|
PHP - Login To Carry The User_id
Hello,
I've been racking my brains (and spending sleepless nights) trying to get a login system to work by where the member will insert their email address as [username] and password (already stored in the DB) - then the page to divert to an administration panel with their User_id for them to only edit their information. The Code I have so far..... The login_form.php Code: [Select] <?php //Start session session_start(); //Unset the variables stored in session unset($_SESSION['SESS_CLIENT_EMAIL']); unset($_SESSION['SESS_MAIN_ID']); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>Client Admin Panel</title> <link href="style.css" rel="stylesheet" type="text/css" media="screen" /> </head> <body> <div id="wrapper"> <div id="header"> <h1>CLIENT LOGIN</h1> <h2>CLIENT ADMINISTRATION PANEL</h2> version 2.10 </div> <div id="menu"> </div> <div id="content"> <div id="right"> <div class="post"> <h2>CLIENT ADMINISTRATION PANEL - CLIENT LOGIN</h2><br /> <h3><span class="err"><strong><font color="#800000">PLEASE LOGIN</font></strong></span></h3><form id="loginForm" name="loginForm" method="post" action="login-exec.php"> <table width="315" border="0" align="center" cellpadding="2" cellspacing="0"> <tr> <td width="150"><b>Email Address:</b></td> <td width="157"><input name="login" type="text" class="textfield" id="client_email" /></td> </tr> <tr> <td><b>Secret Word:</b></td> <td><input name="password" type="password" class="textfield" id="client_password" /></td> </tr> <tr bgcolor='#f1f1f1'> <td> </td> <td><input type="submit" name="Submit" value="Login" /></td> </tr> <tr> <td colspan="2"><hr /></td> </tr> <tr> <td><b>Forgot SecretWord?:</b></td> <td><font face='tahoma, arial, helvetica' size='2' ><a href='forgot-password.php'>Click Here</a></font></td> </tr> <tr> <td colspan="2"><hr /></td> </tr> <tr> <td><b>New Client?:</b></td> <td><font face='tahoma, arial, helvetica' size='2' ><a href='../dhsite/webpages/reg_1.php'> Register Here</a></font></td> </tr> </table> <br /> </form></p> </div> </div> </div> <div id="footer"> <p class="copyright">Copyright © *****************</p> </div> </div> </body> </html> And the handler: login_exec.php Code: [Select] <?php //Start session session_start(); $_SESSION['var'] = $val; //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $client_email = clean($_POST['login']); $client_password = clean($_POST['password']); //Input Validations if($client_email == '') { $errmsg_arr[] = 'Email Address missing'; $errflag = true; } if($client_password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT client_email, client_password, main_id FROM users WHERE client_email='$client_email' AND client_password='$client_password'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_CLIENT_EMAIL'] = $member['client_email']; $_SESSION['SESS_MAIN_ID'] = $member['main_id']; session_write_close(); header("Location: test_admin_panel.php?user_id=".$main_id.""); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> Any help would be VERY much appreciated!! Similar TutorialsHey Guys, A very noob question...Here it goes: I want to update the field user_id on my database table, there a lot of rows that the user_id is the same... "testID", I just want to update only ONCE. mysql_query("UPDATE `users` SET status = '$StatusCheck' WHERE user_id = 'testID'"); Right now it's updating ALL the rows that have the user_id "testID". I just want to update only one. Any ideas? Thanks in advance! Cheers! Heres my code: <?php include_once("db_connect.php"); if(isset($_COOKIE['user'])) { //get who to steal from $from = mysql_real_escape_string($_GET['from']); //check if they selected someone if(!$from) { echo "You haven't selected a user to steal from!"; } else { if(!$_POST['amount']) { echo "Amount to steal from ". $from .": <form action='steal.php' method='POST'> <input type='text' name='amount'><input type='submit' value='Steal'></form>"; } else { //grab the other users money $grab_other = mysql_query("SELECT money FROM users WHERE username = '$from'"); //extract $extract = mysql_fetch_assoc($grab_other); //check if the user is valid if(mysql_num_rows($grab_other) == 0) { } elseif($extract['money'] == $_POST['amount']) { $one = rand(1, $_POST['amount']); $two = rand(1, $_POST['amount']); //if they successfully stole if($one == $two) { echo "You've successfully stole from ". $from ."! $". $_POST['amount'] ." has been added to your account!"; } } else { echo "They don't have enough money!"; } } } } else { echo "You must be logged in before you can do this! <a href='index.php'>Home</a>"; } ?> $from (which is a GET) is who the user wish to steal from. How do I carry that over? If they go he http://composedscripts.zxq.net/money_game/steal.php?from=Justin - And they enter in an amount, it will forget $from and say they haven't entered in a user to steal from. How do I stop this from happening? Hi,
I have a page that carries through cookies and displays a different image/banner depending on the cookies. The URLs look something like: http://www.website.c...gent=agent-name
I now have a page with an iFrame on displaying the URL: http://www.website.c...gent=agent-name
If I access http://www.website.c...gent=agent-name normally, they cookies carry through and the banner shows, but it doesn't if I access it through the iFrame.
