|
PHP - Display Login Name
Could somebody help to pint me in the right direction where to look for the correct syntax for my problem.
The user logs in and is sent to the members area, their username is echoed out to display that they are logged in, my problem is that it is displaying all the users in my database (currently 2 usernames). I would just like to have the current users username displayed. Code: [Select] <?php $con = mysql_connect("server","username", "password"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("database", $con); $result = mysql_query("SELECT username FROM users" ); while($row = mysql_fetch_array($result)) { echo "<tr>"; echo "<td>" . $row['username'] . "</td>";; echo "</tr>";} echo "</table>"; ?> What sholud i research to perform this task properly? thank you. Similar TutorialsI would like to know how to display the user's name after they logged in. This is the form: Code: [Select] <form action="login" method="post" name="LoginForm"> <p> <input name="username" type="text" /></p> <p> <input name="password" type="text" /></p> <p> <input type="submit" value="Login" /></p> </form> This is the login.php Code: [Select] <?php $myusername=$_POST['username']; $mypassword=$_POST['password']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM members WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("username"); session_register("password"); header("location:success"); } else { echo "Wrong Username or Password"; } ?> This is the page that it goes to after login, success.php: Code: [Select] <?php foreach ($this->_params['list'] as $login ){ $login_name = $login['name']; echo "<table>"; echo "<tr>"; echo "<td>"; echo "<a href=/logins/view/".$login['id'].">$login_name</a>"; echo "</td>"; echo "</tr>"; echo "</table>"; } ?> <?php session_destroy(); ?> <a href="/partner_portals/view">Log out</a> Hi there, New to the forum... thank you in advance for any help! I created a login system using a tutorial found online. Everything works perfectly.. but now the client wants "Hello [First Name]" displayed after logging in. I've tried about 12 different tutorials at this point and can't seem to tweak them enough to work with my code. A lot of the tutorials have session_start(); at the top of their protected (welcome.php) page. But mine seems to be held in a variable in another script and the top of my welcome.php looks like this: Code: [Select] <?PHP require_once("./include/membersite_config.php"); if(!$fgmembersite->CheckLogin()) { $fgmembersite->RedirectToURL("login.php"); exit; } ?> This is what I have on my welcome page as well but I don't know how to make this all come together and work.. Code: [Select] Hello <?php echo $_SESSION['name']; ?> I'm using mySQL 5.0, and php 5.2. Will anyone shed light on this for me? I'll provide any other info you may need.. Thank you Hey guys,
i need help with my script i don't find how i can let display an login error
please help.
<?php require_once('../Connections/localhost.php');?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
mysql_select_db($database_localhost, $localhost);
$query_User = "SELECT * FROM users";
$User = mysql_query($query_User) or die(mysql_error());
function GetUser($naam, $password)
{
global $User;
while($row = mysql_fetch_array($User))
{
if($row["username"] == $naam)
{
if($row["password"] == $password)
{
return true;
}
}
}
return false;
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "../home/";
$MM_redirectLoginFailed = "index.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_localhost, $localhost);
$LoginRS__query=sprintf("SELECT username, password FROM users WHERE username=%s AND password=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $localhost) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
<?php
include '../content/content.php';
include '../content/menu.php';
?>
<div class="content">
<div class="text">
<div class="contentbox">
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST' ) {
$username = trim(htmlentities(mysql_real_escape_string($_POST['username'])));
$password = trim(htmlentities(mysql_real_escape_string($_POST['password'])));
if (!empty($username) && !empty($password)) {
if(GetUser($username, $password)){
$_SESSION['username'] = $username;
