PHP - How To Specifiy 2 Varaible's For Login Php Using Mysql

I am using a login system in php and mySQL but only one page is potected.

pages i am using:
1. login.php // inputing details (user name, password)
2. checkloginDetails.php // connect to db and check login details
3. logged_in.php // successfully login

...i need more than the one page protected for example; once the user has logged in there will be the main logged in page with other links, remove topics, add, user, remove user all these pages i want protecting but with out the user inputing his details again.

Has anyone got an idear onhow i ould achive this?
 

This topic has been moved to PHP Installation & Configuration.

http://www.phpfreaks.com/forums/index.php?topic=355401.0

Obviously when connecting to php Im not going to show all of my login details;

mysql_connect("details","details","password") or die(mysql_error()); 
mysql_select_db("details") or die(mysql_error());

whats the best way to hide them?
Ive seen some people using an include file with their login details on but say for eg.

<?php
  include('con.php');
?>

Whats to stop  somone looking at www.myweb/con.php and obtaining my details there instead?

This is my first attemp at a log in system for a website.  Everything seems to work fine until the "successful" IF function near the end.  All I get it an output of "?>" instead of a redirect to the file "login_success.php".  Any help would be GREATLY appreciated!!  Tom


<?php

// Connect to server and select databse.
mysql_connect("localhost", "scripts3_public", "sfj123!")or die("cannot connect");
mysql_select_db("scripts3_sfj")or die("cannot select DB");

// username and password sent from form
$fusername=$_POST['fusername'];
$fpassword=$_POST['fpassword'];

// To protect MySQL injection (more detail about MySQL injection)
$fusername = stripslashes($fusername);
$fpassword = stripslashes($fpassword);
$fusername = mysql_real_escape_string($fusername);
$fpassword = mysql_real_escape_string($fpassword);

$sql="SELECT * FROM `users` WHERE `User name` = '$fusername' AND `Password` = '$fpassword'";
$result=mysql_query($sql);

if(!mysql_num_rows($result))
{echo "No results returned.";}

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $fusername and $fpassword, table row must be 1 row

if($count==1){

// Register $fusername, $fpassword and redirect to file "login_success.php"
session_register("fusername");
session_register("fpassword");
header("location:login_success.php");
}

else {
echo "Wrong Username or Password";
}

?>

I currently have a MyBB forum and I'm going to attempt to create a top list for it, but I'd like users that have already registered on my forum to be able to log into the top list area and either add or edit their website on the top list. How would I go about creating a login script with an already existing MySQL database that contains my MyBB users?

I am new to PHP. I have been trying to do some research online for a few days and not getting very far. I feel like I know less now than I did before I started.

Here's the story:

I've set up a LAMP server that runs a Wiki and AppGini (http://www.bigprof.com/appgini/) - AppGini allows you to "Create web database applications instantly without writing any code" - The only downside we have with it, is it's got it's own set of user accounts. My team all logs in with the default admin account which isn't a big deal but we'd prefer to use LDAP to AD for reasons I won't get into right now.

I emailed AppGini support and asked about LDAP integration. Their response was that it's "a little bit of work" and "You can modify the login authentication function to authenticate using LDAP ... please see the example code he http://code.activestate.com/recipes/101525-ldap-authentication/ (needs some modifications to work with AppGini)"

I've googled around and found 2 dozen different LDAP PHP samples. I've gotten some of them to work. By work I mean they connect to my domain controller and say "success" I'm not actually logged into anything.

So I'm looking for a little help from square one. I need to have a better understanding of how things are supposed to work so I know where I'm supposed to go with all of this. Where do I start? What do I do? What would YOU do?


