PHP - Help With My Little Php Login Code
So I am new to all this coding and I am making a small website, which has to have a login and something is not working properly. My login user/pass processing code looks like this
<?php $host = 'xxxx'; // Host name Normally 'LocalHost' $user = 'xxxx'; // MySQL login username $pass = 'xxxx'; // MySQL login password $database = 'members'; // Database name $table = 'members'; // Members name $username = $_POST["username"]; $password = $_POST["password"]; $connection = mysql_connect("xxxx", "$user", "$pass"); if (!$connection) { die("Database connection failed: " . mysql_error()); } else { echo "Everything is fine!<br />"; } mysql_select_db("xxxx",$connection) or die(mysql_error()); $result = mysql_query("SELECT * FROM members WHERE usr='$username' and pass='$password'",$connection) or die(mysql_error()); $count=mysql_num_rows($result); if($count==1){ session_start(); session_register("myusername"); session_register("mypassword"); header("location:Login_Success.php"); } else { echo "Wrong Username or Password"; } ?> So it all continues well and transfers me to Login_Success.php, where the code looks like this <? if(!session_is_registered(myusername)){ header("location:MainPage.htm"); } ?> <html> -----my html code here, which makes no difference---- The problem is that it sends me to MainPage.htm and I can't really figure out why. As ive said im new to all of this. I figured that the session did not stay logged in, when it changed pages for some odd reason? THANK YOU! Similar TutorialsHey guys I've been writing this login code and ive been having some minor problems i dunno what seemds to be the problem ive tried everything :s Here's the html part of the login, the username and pass are sent by post to login.php below to compare with the ones in the database Code: [Select] <form method="POST" action="login.php"> Username : <input type="text" name="username"> Password : <input type="password" name="password"> <input type="submit" value="Login"> </form>$connect=mysql_connect("localhost","swcri_tarakji","xxxxxxxxxx"); mysql_select_db("swcri_working",$connect) or die (mysql_errno().":<b> ".mysql_error()."</b>"); $select_user = mysql_query('select * from users where username = "' . $_POST['username'] . '" and password = "' . md5($_POST['password'] . '"')); if (mysql_num_rows($select_user) != 0) { session_start(); session_register('authorized'); $_SESSION['authorized'] = true; header("Location: protected.php"); exit; } else { header("Location: login_form.php"); exit; } i get the following errors when i try to login : Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/swcri/public_html/working/login.php on line 19 Warning: Cannot modify header information - headers already sent by (output started at /home/swcri/public_html/working/login.php:10) in /home/swcri/public_html/working/login.php on line 30 Pleaassseee help me i need help for writing a code that will get only the base url and will return you the login url, for example Base url = www.yahoo.com and in return you will get the yahoo login page url where you input the user name and password, remember the code should be dynamic i.e. what ever base url you give it will return the login/sign in url of the corrosponding url. please help in this regard. Regards I have a pretty basic PHP log in code connected to a database of register users. However, it's not allowing any users to enter? Could someone please review the code and let me know if you find any errors? //Create query $qry="SELECT * FROM customers WHERE username='$login' AND password='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['id']; $_SESSION['SESS_FIRST_NAME'] = $member['fname']; $_SESSION['SESS_LAST_NAME'] = $member['lname']; session_write_close(); header("location: key_catalog.