PHP - Admin Login Script Issue.
Hi all,
Sorry to be a pain, but I've been out of the php game for quite a few years and have just come back to it briefly to help someone out. I've been using an old admin auth script that I used to use a long time ago but it's not working, and I can't for the life of me work it out :/ I apologise for the noobishness of the code, but as I said, it's been a long time. Any and all help would be very greatly appreciated. Here is the code: <? require("config.php"); mysql_connect($server,$login,$password) or die('Error connecting to server'); mysql_select_db($base) or die('Error connecting to database'); $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login'"); $data = @mysql_fetch_array($req); $member_name = $data["username"]; $member_pass = $data["mempass"]; $member_userlevel = $data["level"]; if($member_pass == $admin_pass) { SetCookie("mgdwebby","$member_name:$member_pass:$member_userlevel"); } include("header.php"); ?> <? if($action=="login") { if($admin_login==""){ echo"Wrong info. "; } elseif($admin_pass==""){ echo"Wrong info. "; } else{ require("config.php"); mysql_connect($server,$login,$password) or die('Error connecting to server'); mysql_select_db($base) or die('Error connecting to database'); $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login'"); $data = @mysql_fetch_array($req); $member_name = $data["username"]; $member_pass = $data["mempass"]; if($member_pass == $admin_pass) { echo"<head><meta http-equiv=\"refresh\" content=\"2;URL=admin.php\"></head><br><center>Please Wait.</center><br>"; $auth = explode(":",$HTTP_COOKIE_VARS["mgdwebby"]); if(empty($auth[0]) || empty($auth[1])) { } else { echo"Welcome<br>"; include("admin_left.php"); } } else { echo"Wrong info. "; } } } else { echo"<form method='post' action='?action=login'> <table width='307' align='center' cellspacing='0' cellpading='0' border='0'> <tr> <td width='200'> Login : </td> <td> <input type='text' name='admin_login'></td> </tr> <tr> <td width='200'> Password : </td> <td> <input type='password' name='admin_pass'></td> </tr> <tr> <td colspan='2' align='center'><center><input type='submit' value='Login'></center></td> </table> "; } ?> <? include("footer.php"); ?> Similar Tutorialshi guys how you doing? i new here so take it easy on me . basically just need some quick help and i thought this would be the best place to ask. ive been working on a admin login script but cant seem to get it right, i mean i can login in with random passwords :/ and also everytime i go to the index.php it shows the information i dont want it without being logged in. ive got the script running live just incase anyone wants to see what i mean its at http://www.lukerodham.co.uk/admin heres the code. Thanks in advance. index.php Code: [Select] <?php require_once("login.php"); $adminuser = $_SESSION['user']; ?> <html> <head> <title>hoonigans.co.uk</title> </head> <body> <h3 align="center">Welcome to the admin page.</h3> <span class="maintext"><br /> <p align="center">If you would like to post some news please <a href="news/post.php">click here</a>.<br /> To logout please <a href="logout.php">click here</a></p> </body> </html> login.php Code: [Select] <?php function loginpage($error){ echo " <html> <body> <div align='center'> <form method='post' action='".$_SERVER['REQUEST_URI']."'> <label>username: <input type='text' name='username' id='username'><br> <label>password: <input type='password' name='password' id='password'><br> </label> <label> <input type='submit' name='submit' id='submit' value='submit'> </label> </form> </div> </body> </html> "; } $username = $_POST['username']; $password = $_POST['password']; $login = $_post['login']; $host = *********; $dbuser = *********; $dbname = *********; $dbpass = *********; mysql_connect("$host","$dbuser","$dbpass"); mysql_select_db("$dbname"); session_start(); if($_SESSION['user'] != $username){ if(!$submit){ loginpage(false); } elseif($submit){ $get = mysql_query("SELECT * FROM users WHERE username='$username'"); while ($row = mysql_fetch_assoc($get)){ $admin = $row['admin']; $passwordmatch = $row['password']; if ($passwordmatch==$password&&$admin==1){ $_SESSION['user']="$username"; echo "this worked"; } else{ die("Sorry wrong information."); } } } } ?> Hi guy's, I'm having problems adjusting a script to add a level (user rights) function. When i login with a admin or normal user it gives a blank page (not redirecting to home.php). It even does'nt return an echo that user / pass is incorrect. I'm breaking my head over this for day's now. Can you help me out? Code: [Select] <?php session_start(); //Login form (index.php) include "db_connect.php"; if(!$_POST['submit']) { ?> <html> <head> <!--[if IE]> <link rel="stylesheet" type="text/css" href="style.css" /> <![endif]--> <![if !IE]> <link rel="stylesheet" type="text/css" href="firefox.css" /> <![endif]> </head> <body> <div id="wrapper"> <div id="header"> <?php include('header.php'); ?