Is there a way of carrying the cookies into the iFrame?
Also the URL that the iFrame is on is different to the content of the page inside the iFrame.
Thanks!
In the PHP script I'm using, in the Upload Form the user selects an image to Upload, the Form renames it like so:
$allowedExts = array("gif", "jpeg", "jpg", "pdf", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = strtolower( end($temp) );
if (!in_array($extension,$allowedExts))
{
echo ("Error - Invalid File Name");
}
$length = 20;
$randomString = (time());
$thumbnail = $randomString . "." . $extension;
The random string works successfully, but I'd like to add the user_id to the beginning of it and a dash, like this:
user_id -
So, the new file name would be something like: user_id-randomString.extension
Can you please help me add that?
Hi guys, why am i getting this error: Illegal string offset 'user_id' but when echo $value it brings the correct output. Thanks
$user_id = 5;
$user_name = "obodo";
$_SESSION['test'] = array('user_id' => $user_id, 'user_name' => $user_name);
foreach( $_SESSION['test'] as $value )
{
echo $value['user_id']; //give error
/* echo $value //works */
}
Hello all...fairly new to this php/mysql thing... working on my final project thats due in about 24 hours... and i hit a rut... im making a pretty basic, online classifieds site. users can sign up, login, post new listings and view others listings by clicking on different categories. the problem i am having right now is this...When the user clicks on "My listings" i need it to pull only the listings that were created by that users user_id, which is the primary key in my user_info table...my professor suggested storing it in hidden field through the login submit button...very confused and frustrated... any help is much appreciated... There is something wrong with my statement it is not returning sql queries results based on matching the url based based userid to match with the table user_id and get the Ablum id and Album name: Please hlep: Code: [Select] if(isset($_GET['userid'])) { $db =& JFactory::getDBO(); $user =& JFactory::getUser(); $id = $user->id; $album_id = $_GET['userid']; $query = 'SELECT user_id, id, format_id, year, name FROM #__muscol_albums WHERE user_id = ' . $album_id; //$query = 'SELECT user_id FROM #__muscol_albums WHERE id = ' . $album_id ; $result = mysql_query($query) or die('Error, No Album Search failed'); list($name, $user_id, $id, $year) = mysql_fetch_array($result); echo $id; //exit; } hi i need help an idea how can i separate members from admins since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 ) (its session login form only that i made it work other tutorials wre too old or something) how what i want to do is separate members and admins because admin need more rights to do now i have idea but dont know will it work like that what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work? and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag? Hello guys, Is there on web any updated tutorial on how can I add Facebook login on my simple php login script? Hi guys. What I want to create is really complicated. Well I have a login system that works with post on an external website. I have my own website, but they do not give me access to the database for security reasons, therefore I have to use their login system to verify my users. What their website does is that it has a post, with username and password. The POST website is lets say "https://www.example.com/login". If login is achieved (i.e. username and password are correct), it will redirect me to "https://www.example.com/login/success" else it will redirect me to "https://www.example.com/login/retry". So I want a PHP script that will do that post, and then according to the redirected website address it will return me TRUE for success, FALSE for not successful login. Any idea?? Thanks How to add the ability to login with username or email for login?
