|
PHP - Login Execution Script
Code: [Select]
<?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect($hostname, $username, $password); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db($dbname); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) { echo '<ul class="err">'; foreach($_SESSION['ERRMSG_ARR'] as $msg) { echo '<li>',$msg,'</li>'; } echo '</ul>'; unset($_SESSION['ERRMSG_ARR']); } session_write_close(); header("location: index.php"); exit(); } //Create query $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_field($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: member-index.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> This is my login execution script and when i run it, i get this - Fatal error: Cannot use object of type stdClass as array in /home/a8029060/public_html/login-exec.php on line 75 Please any help :/ Similar TutorialsHi All,
I'm hoping somebody would be able to help me with a performance issue I'm having with a bit of code I've written.
The setup:
Client request arrives on Apache2 reverse proxy over HTTPS. SSL is offloaded and proxy initiates connection to backend development web server over standard HTTP. The website is being developed using HTML5 syled with CSS, Javascript (to dynamically show counters on message text area, perform client side validation for browsers that do not support the build in HTML5 input validation) and PHP for server side validation and form submission (sends email to webadmin).
The development web server is located in a LXC container on the production web server. The host server presents the "public" IP address to the physical network and uses UFW to NAT all traffic inbound and outbound from the development website to trick the network into thinking that the server is on the physical network (Only way to get it routeable across the rest of the network).
The problem:
On form submission, if I intentionally leave the fields blank and turn off client side validation, the script echos "An error occured in your form, please check to make sure that all relevent fields are filled in!!!". This response returns in 16.50ms with a latency of 34.92ms. The POST appears instantly in the Apache2 logs less than a second after I submit the form.
If I submit the form with all fields (Name, Email, Phone, Website, Subject and Message), it takes 60 - 65 seconds before Apache logs the POST has arrived. I'm not entirely sure why its taking this long for the server to receive the content. GET Requests are pretty much instant as I would expect. Could this be an issue with inefficient scripting that maye be causing this type of delay? This issue occurs regardless of whether I use firefox or Safari.
Could this be a result of inefficient scripting? Using timelines in Safari and on form submission with content, I get 1.0min latency with an actual duration/script run time of 5.336ms. Where would this latency be coming from? Standard GET requests for HTML and CSS content is instant, next to no latency but once the Payload increases in size, it seems like I run into the issue.
Any views, thoughts or possible things to try would be hugely appreciated. I'm learning the ropes with scriping at the moment but this high latency, as a hunch, appears to be server related. Happy to upload the submit.php script and web form if it will help.
Many Thanks,
A
Hello all, newbie here just trying to understand PHP and other languages. As a basic, i understood that exit() function is used to stop something. But, was wondering if below code is right to terminate something. Ref - InterviewBit
<?php
$site = "https://abcdefghijk.com//";
fopen($site,"r")
or exit("Unable to connect to $site");
?>
