|
PHP - Showing The Users Name After Login
Hi guys
I am new to PHP and need som help. I have set up a site that allows a user to log in through a simple form where the data is then send to checklogin.php. Here the data is checked up against my sql database and if the login is correct the user is transfered to the "secret" members only site. All this works fine. My question is then, how do I get the members site to greet the member with "Hello 'username'"; of course where the username changes depending on the login. This is the part where the username and password is checked: <?php $host="mydbb10.surftown.dk"; // Host name $username="****"; // Mysql username $password="****"; // Mysql password $db_name="****"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "korrekt.php" session_register("myusername"); session_register("mypassword"); echo "Tak fordi du loggede ind<br>Redirecter..."; header("location: ../forhandlerservice.php"); } else { echo "Forkert brugernavn eller password"; header("location: ../loginfejl.html"); } ?> and this is the first line of code on the members site: <? session_start(); if(!session_is_registered(myusername)){ header("location:login.html"); } ?> Sorry if I provided to much code, just want to make sure that I don't forget anything. Any help is appreciated. Thank you Similar TutorialsI need some help with my commenting system. at the moment the code is like this: <div id="pagepannel"> <div id="ptop_small">Comments</div> <div id="pbottom_small"> <p> <?php // if ($allow_comments == "no") { ?> </p> <p>No Posting comments here!!!</p> <p> </p> <p> </p> <p> <?php } else ?> </p> <p> <?php $sql = "SELECT comment_id, blog_id, posted_by, comment, stamp, email, type FROM jscrgaming_newscomments WHERE blog_id='$blog_id' ORDER BY comment_id DESC"; $result = mysql_query($sql) or die('Error : ' . mysql_error()); while(list($comment_id, $blog_id_co, $username, $comment, $stamp, $email, $type) = mysql_fetch_array($result, MYSQL_NUM)) { if ($type == 'user'){ ?> </p> <table width="95%" border="0" cellpadding="0" cellspacing="0" class="full_border"> <tr> <td width="75" id="avatar"></td> <td><span class="capitalize"><a href="userinfo.php?user=<? echo $username ?>"><strong><? echo $username ?></strong></a></span><strong> posted</strong>: <? echo stripslashes($comment) ?></td> </tr> <tr> <td colspan="2" bgcolor="#CAE4FF" class="date"><? echo $stamp ?> </td> </tr> </table> <p> </p> <p> <? } else{ ?> </p> <table width="95%" border="0" cellpadding="0" cellspacing="0" class="full_border"> <tr> <td><strong> <? echo $username ?>posted</strong>: <? echo stripslashes($comment) ?></td> </tr> <tr> <td bgcolor="#CAE4FF" class="smalltext"><? echo $stamp ?>:: User Was Guest</td> </tr> </table> <p> </p> <p> <? } }?> </p> <p> <?php // if ($allow_comments == "restricted") { /** * User has already logged in, so display relavent links, including * a link to the admin center if the user is an administrator. */ if($session->logged_in){?> </p> <form id="form3" name="form3" method="post" action="user/admin/blog/comment_system/user.php"> <p> </p> <table width="95%" border="0" align="center" cellspacing="2" class="full_border"> <tr> <td colspan="2">You are commenting as <?php echo $session->username;?></td> </tr> <tr> <td width="75">Message</td> <td><textarea name="co_comment" cols="30" id="textfield10"></textarea></td> </tr> <tr> <td width="75"><span class="header"> <input name="co_username" type="hidden" id="co_username" value="<?php echo $session->username;?>" /> <input name="co_blog_id" type="hidden" id="co_blog_id" value="<?php echo $blog_id ?>" /> </span></td> <td><label> <input type="submit" class="blog_button" value=" Post " /> </label></td> </tr> <tr> <td> </td> <td class="smalltext">only 200 charaters can be used</td> </tr> </table> </form> <p> </p> <p> <? } else {?> </p> <p> </p> <table width="95%" border="0" align="center" cellspacing="2" class="full_border"> <tr> <td width="75"><span class="capitalize">Name</span></td> <td><label> <input name="textfield5" type="text" disabled="disabled" id="textfield5" size="35" /> </label></td> </tr> <tr> <td width="75">Email</td> <td><input name="textfield5" type="text" disabled="disabled" id="textfield6" size="35" /></td> </tr> <tr> <td width="75">Message</td> <td><textarea name="textfield5" cols="30" disabled="disabled" id="textfield7">You need to be logged in to comment.