<?php
ob_start();
include('../header.php');
include_once("../db_connect.php");
session_start();
if(isset($_SESSION['user_id'])!="") {
header("Location: ../dashboard");
}
if (isset($_POST['login'])) {
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$result = mysqli_query($conn, "SELECT * FROM users WHERE email = '" . $email. "' and pass = '" . md5($password). "'");
if ($row = mysqli_fetch_array($result)) {
$_SESSION['user_id'] = $row['uid'];
$_SESSION['user_name'] = $row['user'];
$_SESSION['user_email'] = $row['email'];
header("Location: ../dashboard");
} else {
$error_message = "Incorrect Email or Password!!!";
}
}
?>
Hi guys, Can anyone assist me. I am trying to create a login for admin and user (if user not a member click register link) below is my code: But whenever I enter the value as: Username: admin Password:123 - I got an error message "That user does not exist!" Any suggestion and help would be appreciated. Thanks. login.php <?php //Assigned varibale $error_msg as empty //$error_msg = ""; session_start(); $error_msg = ""; if (isset($_POST['submit'])) { if ($a_username = "admin" && $a_password = "123") { //Define $_POST from form text feilds $username = $_POST['username']; $password = $_POST['password']; //Add some stripslashes $username = stripslashes($username); $password = stripslashes($password); //Check if usernmae and password is good, if it is it will start session if ($username == $a_username && $password == $a_password) { session_start(); $_SESSION['session_logged'] = 'true'; $_SESSION['session_username'] = $username; //Redirect to admin page header("Location: admin_area.php"); } } $username = (isset($_POST['username'])) ? $_POST['username'] : ''; $password = (isset($_POST['password'])) ? $_POST['password'] : ''; if($username && $password) { $connect = mysql_connect("localhost", "root", "") or die ("Couldn't connect!"); mysql_select_db("friendsdb") or die ("Couldn't find the DB"); $query = mysql_query ("SELECT * FROM `user` WHERE username = '$username'"); $numrows = mysql_num_rows($query); if ($numrows != 0){ while ($row = mysql_fetch_array($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } //Check to see if they are match! if ($username == $dbusername && md5($password) == $dbpassword) { header ("Location: user_area.php"); $_SESSION['username'] = $username; } else $error_msg = "Incorrect password!"; //code of login }else $error_msg = "That user does not exist!"; //echo $numrows; } else $error_msg = "Please enter a username and password!"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login Page</title> </head> <body> <br /> <?php require "header.php"; ?><br /> <div align="center"> <table width="200" border="1"> <?php // If $error_msg not equal to emtpy then display error message if($error_msg!="") echo "<div id=\"error_message\"style=\"color:red; \">$error_msg</div><br />";?> <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post"> <!--form action="login_a.php" method="post"--> Username: <input type="text" name="username" /><br /><br /> Password: <input type="password" name="password" /><br /><br /> <input type="submit" name = "submit" value="Log in" /> </form> <p> </p> Register a <a href="register.php">New User</a> </table> </div> </body> </html> Hi everyone i wonder if you can help me he I need a script for a login and check login- create cookie. Here is my form: <form method="post" action="check_login.php"> <p> <input type="submit" name="Submit2" value="go" /> </fieldset> </p> </form> that sends it to check_login (which BEFORE i deleted something by accident, used to take me to a username and password box) But now all it does is send me straight to the memebrs area??? Can i change the check_login.php script to make it work correctly: Code: [Select] <?php // Connects to your Database mysql_connect("server", "user", "password") or die(mysql_error()); mysql_select_db("DB") or die(mysql_error()); //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['upassword']) { } else { header("Location: members_area.