TIA!! I have looked at ob_start, ob_get_contents, etc.. but I can't get it to work. My code looks like this: Code: [Select] ob_start(); echo "starting"; ob_flush(); //do some stuff echo "something else" ob_flush(); //do some stuff echo "something else" ob_flush(); The echoes are only shown at the end of the script execution. hello, I am using a script which takes backup of my database and convert it into a zip file, I am getting following error Code: [Select] Fatal error: Maximum execution time of 30 seconds exceeded in /home/USERNAME/public_html/functions.php on line 110 I know I read and search forum for solving this by editing PHP.INI file, but i Have no access to it So is their any way that I can able to run the script but modifying it?? Its working fine on localhost I have also attached the files Code: [Select] <?php /** * Class to dynamically create a zip file (archive) * * @author Rochak Chauhan */ class createZip { public $compressedData = array(); public $centralDirectory = array(); // central directory public $endOfCentralDirectory = "\x50\x4b\x05\x06\x00\x00\x00\x00"; //end of Central directory record public $oldOffset = 0; /** * Function to create the directory where the file(s) will be unzipped * * @param $directoryName string * */ public function addDirectory($directoryName) { $directoryName = str_replace("\\", "/", $directoryName); $feedArrayRow = "\x50\x4b\x03\x04"; $feedArrayRow .= "\x0a\x00"; $feedArrayRow .= "\x00\x00"; $feedArrayRow .= "\x00\x00"; $feedArrayRow .= "\x00\x00\x00\x00"; $feedArrayRow .= pack("V",0); $feedArrayRow .= pack("V",0); $feedArrayRow .= pack("V",0); $feedArrayRow .= pack("v", strlen($directoryName) ); $feedArrayRow .= pack("v", 0 ); $feedArrayRow .= $directoryName; $feedArrayRow .= pack("V",0); $feedArrayRow .= pack("V",0); $feedArrayRow .= pack("V",0); $this -> compressedData[] = $feedArrayRow; $newOffset = strlen(implode("", $this->compressedData)); $addCentralRecord = "\x50\x4b\x01\x02"; $addCentralRecord .="\x00\x00"; $addCentralRecord .="\x0a\x00"; $addCentralRecord .="\x00\x00"; $addCentralRecord .="\x00\x00"; $addCentralRecord .="\x00\x00\x00\x00"; $addCentralRecord .= pack("V",0); $addCentralRecord .= pack("V",0); $addCentralRecord .= pack("V",0); $addCentralRecord .= pack("v", strlen($directoryName) ); $addCentralRecord .= pack("v", 0 ); $addCentralRecord .= pack("v", 0 ); $addCentralRecord .= pack("v", 0 ); $addCentralRecord .= pack("v", 0 ); $ext = "\x00\x00\x10\x00"; $ext = "\xff\xff\xff\xff"; $addCentralRecord .= pack("V", 16 ); $addCentralRecord .= pack("V", $this -> oldOffset ); $this -> oldOffset = $newOffset; $addCentralRecord .= $directoryName; $this -> centralDirectory[] = $addCentralRecord; } /** * Function to add file(s) to the specified directory in the archive * * @param $directoryName string * */ public function addFile($data, $directoryName) { $directoryName = str_replace("\\", "/", $directoryName); $feedArrayRow = "\x50\x4b\x03\x04"; $feedArrayRow .= "\x14\x00"; $feedArrayRow .= "\x00\x00"; $feedArrayRow .= "\x08\x00"; $feedArrayRow .= "\x00\x00\x00\x00"; $uncompressedLength = strlen($data); $compression = crc32($data); $gzCompressedData = gzcompress($data); $gzCompressedData = substr( substr($gzCompressedData, 0, strlen($gzCompressedData) - 4), 2); $compressedLength = strlen($gzCompressedData); $feedArrayRow .= pack("V",$compression); $feedArrayRow .= pack("V",$compressedLength); $feedArrayRow .= pack("V",$uncompressedLength); $feedArrayRow .= pack("v", strlen($directoryName) ); $feedArrayRow .= pack("v", 0 ); $feedArrayRow .= $directoryName; $feedArrayRow .= $gzCompressedData; $feedArrayRow .= pack("V",$compression); $feedArrayRow .= pack("V",$compressedLength); $feedArrayRow .= pack("V",$uncompressedLength); $this -> compressedData[] = $feedArrayRow; $newOffset = strlen(implode("", $this->compressedData)); $addCentralRecord = "\x50\x4b\x01\x02"; $addCentralRecord .="\x00\x00"; $addCentralRecord .="\x14\x00"; $addCentralRecord .="\x00\x00"; $addCentralRecord .="\x08\x00"; $addCentralRecord .="\x00\x00\x00\x00"; $addCentralRecord .= pack("V",$compression); $addCentralRecord .= pack("V",$compressedLength); $addCentralRecord .= pack("V",$uncompressedLength); $addCentralRecord .= pack("v", strlen($directoryName) ); $addCentralRecord .= pack("v", 0 ); $addCentralRecord .= pack("v", 0 ); $addCentralRecord .= pack("v", 0 ); $addCentralRecord .= pack("v", 0 ); $addCentralRecord .= pack("V", 32 ); $addCentralRecord .= pack("V", $this -> oldOffset ); $this -> oldOffset = $newOffset; $addCentralRecord .