</textarea></td> </tr> <tr> <td width="75"> </td> <td><label> <input type="button" class="blog_button" value=" Post " /> </label></td> </tr> </table> <p> </p> <p> <?php } } else { if($session->logged_in){?> </p> <form id="form2" name="form2" method="post" action="user/admin/blog/comment_system/user.php"> <p> </p> <table width="95%" border="0" align="center" cellspacing="2" class="full_border"> <tr> <td colspan="2">You are commenting as <?php echo $session->username;?></td> </tr> <tr> <td width="75">Message</td> <td><textarea name="co_comment" cols="30" id="textfield8"></textarea></td> </tr> <tr> <td width="75"><input name="co_username" type="hidden" id="co_username" value="<?php echo $session->username;?>" /> <input name="co_blog_id" type="hidden" id="co_blog_id" value="<?php echo $blog_id ?>" /></td> <td><label> <input type="submit" class="blog_button" value=" Post " /> </label></td> </tr> <tr> <td> </td> <td><span class="smalltext">only 200 charaters can be used</span></td> </tr> </table> </form> <p> </p> <p> <? } else { ?> </p> <form id="form1" name="form1" method="post" action="user/admin/blog/comment_system/guest.php"> <p> </p> <table width="95%" border="0" align="center" cellspacing="2" class="full_border"> <tr> <td width="75"><span class="capitalize">Name</span></td> <td><label> <input name="co_username" type="text" id="co_username" size="35" /> </label></td> </tr> <tr> <td width="75">Email</td> <td><input name="guest_email" type="text" id="guest_email" size="35" /></td> </tr> <tr> <td width="75">Message</td> <td><textarea name="co_comment" cols="30" id="co_comment"></textarea></td> </tr> <tr> <td width="75">Spam</td> <td> </td> </tr> <tr> <td colspan="2" align="center"><? require_once('user/captcha/recaptchalib.php'); $publickey = "6Ld_W7sSAAAAAPNTLWrUJLEClFpSSPu1d1Ry5zNR"; // you got this from the signup page echo recaptcha_get_html($publickey); ?></td> </tr> <tr> <td colspan="2" align="right"><span class="smalltext">only 200 charaters can be used</span> <input name="co_blog_id" type="hidden" id="co_blog_id" value="<?php echo $blog_id ?>" /> <input type="submit" class="blog_button" value=" Post " /></td> </tr> </table> </form> <p> </p> <p> <? } } ?> </p> <p> </p> <div></div> </div> </div> I, know its a bit messy but lets me see it and design it in Dreamweaver Any way, for the comment system for users, I want it to show their avatar as well, which is stored in the users table. How would one do this. I did think of it submitting the avatar along with the post but then it wouldnt update if the user would to change their avatars :\ Any helps??? Hi, I have a restricted area for my work's company. This is an area where registered users with their own user name and password can access to download technical documents etc. I am hearing some reports that users will have to login twice to get to the area - This happens in Chrome, IE 7/8 and some Firefox's. It has only happened to me once or twice. Does anyone know why this may be? Here is the HTML code from the login form on the index page: Code: [Select] <form name="login_form" method="post" action="log.php?action=login"> <p>Login:<br /> <input type="text" name="user" /> </p> <p>Password: <br /><input type="password" name="pwd" /> </p> <p class="submit"> <input type="submit" value="Submit" name="submit" class="submit" /> </p> </form> Here is the log.php File: (personal connection details edited) Code: [Select] <?php $hostname = "IP:3306"; $username = "user"; $password = "password"; $database = "db_name"; $link = MYSQL_CONNECT($hostname,$username,$password); mysql_select_db($database); ?> <?php session_name("MyWebsiteLogin"); session_start(); if($_GET['action'] == "login") { $conn = mysql_connect("IP:3306","user","password"); $db = mysql_select_db("db_name"); //Your database name goes in this field. $name = $_POST['user']; $ip=$_SERVER['REMOTE_ADDR']; $country = file_get_contents('http://api.hostip.info/country.php?ip='.$ip); $q_user = mysql_query("SELECT * FROM customer WHERE username='$name'"); ?> <?php $insert_query = ("INSERT INTO login(username, ip, country) VALUES ('$name','$ip','$country');"); mysql_query($insert_query) or die('Error, insert query failed'); ?> <?php if(mysql_num_rows($q_user) == 1) { $query = mysql_query("SELECT * FROM customer WHERE username='$name'"); $data = mysql_fetch_array($query); if($_POST['pwd'] == $data['password']) { session_register("name"); header("Location: http://#/download/index.php?un=$name"); // This is the page that you want to open if the user successfully logs in to your website. exit; } else { header("Location: login.php?login=failed&cause=".urlencode('Wrong Password')); exit; } } else { header("Location: login.php?login=failed&cause=".urlencode('Invalid User')); exit; } } ?