PHP - Need Help With Bad Login Erro Display

In follow up to my previous post, I have found a way to display my data but now I am wanting to only display certain data (within an 'if' statement). For example, if I login as a particular student and there is three sets of data in there e.g. MATH1023, ENG1003 and ENG1013 but I only want to display the student's MATH1023 data in a section, how do I do this? I know that I need to do some sort of an IF statement where 'crsecode=MATH1023' but for some reason I cannot get this to work without it pulling this along with the two English courses.

Here is my code:

Code: [Select]
<?php 
$db_host = "locahost"; 
$db_user = "dbuser"; 
$db_pass = "dbpassword"; 
$db_name = "dbconnection"; 
$dbac = mysql_connect($db_host,$db_user,$db_pass); 
mysql_select_db ($db_name) or die ("Cannot connect to database."); 

if (!$_POST['search']){ 
?>
<form name="Item Search" method="post" action="">
  Item Search:<br>
  <label>
  <input name="swords" type="text" size="30" maxlength="30">
  </label> 
  <br>
  <label>
  <input name="search" type="submit" id="search" value="Search">
  </label>
</form>
<?php 
}else{ 
$searchwords = addslashes(htmlspecialchars($_POST['swords'])); 
if (strlen($searchwords) < 2){ 
echo "Your search must contain at least 3 characters. Please try again.<br><input type=button value='Back' onClick='history.go(-1)'>"; 
}else{ 
$words = explode(' ',$searchwords); 
$totalwords = count($words); 
$i = 0; 
$searchstring = ""; 
while ($i != $totalwords){ 
if ($i != 0 and $i != $wordcount){ 
$searchstring .= " and ";; 
} 
$searchstring .= "cwid LIKE '%$words[$i]%'"; 
$i = $i + 1; 
} 
$query = mysql_query("SELECT DISTINCT * FROM transferdatafile where $searchstring"); 
if (mysql_num_rows($query) == 0){ 
echo "No results were found.<br><input type=button value='Back' onClick='history.go(-1)'>"; 
}else{ 
echo '<table border=1>'; 
while ($row = mysql_fetch_array($query)){ 
echo '<tr>'; 
  echo '<td>'.$row['firstname'].'</td>'; 
  echo '<td>'.$row['lastname'].'</td>'; 
  echo '<td>'.$row['subj'].'</td>'; 
  echo '<td>'.$row['course'].'</td>'; 
  echo '<td>'.$row['crsecode'].'</td>'; 
  echo '<td>'.$row['crsegrade'].'</td>'; 
  // etc 
  echo '</tr>'; 
   
}  
echo '</table>'; 
} 
} 
} 
?>
Here is the output that I currently get with this when all I want is MATH1023 to display for this particular student's ID (see attachment).

Anyone help?



[attachment deleted by admin]

after the user has logged in, I would like to display their details by barcode id


Login.php

<?php
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");



session_start();
// username and password sent from form
$barcodeID=$_POST['barcode'];



// To protect MySQL injection (more detail about MySQL injection)
$barcodeID = stripslashes($barcodeID);
$barcodeID = mysql_real_escape_string($barcodeID);


$sql="SELECT * FROM $tbl_name WHERE BarcodeID='$barcodeID'";


$result=mysql_query($sql);
     
$count=mysql_num_rows($result);

if($count > 0){
      $data = mysql_fetch_array ($result);
      
       $_SESSION["user_id"] = $data["BarcodeID"];
        $_SESSION["user_firstname"] = $data["Firstname"];
        $_SESSION["user_surname"] = $data["Surname"];
        $_SESSION["user_jobrole"] = $data["JobRole"];
        $_SESSION["user_manager"] = $data["Manager"];
        $_SESSION["user_priority"] = $data["Priority"];
        $_SESSION["user_datejoined"] = $data["DateJoined"];
        $_SESSION["user_times_loggged_in"] = $data["TimesLoggedOn"];

        if ($_SESSION["user_priority"] == '1')
        {
            header("Location: AdminSection.php");           
        }
        else
        {
            header("Location:LoggedIn.php");
      }      

      if ($_SESSION["user_times_loggged_in"] == '0')
      {
         
         header("Location:UsingTheSystem.html");
      }
}
         
?>



LoggedIn.php



I keep getting the error undefined index "barcode"?