This is the current "index.php" that logs you into the site.
Code: [Select]
<?php

error_reporting(E_ALL ^ E_NOTICE);
$d=dirname(__FILE__);
include("$d/defaultLang.php");
include("$d/language.php");
include("$d/incCommon.php");
$x->TableTitle=$Translation['homepage'];
include("$d/header.php");

if($_GET['signOut']==1){
logOutMember();
}

$tablesPerRow=2;
$arrTables=getTableList();

?>
<div align="center"><table cellpadding="8">
<?php if($_GET['loginFailed']==1 || $_GET['signIn']==1){ ?>
<tr><td colspan="2" align="center">
<?php if($_GET['loginFailed']){ ?>
<div class="Error"><?php echo $Translation['login failed']; ?></div>
<?php } ?>
<form method="post" action="index.php">
<table border="0" cellspacing="1" cellpadding="4" align="center">
<tr>
<td colspan="2" class="TableHeader">
<div class="TableTitle"><?php echo $Translation['sign in here']; ?></div>
</td>
</tr>
<tr>
<td align="right" class="TableHeader">
<?php echo $Translation['username']; ?>
</td>
<td align="left" class="TableBody">
<input type="text" name="username" value="" size="20" class="TextBox">
</td>
</tr>
<tr>
<td align="right" class="TableHeader">
<?php echo $Translation['password']; ?>
</td>
<td align="left" class="TableBody">
<input type="password" name="password" value="" size="20"class="TextBox">
</td>
</tr>
<tr>
<td colspan="2" align="right" class="TableHeader">
<span style="margin: 0 20px;"><input type="checkbox" name="rememberMe" id="rememberMe" value="1"> <label for="rememberMe"><?php echo $Translation['remember me']; ?></label></span>
<input type="submit" name="signIn" value="<?php echo $Translation['sign in']; ?>">
</td>
</tr>
<tr>
<td colspan="2" align="left" class="TableHeader">
<?php echo $Translation['go to signup']; ?>
<br /><br />
</td>
</tr>
<tr>
<td colspan="2" align="left" class="TableHeader">
<?php echo $Translation['forgot password']; ?>
<br /><br />
</td>
</tr>
<tr>
<td colspan="2" align="left" class="TableHeader">
<?php echo $Translation['browse as guest']; ?>
<br /><br />
</td>
</tr>
</table>
</form>
<script>document.getElementsByName('username')[0].focus();</script>
</td></tr>
<?php } ?>
<?php
if(!$_GET['signIn'] && !$_GET['loginFailed']){
if(is_array($arrTables)){
if(getLoggedAdmin()){
?><tr><td colspan="<?php echo ($tablesPerRow*3-1); ?>" class="TableTitle" style="text-align: center;"><a href="admin/"><img src=table.gif border=0 align="top"></a> <a href="admin/" class="TableTitle" style="color: red;"><?php echo $Translation['admin area']; ?></a><br /><br /></td></tr><?php
}
$i=0;
foreach($arrTables as $tn=>$tc){
$tChk=array_search($tn, array());
if($tChk!==false && $tChk!==null){
$searchFirst='?Filter_x=1';
}else{
$searchFirst='';
}
if(!$i % $tablesPerRow){ echo '<tr>'; }
?><td valign="top"><a href=<?php echo $tn; ?>_view.php<?php echo $searchFirst; ?>><img src=<?php echo $tc[2];?> border=0></a></td><td valign="top" align="left"><a href=<?php echo $tn; ?>_view.php<?php echo $searchFirst; ?> class="TableTitle"><?php echo $tc[0]; ?></a><br /><?php echo $tc[1]; ?></td><?php
if($i % $tablesPerRow == ($tablesPerRow - 1)){ echo '</tr>'; }else{ echo '<td width="50">&nbsp;</td>'; }
$i++;
}
}else{
?><tr><td><div class="Error"><?php echo $Translation['no table access']; ?><script language="javaScript">setInterval("window.location='index.php?signOut=1'", 2000);</script></div></td></tr><?php
}
}
?>

</table><br /><br /><div class="TableFooter"><b><a href=http://bigprof.com/appgini/>BigProf Software</a> - <?php echo $Translation['powered by']; ?> AppGini 4.61</b></div>