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> Hi, I'm trying to login oscommerce with manual code. but unable to do that. all entries going to database but don't understand what is missing??? here is my code Code: [Select] $email_address = $_REQUEST['txtemail']; $password = $_REQUEST['password']; $check_customer_query = mysql_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from customers where customers_email_address = '" . $email_address . "'"); if (mysql_num_rows($check_customer_query)> 0) { $check_customer = mysql_fetch_assoc($check_customer_query); if (!tep_validate_password($password, $check_customer['customers_password'])) { echo "password not found."; }else { tep_session_recreate(); $check_country_query = mysql_query("select entry_country_id, entry_zone_id from address_book where customers_id = '" . (int)$check_customer['customers_id'] . "' and address_book_id = '" . (int)$check_customer['customers_default_address_id'] . "'"); $check_country = mysql_fetch_array($check_country_query); $customer_id = $check_customer['customers_id']; $customer_default_address_id = $check_customer['customers_default_address_id']; $customer_first_name = $check_customer['customers_firstname']; $customer_country_id = $check_country['entry_country_id']; $customer_zone_id = $check_country['entry_zone_id']; tep_session_register('customer_id'); tep_session_register('customer_default_address_id'); tep_session_register('customer_first_name'); tep_session_register('customer_country_id'); tep_session_register('customer_zone_id'); mysql_query("update customers_info set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int)$customer_id . "'"); anyone have any idea about? I created a login form for my system and I don't sure that it's enought for security to protect my website? include("database.php"); session_start(); if($_SERVER["REQUEST_METHOD"] == "POST") { // username and password sent from form $stmt = $conn->prepare("SELECT Sale_ID FROM tb_sales WHERE Login_Name = ? AND Login_Password = ? LIMIT 1"); $stmt->bind_param("ss", $_POST['username'], $_POST['password']); $stmt->execute(); $res = $stmt->get_result(); $count = mysqli_num_rows($res); if($count == 1) { // session_register("myusername"); $_SESSION['login_user'] = $_POST['username']; echo "Login Succcess"; //header("location: index.php"); }else { echo "Your Login Name or Password is invalid"; } }
Hello, for some reason I am unable to get the following code to work: Code: [Select] <?php echo "<h1>Login</h1>"; if ($_SESSION['uid']) { echo " You are already logged in, if you wish to log out, please <a href=\"./logout.php\">click here</a>!\n"; } else { if (!$_POST['submit']) { echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n"; echo "<form method=\"post\" action=\"./login.php\">\n"; echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n"; echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n"; echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\"Login\"></td></tr>\n"; echo "</form></table>\n"; }else { $user = addslashes(strip_tags(($_POST['username']))); $pass = addslashes(strip_tags($_POST['password'])); if($user && $pass){ $sql = "SELECT id FROM `users` WHERE `username`='".$user."'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) > 0){ $sql2 = "SELECT id FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'"; $res2 = mysql_query($sql2) or die(mysql_error()); if(mysql_num_rows($res2) > 0){ $query = mysql_query("SELECT locked FROM `users` WHERE `username`='".$user."'"); $row2 = mysql_fetch_assoc($query); $locked = $row2['locked']; $query = mysql_query("SELECT active FROM `users` WHERE `username`='".$user."'"); $row3 = mysql_fetch_assoc($query); $active = $row3['active']; $query = mysql_query("SELECT email FROM `users` WHERE `username`='".$user."'"); $row3 = mysql_fetch_assoc($query); $email = $row3['email']; if ($active ==1){ if ($locked == 0){ $date = date("j")."<sup>".date("S")."</sup> ".date("F, Y"); mysql_query("UPDATE users SET last_login='$date' WHERE username='$user'"); $row = mysql_fetch_assoc($res2); $_SESSION['uid'] = $row['id']; $previous = $_COOKIE['prev_url']; echo " You have successfully logged in as " . $user . "<br><br><a href='" . $previous . "'>Click here</a> to go to the previous page.\n"; }else { echo "Your acount has been locked out due to a violation of the rules, if you think there has been a mistake please <a href='contact.php'>contact us</a>."; } } else { echo "You need to activate your account! Please check your email ($email)"; } }else { echo " Username and password combination are incorrect!\n"; } }else { echo " The username you supplied does not exist!\n"; } }else { echo " You must supply both the username and password field!\n"; } } } ?