<?php

$barcodeID = $_POST["barcode"];


include 'dbcon.php';

    $sql = "SELECT Firstname, Surname, JobRole, Manager"
        . " FROM users"
        . " WHERE BarcodeID = .'$barcodeID'" ;
    $rows = mysql_query($sql);
   
    echo $rows;
   
    ?>


Any help will be greatly appreciated


Thanks

Hello all, my first post after joining this very informative site, unfortunatly I was unable to find the answer to my simple yet frastrating dilemma.

I am in the process of building a website that will enable users to log-in through a dedicated loginU.php page, I have all of this working but I would like to display an error message on this page saying if the user has entered a wrong username/password, I have the message displaying on a blank white page, but I would like it to be displayed within the container I have created. the validation code is contained within a different login.php file.

At the moment I am using an iframe to display the messages, which I know is not the right way to do it, so am asking for a better way to do it. here is what I have so far:

loginU.php
Code: [Select]
<div id = "div-Login">
<form action="login.php"  method="POST" target="loginerror">
<center><h2>Login Here</h2> <p>
Username:  <input type="text" name="username"><p>
Password:  <input type="password" name="password"><p>
<input type="submit" name="submit" value="Login">
</center>
<a href="register.html"><pre>need to register? Click Here!</pre></a>
</form>

<iframe name="loginerror" style="border: 0px; width: 200px; height: 100px; overflow: hidden;" src="login.php"></iframe>
</div>

login.php
Code: [Select]
if ($username==$dbusername&&$enc_password==$dbpassword) //if the username & encrpyted password matches the records in the database
{
if($admin !=0) //if the admin flag is true
{
$_SESSION['level']='ADMIN';//admin is logging in
header ("Location: admin.php"); //the user is an admin, direct to admin page
}
else
header ("Location: index.php"); //user is a customer, direct user to index page
$_SESSION['username']=$dbusername; //set the session name to the database record username.
}
else
//$nopass='TRUE';
//header ("location: loginU.php");
echo "Incorrect Password, Please try again"; // if incorrect password
}
else
die ("That username doesn't exist"); // if user doesn't exist
}
else
die ("Please enter a username and password"); //if either field is empty

?>

hi

i need help an idea how can i separate members from admins
since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 )   (its session login form only that i made it work other tutorials wre too old or something)
how what i want to do is separate members and admins because admin need more rights to do
now i have idea but dont know will it work like that
what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work?
and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag?

Hello guys,

Is there on web any updated tutorial on how can I add Facebook login on my simple php login script?

Hi guys.

What I want to create is really complicated. Well I have a login system that works with post on an external website.
I have my own website, but they do not give me access to the database for security reasons, therefore I have to use their login system to verify my users.
What their website does is that it has a post, with username and password. The POST website is lets say "https://www.example.com/login".
 If login is achieved (i.e. username and password are correct), it will redirect me to "https://www.example.com/login/success" else it will redirect me to "https://www.example.com/login/retry".

So I want a PHP script that will do that post, and then according to the redirected website address it will return me TRUE for success, FALSE for not successful login.

Any idea??

Thanks

Hi guys,

Can anyone assist me. I am trying to create a login for admin and user (if user not a member click register link) below is my code: But whenever I enter the value as: Username: admin Password:123 - I got an error message "That user does not exist!"

Any suggestion and help would be appreciated.
Thanks.

login.php

<?php 

//Assigned varibale $error_msg as empty

//$error_msg = "";

session_start();

$error_msg = "";

if (isset($_POST['submit'])) {

if ($a_username = "admin" && $a_password = "123") 

{

//Define $_POST from form text feilds

$username = $_POST['username'];

$password = $_POST['password'];

//Add some stripslashes

$username = stripslashes($username);

$password = stripslashes($password);

//Check if usernmae and password is good, if it is it will start session

if ($username == $a_username && $password == $a_password)

{

session_start();

$_SESSION['session_logged'] = 'true';