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['upassword']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['upassword'] = stripslashes($_POST['upassword']); $info['upassword'] = stripslashes($info['upassword']); $_POST['upassword'] = md5($_POST['upassword']); //gives error if the password is wrong if ($_POST['upassword'] != $info['upassword']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['upassword'], $hour); //then redirect them to the members area header("Location: members_area.php"); } } } else { // if they are not logged in ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table width="316" height="120" border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="upassword" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> Hello, I am once again desperately asking for your help, I am working on a simple login page and I am having trouble actually getting it to login. I display error messages for if the user doesn't enter anything but I can't seem to get it to work for if the credentials are wrong. It logs the user in whether the information is right or not and i dont even know what to do now
This is the code any suggestions would be greatly appreciated
<?php
/*
Name: Deanna Slotegraaf
Course Code: WEBD3201
Date: 2020-09-22
*/
$file = "sign-in.php";
$date = "2020-09-22";
$title = "WEBD3201 Login Page";
$description = "This page was created for WEBD3201 as a login page for a real estate website";
$banner = "Login Page";
require 'header.php';
$error = "";
if($_SERVER["REQUEST_METHOD"] == "GET")
{
$username = "";
$password = "";
$lastaccess = "";
$error = "";
$result = "";
$validUser = "";
}
else if($_SERVER["REQUEST_METHOD"] == "POST")
{
$conn;
$username = trim($_POST['username']); //Remove trailing white space
$password = trim($_POST['password']); //Remove trailing white space
if (!isset($username) || $username == "") {
$error .= "<br/>Username is required";
}
if (!isset($password) || $password == ""){
$error .= "<br/>Password is required";
}
if ($error == "") {
$password = md5($password);
$query = "SELECT * FROM users WHERE EmailAddress='$username' AND Password='$password'";
$results = pg_query($conn, $query);
//$_SESSION['username'] = $username;
//$_SESSION['success'] = "You are now logged in";
header('location: dashboard.php');
}else {
$error .= "Username and/or Password is incorrect";
}
}
?>
<div class = "form-signin">
<?php
echo "<h2 style='color:red; font-size:20px'>".$error."</h2>";
?>
<form action = "<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<label for="uname"><b>Login ID</b></label>
<input type="text" name="username" value="<?php echo $username; ?>"/>
<br/>
<label for="psw"><b>Password</b></label>
<input type="password" name="password" value="<?php echo $password; ?>"/>
<br/>
<button type="submit" name="login_user">Login</button>
<button type="reset">Reset</button></div>
</form>
</div>
<?php require "footer.php"; ?>
<?php
/*** begin the session ***/
session_start();
if(!isset($_SESSION['user_id']))
{
$message = 'You must be logged in to access this page';
}
else
{
try
{
/*** connect to database ***/
/*** mysql hostname ***/
$mysql_hostname = 'localhost';
/*** mysql username ***/
$mysql_username = 'root';
/*** mysql password ***/
$mysql_password = 'root';
/*** database name ***/
$mysql_dbname = 'login';
/*** select the users name from the database ***/
$dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password);
/*** $message = a message saying we have connected ***/
/*** set the error mode to excptions ***/
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
/*** prepare the insert ***/
$stmt = $dbh->prepare("SELECT phpro_username FROM phpro_users
WHERE phpro_user_id = :phpro_user_id");
/*** bind the parameters ***/
$stmt->bindParam(':phpro_user_id', $_SESSION['user_id'], PDO::PARAM_INT);
/*** execute the prepared statement ***/
$stmt->execute();
/*** check for a result ***/
$phpro_username = $stmt->fetchColumn();
/*** if we have no something is wrong ***/
if($phpro_username == false)
{
$message = 'Access Error';
}
else
{
$message = 'Welcome '.$phpro_username;
}
}
catch (Exception $e)
{
/*** Error!! ***/
$message = 'We are unable to process your request. Please try again later"';
}
}
?>
<html>
<head>
<title>My Account</title>
<link rel="stylesheet" type="text/css" href="css/main.css" />
</head>
<body>
<h3><?php echo $message; ?></h3>
</body>
</html>
members.php