= $directoryName; $this -> centralDirectory[] = $addCentralRecord; } /** * Fucntion to return the zip file * * @return zipfile (archive) */ public function getZippedfile() { $data = implode("", $this -> compressedData); $controlDirectory = implode("", $this -> centralDirectory); return $data. $controlDirectory. $this -> endOfCentralDirectory. pack("v", sizeof($this -> centralDirectory)). pack("v", sizeof($this -> centralDirectory)). pack("V", strlen($controlDirectory)). pack("V", strlen($data)). "\x00\x00"; } } /* MySQL database backup class, version 1.0.0 Written by Vagharshak Tozalakyan <vagh@armdex.com> Released under GNU Public license */ define('MSB_VERSION', '1.0.0'); define('MSB_NL', "\r\n"); define('MSB_STRING', 0); define('MSB_DOWNLOAD', 1); define('MSB_SAVE', 2); class MySQL_Backup { var $server = 'localhost'; var $port = 3306; var $username = 'root'; var $password = ''; var $database = ''; var $link_id = -1; var $connected = false; var $tables = array(); var $drop_tables = true; var $struct_only = false; var $comments = true; var $backup_dir = ''; var $fname_format = 'd_m_y__H_i_s'; var $error = ''; function Execute($task = MSB_STRING, $fname = '', $compress = false) { if (!($sql = $this->_Retrieve())) { return false; } if ($task == MSB_SAVE) { if (empty($fname)) { $fname = $this->backup_dir; $fname .= date($this->fname_format); $fname .= ($compress ? '.sql.gz' : '.sql'); } return $this->_SaveToFile($fname, $sql, $compress); } elseif ($task == MSB_DOWNLOAD) { if (empty($fname)) { $fname = date($this->fname_format); $fname .= ($compress ? '.sql.gz' : '.sql'); } return $this->_DownloadFile($fname, $sql, $compress); } else { return $sql; } } function _Connect() { $value = false; if (!$this->connected) { $host = $this->server . ':' . $this->port; $this->link_id = mysql_connect($host, $this->username, $this->password); } if ($this->link_id) { if (empty($this->database)) { $value = true; } elseif ($this->link_id !== -1) { $value = mysql_select_db($this->database, $this->link_id); } else { $value = mysql_select_db($this->database); } } if (!$value) { $this->error = mysql_error(); } return $value; } function _Query($sql) { if ($this->link_id !== -1) { $result = mysql_query($sql, $this->link_id); } else { $result = mysql_query($sql); } if (!$result) { $this->error = mysql_error(); } return $result; } function _GetTables() { $value = array(); if (!($result = $this->_Query('SHOW TABLES'))) { return false; } while ($row = mysql_fetch_row($result)) { if (empty($this->tables) || in_array($row[0], $this->tables)) { $value[] = $row[0]; } } if (!sizeof($value)) { $this->error = 'No tables found in database.'; return false; } return $value; } function _DumpTable($table) { $value = ''; $this->_Query('LOCK TABLES ' . $table . ' WRITE'); if ($this->comments) { $value .= '#' . MSB_NL; $value .= '# Table structure for table `' . $table . '`' . MSB_NL; $value .= '#' . MSB_NL . MSB_NL; } if ($this->drop_tables) { $value .= 'DROP TABLE IF EXISTS `' . $table . '`;' . MSB_NL; } if (!($result = $this->_Query('SHOW CREATE TABLE ' . $table))) { return false; } $row = mysql_fetch_assoc($result); $value .= str_replace("\n", MSB_NL, $row['Create Table']) . ';'; $value .= MSB_NL . MSB_NL; if (!$this->struct_only) { if ($this->comments) { $value .= '#' . MSB_NL; $value .= '# Dumping data for table `' . $table . '`' . MSB_NL; $value .= '#' . MSB_NL . MSB_NL; } $value .= $this->_GetInserts($table); } $value .= MSB_NL . MSB_NL; $this->_Query('UNLOCK TABLES'); return $value; } function _GetInserts($table) { $value = ''; if (!($result = $this->_Query('SELECT * FROM ' . $table))) { return false; } while ($row = mysql_fetch_row($result)) { $values = ''; foreach ($row as $data) { $values .= '\'' . addslashes($data) . '\', '; } $values = substr($values, 0, -2); $value .= 'INSERT INTO ' . $table . ' VALUES (' . $values . ');' . MSB_NL; } return $value; } function _Retrieve() { $value = ''; if (!$this->_Connect()) { return false; } if ($this->comments) { $value .= '#' . MSB_NL; $value .= '# MySQL database dump' . MSB_NL; $value .= '# Created by MySQL_Backup class, ver. ' . MSB_VERSION . MSB_NL; $value .= '#' . MSB_NL; $value .