> It says that I have logged in successfully but the session is not created. You can find the script here and log in with the username "test" and the password "testing". I'm not sure what more information I should add. Thanks, Cameron Registration.php Code: [Select] <html> <head> <script type="text/javascript"> function a() { var x = document.login.username.value; var y = document.login.pass.value; if(x==""&& y=="") { alert("Please insert all message!"); return false; } if(x=="") { alert("Please insert an username!"); return false; } if(y=="") { alert("Please insert an password!"); return false; } } </script> </head> <?php session_start(); mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("cute") or die(mysql_error()); //session_start(); $username = $_POST['username']; $password = $_POST['pass']; if (isset($_POST["submit"])) { $log = "SELECT * FROM regis WHERE username = '$username'"; $login = mysql_query($log); $number = mysql_num_rows($login); if ($number == 0) { print "That user does not exist in our database. <a href=registration.php><input type='button' value='Register'></a>"; } if ($number > 0) { $_SESSION['is_logged_in'] = 1; } if(!isset($_SESSION['is_logged_in'])) { } else { echo "<meta http-equiv='refresh' content='0; url=form2.php'>"; } } else { ?> <body> <table border="0"> <form name="login" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" onsubmit="return a()"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td> <td><input type="text" name="username" maxlength="40"></td></tr> <tr><td>Password:</td> <td><input type="password" name="pass" maxlength="50"></td></tr> <tr><td><input type="submit" name="submit" value="Register"></a></td> <td><input type="submit" name="submit" value="Login"></td></tr> </form> </body> <?php } ?> </html> form2.php Code: [Select] <?php session_start(); if (!isset($_SESSION['is_logged_in'])) { header("Location:login.php"); die(); // just to make sure no scripts execute } ?> <?php mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("cute") or die(mysql_error()); $message=$_POST['message']; $n=$_POST['username']; if(isset($_POST['submit'])) //if submit button push has been detected { if(strlen($message)>1) { $message=strip_tags($message); $IP=$_SERVER["REMOTE_ADDR"]; //grabs poster's IP $checkforbanned="SELECT IP from ipbans where IP='$IP'"; $checkforbanned2=mysql_query($checkforbanned) or die("Could not check for banned IPS"); if(mysql_num_rows($checkforbanned2)>0) //IP is in the banned list { print "You IP is banned from posting."; } else { $thedate = date("U"); //grab date and time of the post $insertmessage="INSERT into chatmessages (name,IP,postime,message) values('$n','$IP','$thedate','$message')"; mysql_query($insertmessage) or die("Could not insert message"); } } } ?> <html> <head> <script type="text/javascript"> function addsmiley(code) { var pretext = document.smile.message.value; this.code = code; document.smile.message.value = pretext + code; } function a() { var x = document.smile.message.value; if(x=="") { alert("Please insert an message!"); return false; } } </script> <style type="text/css"> body{ background-color: #d8da3d } </style> </head> <body> <form name="smile" method="post" action="form2.php" onSubmit="return a()" > Your message:<br><textarea name='message' cols='40' rows='2'></textarea><br> <img src="smile.gif" alt=":)" onClick="addsmiley(':)')" style="cursor:pointer;border:0" /> <img src="blush.gif" alt=":)" onClick="addsmiley('*blush*')" style="cursor:pointer;border:0" /> <input type="hidden" name="username" value="<?php echo $n;?>"> <input type='submit' name='submit' value='Send' class='biasa' ></form> <br> <br> </body> </html> My problem is after i login it redirect to login page although im had put after login page its need to go to form2.php page may i know which problem because now only im learning session mysql_connect('', '', ''); mysql_select_db(''); if (isset($_POST['submit'])) { $user = mysql_real_escape_string($_POST['user']); $pass = mysql_real_escape_string($_POST['pass']); $sql = "SELECT id FROM login WHERE username = '$user' && `password` = MD5('$pass')"; if ($result = mysql_query($sql)) { if (mysql_num_rows($result)) { // $user & $pass are valid echo "You Logged In $user"; } else { // $user || $pass invalid echo "Invalid Login"; } } } I have this working code except I can't redirect to a thank you page when a new user registers. When they login it works without issue. I just don't know where or what to put for the registration part.
Here is my Code. Any help would be much appreciated.