<html> <head> <title>Log in</title> </head> <body> <h2>Login Here</h2> <form action="login_submit.php" method="post"> <fieldset> <p> <label for="phpro_username">Username</label> <input type="text" id="phpro_username" name="phpro_username" value="" maxlength="20" /> </p> <p> <label for="phpro_password">Password</label> <input type="text" id="phpro_password" name="phpro_password" value="" maxlength="20" /> </p> <p> <input type="submit" value="Login" /> </p> </fieldset> </form> </body> </html>login.php
<?php
/*** begin our session ***/
session_start();
/*** check if the users is already logged in ***/
if(isset( $_SESSION['user_id'] ))
{
$message = 'Users is already logged in';
}
/*** check that both the username, password have been submitted ***/
if(!isset( $_POST['phpro_username'], $_POST['phpro_password']))
{
$message = 'Please enter a valid username and password';
}
/*** check the username is the correct length ***/
elseif (strlen( $_POST['phpro_username']) > 20 || strlen($_POST['phpro_username']) < 4)
{
$message = 'Incorrect Length for Username';
}
/*** check the password is the correct length ***/
elseif (strlen( $_POST['phpro_password']) > 20 || strlen($_POST['phpro_password']) < 4)
{
$message = 'Incorrect Length for Password';
}
/*** check the username has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['phpro_username']) != true)
{
/*** if there is no match ***/
$message = "Username must be alpha numeric";
}
/*** check the password has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['phpro_password']) != true)
{
/*** if there is no match ***/
$message = "Password must be alpha numeric";
}
else
{
/*** if we are here the data is valid and we can insert it into database ***/
$phpro_username = filter_var($_POST['phpro_username'], FILTER_SANITIZE_STRING);
$phpro_password = filter_var($_POST['phpro_password'], FILTER_SANITIZE_STRING);
/*** now we can encrypt the password ***/
$phpro_password = sha1( $phpro_password );
/*** connect to database ***/
/*** mysql hostname ***/
$mysql_hostname = 'localhost';
/*** mysql username ***/
$mysql_username = 'root';
/*** mysql password ***/
$mysql_password = 'root';
/*** database name ***/
$mysql_dbname = 'login';
try
{
$dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password);
/*** $message = a message saying we have connected ***/
/*** set the error mode to excptions ***/
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
/*** prepare the select statement ***/
$stmt = $dbh->prepare("SELECT phpro_user_id, phpro_username, phpro_password FROM phpro_users
WHERE phpro_username = :phpro_username AND phpro_password = :phpro_password");
/*** bind the parameters ***/
$stmt->bindParam(':phpro_username', $phpro_username, PDO::PARAM_STR);
$stmt->bindParam(':phpro_password', $phpro_password, PDO::PARAM_STR, 40);
/*** execute the prepared statement ***/
$stmt->execute();
/*** check for a result ***/
$user_id = $stmt->fetchColumn();
/*** if we have no result then fail boat ***/
if($user_id == false)
{
$message = 'Login Failed';
}
/*** if we do have a result, all is well ***/
else
{
/*** set the session user_id variable ***/
$_SESSION['user_id'] = $user_id;
/*** tell the user we are logged in ***/
$message = 'You are now logged in';
}
}
catch(Exception $e)
{
/*** if we are here, something has gone wrong with the database ***/
$message = 'We are unable to process your request. Please try again later"';
}
}
?>
<html>
<head>
</head>
<body>
<p><?php echo $message; ?>
</body>
</html>
login_sumbit.php
I am unable to see the
$message = 'Welcome '.$phpro_username;
that the successful login should be generating
I am trying to change my web site to user only to public view. I still need users to be able to log in so they can edit things. I did a quick fix to allow everyone to view things by removing the ! from the sessions. How ever with that when i try to log in it just loops to login.php. There are links on the page that only admins will be able to see. Here is my session with the removed !. Code: [Select] <?php session_start(); if($_SESSION['login']){ $_SESSION['rank']; $_SESSION['loggedinusername'] = $loggedinusername; $_SESSION['loggedinuseremail'] = $loggedinuseremail; header("location:login.php"); } $rank=$_SESSION['rank']; $loggedinusername=$_SESSION['loggedinusername']; $loggedinuseremail=$_SESSION['loggedinuseremail']; ?