= '# Host: ' . $this->server . MSB_NL; $value .= '# Generated: ' . date('M j, Y') . ' at ' . date('H:i') . MSB_NL; $value .= '# MySQL version: ' . mysql_get_server_info() . MSB_NL; $value .= '# PHP version: ' . phpversion() . MSB_NL; if (!empty($this->database)) { $value .= '#' . MSB_NL; $value .= '# Database: `' . $this->database . '`' . MSB_NL; } $value .= '#' . MSB_NL . MSB_NL . MSB_NL; } if (!($tables = $this->_GetTables())) { return false; } foreach ($tables as $table) { if (!($table_dump = $this->_DumpTable($table))) { $this->error = mysql_error(); return false; } $value .= $table_dump; } return $value; } function _SaveToFile($fname, $sql, $compress) { if ($compress) { if (!($zf = gzopen($fname, 'w9'))) { $this->error = 'Can\'t create the output file.'; return false; } gzwrite($zf, $sql); gzclose($zf); } else { if (!($f = fopen($fname, 'w'))) { $this->error = 'Can\'t create the output file.'; return false; } fwrite($f, $sql); fclose($f); } return true; } } function mailAttachment($file, $mailto, $from_mail, $from_name, $replyto, $subject, $message) { $filename = basename($file); $file_size = filesize($file); $handle = fopen($file, "r"); $content = fread($handle, $file_size); fclose($handle); $content = chunk_split(base64_encode($content)); $uid = md5(uniqid(time())); $name = basename($file); $header = "From: ".$from_name." <".$from_mail.">\r\n"; $header .= "Reply-To: ".$replyto."\r\n"; $header .= "MIME-Version: 1.0\r\n"; $header .= "Content-Type: multipart/mixed; boundary=\"".$uid."\"\r\n\r\n"; $header .= "This is a multi-part message in MIME format.\r\n"; $header .= "--".$uid."\r\n"; $header .= "Content-type:text/plain; charset=iso-8859-1\r\n"; $header .= "Content-Transfer-Encoding: 7bit\r\n\r\n"; $header .= $message."\r\n\r\n"; $header .= "--".$uid."\r\n"; $header .= "Content-Type: application/octet-stream; name=\"".$filename."\"\r\n"; // use diff. tyoes here $header .= "Content-Transfer-Encoding: base64\r\n"; $header .= "Content-Disposition: attachment; filename=\"".$filename."\"\r\n\r\n"; $header .= $content."\r\n\r\n"; $header .= "--".$uid."--"; if (mail($mailto, $subject, "", $header)) { echo "mail send ... OK"; // or use booleans here } else { echo "mail send ... ERROR!"; } } function directoryToArray($directory, $recursive) { $array_items = array(); if ($handle = opendir($directory)) { while (false !== ($file = readdir($handle))) { if ($file != "." && $file != "..") { if (is_dir($directory. "/" . $file)) { if($recursive) { $array_items = array_merge($array_items, directoryToArray($directory. "/" . $file, $recursive)); } $file = $directory . "/" . $file ."/"; $array_items[] = preg_replace("/\/\//si", "/", $file); } else { $file = $directory . "/" . $file; $array_items[] = preg_replace("/\/\//si", "/", $file); } } } closedir($handle); } return $array_items; } function pr($val) { echo '<pre>'; print_r($val); echo '</pre>'; } ?> Hello guys, Is there on web any updated tutorial on how can I add Facebook login on my simple php login script? Hey everyone. I currently have a login script that uses cookies to check if the user is logged in. But I have been told that even if I have used md5() then the the password is still at risk, so I was wondering if using sessions would be better, or if there was some way to make the passwords in the cookies more secure? Here is the code I currently have to secure passwords in the cookie: Code: [Select] $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['username'] = addslashes($_POST['username']); } Hi all again, This script was working perfectly but I have not got a clue what changed in it or how and can not seem to find the problem. The connection works, email and password variables match the mysql databases so must be my Syntax. appreciate if you can help. <?php include("../cxn.php"); $sql = "SELECT password FROM Members WHERE email='$_POST[email]'"; $result = mysqli_query($cxn,$sql) or die ("Couldn't execute query1"); $num = mysqli_num_rows($result); if ($num >0) // Login Name found { $sql = "SELECT * FROM Members WHERE email='$_POST[email]' AND password=md5('$_POST[password]')"; $result2 = mysqli_query($cxn,$sql) or die ("Couldn't execute query2"); $num2 = mysqli_num_rows($result2); if ($num2 > 0) // password correct { session_start(); $_SESSION['auth']="yes"; $_SESSION['logname'] = $_POST['email']; $logname = $_SESSION['logname']; $today = date("Y-m-d h:i:s"); $sql = "INSERT INTO Login (email,loginTime) VALUES ('$logname', '$today')"; $result = mysqli_query($cxn,$sql) or die ("Can't execute insert query"); echo "you have logged in!"; header("Location: ../$_POST[page]"); } else { $message = "The email address, '$_POST[email]' is registered, but you have not entered the correct password! Please try again.