$_SESSION['session_username'] = $username;

//Redirect to admin page

header("Location: admin_area.php");

}

}

$username = (isset($_POST['username'])) ? $_POST['username'] : ''; 

$password = (isset($_POST['password'])) ? $_POST['password'] : ''; 

if($username && $password) {

$connect = mysql_connect("localhost", "root", "") or die ("Couldn't connect!");

mysql_select_db("friendsdb") or die ("Couldn't find the DB");

$query = mysql_query ("SELECT * FROM `user` WHERE username = '$username'");

$numrows = mysql_num_rows($query);

if ($numrows != 0){

while ($row = mysql_fetch_array($query)) {

$dbusername = $row['username'];

$dbpassword = $row['password'];

}

//Check to see if they are match!

if ($username == $dbusername && md5($password) == $dbpassword) {

header ("Location: user_area.php");

$_SESSION['username'] = $username;

}

else

$error_msg = "Incorrect password!";

//code of login

}else

$error_msg = "That user does not exist!";

//echo $numrows;

}

else

$error_msg = "Please enter a username and password!";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Page</title>
</head>

<body>
<br />
<?php

require "header.php";
?><br />
<div align="center">
<table width="200" border="1">

<?php

// If $error_msg not equal to emtpy then display error message

if($error_msg!="") echo "<div id=\"error_message\"style=\"color:red; \">$error_msg</div><br />";?>

<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<!--form action="login_a.php" method="post"-->

Username: <input type="text" name="username" /><br /><br />

Password: <input type="password" name="password"  /><br /><br />

<input type="submit" name = "submit" value="Log in"  />
</form> <p> </p>

Register a <a href="register.php">New User</a>
</table>
</div>
</body>
</html>

How to add the ability to login with username or email for login?

 

<?php 
ob_start();
include('../header.php');
include_once("../db_connect.php");
session_start();
if(isset($_SESSION['user_id'])!="") {
	header("Location: ../dashboard");
}
if (isset($_POST['login'])) {
	$email = mysqli_real_escape_string($conn, $_POST['email']);
	$password = mysqli_real_escape_string($conn, $_POST['password']);
	$result = mysqli_query($conn, "SELECT * FROM users WHERE email = '" . $email. "' and pass = '" . md5($password). "'");
	if ($row = mysqli_fetch_array($result)) {
		$_SESSION['user_id'] = $row['uid'];
		$_SESSION['user_name'] = $row['user'];	
		$_SESSION['user_email'] = $row['email'];		
		header("Location: ../dashboard");
	} else {
		$error_message = "Incorrect Email or Password!!!";
	}
}
?>

 

Hello, I am once again desperately asking for your help,

I am working on a simple login page and I am having trouble actually getting it  to login. I display error messages for if the user doesn't enter anything but I can't seem to get it to work for if the credentials are wrong. It logs the user in whether the information is right or not and i dont even know what to do now

 

This is the code any suggestions would be greatly appreciated

<?php
    /*
    Name: Deanna Slotegraaf 
    Course Code: WEBD3201
    Date: 2020-09-22
    */

    $file = "sign-in.php";
    $date = "2020-09-22";
    $title = "WEBD3201 Login Page";
    $description = "This page was created for WEBD3201 as a login page for a real estate website";
    $banner = "Login Page";
    require 'header.php';

    $error = "";

    if($_SERVER["REQUEST_METHOD"] == "GET")
    {
        $username = "";
        $password = "";
        $lastaccess = "";        
        $error = "";
        $result = "";
        $validUser = "";
    }
    else if($_SERVER["REQUEST_METHOD"] == "POST")
    {        
    	$conn;
        $username = trim($_POST['username']); //Remove trailing white space
        $password = trim($_POST['password']); //Remove trailing white space

    if (!isset($username) || $username == "") {
      $error .= "<br/>Username is required";
    }
    if (!isset($password) || $password == ""){
      $error .= "<br/>Password is required";
    }
    if ($error == "") {
      $password = md5($password);
      $query = "SELECT * FROM users WHERE EmailAddress='$username' AND Password='$password'";
      $results = pg_query($conn, $query);
      //$_SESSION['username'] = $username;
        //$_SESSION['success'] = "You are now logged in";
        header('location: dashboard.php');
      }else {
        $error .= "Username and/or Password is incorrect";
      }