<?php When I log in on my web-site it takes me to a php login-check page This is the error code that I am getting; Quote Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in D:\xampp\htdocs\login-check.php on line 26 This is the php code that i am using; Code: [Select] <?php $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="deliverpizza"; // Database name $tbl_name="customer, admin, staff"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_privelage.php"); } else { } ?> <?php session_start( ); include_once( dirname( __FILE__ )."/../inc/func/get_sth.php" ); include_once( _ABSPATH_."/inc/func/header.php" ); if ( $_GET["f"] == "login" ) { $adminuser = strtolower( strip_tags( trim( $_POST["adminuser"] ) ) ); $r_0 = strtolower( strip_tags( trim( $_SESSION["r"] ) ) ); $r_1 = strtolower( strip_tags( trim( $_POST["r"] ) ) ); if ( $r_0 == $r_1 ) { $result = mysql_query( "SELECT password FROM admin where adminuser='".$adminuser."'" ); $val = mysql_fetch_array( $result ); if ( !$val["password"] ) { $loginfail = 1; } else { if ( $val[password] === md5( $_POST["password"] ) ) { $_SESSION['admin'] = $adminuser; header( "Location: ./" ); exit( ); } $loginfail = 1; } } else { $loginfail = 2; } } $page_title = l( "Administration Login" )." | ".get_sitename( ); $smarty->assign( "page_title", $page_title ); $smarty->assign( "loginfail", $loginfail ); $smarty->display( "mgt/login.tpl" ); ?> i am new to curl .and i m trying to create create a script to log into yahoo and click the confermation link in emails. but i am stuck witht he login process only i made the code below . but still i cant make it work. the problem is yahoo is implementing a captcha challange for this kind of automated headers. do you have any idea ho to make it work again without alerting the captcha challange ? the header i caught through the livehttp header is as follows: Content-Length: 347 .tries=1&.src=ym&.md5=&.hash=&.js=&.last=&promo=&.intl=in&.bypass=&.partner=&.u=4ls6cr96lbs8e&.v=0&.challenge=W9w31pCrbdazCcY4mH41fVsyxwd8&.yplus=&.emailCode=&pkg=&stepid=&.ev=&hasMsgr=0&.chkP=Y&.done=http%3A%2F%2Fmail.yahoo.com&.pd=ym_ver%3D0%26c%3D%26ivt%3D%26sg%3D&pad=1&aad=1&login=myyahooid&passwd=mypassword&.persistent=y&.save=&passwd_raw= <?php $authUrl = "https: //login. yahoo . com/config/login?"; $userAgent = "Mozilla/5.0 (Windows NT 5.1; rv:2.0b11) Gecko/20100101 Firefox/4.0b11"; $referer = "http : // my . yahoo . com"; $login = "userid"; $password = "password"; $numPostData = 22; $cookieFileJar = "ycookie.txt"; $cookie = 0; $postData = ".tries=1&.src=ym&.md5=&.hash=&.js=&.last=&promo=&.intl=in&.bypass=&.partner=&.u=4ls6cr96lbs8e&.v=0&.challenge=W9w31pCrbdazCcY4mH41fVsyxwd8&.yplus=&.emailCode=&pkg=&stepid=&.ev=&hasMsgr=0&.chkP=Y&.done=http%3A%2F%2Fmail.yahoo.com&.pd=ym_ver%3D0%26c%3D%26ivt%3D%26sg%3D&pad=1&aad=1&login=$login&passwd=$password&.persistent=y&.save=&passwd_raw=" ; $ch = curl_init(); curl_setopt($ch, CURLOPT_USERAGENT, $userAgent); // Set the referrer curl_setopt($ch, CURLOPT_REFERER, $referer); // Set the authentication url curl_setopt($ch, CURLOPT_URL, $authUrl); // Set number of post fields curl_setopt($ch, CURLOPT_POST, $numPostData); //Set post data in key=value pair such as login=yourusername curl_setopt($ch, CURLOPT_POSTFIELDS, $numPostData); //Set filename for storing cookie information curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFileJar); //Set ffilename for checking the stored cookie information curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFileJar); //Set option for cookie curl_setopt($ch, CURLOPT_COOKIE, $cookie); //set this to output the result as string and not output directly ot browser curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); //set this value to 1 if you want to redirect to the url you provided as service url curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); //Set this option if you do not want to verify ssl curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); //set this option if you do not want to verify peer's certificate curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); //now execute the curl $res = curl_exec($ch); echo $res; //check if the username and password is valid if ((preg_match("/invalid/i", $res)) || (preg_match("/not yet taken/i", $res))) { echo "Invalid Login"; } else { //if CURLOPT_FOLLOWLOCATION is set to 1 then after logging in successfully user is directed to url that is specified as service url echo "Logged In"; } ?> then i have to work for clicking confermation links in mails. please suggest me some ways.i would be very grateful to you well basically im trying to do that the 'subject says. ive done my homework and had around 10 examples of using curl, but none of them worked in my case. this is the final code i'm using <?php $cookiefile = '/temp/cookies.txt'; #2 ways ive tried doing #$data = array('edit[username]' => 'REMOVED', 'edit[password]' => 'REMOVED', 'edit[submit]' => 'Login'); $data = array('username] => 'REMOVED', 'password' => 'REMOVED', 'submit' => 'Login'); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'http://pokerrpg.com'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiefile); curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiefile); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $data); curl_exec($ch); curl_setopt($ch, CURLOPT_URL, 'http://pokerrpg.com/furniture_store.php'); $contents = curl_exec($ch); $headers = curl_getinfo($ch); echo $contents; curl_close($ch); unlink($cookiefile); ?