> </div> <div class="divider"> <strong>Login</strong> <form method="post" action="index.php"> <div class="formElm"> <label for="username">Klantnummer:</label> <input id="username" type="text" name="username" maxlength="16"> </div> <div class="formElm"> <label for="password">Wachtwoord:</label> <input type="password" name="password" maxlength="16"> </div> <input type="submit" name="submit" value="Login"> </form> </div> <div id="footer"> <?php include('footer.php'); ?> </div> </div> </html> <?php } else { $user = protect($_POST['username']); $pass = protect($_POST['password']); $level = protect($_POST['level']); if($user && $pass && $level) { $pass = md5($pass); //compare the encrypted password $sql1 ="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass' AND `level`='1'"; $sql2 ="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass' AND `level`='9'"; $queryN=mysql_query($sql1) or die(mysql_error()); $queryA=mysql_query($sql2) or die(mysql_error()); if(mysql_num_rows($queryN) == 1) { $resultN = mysql_fetch_assoc($queryN); $_SESSION['id'] = $resultN['id']; $_SESSION['username'] = $resultN['username']; header("location:home.php"); } elseif(mysql_num_rows($queryA) == 1) { $resultA = mysql_fetch_assoc($queryA); $_SESSION['id'] = $resultA['id']; $_SESSION['username'] = $resultA['username']; header("location:home.php"); } else{ echo "Wrong Username or Password"; } } } ?> and the mysql code: Code: [Select] CREATE TABLE `user` ( `id` int(4) unsigned NOT NULL auto_increment, `username` varchar(32) NOT NULL, `password` varchar(32) NOT NULL, `level` int(4) default '1', PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=27 DEFAULT CHARSET=latin1; hi i need help an idea how can i separate members from admins since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 ) (its session login form only that i made it work other tutorials wre too old or something) how what i want to do is separate members and admins because admin need more rights to do now i have idea but dont know will it work like that what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work? and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag? Hi guys, Can anyone assist me. I am trying to create a login for admin and user (if user not a member click register link) below is my code: But whenever I enter the value as: Username: admin Password:123 - I got an error message "That user does not exist!" Any suggestion and help would be appreciated. Thanks. login.php <?php //Assigned varibale $error_msg as empty //$error_msg = ""; session_start(); $error_msg = ""; if (isset($_POST['submit'])) { if ($a_username = "admin" && $a_password = "123") { //Define $_POST from form text feilds $username = $_POST['username']; $password = $_POST['password']; //Add some stripslashes $username = stripslashes($username); $password = stripslashes($password); //Check if usernmae and password is good, if it is it will start session if ($username == $a_username && $password == $a_password) { session_start(); $_SESSION['session_logged'] = 'true'; $_SESSION['session_username'] = $username; //Redirect to admin page header("Location: admin_area.php"); } } $username = (isset($_POST['username'])) ? $_POST['username'] : ''; $password = (isset($_POST['password'])) ? $_POST['password'] : ''; if($username && $password) { $connect = mysql_connect("localhost", "root", "") or die ("Couldn't connect!"); mysql_select_db("friendsdb") or die ("Couldn't find the DB"); $query = mysql_query ("SELECT * FROM `user` WHERE username = '$username'"); $numrows = mysql_num_rows($query); if ($numrows != 0){ while ($row = mysql_fetch_array($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } //Check to see if they are match! if ($username == $dbusername && md5($password) == $dbpassword) { header ("Location: user_area.php"); $_SESSION['username'] = $username; } else $error_msg = "Incorrect password!"; //code of login }else $error_msg = "That user does not exist!"; //echo $numrows; } else $error_msg = "Please enter a username and password!"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login Page</title> </head> <body> <br /> <?php require "header.php"; ?><br /> <div align="center"> <table width="200" border="1"> <?php // If $error_msg not equal to emtpy then display error message if($error_msg!="") echo "<div id=\"error_message\"style=\"color:red; \">$error_msg</div><br />";?> <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post"> <!--form action="login_a.php" method="post"--> Username: <input type="text" name="username" /><br /><br /> Password: <input type="password" name="password" /><br /><br /> <input type="submit" name = "submit" value="Log in" /> </form> <p> </p> Register a <a href="register.php">New User</a> </table> </div> </body> </html> Hallo I have a problem.