}
}
}
?>
<?php
if(isset($_SESSION["username"]))
{
echo "<center>ur alredy logged in</center><br><br><>";
}else{
?>
<?php
if(isset($_SESSION['status']))
{
echo $_SESSION['status'];
unset($_SESSION['status']);
}
?>
<form ACTION="<?php echo $loginFormAction; ?>" METHOD="POST" name="login_form">
<fieldset class="account-info">
<label>Username<br/>
<input type="text" name="username"><br/>
</label>
<label>Password<br/>
<input type="password" name="password"><br/>
</label>
</fieldset>
<fieldset class="account-action">
<input class="btn btn-primary" type="submit" value="Login">
<a class="registerbtn" href="register.php" >Register</a>
</fieldset>
</form>
<?php
}
?>
<?php
echo "<br/>"."<center>";
include '../content/copy.php';
include '../content/bg.php';
echo "</center>";
?>
</div>
</div>
</div>
<video autoplay loop poster="../background/bg.jpg" id="bgvid">
<source src="../background/bg.webm" type="video/webm">
</video>
<body>
</body>
</html>
<?php
mysql_free_result($User);
?>
after the user has logged in, I would like to display their details by barcode id Login.php <?php $host=""; // Host name $username=""; // Mysql username $password=""; // Mysql password $db_name=""; // Database name $tbl_name=""; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); session_start(); // username and password sent from form $barcodeID=$_POST['barcode']; // To protect MySQL injection (more detail about MySQL injection) $barcodeID = stripslashes($barcodeID); $barcodeID = mysql_real_escape_string($barcodeID); $sql="SELECT * FROM $tbl_name WHERE BarcodeID='$barcodeID'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count > 0){ $data = mysql_fetch_array ($result); $_SESSION["user_id"] = $data["BarcodeID"]; $_SESSION["user_firstname"] = $data["Firstname"]; $_SESSION["user_surname"] = $data["Surname"]; $_SESSION["user_jobrole"] = $data["JobRole"]; $_SESSION["user_manager"] = $data["Manager"]; $_SESSION["user_priority"] = $data["Priority"]; $_SESSION["user_datejoined"] = $data["DateJoined"]; $_SESSION["user_times_loggged_in"] = $data["TimesLoggedOn"]; if ($_SESSION["user_priority"] == '1') { header("Location: AdminSection.php"); } else { header("Location:LoggedIn.php"); } if ($_SESSION["user_times_loggged_in"] == '0') { header("Location:UsingTheSystem.html"); } } ?> LoggedIn.php I keep getting the error undefined index "barcode"? <?php $barcodeID = $_POST["barcode"]; include 'dbcon.php'; $sql = "SELECT Firstname, Surname, JobRole, Manager" . " FROM users" . " WHERE BarcodeID = .'$barcodeID'" ; $rows = mysql_query($sql); echo $rows; ?> Any help will be greatly appreciated Thanks In follow up to my previous post, I have found a way to display my data but now I am wanting to only display certain data (within an 'if' statement). For example, if I login as a particular student and there is three sets of data in there e.g. MATH1023, ENG1003 and ENG1013 but I only want to display the student's MATH1023 data in a section, how do I do this? I know that I need to do some sort of an IF statement where 'crsecode=MATH1023' but for some reason I cannot get this to work without it pulling this along with the two English courses. Here is my code: Code: [Select] <?php $db_host = "locahost"; $db_user = "dbuser"; $db_pass = "dbpassword"; $db_name = "dbconnection"; $dbac = mysql_connect($db_host,$db_user,$db_pass); mysql_select_db ($db_name) or die ("Cannot connect to database."); if (!$_POST['search']){ ?> <form name="Item Search" method="post" action=""> Item Search:<br> <label> <input name="swords" type="text" size="30" maxlength="30"> </label> <br> <label> <input name="search" type="submit" id="search" value="Search"> </label> </form> <?php }else{ $searchwords = addslashes(htmlspecialchars($_POST['swords'])); if (strlen($searchwords) < 2){ echo "Your search must contain at least 3 characters. Please try again.<br><input type=button value='Back' onClick='history.go(-1)'>"; }else{ $words = explode(' ',$searchwords); $totalwords = count($words); $i = 0; $searchstring = ""; while ($i != $totalwords){ if ($i != 0 and $i != $wordcount){ $searchstring .= " and ";; } $searchstring .= "cwid LIKE '%$words[$i]%'"; $i = $i + 1; } $query = mysql_query("SELECT DISTINCT * FROM transferdatafile where $searchstring"); if (mysql_num_rows($query) == 0){ echo "No results were found.