> How would i got about allowing eveyone to see this page but the log in still work? If you need anymore code let me know Thank you I have a user database so members can log in to my site, what I want to do is when they first login, I want a message to pop up for them to confirm they have read something, but once they confirm it has been read I don't want it to pop up anymore after that, how would I do that? Thanks Hey Guys, Im trying to work on my login script after successfully doing my register script. The problem im having trouble is that when i login with false details, it still prompts me with 'You have logged in". Also if the user is not activated it should say "Account has not been activated." Could someone help me out. Thanks. Code: [Select] <?php include"database.php";?> <html> <head> <title>Login</title> </head> <body> <h1>Manager Login</h1> <form action="login.php" method="post"> <TABLE BORDER="0"> <TR> <TD>Email:</TD> <TD> <input type="text" name="email" size="20"> </TD> </TR> <TR> <TD>Password:</TD> <TD><INPUT TYPE="password" NAME="password" SIZE="20"></TD> </TR> </table> <P> <input type="submit" name="login" value="Login" /> </form> <?php session_start(); if (isset($_POST['login'])) { if (empty($_POST['email']) || empty($_POST['password'])) { $errors[] = "Please fill out all fields."; } $email = $_POST['email']; $password = $_POST['password']; $level = 'level'; $check = mysql_query("SELECT * FROM users WHERE email='".$email."' AND password='".$password."'"); if (mysql_num_rows($check)>=1) { $errors[] = "Wrong Details. Try Again."; } $check = mysql_query("SELECT * FROM users WHERE level='".$level."'"); if (mysql_num_rows($check)>=1) { if ($level == '0') { $errors[] = "Account has not been activated."; }} if (empty($errors)) { echo "You have logged in!"; } else { foreach($errors as $nErrors){ echo $nErrors . "<br>"; } } } ?> okay so i have a file called login.php but when you login it stay's on the same page... + i want it to go to a different page... so a user log's in from login.php and i want it to go to a new file called main.php i have some code below i was wondering if someone could help me separate the code to make it 2 pages... login.php Code: [Select] <?php include("include/session.php"); global $database; $config = $database->getConfigs(); ?> <html> <head> <link rel="stylesheet" href="include/style.css" type="text/css"> <title><?php echo $config['SITE_NAME']; ?> - Login Page</title> </head> <body> <div id="mainborder"> <tr> <td> <div class="image"> <p align="center"><a href="index.php"><img src="images/logo.gif" width="850" height="130"></a> <div class="sidebox"> </div> </div> <p align="left"> <table width="95%" class="topbar"> <tr> <td> <marquee scrollamount='3'>Welcome to pokemon RPG please report all bugs/errors to the site admin:) #Rate</marquee> </td> </tr> </table> <table width="100%" border="0" cellpadding="0" cellspacing="0"> </p> <tr> <td valign="top" width="150"> <div style="height:7px;"></div> <div class="headbox">Navigation</div> <a class="leftmenu" href="index.php">Home</a> <a class="leftmenu" href="login.php">Login</a> <a class="leftmenu" href="register.php">Register</a> <a class="leftmenu" href="#">About/FAQ</a> <a class="leftmenu" href="#">Forum</a> <a class="leftmenu" href="#">Chat Box</a><br> <br /> <td valign="top"> <table border="0" cellspacing="0" cellpadding="0" width="100%"> <tr> <td width="10"></td> <td valign="top" class="mainbox"> <div class="contentcontent"> </div> <div id="mainContent"> <table class="content"> <br /> <?php /** * User has already logged in, so display relavent links, including * a link to the admin center if the user is an administrator. */ if($session->logged_in){ echo "<h1>Logged In</h1>"; echo "Welcome <b>$session->username</b>, you are logged in. <br><br>" ."[<a href=\"userinfo.php?user=$session->username\">My Account</a>] " ."[<a href=\"useredit.php\">Edit Account</a>] "; if($session->isAdmin()){ echo "[<a href=\"admin/index.php\">Admin Center</a>] "; } echo "[<a href=\"process.php\">Logout</a>]"; } else{ ?