This is my code:
<?php include 'connect.php'; ?> <html> <head> <title>Admin Insert page!</title> </head> <body> <?php error_reporting(-1);ini_set('display_errors',1); if (isset($_POST['submit'])){ $name = $_POST['name']; $password = $_POST['password']; $result = mysql_query("SELECT * FROM users WHERE user='$name' AND password='$password'"); $num = mysql_num_rows($result); if($num == 0){ echo "Bad login, go <a href='login.php'>back</a>"; }else{ session_start(); $_SESSION['name'] = $name; header("Location: admin.php"); } }else{ ?> <form action='login.php' methody='post'> Username: <input type='text' name='name'/><br /> Password: <input type='password' name='password'/><br /> <input type='submit' name='submit' value='Login' /> </body> </html>I try to use console to find the problem but I didn't.... I know that there is some problem with $num Can somebody help me? Thank you. Edited by Artur, 19 October 2014 - 12:11 PM. Any help would be greatly appreciated! <?php $host="localhost"; // Host name $username="user"; // Mysql username $password=""; // Mysql password $db_name=""; // Database name $tbl_name=""; // Table name mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $barcodeID=$_POST['barcode']; echo $barcodeID; $barcodeID = stripslashes($barcodeID); $barcodeID = mysql_real_escape_string($barcodeID); $sql="SELECT * FROM $tbl_name WHERE BarcodeID='$barcodeID'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); $count=mysql_num_rows($result); if($count==1){ $_SESSION['barcode'] = $barcodeSession; $_SESSION['userlevel'] = $row['Priority']; if($row['userlevel'] == "Admin") { header("location:AdminSection.php"); }else{ header("location:index.php"); } header("location:LoggedIn.php"); } else { header("location:index.php"); } ?> when the script has been run, I want it to redirect to either the user page or admin page depending on their priority level. if Priority field == "Admin" then go to admin page. Can you see anything missing? Thank You Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\sas\shoppingcart\adminlogin.php on line 16 Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\sas\shoppingcart\adminlogin.php:16) in C:\xampp\htdocs\sas\shoppingcart\adminlogin.php on line 33 Hello, I have a problem with my website, Admin login page (http://www.tranceprofile.com/storeadmin/admin_login.php I can not login to my Admin controle panel. Login information: Username: Mitch Password: schuur111 Username: Admin Password: poopoo Can someone help me ? Here is my admin_login.php source code. If you need some other source code in my /storeadmin folder please tell Code: [Select] <?php session_start(); if (isset($_SESSION["manager"])) { header("location: index.php"); exit(); } ?> <?php // Parse the log in form if the user has filled it out and pressed "Log In" if (isset($_POST["username"]) && isset($_POST["password"])) { $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); // filter everything but numbers and letters $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); // filter everything but numbers and letters // Connect to the MySQL database include "../storescripts/connect_to_mysql.php"; $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person // ------- MAKE SURE PERSON EXISTS IN DATABASE --------- $existCount = mysql_num_rows($sql); // count the row nums if ($existCount == 1) { // evaluate the count while($row = mysql_fetch_array($sql)){ $id = $row["id"]; } $_SESSION["id"] = $id; $_SESSION["manager"] = $manager; $_SESSION["password"] = $password; header("location: index.php"); exit(); } else { echo 'That information is incorrect, try again <a href="index.php">Click Here</a>'; exit(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Admin Log In </title> <link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" /> </head> <body> <div align="center" id="mainWrapper"> <?php include_once("../template_header.php");?> <div id="pageContent"><br /> <div align="left" style="margin-left:24px;"> <h2>Please Log In To Manage the Store</h2> <form id="form1" name="form1" method="post" action="admin_login.php"> User Name:<br /> <input name="username" type="text" id="username" size="40" /> <br /><br /> Password:<br /> <input name="password" type="password" id="password" size="40" /> <br /> <br /> <br /> <input type="submit" name="button" id="button" value="Log In" /> </form> <p> </p> </div> <br /> <br /> <br /> </div> <?php include_once("../template_footer.php");?> </div> </body> </html> Ok.. I have made an admin section for a couple of sites, and it works fine, alough i'm almost certain that the way i have done it is not the "proper way". What I have done is had a form with a password field that sends the password via POST to another script that checks the password is correct via variable, something like this: Code: [Select] <?php $pass = $_POST["pass"]; $correct = "imapassword"; if($pass == $correct){ //display contents of page else{ //return user to login screen } ?> And then it saves the password into a cookie, that dies either over time or when the browser closes. And then on each page it tests wether that cookie is still there and is correct. When the user wants to log out it just destroys the cookie. This seems like a really hashed up way of doing it, could anybody let me know the bare essentials for making a similar system, but the "right way". Thankyou in advance Howdy colleagues,
Please help! I am writing a WP plugin the boss of the website to be notified when an admin logs in. So far so good, but I can't make the damn code to send the email when the user logs in. If I change the add_action to "admin_notices" the email is being sent, but if I put "wp_login" it does not Please help, here is the code so far...