<br><input type=button value='Back' onClick='history.go(-1)'>"; }else{ echo '<table border=1>'; while ($row = mysql_fetch_array($query)){ echo '<tr>'; echo '<td>'.$row['firstname'].'</td>'; echo '<td>'.$row['lastname'].'</td>'; echo '<td>'.$row['subj'].'</td>'; echo '<td>'.$row['course'].'</td>'; echo '<td>'.$row['crsecode'].'</td>'; echo '<td>'.$row['crsegrade'].'</td>'; // etc echo '</tr>'; } echo '</table>'; } } } ?> Here is the output that I currently get with this when all I want is MATH1023 to display for this particular student's ID (see attachment). Anyone help? [attachment deleted by admin] Hello all, my first post after joining this very informative site, unfortunatly I was unable to find the answer to my simple yet frastrating dilemma. I am in the process of building a website that will enable users to log-in through a dedicated loginU.php page, I have all of this working but I would like to display an error message on this page saying if the user has entered a wrong username/password, I have the message displaying on a blank white page, but I would like it to be displayed within the container I have created. the validation code is contained within a different login.php file. At the moment I am using an iframe to display the messages, which I know is not the right way to do it, so am asking for a better way to do it. here is what I have so far: loginU.php Code: [Select] <div id = "div-Login"> <form action="login.php" method="POST" target="loginerror"> <center><h2>Login Here</h2> <p> Username: <input type="text" name="username"><p> Password: <input type="password" name="password"><p> <input type="submit" name="submit" value="Login"> </center> <a href="register.html"><pre>need to register? Click Here!</pre></a> </form> <iframe name="loginerror" style="border: 0px; width: 200px; height: 100px; overflow: hidden;" src="login.php"></iframe> </div> login.php Code: [Select] if ($username==$dbusername&&$enc_password==$dbpassword) //if the username & encrpyted password matches the records in the database { if($admin !=0) //if the admin flag is true { $_SESSION['level']='ADMIN';//admin is logging in header ("Location: admin.php"); //the user is an admin, direct to admin page } else header ("Location: index.php"); //user is a customer, direct user to index page $_SESSION['username']=$dbusername; //set the session name to the database record username. } else //$nopass='TRUE'; //header ("location: loginU.php"); echo "Incorrect Password, Please try again"; // if incorrect password } else die ("That username doesn't exist"); // if user doesn't exist } else die ("Please enter a username and password"); //if either field is empty ?> hi i need help an idea how can i separate members from admins since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 ) (its session login form only that i made it work other tutorials wre too old or something) how what i want to do is separate members and admins because admin need more rights to do now i have idea but dont know will it work like that what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work? and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag? Hi guys. What I want to create is really complicated. Well I have a login system that works with post on an external website. I have my own website, but they do not give me access to the database for security reasons, therefore I have to use their login system to verify my users. What their website does is that it has a post, with username and password. The POST website is lets say "https://www.example.com/login". If login is achieved (i.e. username and password are correct), it will redirect me to "https://www.example.com/login/success" else it will redirect me to "https://www.example.com/login/retry". So I want a PHP script that will do that post, and then according to the redirected website address it will return me TRUE for success, FALSE for not successful login. Any idea?? Thanks Hello guys, Is there on web any updated tutorial on how can I add Facebook login on my simple php login script? How to add the ability to login with username or email for login?