}

?>

<div class = "form-signin">
    <?php
             echo "<h2 style='color:red; font-size:20px'>".$error."</h2>";
    ?>
<form action = "<?php echo $_SERVER['PHP_SELF'];  ?>" method="post">

      <label for="uname"><b>Login ID</b></label>
      <input type="text" name="username" value="<?php echo $username; ?>"/>
      <br/>
      <label for="psw"><b>Password</b></label>
      <input type="password" name="password" value="<?php echo $password; ?>"/>
      <br/>
        <button type="submit" name="login_user">Login</button>
        <button type="reset">Reset</button></div>
</form>
</div>

<?php require "footer.php"; ?>

 

Hi everyone i wonder if you can help me he

I need a script for a login and check login- create cookie.

Here is my form:

<form method="post" action="check_login.php">
<p>
<input type="submit" name="Submit2" value="go" />
</fieldset>
</p>
</form>

that sends it to check_login (which BEFORE i deleted something by accident, used to take me to a username and password box)

But now all it does is send me straight to the memebrs area???


Can i change the check_login.php script to make it work correctly:

Code: [Select]
<?php 
// Connects to your Database 
mysql_connect("server", "user", "password") or die(mysql_error()); 
mysql_select_db("DB") or die(mysql_error()); 

//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page
{ 
$username = $_COOKIE['ID_my_site']; 
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check )) 
{
if ($pass != $info['upassword']) 
{
}
else
 {
header("Location: members_area.php");

  }
  }
 }

 //if the login form is submitted 
 if (isset($_POST['submit'])) { // if form has been submitted

 // makes sure they filled it in
  if(!$_POST['username'] | !$_POST['upassword']) {
  die('You did not fill in a required field.');
  }
  // checks it against the database

  if (!get_magic_quotes_gpc()) {
  $_POST['email'] = addslashes($_POST['email']);
  }
  $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

 //Gives error if user dosen't exist
 $check2 = mysql_num_rows($check);
 if ($check2 == 0) {
  die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
  }
 while($info = mysql_fetch_array( $check )) 
 {
 $_POST['upassword'] = stripslashes($_POST['upassword']);
  $info['upassword'] = stripslashes($info['upassword']);
  $_POST['upassword'] = md5($_POST['upassword']);

 //gives error if the password is wrong
  if ($_POST['upassword'] != $info['upassword']) {
  die('Incorrect password, please try again.');
  }
  else 
 { 
 
 // if login is ok then we add a cookie 
   $_POST['username'] = stripslashes($_POST['username']); 
   $hour = time() + 3600; 
 setcookie(ID_my_site, $_POST['username'], $hour); 
 setcookie(Key_my_site, $_POST['upassword'], $hour);  
 
 //then redirect them to the members area 
 header("Location: members_area.php"); 
 } 
 } 
 } 
 else 
{  
 
 // if they are not logged in 
?>
 <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
 <table width="316" height="120" border="0">
 <tr><td colspan=2><h1>Login</h1></td></tr>
 <tr><td>Username:</td><td>
 <input type="text" name="username" maxlength="40">
 </td></tr>
 <tr><td>Password:</td><td>
 <input type="password" name="upassword" maxlength="50">
 </td></tr>
 <tr><td colspan="2" align="right">
 <input type="submit" name="submit" value="Login">
 </td></tr>
 </table>
 </form>
<?php 
 } 
 
?>

okay so i have a file called login.php but when you login it stay's on the same page... + i want it to go to a different page... so a user log's in from login.php and i want it to go to a new file called main.php i have some code below i was wondering if someone could help me separate the code to make it 2 pages...


login.php
Code: [Select]
<?php

include("include/session.php");
global $database;
$config = $database->getConfigs();
?>

<html>
<head>
<link rel="stylesheet" href="include/style.css" type="text/css">
<title><?php echo $config['SITE_NAME']; ?> - Login Page</title>