function _emnoti_get_time_of_login(){ $time_of_login = date('l F Y'); return $time_of_login; } # Get the IP of the user that logged themselves as admin function _emnoti_get_ip(){ $sources = array( 'REMOTE_ADDR', 'HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', ); foreach ($sources as $source) { if(!empty($_SERVER[$source])){ $ip = $_SERVER[$source]; } } return $ip; } # Email all the info above to a pointed email address function emnoti_send_email($user_login, $user){ if(_emnoti_check_if_admin() === true){ // print _emnoti_get_time_of_login(); // print _emnoti_get_ip(); wp_mail("MY EMAIL!", "Test subject", 'test body'); } } add_action('wp_login', 'emnoti_send_email', 10, 2); ?> I am trying to learn php and I cannot figure out how to get a simple login form going. I am getting this error.
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given
I have no clue what I am doing wrong. I am following the "HowTo".
Here is my code
Index.php ( Login Form )
<form name="form1" method="post" action="checklogin.php"> <div id="wrappermiddle"> <h2>Login</h2> <div id="username_input"> <div id="username_inputleft"></div> <div id="username_inputmiddle"> <input name="myusername" type="text" id="myusername" value="Email Address"> <img id="url_user" src="./images/mailicon.png" alt=""> </div> <div id="username_inputright"></div> </div> <div id="password_input"> <div id="password_inputleft"></div> <div id="password_inputmiddle"> <input name="mypassword" type="text" id="mypassword" value="Password"> <img id="url_password" src="./images/passicon.png" alt=""> </div> <div id="password_inputright"></div> </div> <div id="submit"> <input type="image" src="./images/submit.png" name="Submit" value="Login"> </form> </div>checklogin.php <?php $host="localhost"; // Host name $username="MY DB USER"; // Mysql username $password="Password"; // Mysql password $db_name="MY DB Name"; // Database name $tbl_name="admin"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?>Any help would be greatly appreciated. Edited by Oblivion13, 07 October 2014 - 05:25 PM. Login.php Code: [Select] <?php mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("Regis") or die(mysql_error()); if (isset($_POST["sub"])) { $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); $_POST['pass'] = addslashes($_POST['pass']); } $usercheck = $_POST["username"]; $check = mysql_query("SELECT username FROM registration WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('Sorry, the username" ." ".$usercheck." ". "is already in use.')</SCRIPT>"); echo ("<SCRIPT LANGUAGE='JavaScript'>setTimeOut(window.location = 'registration.php',1)</script>"); } else if($_POST['username'] && $_POST['pass'] && $_POST['pass2'] ) { $insert = "INSERT INTO registration (username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')"; $add_member = mysql_query($insert); echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('Registration had been succesfully added :)')</SCRIPT>"); } } ?> <html> <head> <script type="text/javascript"> function a() { var x = document.login.username.value; var y = document.login.pass.value; if(x==""&& y=="") { alert("Please insert all message!"); return false; } if(x=="") { alert("Please insert an username!"); return false; } if(y=="") { alert("Please insert an password!"); return false; } } </script> </head> <body> <table border="0"> <form name="login" method="post" action="form2.php" onsubmit="return a()"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td> <td><input type="text" name="username" maxlength="40"></td></tr> <tr><td>Password:</td> <td><input type="password" name="pass" maxlength="50"></td></tr> <tr><td><input type="submit" name="submit" value="Register"></a></td> <td><input type="submit" name="submit" value="Login"></td></tr> </form> </body></html> form2.php Code: [Select] <?php mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("cute") or die(mysql_error()); $message=$_POST['message']; $n=$_POST['username']; if(isset($_POST['submit'])) //if submit button push has been detected { if(strlen($message)>1) { $message=strip_tags($message); $IP=$_SERVER["REMOTE_ADDR"]; //grabs poster's IP $checkforbanned="SELECT IP from ipbans where IP='$IP'"; $checkforbanned2=mysql_query($checkforbanned) or die("Could not check for banned IPS"); if(mysql_num_rows($checkforbanned2)>0) //IP is in the banned list { print "You IP is banned from posting."; } else { $thedate = date("U"); //grab date and time of the post $insertmessage="INSERT into chatmessages (name,IP,postime,message) values('$n','$IP','$thedate','$message')"; mysql_query($insertmessage) or die("Could not insert message"); } } } ?