> Any help or ideas would be greatly appreciated. I am trying to make a login and direct for my clients. I have all the login stuff working but can't figure out how to redirect specific clients to their pages only. Any help anyone can offer would be great. Code: [Select] <?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: member-index.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> hi... I have a site that allows user to download some files. at present if i type http://www.abc.com/files/xyz.zip it allows all the users to access and download files. I want only the login users can access these files....... pls help how to do this. thanks in advance Hi! I have read like crazy to find a tutorial on a login page without My_SQL. Anyway I am working on a easy login/logged out page with sessions. Here is the login page with tree users in an array.
The things that I need some hints to solve is, when clicking on login the error message don't show. Instead the script goes to the logged in page right away. And when you write the wrong password you get loged in anyway.
I am not sure how or if it's possible to write a varible to a file this way. But I tried and recived a parse error with the txt varible.
When searching for topics I get more confused with the My_SQL varibles. I am near a breaking point at cracking the first step on PHP, but need some advice.
<?php
$page_title = 'Logged in'; //Dynamic title
include('C:/wamp/www/PHP/includes/header.html');
?>
<?php
session_start();
//A array for the sites users with passwords
$users = array(
'Dexter'=>'meow1',
'Garfield'=>'meow2',
'Miro'=>'meow3'
);
//A handle to save the varible users to file on a new line from the last entry
$handle = fopen("newusers.txt, \n\r")
$txt = $users;
fclose($handle);
if(isset($_GET['logout'])) {
$_SESSION['username'] = '';
header('Location: ' . $_SERVER['PHP_SELF']);
}
if(isset($_POST['username'])) {
if($users[$_POST['username']] == $_POST['password']) {
$_SESSION['username'] = $_POST['username'];
}else {
echo "Something went wrong, Please try again";
}
}
?>
<?php
echo "<h3>Login</h3>";
echo "<br />";
?>
<!--A legend form to login-->
<fieldset><legend>Fill in your username and password</legend>
<form name="login" action="777log.php" method="post">
Username: <br />
<input type="text" name="username" value="" /><br />
Password: <br />
<input type="password" name="password" value="" /><br />
<br />
<input type="submit" name="submit" value="Login" />
</fieldset>
</form>
<?php //Footer include file
include('C:/wamp/www/PHP/includes/footer.html');
?>
The logged in page
<?php //Header
$page_title = 'Reading a file';
include('C:/wamp/www/PHP/includes/header.html');
?>
<?php
session_start();
//Use an array forthe sites users
$users = array(
'Dexter'=>'meow1',
'Garfield'=>'meow2',
'Miro'=>'meow3'
);
//
if(isset($_GET['logout'])) {
$_SESSION['username'] = '';
echo "You are now loged out";
//The user is loged out and returned to the login page
header('Location: ' . $_SERVER['PHP_SELF']);
}
if(isset($_POST['username'])) {
//Something goes wrong here when login without any boxes filled
if($users[$_POST['username']] == $_POST['password']) {
$_SESSION['username'] = $_POST['username'];
}else {
echo "Something went wrong, Please try again";
$redirect = "Location: 777.php";
}
}
?>
<?php if($_SESSION['username']): ?>
<p><h2>Welcome <?=$_SESSION['username']?></h2></p>
<p align="right"><a href="777.php">Logga ut</a></p><?php endif; ?>
<p>Today Ben&Jerrys Chunky Monkey is my favorite!</p>
<?php //Footer
include('C:/wamp/www/PHP/includes/footer.html');
?>
I have dynamic images that have the "Like" button, it's basically like a wishlist. The way I want it to work is that when a user is not logged in, the 'Like' button will navigate them to a login popup (which I already made). I have a standard form that displays users current data from a mysql database once logged in(code obtained from the internet). Users can then edit their data then submit it to page called editform.php that does the update. All works well except that the page does not display the updated info. Users have to first logout and login again to see the updated info. even refreshing the page does not show the new info. Please tell me where the problem is as i am new to php.