> im not sure about the cookie file, but i just made a txt file to that location. and empty txt file. hope it's fine. the page i'm trying is http://pokerrpg.com, you can even look the source code that both of these fields do exist. when i run it, the output is a login page without logging in, so it does not log in. Hello - I'm opening my website up to visitors for free, and trying to bypass a login screen to go straight into the data content that was appearing after a user logged in. I have an index.php file that included the following code at the beginning: <?php session_start(); include("database.php"); include("login.php"); include("/vservers/skyranks/db_connect.php"); ?> <?header("Cache-control: private"); ?> <html> I deleted the "include("login.php"); line, and was successful at bypassing the username and login screen. However, the page that is supposed to display the data content is incomplete. In fact, it only displays my company's logo. Any ideas as to why the data content is not showing up? Thank you for any help with this, as my php is quite novice at this point. Regards - Joe Hello everyone, When I submit my login form to go to my login page it goes to a white page and does not display an error. Code: [Select] <?php include("../secure/database.php"); if(!empty($_POST['loginsubmit'])){ if(!empty($_POST['email'])){ $email = securevar($_POST['email']); if(!empty($_POST['passconf'])){ $pass = securevar($_POST['passconf']); $q = "SELECT * FROM `accountinfo_db` WHERE `email` = '$email' AND `password` = '$pass'"; $res = mysql_query($q) or die(mysql_error()); $login = mysql_fetch_array($res); $id = $login['id']; $active = $login['active']; if($id>=1){ if($active==1){ $_SESSION['logged'] = $login['id']; $q = "UPDATE `accountinfo_db` SET `loggedtimes` = `loggedtimes`+'1' WHERE `id` = '$id'"; $res = mysql_query($q) or die(mysql_error()); $user = $login['username']; header("Location: ../mainframe.php?strmsg=Welcome Back $user"); }else{ header("Location: activate.php"); } }else{ header("Location: ../index.php?strmsg=Login Information Incorrect!"); } }else{ header("Location: ../index.php?strmsg=You did not enter a valid password!"); } }else{ header("Location: ../index.php?strmsg=You did not enter a valid email!"); } }else{ header("Location: ../index.php?strmsg=We are sorry but you are not allowed viewance of that directory!"); } ?> any help would be great. Brian Hi guys, I am making a bot which only scrapes the source code of the site AFTER logging into the site.The script to login is : Code: [Select] <?php $username="xxx"; $password="iwonttellyou"; $url="http://internet.com/login.php"; $cookie="cookie.txt"; $postdata = "name=".$username."&password=".$password; $ch = curl_init(); curl_setopt ($ch, CURLOPT_URL, $url); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"); curl_setopt ($ch, CURLOPT_TIMEOUT, 60); curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 0); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie); curl_setopt ($ch, CURLOPT_REFERER, $url); curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata); curl_setopt ($ch, CURLOPT_POST, 1); $result = curl_exec ($ch); echo $result; ?> I can see different SESSION ID's in cookie.txt everytime i compile this code, which makes me believe its working.However what next? How should i go to that site again, already logged in and scrape the data ? Some suggestions would be nice. I have a strange problem. When a guest visits my contact-user.php page, they get a message telling them the must login before viewing the page. After the guest logs in, they view the same page and it tells them they have to login again (keeps on looping). But if they manually refresh that page with the "you must be logged in" message, it recognizes the login and lets them in. How can I get this page to immediately recognize that the user is logged in and not require them to refresh the page manually? Here is my code for contact-user.php <?php session_start(); header("Cache-Control: private, max-age=10800, pre-check=10800"); header("Pragma: private"); header("Expires: " . date(DATE_RFC822,strtotime("+2 day"))); include("connection.php"); mysql_select_db("database"); if (isset($_SESSION['username'])) { ******** MY HTML PAGE CONTENT ******** } else { echo "<meta http-equiv='REFRESH' content='2;url=http://www.mysite.com/login.php'> <center><font color='#EE0000'><p>You must be logged in before negotiating. You will now be redirect to the login page.</p></font></center>"; } ?> Here is my code for login.php script: <?php include("connection.php"); mysql_select_db("database"); session_start(); if(isset($_POST['login'])){ $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $tUnixTime = time(); $sGMTMySqlString = gmdate("Y-m-d H:i:s", $tUnixTime); if (!$username || !