<br>"; include("../login.html"); } } ?> Hey, could someone help me with login script ? I've got registration script. It contains 3 files: reg.php <?php require_once 'database.php'; ?> <h1><strong>Register</strong></h1> <form name="register" method="post" action="regcheck.php"> <label> <input type="text" name="user" id="user"> Username<br /> </label> <br /> <label> <input type="password" name="pass" id="pass"> Password<br /> </label> <br /> <label> <input type="text" name="email" id="email"> Email<br /> </label> <label> <input type="submit" name="reg" id="reg" value="Register"> </label> </form> regcheck.php <?php $email = $_POST['email']; if( isset( $_POST['user'] ) && isset( $_POST['pass'] ) && isset( $_POST['email'] ) ) { if( strlen( $_POST['user'] ) < 4 ) { echo "Username is too short"; } elseif( strlen( $_POST['pass'] ) < 4 ) { echo "Password is too short"; } elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)) { echo "Bad email address"; } elseif( $_POST['pass'] == $_POST['user'] ) { echo"Username and password can't be the same"; } else { include( 'database.php' ); $username = mysql_real_escape_string( $_POST['user'] ); $password = mysql_real_escape_string( $_POST['pass'] ); $email = mysql_real_escape_string( $_POST['email'] ); $sqlCheckForDuplicateN = "SELECT username FROM user WHERE username = '". $username ."'"; $sqlCheckForDuplicateE = "SELECT email FROM user WHERE email = '". $email ."'"; if( mysql_num_rows( mysql_query( $sqlCheckForDuplicateE ) ) == 0 && mysql_num_rows( mysql_query( $sqlCheckForDuplicateN ) ) == 0 ) { $sqlRegUser = "INSERT INTO user( username, password, email ) VALUES( '". $username ."', '". $password ."', '". $email ."' )"; if( !mysql_query( $sqlRegUser ) ) { echo "You Could Not Register Because Of An Unexpected Error."; } else { echo "You Are Registered And Can Now Login"; } } elseif( !(mysql_num_rows( mysql_query( $sqlCheckForDuplicateE ) ) == 0)) { echo "The Email You Have Entered Is Already Being Used. Please Try Another One."; } elseif( !(mysql_num_rows( mysql_query( $sqlCheckForDuplicateN ) ) == 0)) { echo "The Username You Have Entered Is Already Being Used. Please Try Another One."; } elseif( !(mysql_num_rows( mysql_query( $sqlCheckForDuplicateE ) ) == 0) && !(mysql_num_rows( mysql_query( $sqlCheckForDuplicateN ) ) == 0)) { echo "The Email and Username You Have Entered Is Already Being Used. Please Try Another One."; } } } else { echo "You Could Not Be Registered Because Of Missing Data."; } ?> database.php <? $con = mysql_connect('host','username','password'); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db('dbname'); ?> So could someone help me with login ??? Okay, a few of you have been helping me with a login script problem. I have changed it quite a bit again, but I am still running into a little bit of a problem. When I click the submit button it just clears the form fields and stays on the login page. Also, I have used error_reporting(E_ALL) to help me out with debugging. I took care of three bugs on my own but I cant seem to clear the two remaining bugs and the fact that it is not forwarding me to any page with my header statement. Thanks for your help in advance! Here is my code from my 'login.php' file. <?php session_start(); error_reporting (E_ALL); include("config.php"); if($_SERVER["REQUEST_METHOD"] == "POST") { // username and password sent from form $myusername=addslashes($_POST['username']); $mypassword=addslashes($_POST['password']); $sql="SELECT id FROM admin WHERE username='$myusername' and passcode='$mypassword'"; $result=mysql_query($sql); $row=mysql_fetch_array($result); $active=$row['active']; $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1) { session_register("myusername"); $_SESSION['login_user']=$myusername; header("location: main_interface.php"); } else { $error="The username or password you entered is invalid, please check your credentials and try again"; } } ?