my form page test.php
<?PHP
require_once("./include/membersite_config.php");
if(!$fgmembersite->CheckLogin())
{
$fgmembersite->RedirectToURL("login.php");
exit;
}
?>
<form action="editform.php?id_user=<?= $fgmembersite->UserId() ?>" method="POST">
<input type="hidden" name="id_user" value="<?= $fgmembersite->UserId() ?>"><br>
Name:<br> <input type="text" name="name" size="40" value="<?= $fgmembersite->UserFullName() ?>"><br><br>
Email:<br> <input type="text" name="email" size="40" value="<?= $fgmembersite->UserEmail() ?> "><br><br>
Address:<br> <input type="text" name="address" size="40" value="<?= $fgmembersite->UserAddress() ?> "><br><br>
<button>Submit</button>
my editform.php
<?php
$con = mysqli_connect("localhost","root","user","pass");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
mysqli_query($con,"UPDATE fgusers3 SET name = '".$_POST['name']."', email= '".$_POST['email']."', address= '".$_POST['address']."' WHERE id_user='".$_POST['id_user']."'");
header("Location: test.php");
?>
I have a login script that pulls from a DB and in that i have a column called "Allowed" that either has a 0 for not allowed or a 1 for allowed. How would I implement that into a login script to either allow the login or die? Hello
I am trying to work out how many regular users I have to my site and how long those users tend to be users..
So, I have a table that logs every time a user visits my site and logs in, it stores the date / time as a unix timestamp and it logs their user id.
I started by getting the id's of any user who logs in more than 5 times in a specified period, but now I want to extend that...
SELECT userID as user, count(userID) as logins FROM login_history where timestamp > UNIX_TIMESTAMP('2014-06-01 00:00:00') and timestamp < UNIX_TIMESTAMP('2014-07-01 00:00:00') group by user having logins > 5;
I just discovered that I have a major security flaw with my website. Anyone who logs in to the website can easily access other users information as well as delete and edit other users information just by changing the ID variable in the address bar. I have user ID Session started on these pages but still people can do anything they like with other users information just by editing the address bar. For example if your logged in in the address bar of www.mywebsite.com/delete_mystuff.php?id=5 and change the "5" say to a "9" then you will have access to user#9 information. Every important page that I have has this code: Code: [Select] session_start(); if (!isset($_SESSION['user_id'])) { // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/index.php'; ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } else { //Else If Logged In Run The Script if((isset($_GET['id'])) && (is_numeric($_GET['id']))) { $id = (int) $_GET['id']; } elseif ((isset($_POST['id'])) && (is_numeric($_POST['id']))) { $id = (int) $_POST['id']; } else { echo ' No valid ID found, passed in url or form element'; exit(); } What am I doing wrong? Please help if you know how to correct this. Many thanks in advance. I am pretty new to PHP and am trying to create a simple (so I assumed) page to takes data from one html page(works fine) and updates a MYSQL Database. I am getting no error message, but the connect string down to the end of the body section is showing up as plain text in my browser window. I do not know how to correct this. I have tried using two different types of connect strings and have verified my names from the HTML page are the same as listed within the php page. Suggestions on what I need to look for to correct would be great. I have looked online, but so far all I am getting is how to connect, or how to create a comment, so I thought I would try here. Thank you for any assistance I may get!! - Amy - Code: [Select] <body><font color="006600"> <div style="background-color:#f9f9dd;"> <fieldset> <h1>Asset Entry Results</h1> <?php // create short variable names $tag=$_POST['tag']; $serial=$_POST['serial']; $category=$_POST['category']; $status=$_POST['status']; $branch=$_POST['branch']; $comments=$_POST['comments']; if (!$tag || !$serial || !$category || !$status || !$branch) { echo "You have not entered all the required details.<br />" ."Please go back and try again."; exit; } if (!get_magic_quotes_gpc()) { $tag = addslashes($tag); $serial = addslashes($serial); $category = addslashes($category); $status = addslashes($status); $branch = addslashes($branch); $comments = addslashes($comments); } //@ $db = new mysqli('localhost', 'id', 'pw', 'inventory'); $db = DBI->connect("dbi:mysql:inventory:localhost","id","pw") or die("couldnt connect to database"); $query = "insert into assets values ('".$serial."', '".$tag."', '".$branch."', '".$status."', '".$category."', '".$comments."')"; $result = $db->query($query); if ($result) { echo $db->affected_rows." asset inserted into Inventory."; } else { echo "An error has occurred. The item was not added."; } $db->close(); ?> </fieldset> </div> </body> hi i need help an idea how can i separate members from admins since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 ) (its session login form only that i made it work other tutorials wre too old or something) how what i want to do is separate members and admins because admin need more rights to do now i have idea but dont know will it work like that what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work? and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag? Hello guys, Is there on web any updated tutorial on how can I add Facebook login on my simple php login script? How to add the ability to login with username or email for login?