</div>
</html>

Hey there,   First time using MySQL database to connect to a member login.  I have a paid subscription site through ccbill which they add the username and logins to.  I have setup a database, username and password as well as a table that I have connected correctly "I believe" to my website but get this message:  warning: MySQL-fetch_array()expects parameter 1 to be resource, Boolean given in /home....   My table I have setup just has username and password to authenticate the users, which I was told by ccbill is all I need.  Maybe I need authentication 1 or 0 etc. Any help on this would be amazing.  Spent hours trying to figure this out but nothing.   Thanks for your time.   Steven

I am currently creating a multi-user login system, and I have created the database in MySQL, but the problem is that my PHP script is not working as expected. I would like it so that if the user enters in a correct username + password combination, then they are redirected to a webpage called "congrats.php" for example. However, with my current PHP code, if I include a redirection instruction based on the correct input, then when I run the script, then the user is instantly taken to the congrats.php page without filling in any login details. I'm quite sure that the database has been connected to, as due to the layout of my script at the moment, the text that reads "You did it!" appears 4 times, the same number of rows in my MySQL database. My PHP coding for this is:

Code: [Select]
<html><head><title>Multi-User Log In Form</title></head>
<body>
<?php
$self = $_SERVER['PHP_SELF'];
$username = $_POST['username'];
$password = $_POST['password'];
?>
<form action = "<?php echo $self; ?>" method = "post">
Username <input type = "text" name = "username" size = "8">
Password <input type = "password" name = "password" size = "8">
<input type = "submit" value="Submit">
</form>
<?php
$conn = @mysql_connect("localhost", "root", "") or die ("Err: Conn");
$rs = @mysql_select_db("test3", $conn) or die ("Err: Db");
$sql = "select * from users";
$rs = mysql_query($sql, $conn);
while ($row = mysql_fetch_array($rs)) {

$name = $row["uname"];
$pass = $row["pword"];
if ($username = $name && $password = $pass)
{
//CODE FOR REDIRECTION SHOULD GO HERE
//header("location:congrats.php");
echo "You did it!";
}
else
{
echo "Invalid username and password combination";
}
}
?></body>
</html>

Any help in trying to get it so that my PHP script will redirect only if a correct username + password combination is entered would be greatly appreciated

hi

i need help an idea how can i separate members from admins
since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 )   (its session login form only that i made it work other tutorials wre too old or something)
how what i want to do is separate members and admins because admin need more rights to do
now i have idea but dont know will it work like that
what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work?
and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag?

Hello guys,

Is there on web any updated tutorial on how can I add Facebook login on my simple php login script?

Hi guys.

What I want to create is really complicated. Well I have a login system that works with post on an external website.
I have my own website, but they do not give me access to the database for security reasons, therefore I have to use their login system to verify my users.
What their website does is that it has a post, with username and password. The POST website is lets say "https://www.example.com/login".
 If login is achieved (i.e. username and password are correct), it will redirect me to "https://www.example.com/login/success" else it will redirect me to "https://www.example.com/login/retry".

So I want a PHP script that will do that post, and then according to the redirected website address it will return me TRUE for success, FALSE for not successful login.

Any idea??

Thanks

Hi guys,

Can anyone assist me. I am trying to create a login for admin and user (if user not a member click register link) below is my code: But whenever I enter the value as: Username: admin Password:123 - I got an error message "That user does not exist!"