> <?php /** * User not logged in, display the login form. * If user has already tried to login, but errors were * found, display the total number of errors. * If errors occurred, they will be displayed. */ if($form->num_errors > 0){ echo "<font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font>"; } ?> <div class="loginbox"> Member Login </div> <form action="process.php" method="POST" autocomplete="on"> <tr> <table class="contentcontent" align="left" border="0" cellspacing="0" cellpadding="3"> <tr><td>Username:</td><td><input type="text" name="user" maxlength="30" value="<?php echo $form->value("user"); ?>"></td><td><?php echo $form->error("user"); ?></td></tr> <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30" value="<?php echo $form->value("pass"); ?>"></td><td><?php echo $form->error("pass"); ?></td></tr> <tr><td colspan="2" align="left"><input type="checkbox" name="remember" <?php if($form->value("remember") != ""){ echo "checked"; } ?>> Remember me <input type="hidden" name="sublogin" value="1"> <input type="submit" value="Login"></td></tr> <tr><td colspan="2" align="left"><br><font size="2">[<a href="forgotpass.php">Forgot Password?</a>]</font></td><td align="right"></td></tr> </form> <table width="875"> <tr> <br /> <br /> <td width="902" height="20" colspan="2" align="center" class="maincontent"><br /><div class="contentcontent">This site is not affiliated with Nintendo, Creatures Ink, Gamefreak or any other organisation. Legal Info </br><?php } echo ""; include("include/view_active.php");?></div> </td> </tr> </table> </body> </html> process.php Code: [Select] <?php include("include/session.php"); class Process { /* Class constructor */ function Process(){ global $session; /* User submitted login form */ if(isset($_POST['sublogin'])){ $this->procLogin(); } /* User submitted registration form */ else if(isset($_POST['subjoin'])){ $this->procRegister(); } /* User submitted forgot password form */ else if(isset($_POST['subforgot'])){ $this->procForgotPass(); } /* User submitted edit account form */ else if(isset($_POST['subedit'])){ $this->procEditAccount(); } /** * The only other reason user should be directed here * is if he wants to logout, which means user is * logged in currently. */ else if($session->logged_in){ $this->procLogout(); } /** * Should not get here, which means user is viewing this page * by mistake and therefore is redirected. */ else{ header("Location: ".$config['WEB_ROOT'].$config['home_page']); } } /** * procLogin - Processes the user submitted login form, if errors * are found, the user is redirected to correct the information, * if not, the user is effectively logged in to the system. */ function procLogin(){ global $session, $form; /* Login attempt */ $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember'])); /* Login successful */ if($retval){ header("Location: ".$session->referrer); } /* Login failed */ else{ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ".$session->referrer); } } /** * procLogout - Simply attempts to log the user out of the system * given that there is no logout form to process. */ function procLogout(){ global $database, $session; $config = $database->getConfigs(); $retval = $session->logout(); header("Location: ".$config['WEB_ROOT'].$config['home_page']); } /** * procRegister - Processes the user submitted registration form, * if errors are found, the user is redirected to correct the * information, if not, the user is effectively registered with * the system and an email is (optionally) sent to the newly * created user. */ function procRegister(){ global $database, $session, $form; $config = $database->getConfigs(); /* Checks if registration is disabled */ if($config['ACCOUNT_ACTIVATION'] == 4){ $_SESSION['reguname'] = $_POST['user']; $_SESSION['regsuccess'] = 6; header("Location: ".$session->referrer); } /* Convert username to all lowercase (by option) */ if($config['ALL_LOWERCASE'] == 1){ $_POST['user'] = strtolower($_POST['user']); } /* Hidden form field captcha deisgned to catch out auto-fill spambots */ if (!empty($_POST['killbill'])) { $retval = 2; } else { /* Registration attempt */ $retval = $session->register($_POST['user'], $_POST['pass'], $_POST['conf_pass'], $_POST['email'], $_POST['conf_email']); } /* Registration Successful */ if($retval == 0){ $_SESSION['reguname'] = $_POST['user']; $_SESSION['regsuccess'] = 0; header("Location: ".