<?php
ob_start();
include('../header.php');
include_once("../db_connect.php");
session_start();
if(isset($_SESSION['user_id'])!="") {
header("Location: ../dashboard");
}
if (isset($_POST['login'])) {
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$result = mysqli_query($conn, "SELECT * FROM users WHERE email = '" . $email. "' and pass = '" . md5($password). "'");
if ($row = mysqli_fetch_array($result)) {
$_SESSION['user_id'] = $row['uid'];
$_SESSION['user_name'] = $row['user'];
$_SESSION['user_email'] = $row['email'];
header("Location: ../dashboard");
} else {
$error_message = "Incorrect Email or Password!!!";
}
}
?>
Hi guys, Can anyone assist me. I am trying to create a login for admin and user (if user not a member click register link) below is my code: But whenever I enter the value as: Username: admin Password:123 - I got an error message "That user does not exist!" Any suggestion and help would be appreciated. Thanks. login.php <?php //Assigned varibale $error_msg as empty //$error_msg = ""; session_start(); $error_msg = ""; if (isset($_POST['submit'])) { if ($a_username = "admin" && $a_password = "123") { //Define $_POST from form text feilds $username = $_POST['username']; $password = $_POST['password']; //Add some stripslashes $username = stripslashes($username); $password = stripslashes($password); //Check if usernmae and password is good, if it is it will start session if ($username == $a_username && $password == $a_password) { session_start(); $_SESSION['session_logged'] = 'true'; $_SESSION['session_username'] = $username; //Redirect to admin page header("Location: admin_area.php"); } } $username = (isset($_POST['username'])) ? $_POST['username'] : ''; $password = (isset($_POST['password'])) ? $_POST['password'] : ''; if($username && $password) { $connect = mysql_connect("localhost", "root", "") or die ("Couldn't connect!"); mysql_select_db("friendsdb") or die ("Couldn't find the DB"); $query = mysql_query ("SELECT * FROM `user` WHERE username = '$username'"); $numrows = mysql_num_rows($query); if ($numrows != 0){ while ($row = mysql_fetch_array($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } //Check to see if they are match! if ($username == $dbusername && md5($password) == $dbpassword) { header ("Location: user_area.php"); $_SESSION['username'] = $username; } else $error_msg = "Incorrect password!"; //code of login }else $error_msg = "That user does not exist!"; //echo $numrows; } else $error_msg = "Please enter a username and password!"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login Page</title> </head> <body> <br /> <?php require "header.php"; ?><br /> <div align="center"> <table width="200" border="1"> <?php // If $error_msg not equal to emtpy then display error message if($error_msg!="") echo "<div id=\"error_message\"style=\"color:red; \">$error_msg</div><br />";?> <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post"> <!--form action="login_a.php" method="post"--> Username: <input type="text" name="username" /><br /><br /> Password: <input type="password" name="password" /><br /><br /> <input type="submit" name = "submit" value="Log in" /> </form> <p> </p> Register a <a href="register.php">New User</a> </table> </div> </body> </html> Hi everyone i wonder if you can help me he I need a script for a login and check login- create cookie. Here is my form: <form method="post" action="check_login.php"> <p> <input type="submit" name="Submit2" value="go" /> </fieldset> </p> </form> that sends it to check_login (which BEFORE i deleted something by accident, used to take me to a username and password box) But now all it does is send me straight to the memebrs area??? Can i change the check_login.php script to make it work correctly: Code: [Select] <?php // Connects to your Database mysql_connect("server", "user", "password") or die(mysql_error()); mysql_select_db("DB") or die(mysql_error()); //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['upassword']) { } else { header("Location: members_area.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['upassword']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['upassword'] = stripslashes($_POST['upassword']); $info['upassword'] = stripslashes($info['upassword']); $_POST['upassword'] = md5($_POST['upassword']); //gives error if the password is wrong if ($_POST['upassword'] != $info['upassword']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['upassword'], $hour); //then redirect them to the members area header("Location: members_area.php"); } } } else { // if they are not logged in ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table width="316" height="120" border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="upassword" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> Hello, I am once again desperately asking for your help, I am working on a simple login page and I am having trouble actually getting it to login. I display error messages for if the user doesn't enter anything but I can't seem to get it to work for if the credentials are wrong. It logs the user in whether the information is right or not and i dont even know what to do now