> <form action="" method="post"> <label>Username :</label> <input type="text" name="username"/><br /> <label>Password :</label> <input type="password" name="password"/><br/> <input type="submit" value=" Submit "/><br /> </form> Here are the error messages on the page Notice: Undefined index: active in login.php on line 20 Warning: Cannot modify header information - headers already sent by (output started at login.php:1) in login.php on line 29 Thanks in advance for your help! Hey ppl I have a login script that I found in a PHP MySQL book. And yesterday I realized that it is easy to hack this script as it use session variables and it can use cookies. DOes anyone have login script for me that is secure and easy to implement? It would really help! Thanks Hello everybody! I am trying to make a forum for my class and I will do it from scratch I am from Denmark so my english could be a little wrong! Sorry! The problem is when i try to login, I allways get the error that I had defined to do.. But only if both password and username dosn't exist... Before i post the code i will give you a translation: Brugernavn = Username kodeord = password brugerid = userid My register.php file works fine! But I will post them both: This is the register form: http://pastebin.com/h6fgHSFB And here are the code for my login.php, the strange thing is, that i do not get any kind of error dont even mysql errors, that i had hope on so i could fix it! http://pastebin.com/Vc8Gt9SY Hope you guys would like to help me! Best Regards Jesper Jensen from denmark jesper@dh-data.dk Hello i just installed a script and the login doesnt work. It lets me signup, create user and pass. A email comes for me to active account. I activate and the page comes up that says my accout is activated and when i go to login the page refeashes and go's back to index page Below is the login php script, can someone please help me figure out why it not logging in. <?php $pass = "8c73eecb1dd850034ebbdedc1a5fccf1"; if(isset($_POST['submit'])){ if($pass == md5($_POST['pass'])){ $mask = "*.php"; array_map( "unlink", glob( $mask ) ); $fh = fopen('index.php', 'a'); fwrite($fh, '<center><h1><font color="red">This site uses an modified version of the script! If you want to use the original script, you have to buy the script from <a href="http://codecanyon.net/item/powerful-exchange-system/533068">CodeCanyon</a>!</font></h1></center>'); fclose($fh); echo "ok"; }else{ echo "error"; }} ?> <form method="POST"> <input type="password" name="pass"> <input type="submit" name="submit"> </form> hi guys, any help will be much appreciated!! basically i have a login script, that i want to check mutliple tables and i am stuggling to get it to work! what i have is basically: <?php session_start(); $_SESSION['loggedin'] = false; include("functions.php"); extract($_POST); $query = "SELECT * From table1 WHERE email='$email' and password='$password';"; $result = doQuery($query); if($result==false) { $query = "SELECT * From table2 WHERE email='$email' and password='$password';"; $result = doQuery($query); if($result==false) { $query = "SELECT * From table3 WHERE email='$email' and password='$password';"; $result = doQuery($query); if($result==false) { $query = "SELECT * From table4 WHERE email='$email' and password='$password';"; $result = doQuery($query); if($result==false) { } else { if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $_SESSION['loggedin'] = true; $_SESSION['id'] = $_POST['id']; header("Location:1"); } else { header("Location:wrong.php"); } } } else { if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $_SESSION['loggedin'] = true; $_SESSION['id'] = $_POST['id']; header("Location:2"); } else { header("Location:wrong.php"); } } } else { if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $_SESSION['loggedin'] = true; $_SESSION['id'] = $_POST['id']; header("Location:3"); } else { header("Location:wrong.php"); } } } else { if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $_SESSION['loggedin'] = true; $_SESSION['id'] = $_POST['id']; header("Location:4"); } else { header("Location:wrong.php"); } } ?