> <html> <head> <script type="text/javascript"> function addsmiley(code) { var pretext = document.smile.message.value; this.code = code; document.smile.message.value = pretext + code; } function a() { var x = document.smile.message.value; if(x=="") { alert("Please insert an message!"); return false; } } </script> <style type="text/css"> body{ background-color: #d8da3d } </style> </head> <body> <form name="smile" method="post" action="form2.php" onSubmit="return a()" > Your message:<br><textarea name='message' cols='40' rows='2'></textarea><br> <img src="smile.gif" alt=":)" onClick="addsmiley(':)')" style="cursor:pointer;border:0" /> <img src="blush.gif" alt=":)" onClick="addsmiley('*blush*')" style="cursor:pointer;border:0" /> <input type="hidden" name="username" value="<?php echo $n;?>"> <input type='submit' name='submit' value='Send' class='biasa' ></form> <br> <br> </body> </html> My problem is in login.php in form section, can one form can be used user or admin because just now im doing is for user if user login it goes to form2.php but im want also in the same form if admin the form post to form3.php any way to do that thank you <?php session_start( ); include_once( dirname( __FILE__ )."/../inc/func/get_sth.php" ); include_once( _ABSPATH_."/inc/func/header.php" ); if ( $_GET["f"] == "login" ) { $adminuser = strtolower( strip_tags( trim( $_POST["adminuser"] ) ) ); $r_0 = strtolower( strip_tags( trim( $_SESSION["r"] ) ) ); $r_1 = strtolower( strip_tags( trim( $_POST["r"] ) ) ); if ( $r_0 == $r_1 ) { $result = mysql_query( "SELECT password FROM admin where adminuser='".$adminuser."'" ); $val = mysql_fetch_array( $result ); if ( !$val["password"] ) { $loginfail = 1; } else { if ( $val[password] === md5( $_POST["password"] ) ) { $_SESSION['admin'] = $adminuser; header( "Location: ./" ); exit( ); } $loginfail = 1; } } else { $loginfail = 2; } } $page_title = l( "Administration Login" )." | ".get_sitename( ); $smarty->assign( "page_title", $page_title ); $smarty->assign( "loginfail", $loginfail ); $smarty->display( "mgt/login.tpl" ); ?> Hey guys, I'm kind of a n00b with PHP and i'm trying to practice by building a mock e-comm site, but i'm having a problem with my admin login form. When the information is submitted the form just clears and doesn't redirect me to the index.php file i have set-up. My knowledge of php isn't where i'd like it to be yet, so i'm here for help! I'll post the code for bpoth the admin login page and the index.php file. ADMIN LOGIN PAGE | | V <?php session_start(); if (isset($_SESSION["username"])) { header("location: index.php"); exit(); } ?> <?php if (isset($_POST["username"]) && isset($_POST["password"])){ $username = $_POST["username"]; // filter everything but numbers and letters $password = $_POST["password"]; // filter everything but numbers and letters include "../storescripts/connect_to_mysql.php"; $sql = mysql_query("SELECT id FROM admin WHERE username='$username' AND password='$password' LIMIT 1"); $existCount = mysql_num_rows($sql); // count the row nums if ($existCount == 1) { // evaluate the count while($row = mysql_fetch_array($sql)){ $id = $row["id"]; } $_SESSION["id"] = $id; $_SESSION["username"] = $username; $_SESSION["password"] = $password; header("location: index.php"); exit(); } else { echo 'That information is incorrect, try again <a href="index.php">Click Here</a>'; exit(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Store Admin Area</title> <link rel="stylesheet" type="text/css" href="../css/main_style.css" /> </head> <body> <div id="wrapper"> <div id="text"><br /> <div align="left" style="margin-left:100px; margin-top:100px;"> <h2>Please Login To Manage The Store</h2> <br /><br /> <form id="form1" name="form1" method="post" action="admin_login.php"> <strong>Username</strong> <input name="username" type="text" id="username" size="40" /> <br /><br /> <strong>Password</strong> <input name="password" type="password" id="password" size="40" /> <br /> <br /> <input type="submit" name="button" id="button" value="Login" /> </form> </div> </div><!