This is the code any suggestions would be greatly appreciated
<?php
/*
Name: Deanna Slotegraaf
Course Code: WEBD3201
Date: 2020-09-22
*/
$file = "sign-in.php";
$date = "2020-09-22";
$title = "WEBD3201 Login Page";
$description = "This page was created for WEBD3201 as a login page for a real estate website";
$banner = "Login Page";
require 'header.php';
$error = "";
if($_SERVER["REQUEST_METHOD"] == "GET")
{
$username = "";
$password = "";
$lastaccess = "";
$error = "";
$result = "";
$validUser = "";
}
else if($_SERVER["REQUEST_METHOD"] == "POST")
{
$conn;
$username = trim($_POST['username']); //Remove trailing white space
$password = trim($_POST['password']); //Remove trailing white space
if (!isset($username) || $username == "") {
$error .= "<br/>Username is required";
}
if (!isset($password) || $password == ""){
$error .= "<br/>Password is required";
}
if ($error == "") {
$password = md5($password);
$query = "SELECT * FROM users WHERE EmailAddress='$username' AND Password='$password'";
$results = pg_query($conn, $query);
//$_SESSION['username'] = $username;
//$_SESSION['success'] = "You are now logged in";
header('location: dashboard.php');
}else {
$error .= "Username and/or Password is incorrect";
}
}
?>
<div class = "form-signin">
<?php
echo "<h2 style='color:red; font-size:20px'>".$error."</h2>";
?>
<form action = "<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<label for="uname"><b>Login ID</b></label>
<input type="text" name="username" value="<?php echo $username; ?>"/>
<br/>
<label for="psw"><b>Password</b></label>
<input type="password" name="password" value="<?php echo $password; ?>"/>
<br/>
<button type="submit" name="login_user">Login</button>
<button type="reset">Reset</button></div>
</form>
</div>
<?php require "footer.php"; ?>
Alrite I have a script that creates a new php script for each user, but thats a huge security risk because i have the Username and Password box saved into the php script and checked against the login.php page; I am a total newb with MySQL, but i have the database, but i have no idea what tables to create with fields and datatype etc :3 Also, I dont know how to check the username and password via SQL; Any help would be greatly appreciated this is my login php. But for some reason it dosen't log the user on the first attempt. Any idea what may be causing this? $result=mysql_query("SELECT * FROM companies WHERE username = '$user' AND password ='$pass'"); if(mysql_num_rows ($result) == 0) { $login = "&err=Failed."; echo($login); } else { $row = mysql_fetch_array($result); $user=$row['user']; $pass=$row['pass']; $login = "$user=" . $user . "$pass=" . $pass . "&err=Successful."; echo($login); } Hi, I want to store login info and create account, but when after I create account, I can't log in, it still displays: "Please register above!" login script: ======== Code: [Select] <html> <head> <title>Login</title> </head> <body> <hr /> <form method="post" action=""> <label>Username:</label> <input type="text" name="username"> <br /> <label>Password:</label> <input type="password" name="password"> <p> <input type="submit" value="Login" name="Login" /> <input type="reset" value="Reset" name="Reset" /> </p> </form> <?php //if username/password filled in and submitted, check db to find match login info if(array_key_exists("Login",$_POST) && !empty($_POST["username"]) && !empty($_POST["password"])) { $attemptedUsername=$_POST["username"]; $attemptedPassword=crypt($_POST["password"]); mysql_connect("localhost","root"); mysql_select_db("dummydpevx"); $getLoginInfoQuery=mysql_query("SELECT userName,userPassword FROM users WHERE userName='$attemptedUsername' AND userPassword='$attemptedPassword'"); $getLoginInfo=mysql_fetch_assoc($getLoginInfoQuery); $getUsername=$getLoginInfo["userName"]; $getPassword=crypt($getLoginInfo["userPassword"]); if($attemptedPassword==$getPassword) { session_start();//NB: Start session BEFORE doing any session stuff! $_SESSION["isAuthenticated"]="userAuthenticated"; header("Location: SecureSite.php"); exit; } else//"Please register above!" print "Please register above!"; } ?