$password) { print "Please fill out all fields."; exit; } $logres = mysql_num_rows(mysql_query("SELECT * FROM members WHERE username = '$username' and password = '$password'")); if ($logres <= 0) { print "Login failed. If you have not already, please signup. Otherwise, check your spelling and login again."; exit; } else { $_SESSION['username'] = $username; if (isset($_SESSION)) { echo'You are now logging in'; mysql_query("UPDATE members SET activity = '$sGMTMySqlString' WHERE username = '$username'"); } else { echo "You are not logged in!"; } echo'<html><head><meta http-equiv="REFRESH" content="1;url=http://www.mysite.com/members/' . $_SESSION['username'] . '/"></head><body></body></html>'; exit; } } ?> Hi, For about a month, I have been trying to figure out why my code will not return anything after posting a wwwForm (I have also tried the newer equivalent of this function but I had no luck with that either.) The nameField and passwordField are taken from text boxes within the game and the code used in my login script is copied and pasted from a Register script but I have changed the file location to the login.php file. The register script works fine and I can add new users to my database but the login script only outputs "Form Sent." and not the "present" that should return when the form is returned and it never gets any further than that point meaning that it lets the user through with no consequence if they use an invalid name because the script never returns an answer. What should I do to fix this? Thanks, Unity Code: using System.Collections; using UnityEngine; using UnityEngine.UI; using UnityEngine.Networking; public class Login : MonoBehaviour { public InputField nameField; public InputField passwordField; public Button acceptSubmissionButton; public void CallLogInCoroutine() { StartCoroutine(LogIn()); } IEnumerator LogIn() { WWWForm form = new WWWForm(); form.AddField("username", nameField.text); form.AddField("password", passwordField.text); WWW www = new WWW("http://localhost/sqlconnect/login.php", form); Debug.Log("Form Sent."); yield return www; Debug.Log("Present"); if (www.text[0] == '0') { Debug.Log("Present2"); DatabaseManager.username = nameField.text; DatabaseManager.score = int.Parse(www.text.Split('\t')[1]); Debug.Log("Log In Success."); } else { Debug.Log("User Login Failed. Error #" + www.text); } } public void Validation() { acceptSubmissionButton.interactable = nameField.text.Length >= 7 && passwordField.text.Length >= 8; } } login.php: <?php echo "Test String2"; $con = mysqli_connect('localhost', 'root', 'root', 'computer science coursework'); // check for successful connection. if (mysqli_connect_errno()) { echo "1: Connection failed"; // Error code #1 - connection failed. exit(); } $username = mysqli_escape_string($con, $_POST["username"]); $usernameClean = filter_var($username, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH); $password = $_POST["password"]; if($username != $usernameClean) { echo "7: Illegal Username, Potential SQL Injection Query. Access Denied."; exit(); } // check for if the name already exists. $namecheckquery = "SELECT username, salt, hash, score FROM players WHERE username='" . $usernameClean . "';"; $namecheck = mysqli_query($con, $namecheckquery) or die("2: Name check query failed"); // Error code # 2 - name check query failed. if (mysqli_num_rows($namecheck) != 1) { echo "5: No User With Your Log In Details Were Found Or More Than One User With Your Log In Details Were Found"; // Error code #5 - other than 1 user found with login details exit(); } // get login info from query $existinginfo = mysqli_fetch_assoc($namecheck); $salt = $existinginfo["salt"]; $hash = $existinginfo["hash"]; $loginhash = crypt($password, $salt); if ($hash != $loginhash) { echo "6: Incorrect Password"; // error code #6 - password does not hash to match table exit; } echo "Test String2"; echo"0\t" . $existinginfo["score"]; ?>
hi i need help an idea how can i separate members from admins since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 ) (its session login form only that i made it work other tutorials wre too old or something) how what i want to do is separate members and admins because admin need more rights to do now i have idea but dont know will it work like that what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work? and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag? Hi guys. What I want to create is really complicated. Well I have a login system that works with post on an external website. I have my own website, but they do not give me access to the database for security reasons, therefore I have to use their login system to verify my users. What their website does is that it has a post, with username and password. The POST website is lets say "https://www.example.com/login". If login is achieved (i.e. username and password are correct), it will redirect me to "https://www.example.com/login/success" else it will redirect me to "https://www.example.com/login/retry". So I want a PHP script that will do that post, and then according to the redirected website address it will return me TRUE for success, FALSE for not successful login. Any idea?? Thanks |