Any suggestion and help would be appreciated.
Thanks.

login.php

<?php 

//Assigned varibale $error_msg as empty

//$error_msg = "";

session_start();

$error_msg = "";

if (isset($_POST['submit'])) {

if ($a_username = "admin" && $a_password = "123") 

{

//Define $_POST from form text feilds

$username = $_POST['username'];

$password = $_POST['password'];

//Add some stripslashes

$username = stripslashes($username);

$password = stripslashes($password);

//Check if usernmae and password is good, if it is it will start session

if ($username == $a_username && $password == $a_password)

{

session_start();

$_SESSION['session_logged'] = 'true';

$_SESSION['session_username'] = $username;

//Redirect to admin page

header("Location: admin_area.php");

}

}

$username = (isset($_POST['username'])) ? $_POST['username'] : ''; 

$password = (isset($_POST['password'])) ? $_POST['password'] : ''; 

if($username && $password) {

$connect = mysql_connect("localhost", "root", "") or die ("Couldn't connect!");

mysql_select_db("friendsdb") or die ("Couldn't find the DB");

$query = mysql_query ("SELECT * FROM `user` WHERE username = '$username'");

$numrows = mysql_num_rows($query);

if ($numrows != 0){

while ($row = mysql_fetch_array($query)) {

$dbusername = $row['username'];

$dbpassword = $row['password'];

}

//Check to see if they are match!

if ($username == $dbusername && md5($password) == $dbpassword) {

header ("Location: user_area.php");

$_SESSION['username'] = $username;

}

else

$error_msg = "Incorrect password!";

//code of login

}else

$error_msg = "That user does not exist!";

//echo $numrows;

}

else

$error_msg = "Please enter a username and password!";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Page</title>
</head>

<body>
<br />
<?php

require "header.php";
?><br />
<div align="center">
<table width="200" border="1">

<?php

// If $error_msg not equal to emtpy then display error message

if($error_msg!="") echo "<div id=\"error_message\"style=\"color:red; \">$error_msg</div><br />";?>

<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<!--form action="login_a.php" method="post"-->

Username: <input type="text" name="username" /><br /><br />

Password: <input type="password" name="password"  /><br /><br />

<input type="submit" name = "submit" value="Log in"  />
</form> <p> </p>

Register a <a href="register.php">New User</a>
</table>
</div>
</body>
</html>

How to add the ability to login with username or email for login?

 

<?php 
ob_start();
include('../header.php');
include_once("../db_connect.php");
session_start();
if(isset($_SESSION['user_id'])!="") {
	header("Location: ../dashboard");
}
if (isset($_POST['login'])) {
	$email = mysqli_real_escape_string($conn, $_POST['email']);
	$password = mysqli_real_escape_string($conn, $_POST['password']);
	$result = mysqli_query($conn, "SELECT * FROM users WHERE email = '" . $email. "' and pass = '" . md5($password). "'");
	if ($row = mysqli_fetch_array($result)) {
		$_SESSION['user_id'] = $row['uid'];
		$_SESSION['user_name'] = $row['user'];	
		$_SESSION['user_email'] = $row['email'];		
		header("Location: ../dashboard");
	} else {
		$error_message = "Incorrect Email or Password!!!";
	}
}
?>

 

Hello, I am once again desperately asking for your help,

I am working on a simple login page and I am having trouble actually getting it  to login. I display error messages for if the user doesn't enter anything but I can't seem to get it to work for if the credentials are wrong. It logs the user in whether the information is right or not and i dont even know what to do now

 

This is the code any suggestions would be greatly appreciated

<?php
    /*
    Name: Deanna Slotegraaf 
    Course Code: WEBD3201
    Date: 2020-09-22
    */

    $file = "sign-in.php";
    $date = "2020-09-22";
    $title = "WEBD3201 Login Page";
    $description = "This page was created for WEBD3201 as a login page for a real estate website";
    $banner = "Login Page";
    require 'header.php';