> </body> </html> here is register script: =============== Code: [Select] <html> <head> <title>Register</title> </head> <body> <form method="post" action="" > <p>Create a username <input type="text" name="newUsername" size="10" /> </p> <p>Create a password <input type="password" name= "newPassword" size="10" /> </p> <p> <input type="submit" value="Make account now" name="makeAccountSubmit" /> </p> </form> <?php if(array_key_exists("makeAccountSubmit",$_POST) && !empty($_POST["newUsername"]) && !empty($_POST["newPassword"]) ) { //IF username doesn't exist, then store new user login info to db dummydpevx mysql_connect("localhost","root"); mysql_select_db("someDB"); $newUserName=$_POST["newUsername"]; $newPassword=crypt($_POST["newPassword"]); $usernameQuery=mysql_query("SELECT userName FROM users WHERE userName='$newUserName'"); if(mysql_num_rows($usernameQuery)==0) { $makeNewAccountQuery=mysql_query("INSERT INTO users (userName,userPassword) VALUES('$newUserName','$newPassword')"); print "You are now registered, <a href='login.php'>proceed to login</a>"; } //ELSE IF username exists already, "Username already taken, please enter another BUT KEEP IN MIND user can have any passwords (EVEN IDENTICAL ONES b/c doesn't make sense to say password exists (this will help hackers have easier time hacking!) if(mysql_num_rows($usernameQuery)==1) print "Username taken. Please make another one. <br />"; } if(array_key_exists("makeAccountSubmit",$_POST) ) { if(empty($_POST["newUsername"]) && empty($_POST["newPassword"])) print "Please fill in a username and password! <br />"; else if(empty($_POST["newPassword"])) print "Please fill in a password!<br />"; else if(empty($_POST["newUsername"])) print "Please fill in a username! <br />"; } ?> </body> </html> Please I would appreciate any help, thanks! Hi. I'm having a little problem creating a login using PHP. Looked at several tutorials and not having much luck. I've created a database in MySql called "member" with a username and password field just to test but don't appear to be getting as far as that. I'm also using XAMPP. So basically the PHP so far is five different pages. "config.inc" contains: <?php $hostname = 'localhost'; // Your MySQL hostname. Usualy named as 'localhost', so you're NOT necessary to change this even this script has already online on the internet. $dbname = 'member'; // Your database name. $username = 'root'; // Your database username. $password = ''; // Your database password. If your database has no password, leave it empty. // Let's connect to host mysql_connect($hostname, $username, $password) or DIE('Connection to host is failed, perhaps the service is down!'); // Select the database mysql_select_db($dbname) or DIE('Database name is not available!'); ?> "index.php" contains: <?php // Inialize session session_start(); // Check, if user is already login, then jump to secured page if (isset($_SESSION['username'])) { header('Location: securedpage.php'); } ?> <html> <head> <title>PHPMySimpleLogin 0.3</title> </head> <body> <h3>User Login</h3> <table border="0"> <form method="POST" action="loginproc.php"> <tr><td>Username</td><td>:</td><td><input type="text" name="username" size="20"></td></tr> <tr><td>Password</td><td>:</td><td><input type="password" name="password" size="20"></td></tr> <tr><td> </td><td> </td><td><input type="submit" value="Login"></td></tr> </form> </table> </body> </html> "loginproc.php" contains: <?php // Inialize session session_start(); // Include database connection settings include('config.inc'); // Retrieve username and password from database according to user's input $login = mysql_query("SELECT * FROM user WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string(md5($_POST['password'])) . "')"); // Check username and password match if (mysql_num_rows($login) == 1) { // Set username session variable $_SESSION['username'] = $_POST['username']; // Jump to secured page header('Location: securedpage.php'); } else { // Jump to login page header('Location: index.php'); } ?> "securedpage.php" contains: <?php // Inialize session session_start(); // Check, if username session is NOT set then this page will jump to login page if (!isset($_SESSION['username'])) { header('Location: index.php'); } ?> <html> <head> <title>Secured Page</title> </head> <body> <p>This is secured page with session: <b><?php echo $_SESSION['username']; ?></b> <br>You can put your restricted information here.