$session->referrer); } /* E-mail Activation */ else if($retval == 3){ $_SESSION['reguname'] = $_POST['user']; $_SESSION['regsuccess'] = 3; header("Location: ".$session->referrer); } /* Admin Activation */ else if($retval == 4){ $_SESSION['reguname'] = $_POST['user']; $_SESSION['regsuccess'] = 4; header("Location: ".$session->referrer); } /* No Activation Needed but E-mail going out */ else if($retval == 5){ $_SESSION['reguname'] = $_POST['user']; $_SESSION['regsuccess'] = 5; header("Location: ".$session->referrer); } /* Error found with form */ else if($retval == 1){ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ".$session->referrer); } /* Registration attempt failed */ else if($retval == 2){ $_SESSION['reguname'] = $_POST['user']; $_SESSION['regsuccess'] = 2; header("Location: ".$session->referrer); } } /** * procForgotPass - Validates the given username then if * everything is fine, a new password is generated and * emailed to the address the user gave on sign up. */ function procForgotPass(){ global $database, $session, $mailer, $form; $config = $database->getConfigs(); /* Username error checking */ $subuser = $_POST['user']; $subemail = $_POST['email']; $field = "user"; //Use field name for username if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, "* Username not entered<br>"); } else{ /* Make sure username is in database */ $subuser = stripslashes($subuser); if(strlen($subuser) < $config['min_user_chars'] || strlen($subuser) > $config['max_user_chars'] || !preg_match("/^[a-z0-9]([0-9a-z_-])+$/i", $subuser) || (!$database->usernameTaken($subuser))){ $form->setError($field, "* Username does not exist<br>"); } else if ($database->checkUserEmailMatch($subuser, $subemail) == 0){ $form->setError($field, "* No Match<br>"); } } /* Errors exist, have user correct them */ if($form->num_errors > 0){ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); } /* Generate new password and email it to user */ else{ /* Generate new password */ $newpass = $session->generateRandStr(8); /* Get email of user */ $usrinf = $database->getUserInfo($subuser); $email = $usrinf['email']; /* Attempt to send the email with new password */ if($mailer->sendNewPass($subuser,$email,$newpass,$config)){ /* Email sent, update database */ $usersalt = $session->generateRandStr(8); $newpass = sha1($usersalt.$newpass); $database->updateUserField($subuser,"password",$newpass); $database->updateUserField($subuser,"usersalt",$usersalt); $_SESSION['forgotpass'] = true; } /* Email failure, do not change password */ else{ $_SESSION['forgotpass'] = false; } } header("Location: ".$session->referrer); } /** * procEditAccount - Attempts to edit the user's account * information, including the password, which must be verified * before a change is made. */ function procEditAccount(){ global $session, $form; /* Account edit attempt */ $retval = $session->editAccount($_POST['curpass'], $_POST['newpass'], $_POST['conf_newpass'], $_POST['email']); /* Account edit successful */ if($retval){ $_SESSION['useredit'] = true; header("Location: ".$session->referrer); } /* Error found with form */ else{ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ".$session->referrer); } } }; /* Initialize process */ $process = new Process; ?> Thankyou for your help in advance. Hello, I have found this forum very useful and i hope i will get some help from here. I am nill in php so if someone help i am thankful, I actually want to know how to add facebook login in php files.. I have 2 pages of sms script one is index.php where is form like name, number, textbox and captcha then send button.. and second file is send.php where has api to send sms. I have seen some sites there is button login with facebook after login there sms form shows and in name field there person name already written and field locked and in number field there we have to write number and text box, captcha.. without login sms form not showing... So how to do this can someone help me? if some one really want to help i can also give him sample of site where i have seen this and i need exact like this pm me for sample... |
|||||||