    $error = "";

    if($_SERVER["REQUEST_METHOD"] == "GET")
    {
        $username = "";
        $password = "";
        $lastaccess = "";        
        $error = "";
        $result = "";
        $validUser = "";
    }
    else if($_SERVER["REQUEST_METHOD"] == "POST")
    {        
    	$conn;
        $username = trim($_POST['username']); //Remove trailing white space
        $password = trim($_POST['password']); //Remove trailing white space

    if (!isset($username) || $username == "") {
      $error .= "<br/>Username is required";
    }
    if (!isset($password) || $password == ""){
      $error .= "<br/>Password is required";
    }
    if ($error == "") {
      $password = md5($password);
      $query = "SELECT * FROM users WHERE EmailAddress='$username' AND Password='$password'";
      $results = pg_query($conn, $query);
      //$_SESSION['username'] = $username;
        //$_SESSION['success'] = "You are now logged in";
        header('location: dashboard.php');
      }else {
        $error .= "Username and/or Password is incorrect";
      }

}

?>

<div class = "form-signin">
    <?php
             echo "<h2 style='color:red; font-size:20px'>".$error."</h2>";
    ?>
<form action = "<?php echo $_SERVER['PHP_SELF'];  ?>" method="post">

      <label for="uname"><b>Login ID</b></label>
      <input type="text" name="username" value="<?php echo $username; ?>"/>
      <br/>
      <label for="psw"><b>Password</b></label>
      <input type="password" name="password" value="<?php echo $password; ?>"/>
      <br/>
        <button type="submit" name="login_user">Login</button>
        <button type="reset">Reset</button></div>
</form>
</div>

<?php require "footer.php"; ?>

 

Hi everyone i wonder if you can help me he

I need a script for a login and check login- create cookie.

Here is my form:

<form method="post" action="check_login.php">
<p>
<input type="submit" name="Submit2" value="go" />
</fieldset>
</p>
</form>

that sends it to check_login (which BEFORE i deleted something by accident, used to take me to a username and password box)

But now all it does is send me straight to the memebrs area???


Can i change the check_login.php script to make it work correctly:

Code: [Select]
<?php 
// Connects to your Database 
mysql_connect("server", "user", "password") or die(mysql_error()); 
mysql_select_db("DB") or die(mysql_error()); 

//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page
{ 
$username = $_COOKIE['ID_my_site']; 
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check )) 
{
if ($pass != $info['upassword']) 
{
}
else
 {
header("Location: members_area.php");

  }
  }
 }

 //if the login form is submitted 
 if (isset($_POST['submit'])) { // if form has been submitted

 // makes sure they filled it in
  if(!$_POST['username'] | !$_POST['upassword']) {
  die('You did not fill in a required field.');
  }
  // checks it against the database

  if (!get_magic_quotes_gpc()) {
  $_POST['email'] = addslashes($_POST['email']);
  }
  $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

 //Gives error if user dosen't exist
 $check2 = mysql_num_rows($check);
 if ($check2 == 0) {
  die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
  }
 while($info = mysql_fetch_array( $check )) 
 {
 $_POST['upassword'] = stripslashes($_POST['upassword']);
  $info['upassword'] = stripslashes($info['upassword']);
  $_POST['upassword'] = md5($_POST['upassword']);

 //gives error if the password is wrong
  if ($_POST['upassword'] != $info['upassword']) {
  die('Incorrect password, please try again.');
  }
  else 
 { 
 
 // if login is ok then we add a cookie 
   $_POST['username'] = stripslashes($_POST['username']); 
   $hour = time() + 3600; 
 setcookie(ID_my_site, $_POST['username'], $hour); 
 setcookie(Key_my_site, $_POST['upassword'], $hour);  
 
 //then redirect them to the members area 
 header("Location: members_area.php"); 
 } 
 } 
 } 
 else 
{  
 
 // if they are not logged in 
?>
 <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
 <table width="316" height="120" border="0">
 <tr><td colspan=2><h1>Login</h1></td></tr>
 <tr><td>Username:</td><td>
 <input type="text" name="username" maxlength="40">
 </td></tr>
 <tr><td>Password:</td><td>
 <input type="password" name="upassword" maxlength="50">
 </td></tr>
 <tr><td colspan="2" align="right">
 <input type="submit" name="submit" value="Login">
 </td></tr>
 </table>
 </form>
<?php 
 } 
 
?>