</p> <p><a href="logout.php">Logout</a></p> </body> </html> "logout.php" contains: <?php // Inialize session session_start(); // Delete certain session unset($_SESSION['username']); // Delete all session variables // session_destroy(); // Jump to login page header('Location: index.php'); ?> BASICALLY - when i go into this and enter the username and password the same page index.php stays. Apologies for the length of this post, just wanted to get the info in. Also have checked that MySql server is running etc. Finaly Year Project Student here and i don't want to fall at the first hurdle so any help is appreciated Hello I was wondering if anyone can spot what I am doing wrong here been trying to get it to work for a good few hours now with no luck! Basically.... A customer logs in = isadmin = 0. It then makes three session vairables: logged in vairable username vairable user id vairable This all works fine it's only when I try to add the second bit which is after the 3 vairables are created another select statement is done to check if there are any orders by this user in the order table. For example where the session "userid" = the customer id in the order table. If there is an order by this user another session vairable will be created carrying the order id if there are no orders the session vairable will not be set. All I seem to get is "warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result..." I hope this makes sense! Don't hesitate to ask if not! Thanks for taking your time having a look. Code: [Select] $sqlu = mysql_query("SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword' AND isadmin='0'"); $sqla = mysql_query("SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword' AND isadmin='1'"); if(mysql_num_rows($sqlu)==1) { $resultu = mysql_fetch_assoc($sqlu); $_SESSION["loggedin"] = 1; $_SESSION["gatekeeper"] = $myusername; $_SESSION['userid'] = $resultu['ID']; $ordersql = "SELECT id FROM order WHERE customer_id = '".$_SESSION['userid']."' AND status < 2"; $orderresult = mysql_query($ordersql); $orderrow = mysql_fetch_assoc($orderresult); session_register("ordernum"); $_SESSION['ordernum'] = $orderrow['id']; header("location:menu.php"); } elseif(mysql_num_rows($sqla) == 1) { $resulta = mysql_fetch_assoc($sqla); $_SESSION['admin'] = $myusername; header("location:admincentre.php"); } else header("location:tryagain.php"); ?> hi guys me again. kinda stuck, im trying to turn my admin login script in to a user login with the admin side of things, so to keep things separate. for some reason the include function is not working after its checked, if the user is a admin or not. any ideas on why this would not work? have i done something completely wrong or just missing something. ive left the code below, if it helps aswell the login.php is a included file aswell to index.php. thanks in advance. login.php <?php $userback = $_SESSION['user']; $username = $_POST['username']; $password = md5($_POST['password']); $login = $_post['submit']; mysql_connect("db2700.oneandone.co.uk","dbo363845380","notgonnalie12"); mysql_select_db("db363845380") or die(mysql_error()); session_start(); if($_SERVER['QUERY_STRING'] == "logout") { unset($_SESSION['user']); header("Location: " . $_SERVER['PHP_SELF']); exit; } if(!isset($_SESSION['user'])){ if(!$submit){ echo"<div align='center'><b>Please login</b></div><br>"; echo " <html> <body> <div align='center'> <form method='post' action='".$_SERVER['REQUEST_URI']."'> <label>username: <input type='text' name='username' id='username'> <label>password: <input type='password' name='password' id='password'> </label> <label> <input type='submit' name='submit' id='submit' value='submit'> </label> </form> </div> </body> </html> "; } else { $rows = mysql_num_rows(mysql_query("SELECT * FROM users WHERE username='".mysql_real_escape_string($username)."' AND password='".mysql_real_escape_string($password)."'")); if($rows>0){ while ($row = mysql_fetch_assoc($rows)){ $_SESSION['user']="$username"; $adminpass = $row['admin']; if($adminpass>=1){ include ("admin/index.php"); } else { echo "welcome $user1 you'll be directed in a few seconds.<br> if this doesn't happen please click here."; } } } else { if($rows<1){ echo "Sorry no user information found. Please make sure details are correct."; } } } } ?> ok this is a loign form like facebook's its on top <form action="login.php" method="POST"> <table> <tr> <td><input type="text" name="email" /></td> <td><input type="password" name="password" /></td> <td><input type="submit" name="submitbtn" value="Login" /></td> </tr> <tr> <td>Keep me signed in</td> <td>Forgot Password?</td> </tr> </table> </form> but i want it so if they get a wrong email or password they to to login.php?login_failed |
|||||||