<?php
ob_start();
include('../header.php');
include_once("../db_connect.php");
session_start();
if(isset($_SESSION['user_id'])!="") {
header("Location: ../dashboard");
}
if (isset($_POST['login'])) {
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$result = mysqli_query($conn, "SELECT * FROM users WHERE email = '" . $email. "' and pass = '" . md5($password). "'");
if ($row = mysqli_fetch_array($result)) {
$_SESSION['user_id'] = $row['uid'];
$_SESSION['user_name'] = $row['user'];
$_SESSION['user_email'] = $row['email'];
header("Location: ../dashboard");
} else {
$error_message = "Incorrect Email or Password!!!";
}
}
?>
Hi guys. What I want to create is really complicated. Well I have a login system that works with post on an external website. I have my own website, but they do not give me access to the database for security reasons, therefore I have to use their login system to verify my users. What their website does is that it has a post, with username and password. The POST website is lets say "https://www.example.com/login". If login is achieved (i.e. username and password are correct), it will redirect me to "https://www.example.com/login/success" else it will redirect me to "https://www.example.com/login/retry". So I want a PHP script that will do that post, and then according to the redirected website address it will return me TRUE for success, FALSE for not successful login. Any idea?? Thanks Hi guys, Can anyone assist me. I am trying to create a login for admin and user (if user not a member click register link) below is my code: But whenever I enter the value as: Username: admin Password:123 - I got an error message "That user does not exist!" Any suggestion and help would be appreciated. Thanks. login.php <?php //Assigned varibale $error_msg as empty //$error_msg = ""; session_start(); $error_msg = ""; if (isset($_POST['submit'])) { if ($a_username = "admin" && $a_password = "123") { //Define $_POST from form text feilds $username = $_POST['username']; $password = $_POST['password']; //Add some stripslashes $username = stripslashes($username); $password = stripslashes($password); //Check if usernmae and password is good, if it is it will start session if ($username == $a_username && $password == $a_password) { session_start(); $_SESSION['session_logged'] = 'true'; $_SESSION['session_username'] = $username; //Redirect to admin page header("Location: admin_area.php"); } } $username = (isset($_POST['username'])) ? $_POST['username'] : ''; $password = (isset($_POST['password'])) ? $_POST['password'] : ''; if($username && $password) { $connect = mysql_connect("localhost", "root", "") or die ("Couldn't connect!"); mysql_select_db("friendsdb") or die ("Couldn't find the DB"); $query = mysql_query ("SELECT * FROM `user` WHERE username = '$username'"); $numrows = mysql_num_rows($query); if ($numrows != 0){ while ($row = mysql_fetch_array($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } //Check to see if they are match! if ($username == $dbusername && md5($password) == $dbpassword) { header ("Location: user_area.php"); $_SESSION['username'] = $username; } else $error_msg = "Incorrect password!"; //code of login }else $error_msg = "That user does not exist!"; //echo $numrows; } else $error_msg = "Please enter a username and password!"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login Page</title> </head> <body> <br /> <?php require "header.php"; ?><br /> <div align="center"> <table width="200" border="1"> <?php // If $error_msg not equal to emtpy then display error message if($error_msg!="") echo "<div id=\"error_message\"style=\"color:red; \">$error_msg</div><br />";?> <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post"> <!