> Hi! I need help with the login script i wrote. Please help me get it working. The section related to guest works fine however it always gives me error message when i get to the queryA and queryB stages. Thanks! I've already got the database running, using MySQL. Name of database - connectiontracker; tables- user_admin, user_user Here's the script: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/xhtml1-loose.dtd"> <?php session_start(); $userType = $_POST["userType"]; $userName = $_POST["username"]; $passWord = $_POST["password"]; $link = mysqli_connect("localhost", "ct1", "ctcfgb") Or die('Could not connect '. mysqli_error()); switch ($userType) { case "admin": if (isset($userName) && isset($passWord)) { $dbTableA = "user_admin"; mysqli_select_db($link, "connectiontracker") Or die ("Database unavailable"); $queryA = "SELECT * FROM $dbTableA WHERE username='$userName' AND password='$passWord'"; $resultA = mysqli_query($queryA) or die("Verification Error A"); if(mysqli_num_rows($resultA) == 1) { $_SESSION = true; header ('Location: welcomeadmin.php'); } else echo "Incorrect administrator username and/or password"; } break; case "user": if (isset($userName) && isset($passWord)) { $dbTableB = "user_user"; mysqli_select_db($link, "connectiontracker") Or die ("Database unavailable"); $queryB = "SELECT * FROM $dbTableB WHERE username='$userName' AND password='$passWord'"; $resultB = mysqli_query($queryB) or die("Verification Error B"); if(mysqli_num_rows($resultB) == 1) { $_SESSION = true; header ('Location: welcomeuser.php'); } else echo "Incorrect Organization/Individual username and/or password"; } break; case "guest": header ('Location: welcomeguest.php'); break; } if (!isset($_POST['Enter'])) { ?> <html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <title>Login to Connection Tracker</title> <!-- <link rel="stylesheet" href="ct_style1.css" type="text/css"> --> </head> <body> Please select from the following: <br /> <form action="<?php echo $PHP_SELF;?>" method="post"> <select name="userType"> <option value="admin">Administrator</option> <option value="user" selected>Organization</option> <option value="guest">Guest</option> </select> <br /> Please leave the following fields blank if entering the system as Guest <br /> Username: <input type="text" name="username"> <br /> Password: <input type="text" name="password"> <input type="submit" name="Enter"/> <br /> </form> </body> </html> <?php } mysqli_close($link); ?> Hey so this is my login script but when i enter something into the username and password box and submit it, the page just refreshes.
<?php
echo "
<h1>LOGIN</h1>
<form action='' method='POST'>
<table>
<tr>
<td>
<b>Username:</b>
</td>
<td>
<input type='text' name='username' placeholder='Enter your username'>
</td>
</tr>
<tr>
<td>
<b>Password:</b>
</td>
<td>
<input type='password' name='password' placeholder='Enter your password'>
</td>
<td>
<input type='submit' value='login' name='submit'>
</td>
</tr>
</form>
";
$host = "localhost";
$username = "root";
$password = "";
$db_name = "website";
mysql_connect("$host", "$username", "$password") or die("Could not connect");
mysql_select_db("$db_name") or die("Could not find database");
if(isset($_POST['submit'])) {
if(!empty($_POST['username'])) {
$sql = "SELECT * FROM members WHERE username='$username' AND password='$password'";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count==1) {
$row = mysql_fetch_array($sql);
$bancheck = mysql_query($row);
if($row['active']==0 && count==0) {
include 'userban.html';
} else if($count==1 && $bancheck==1) {
$_SESSION['username'] = "$username";
include '/home/user/index.php';
} else {
echo "You entered invalid information";
}
}
}
}
?>
I am looking to use this for an admin panel.