--closes wrapper--> </body> </html> INDEX.PHP FILE | | V <?php session_start(); if (!isset($_SESSION["username"])) { header("location: admin_login.php"); exit(); } $usernameID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); $username = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["username"]); $password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); include "../storescripts/connect_to_mysql.php"; $sql = mysql_query("SELECT * FROM admin WHERE id='$usernameID' AND username='$username' AND password='$password' LIMIT 1"); // query the person $existCount = mysql_num_rows($sql); // count the row nums if ($existCount == 0) { // evaluate the count echo "Your login session data is not on record in the database."; exit(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Store Admin Area</title> <link rel="stylesheet" type="text/css" href="../css/main_style.css" /> </head> <body> <div id="wrapper"> <div id="text"><br /> <div align="left" style="margin-left:100px; margin-top:100px;"> <h2>Hello store manager, what would you like to do today?</h2> <p><a href="inventory_list.php">Manage Inventory</a><br /> <a href="#">Manage Blah Blah </a></p> </div> <br /> <br /> <br /> </div><!--closes wrapper--> </body> </html> Any help and suggestions are greatly appreciated! Thanks! Login.php Code: [Select] <?php session_start(); mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("cute") or die(mysql_error()); $username = $_POST['username']; $password = $_POST['pass']; if (isset($_POST["submit"])) { $log = "SELECT * FROM regis WHERE username = '$username'"; $login = mysql_query($log); $row = mysql_fetch_array($login); $number = mysql_num_rows($login); if ($number > 0) { $_SESSION['username'] = $row['username']; $_SESSION['userlevel'] = $row['userlevel']; if($_SESSION['userlevel']==1) { $_SESSION['is_logged_in'] == 1; header("Location: form2.php"); } else if($_SESSION['userlevel']== 0) { $_SESSION['is_logged_in'] == 1; header("Location: registration.php"); } } Registration.php Code: [Select] <?php echo 'Welcome:' .$_SESSION['is_logged_in'];?> form2.php Code: [Select] <?php session_start(); if (empty($_SESSION['is_logged_in'])) { header("Location:chatframe.php"); die(); // just to make sure no scripts execute } ?> <?php mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("cute") or die(mysql_error()); $message=$_POST['message']; $a=$_SESSION['username']; if(isset($_POST['submit'])) //if submit button push has been detected { if(strlen($message)>1) { $message=strip_tags($message); $IP=$_SERVER["REMOTE_ADDR"]; //grabs poster's IP $checkforbanned="SELECT IP from ipbans where IP='$IP'"; $checkforbanned2=mysql_query($checkforbanned) or die("Could not check for banned IPS"); if(mysql_num_rows($checkforbanned2)>0) //IP is in the banned list { print "You IP is banned from posting."; } else { $thedate = date("U"); //grab date and time of the post $insertmessage="INSERT into chatmessages (name,IP,postime,message) values('$a','$IP','$thedate','$message')"; mysql_query($insertmessage) or die("Could not insert message"); } } } ?