--form action="login_a.php" method="post"--> Username: <input type="text" name="username" /><br /><br /> Password: <input type="password" name="password" /><br /><br /> <input type="submit" name = "submit" value="Log in" /> </form> <p> </p> Register a <a href="register.php">New User</a> </table> </div> </body> </html> im new , and ... i hate tutorials .. books .. anything that does not make u part of the deal - .. thats why i started by creating something and learning from my mistakes at the same time .. i like this way of learning .. soo , while im building and trying things out .. i started thinking how the server know the person with this link is really U ? .. when u start just linking pages to each other its just a matter of finding out what is the link to do what ever u want with the users personal pages ! .. i know my questions r stupid but i just hate to go and write lessons without any effort im confused with the concept of SESSIONS and COOKIES , r they the unswer to this security problem ? how u can work with them .. ? im not asking for codes .. just general ideas about users and how they control their profiles and stuff with full security ? ill be very thankful if i get any answer ^^ Hi everyone i wonder if you can help me he I need a script for a login and check login- create cookie. Here is my form: <form method="post" action="check_login.php"> <p> <input type="submit" name="Submit2" value="go" /> </fieldset> </p> </form> that sends it to check_login (which BEFORE i deleted something by accident, used to take me to a username and password box) But now all it does is send me straight to the memebrs area??? Can i change the check_login.php script to make it work correctly: Code: [Select] <?php // Connects to your Database mysql_connect("server", "user", "password") or die(mysql_error()); mysql_select_db("DB") or die(mysql_error()); //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['upassword']) { } else { header("Location: members_area.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['upassword']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['upassword'] = stripslashes($_POST['upassword']); $info['upassword'] = stripslashes($info['upassword']); $_POST['upassword'] = md5($_POST['upassword']); //gives error if the password is wrong if ($_POST['upassword'] != $info['upassword']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['upassword'], $hour); //then redirect them to the members area header("Location: members_area.php"); } } } else { // if they are not logged in ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table width="316" height="120" border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="upassword" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> Hello, I am once again desperately asking for your help, I am working on a simple login page and I am having trouble actually getting it to login. I display error messages for if the user doesn't enter anything but I can't seem to get it to work for if the credentials are wrong. It logs the user in whether the information is right or not and i dont even know what to do now
This is the code any suggestions would be greatly appreciated
<?php
/*
Name: Deanna Slotegraaf
Course Code: WEBD3201
Date: 2020-09-22
*/
$file = "sign-in.php";
$date = "2020-09-22";
$title = "WEBD3201 Login Page";
$description = "This page was created for WEBD3201 as a login page for a real estate website";
$banner = "Login Page";
require 'header.php';
$error = "";
if($_SERVER["REQUEST_METHOD"] == "GET")
{
$username = "";
$password = "";
$lastaccess = "";
$error = "";
$result = "";
$validUser = "";
}
else if($_SERVER["REQUEST_METHOD"] == "POST")
{
$conn;
$username = trim($_POST['username']); //Remove trailing white space
$password = trim($_POST['password']); //Remove trailing white space
if (!isset($username) || $username == "") {
$error .= "<br/>Username is required";
}
if (!isset($password) || $password == ""){
$error .= "<br/>Password is required";
}
if ($error == "") {
$password = md5($password);
$query = "SELECT * FROM users WHERE EmailAddress='$username' AND Password='$password'";
$results = pg_query($conn, $query);
//$_SESSION['username'] = $username;
//$_SESSION['success'] = "You are now logged in";
header('location: dashboard.php');
}else {
$error .= "Username and/or Password is incorrect";
}
}
?>
<div class = "form-signin">
<?php
echo "<h2 style='color:red; font-size:20px'>".$error."</h2>";
?>
<form action = "<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<label for="uname"><b>Login ID</b></label>
<input type="text" name="username" value="<?php echo $username; ?>"/>
<br/>
<label for="psw"><b>Password</b></label>
<input type="password" name="password" value="<?php echo $password; ?>"/>
<br/>
<button type="submit" name="login_user">Login</button>
<button type="reset">Reset</button></div>
</form>
</div>
<?php require "footer.php"; ?>
|
|||||||