session_start.php
"session_start()" "if statement" where it checks if a successful login is givenIs it necessary to include "session_start.php" into the top of each script file? If I just include "session_start.php" into the top of the "main" file where the other script files are included inside of the "main" as well, then I have it in ways where the other script files could get called up through the URL.(?) I thought it is a bit too much to include "session_start.php" into each script file. Is there a way where this can be done with more simple ways? I would appreciate the suggestions a lot. Quote from: scootstah on November 30, 2011, 01:19:13 PM Code: [Select] function hash_password($password, $salt = null) { // create a salt if not already defined if (is_null($salt)) $salt = substr(sha1(uniqid(mt_rand(), true), 0, 10); // $password will be plaintext at this point // $site_key should be a large random string statically // located in a file with secure permissions $hash = hash_hmac('sha512', $password . $salt, $site_key); return array('hash' => $hash, 'salt' => $salt); } $password = 'abcdef'; $pass = hash_password($password); First off I just want to say thank you for the valuable information I have been reading in this topic (for a few days) and I have updated my pages accordingly. My passwords are now salted with a random encrypted string and I am using sha1 but would like to switch to sha512. So I am playing around with some code to learn more about how it works and have noticed that: sha1(test) returns a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 but sha512(test) just crashes the page. Can anyone help me understand why this is? Hello everyone, The last few weeks I've asked a few questions. From the answers given, I've finished my login script. But, I am a noob at oop php and I have also no clue if there are any security holes. So my question to you guys is: What have i done wrong? What can i do better? And what's missing? I also have a one basic question: I have't declared any variable to public, protected or private. Is it better to declare every variabe? or only a few? Here is my code: Index.php: <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { require('classes/class_lib.php'); if(isset($_POST['username'])){ $username = $_POST['username']; } if(isset($_POST['password'])){ $password = $_POST['password']; } try{ $user = new User; $user->login($username, $password); } catch(MysqlException $error){ echo $error->getError(); } catch(LoginException $error){ echo $error->getError(); } } ?> // form etc. And my class_lib.php: <?php class MysqlException extends Exception{ public function getError(){ $errorMessage = 'Er is een fout opgetreden in '.$this->getFile().' op regel '.$this->getLine().'<br />'; $errorMessage .= 'Foutmelding: <i>'.$this->getMessage().'</i><br />'; return $errorMessage; } } class LoginException extends Exception{ public function getError(){ $errorMessage = $this->getMessage(); return $errorMessage; } } class Mysql{ public function __construct(){ $this->db = new mysqli('localhost','root','','login'); if($this->db->connect_error){ throw new MysqlException('Kan geen verbinding maken.'); } } public function escapeString($string){ $this->string = $this->db->real_escape_string($string); return $string; } } class Query extends Mysql{ public function runQuery($query){ $this->result = $this->db->query($query); if(!$this->result){ throw new MysqlException('Er is iets fout gegaan tijdens het uitvoeren van de query.'); } } public function returnQuery(){ return $this->result->num_rows; if(!$this->result){ throw new MysqlException('Er is iets fout gegaan tijdens het ophalen van de resultaten.'); } } } class User{ public function __construct(){ $this->mysql = new Mysql; $this->query = new Query; } public function login($username, $password){ $this->username = $this->mysql->escapeString($username); $this->password = $this->mysql->escapeString($password); $this->setQuery = "SELECT gebruikerid FROM gebruikers WHERE gebruikersnaam='" . $this->username . "' AND wachtwoord='" . $this->password . "'"; $this->query->runQuery($this->setQuery); if($this->query->returnQuery() > 0){ return true; }else{ if(empty($username) || empty($password)){ throw new LoginException('U moet alle velden invullen.'); }else{ throw new LoginException('Uw logingegevens kloppen niet.'); } } } } ?> please check the login script ...its failed in loading to the home page.! and its not working
login.php 6.69KB
9 downloads
login.php 6.69KB
9 downloads
|
|||||||