> <html> <head> <script type="text/javascript"> function addsmiley(code) { var pretext = document.smile.message.value; this.code = code; document.smile.message.value = pretext + code; } function a() { var x = document.smile.message.value; if(x=="") { alert("Please insert an message!"); return false; } } </script> <style type="text/css"> body{ background-color: #d8da3d } </style> </head> <body> <form name="smile" method="post" action="form2.php" onSubmit="return a()" > Your message:<br><textarea name='message' cols='40' rows='2'></textarea><br> <img src="smile.gif" alt=":)" onClick="addsmiley(':)')" style="cursor:pointer;border:0" /> <img src="blush.gif" alt=":)" onClick="addsmiley('*blush*')" style="cursor:pointer;border:0" /> <input type='submit' name='submit' value='Send' class='biasa' ></form> <br> <br> </body> </html> In this registration.php when im called back its appear nothing im means the number is not showing and the login code even im had also put the "$_SESSION['is_logged_in'] == 1;" outside if else userlevel statement and then i put $d= $_SESSION['is_logged_in'] == 1; and im echoing back but it is nothing im thinks something wrong in session is login and also still it cannot redirect to admin -form2.php when session is login in is 1 Hello everyone: I wanted to see how I can make a simple login page (user name and password) that redirects to a page(s) if the login is correct. Also, I wanted to put protection on the page(s) that will send the user back to the login page if the credentials are nor correct. I would imagine the username/password would be stored in a database table (Admins), and the correct login info would be stored in a session ..? I am use to doing this with ASP, but never PHP. I want to make sure I understand how to do this properly and securely so I can use this as a model for other systems. In ASP I would do a protected page like this: a_login_check.asp Code: [Select] <% if session("admin_user_name") = "" then session.abandon response.redirect "login.asp" end if %> Protected-Page.asp Code: [Select] <!-- #include file="include/a_check_login.asp" --> <html> ... CONTENT ... </html> And of course there is the login page itself ... (I thought it would be nice to add a "Forgot Password" link on the login page, but if that is too complicated I can do that later .. or is it easy ??) Anyway, can someone point-out to me how to do this. I would appreciate it! Warning: imagejpeg() [function.imagejpeg]: Unable to open '/Applications/XAMPP/xamppfiles/htdocs/images/category/90f9f5fb6bd92875b85a69ed2f5749cc.jpg' for writing: Permission denied in /Applications/XAMPP/xamppfiles/htdocs/admin/library/functions.php on line 254 getting this error when i try to upload a photo using my admin section of a shopping cart. cant figure it out. any help greatly appreciated. heres my code: Code: [Select] function copyImage($srcFile, $destFile, $w, $h, $quality = 75) { $tmpSrc = pathinfo(strtolower($srcFile)); $tmpDest = pathinfo(strtolower($destFile)); $size = getimagesize($srcFile); if ($tmpDest['extension'] == "gif" || $tmpDest['extension'] == "jpg") { $destFile = substr_replace($destFile, 'jpg', -3); $dest = imagecreatetruecolor($w, $h); imageantialias($dest, TRUE); } elseif ($tmpDest['extension'] == "png") { $dest = imagecreatetruecolor($w, $h); imageantialias($dest, TRUE); } else { return false; } switch($size[2]) { case 1: //GIF $src = imagecreatefromgif($srcFile); break; case 2: //JPEG $src = imagecreatefromjpeg($srcFile); break; case 3: //PNG $src = imagecreatefrompng($srcFile); break; default: return false; break; } imagecopyresampled($dest, $src, 0, 0, 0, 0, $w, $h, $size[0], $size[1]); switch($size[2]) { case 1: case 2: imagejpeg($dest,$destFile, $quality); break; case 3: imagepng($dest,$destFile); } return $destFile; } Hey, in a nutshell the only thing in admin.php is the ability to moderate unapproved images, however, once approved, the "Approve Delete" links are still on screen. How it works is a user uploads an image, the filename is added to mysql and the image is added to uploads/ once I Approve an image, the image is then moved to img/ to display on the index.php (to prevent porn and anything that doesn't belong to the general public). I know what's happening, because I've got while loops to display the image while looping through the mysql database, so once the image is moved, the links are still on screen, displaying an "Approve Delete" for every image in the database. Also another thing that happens is the images on index.php are blank until approved. How can I work around this? Here is the index.php when an image hasn't been approved: http://www.xodiac.net/1.png And here is the admin.php displaying Approve and Delete once an image has been approved: http://www.xodiac.net/2.png Hello guys, Is there on web any updated tutorial on how can I add Facebook login on my simple php login script? what am i doing wrong? Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /****/*****/*/domains/klikertje.nl/public_html/adminpaneel/index.php on line 123 script of adminpaneel/index.php <?php include("../config.php"); include('../cronjobs.php'); $gebruikersnaam = "robin"; //De gewenste gebruikernaam $wachtwoord = "rg953gejFDI3c"; //Het gewenste wachtwoord if(preg_match('/^[a-zA-Z ]+$/D', $_SERVER['PHP_AUTH_USER']) == 0){ if(preg_match('/^[a-zA-Z ]+$/D', $_SERVER['PHP_AUTH_PW']) == 0){ if($_SERVER['PHP_AUTH_USER'] != $gebruikersnaam || $_SERVER['PHP_AUTH_PW'] != $wachtwoord) { header("WWW-Authenticate: Basic realm=\"Beveiliging\""); header("HTTP/1.0 401 Unauthorized"); echo "Je bent niet ingelogd! Probeer het <A HREF=\"javascript:location.reload();\">opnieuw</A>."; exit; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>MiljoenenMail</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="miljoenenmail" /> <meta name="description" content="MiljoenenMail" /> <meta http-equiv="content-language" content="nl" /> <link href="../css/style.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="containermain"> <div id="headercontainer"> <div id="headerleft"> <div id="logo"><img src="../images/miljoenenmaillogo.png"></div> <div id="menu"> <ul> <li class="first"><a href="index.php">Algemeen</a></li> <li><a href="afmelden.php">Uitloggen</a></li> <li><a href="profile.php">profiel</a></li> <li><a href="payout.php">Uitbetaling</a></li> </ul> </div> </div> <div id="headerright"> <center><i>Welkom Beheerder</i></center> <table border="0" width="235px" style="margin-top: 5px;" height="85px"> <tr><td><img src="images/parel.png" alt="Parel" /></td><td style="text-align:left;">Parels: <?=$gebruiker->parels?></td><td><img src="images/eurosymbol.png" alt="Euro" /></td><td style="text-align:left;"><?=$gebruiker->saldo?></td></tr> <tr><td><img src="images/klikmissie.png" alt="Kliknissie" /></td><td style="text-align:left;">Klikmissie</td><td><img src="images/wallet.png" alt="Uitbetalen"/></td><td style="text-align:left;">Uitbetalen</td></tr> <tr><td><img src="images/message.png" alt="Berichten" /></td><td style="text-align:left;">Berichten: <b><?=$gebruiker->berichten?></b></td><td><img src="images/nl_flag.png" alt="" /></td><td style="text-align:left;">Nederland</td></tr> 2 </table> </div> </div> <div id="floatheader"></div> <div id="tab_understroke"></div> <div id="container"> <div id="rechtscontainer"> <div id="topblue"></div> <div id="main"> <p><strong><h2>AdminPaneel</h2></strong></p> <hr /> <form name="form1" method="post" action=""> <table border="0"> <tr> <td>de nieuws/voorpagina wijzigen:</td> <?php if(!isset($_POST['Submit'])) { ?> <td><input name="nieuws" type="text" size="20" <?php if(isset($nieuws->inhoud)) { ?>value="<?=$nieuws->inhoud?>"<?php } ?>></td> </tr> <tr> <td colspan="2"> <input type="submit" name="Submit" value="Opslaan"> </td> </tr> </table> </form> <?php } else { if(isset($_POST['nieuws']) OR $_POST['nieuws'] !== $nieuws->inhoud ) { mysql_query("UPDATE cmssysteem SET inhoud='".$_POST['nieuws']."'"); } echo "bedankt voor je wijzigingen ze zijn succesvol opgeslagen en veel plezier verder met de site admin ;)"; } ?> </div> <div id="right"> <div class="title">Statistieken</div> <div class="right_content"> Aantal leden: <?=$leden?><br /> Leden online: <?=$leden?><br /> Totaal aantal parels: <?=$totaalparels?><br /> € 532,00 uitgekeerd! </div> </div> </div> <div id="float"></div> <div id="footer"></div> </div> </div> <center><table border="0" width="861px"> <tr><td align="left"><pre>© 2010 Miljoenenmail.nl</pre></td><td align="right"><pre>made by: Ismail Metaich</pre></td></tr> </table></center> </body> </html> <? } else { echo "<html><body>$_SERVER['PHP_AUTH_PW'] bevat cijfers of speciale tekens alleen letters mogelijk!</html></body>" } } else { echo "$_SERVER['PHP_AUTH_USER'] bevat cijfers of speciale tekens alleen letters mogelijk!"; } ?> |