this 

$usrsql = "SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'";
        $usrres = mysql_query($usrsql);
        $usrcount = mysql_num_rows($usrres);

        if($usrres && mysql_num_rows($usrcount)>0) {

            die("Username is already taken!");
        } 

Hi there,   I've been searching the internet for the best way to check if the user has been logged in. Some codes have security breaches. So I'm not sure where to start.   Here's what I've come up with:   The user logs in and is checked whether he/she is a valid user, if not return false and if true carry on and create session, I read the post that Jacques1 made about session feedback and implemented what he said. After that the session variables are assigned and then the user id, session_id and a unique identifier to check against on each page load are inserted into a database and then the user is logged in.   Here's my code: (please note this is in a class and only shows the login function)

function Login($username, $password)
	{
		try
		{
			$db = new PDO("mysql:host=".DB_HOST.";dbname=".DB_NAME.";charset=utf8", DB_USERNAME, DB_PASSWORD);
			$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
			$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
		}
		catch(PDOException $ex)
		{
			echo "Unable to connect to DB";
			error_log($ex->getMessage());
		}
		
		try
		{
			$User_Info = $db->prepare("SELECT * FROM users WHERE username=:username");
			$User_Info->bindValue(":username", $username, PDO::PARAM_STR);
			$User_Info->execute();
			$Info = $User_Info->fetchAll(PDO::FETCH_ASSOC);
			
			$salt = $Info['salt'];
			
			$password = $salt . $password;
			$password = $this->CreateHash($password);
			
			$unique_key = $this->GenerateRandom();
			$unique_key = $this->CreateHash($unique_key);		
			
			$Check_User = $db->prepare("SELECT * FROM users WHERE username=:username AND password=:password");
			$Check_User->bindValue(":username", $username, PDO::PARAM_STR);
			$Check_User->bindValue(":password", $password, PDO::PARAM_STR);
			$Check_User->execute();	
			
			if($Check_User->rowCount() > 0)
			{
				while($row = $Check_User->fetchAll(PDO::FETCH_ASSOC))
				{
					session_destroy();
					session_start();
					
					$_SESSION = array();
					
					session_regenerate_id(true);
					
					$_SESSION['username'] = $row['username'];
					$session_id = session_id();
					$user_id = $row['id'];
					
					$Check_Logged_In = $db->prepare("DELETE FROM logged_in_users WHERE user_id=:userid");
					$Check_Logged_In->bindValue(":user_id", $user_id, PDO::PARAM_STR);
					$Check_Logged_In->execute();
					$has_changed = $Check_Logged_In->rowCount();
					
					if($has_changed > 0)
					{
						$Logged_In = $db->prepare("INSERT INTO logged_in_users (id, user_id, session_id, unique_key) VALUES (NULL, :user_id, :session_id, :unique_key)");
						$Logged_In->bindValue(":user_id", $user_id, PDO::PARAM_STR);
						$Logged_In->bindValue(":session_id", $session_id, PDO::PARAM_STR);
						$Logged_In->bindValue(":unique_key", $unique_key, PDO::PARAM_STR);
						$Logged_In->execute();
						$affected_rows = $Logged_In->rowCount();
						
						if($affected_rows > 0)
						{
							return true;
						}
					}
					return false;
				}
			}

			return false;
		}
		catch(PDOException $ex)
		{
			echo "Unable to complete query";
			error_log($ex->getMessage());
		}
	}

Thanks

Hey guys, I have an issue with my php code. 

After registering in my site, i (the user) can't login again. It displays a message:
Quote

The email and password combination you entered is incorrect.


Code: [Select]
<?php 
if(logged_in()) {
    $user_data = user_data('name');
    echo 'Welcome, ', $user_data['name'];
    } else { 
?>
<form action="" method="post" >
    <p>
        Email: <input type="email" name="login_email" />
        Password: <input type="password" name="login_password" />
        <input type="submit" value="Log in" />
    </p>
   
</form>
<?php 
}
if (isset($_POST['login_email'], $_POST['login_password'])) {
    
        $login_email = $_POST['login_email'];
        $login_password = $_POST['login_password'];
        
        
     $errors = array();
    
if(empty($login_email) || empty($login_password)){
        $errors[] = 'Email and password are required!';
    } else { 
    
    $login = login_check($login_email, $login_password);
    
    if($login === false) {
        $errors[] = 'The email and password combination you entered is incorrect.';
        }
}
    if(!empty($errors)) {
        foreach ($errors as $error) {
            echo $error. '<br />';
            }
        } else { 
            $_SESSION['user_id'] = $login;
            header('Location: index.php');
            exit();
        }
            
    }
    
?>

And here's the function where I call check the login:
Code: [Select]
<?php 
function login_check($email, $password) {
            $email = mysql_escape_string($email);
            $login_query = mysql_query("SELECT COUNT(`user_id`) as `count`, `user_id` FROM `users` WHERE `email`='$email' AND `password`='".md5($password) ."'");
            return(mysql_result($login_query, 0) == 1) ? mysql_result($login_query, 0, 'user_id') : false;
            echo mysql_error();
    }
?>

Any clue of what this could be?

Hi all.

I'm new to PHP language and I'd like to know which is the best way to handle the user login.

With cookies or with sessions?

Do you know some example on the web that I could inspire on? I just know how to do it in both way, I just wanna know which is the best way and like to read some code written by a pro.