</head>
<body>
<div id="mainborder">
<tr>

    <td>
    <div class="image">
      <p align="center"><a href="index.php"><img src="images/logo.gif" width="850" height="130"></a>
      <div class="sidebox">
      </div>
      </div>
      <p align="left">
     
           
      <table width="95%" class="topbar">

<tr>

<td>

<marquee scrollamount='3'>Welcome to pokemon RPG please report all bugs/errors to the site admin:) #Rate</marquee> </td>

</tr>

</table>

        <table width="100%" border="0" cellpadding="0" cellspacing="0">
      </p>
      <tr>

      <td valign="top" width="150">

    <div style="height:7px;"></div>


<div class="headbox">Navigation</div>
  <a class="leftmenu" href="index.php">Home</a>
  <a class="leftmenu" href="login.php">Login</a>
  <a class="leftmenu" href="register.php">Register</a>
  <a class="leftmenu" href="#">About/FAQ</a>
  <a class="leftmenu" href="#">Forum</a>
          <a class="leftmenu" href="#">Chat Box</a><br>


<br />

<td valign="top">

            <table border="0" cellspacing="0" cellpadding="0" width="100%">

              <tr>

                <td width="10"></td>

                <td valign="top" class="mainbox">
<div class="contentcontent">  </div>
<div id="mainContent">
<table class="content">
<br />


<?php
/**
 * User has already logged in, so display relavent links, including
 * a link to the admin center if the user is an administrator.
 */
if($session->logged_in){
   echo "<h1>Logged In</h1>";
   echo "Welcome <b>$session->username</b>, you are logged in. <br><br>"
       ."[<a href=\"userinfo.php?user=$session->username\">My Account</a>] &nbsp;&nbsp;"
       ."[<a href=\"useredit.php\">Edit Account</a>] &nbsp;&nbsp;";
   if($session->isAdmin()){
      echo "[<a href=\"admin/index.php\">Admin Center</a>] &nbsp;&nbsp;";
   }
   echo "[<a href=\"process.php\">Logout</a>]";
}
else{
?>


<?php
/**
 * User not logged in, display the login form.
 * If user has already tried to login, but errors were
 * found, display the total number of errors.
 * If errors occurred, they will be displayed.
 */
if($form->num_errors > 0){
   echo "<font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font>";
}
?>

<div class="loginbox">
Member Login
</div>
<form action="process.php" method="POST" autocomplete="on">
<tr>
<table class="contentcontent" align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="user" maxlength="30" value="<?php echo $form->value("user"); ?>"></td><td><?php echo $form->error("user"); ?></td></tr>
<tr><td>Password:</td><td><input type="password" name="pass" maxlength="30" value="<?php echo $form->value("pass"); ?>"></td><td><?php echo $form->error("pass"); ?></td></tr>
<tr><td colspan="2" align="left"><input type="checkbox" name="remember" <?php if($form->value("remember") != ""){ echo "checked"; } ?>>
Remember me &nbsp;&nbsp;&nbsp;&nbsp;
<input type="hidden" name="sublogin" value="1">
<input type="submit" value="Login"></td></tr>
<tr><td colspan="2" align="left"><br><font size="2">[<a href="forgotpass.php">Forgot Password?</a>]</font></td><td align="right"></td></tr>

</form>




<table width="875">



<tr>


<br />
<br />
    <td width="902" height="20" colspan="2" align="center" class="maincontent"><br /><div class="contentcontent">This site is not affiliated with Nintendo, Creatures Ink, Gamefreak or any other organisation. Legal Info
</br><?php }
echo "";
include("include/view_active.php");?></div>
    </td>
  </tr>
 
</table>



</body>
</html>

process.php
Code: [Select]
<?php

include("include/session.php");

class Process
{
   /* Class constructor */
   function Process(){
      global $session;
      /* User submitted login form */
      if(isset($_POST['sublogin'])){
         $this->procLogin();
      }
      /* User submitted registration form */
      else if(isset($_POST['subjoin'])){
         $this->procRegister();
      }
      /* User submitted forgot password form */
      else if(isset($_POST['subforgot'])){
         $this->procForgotPass();
      }
      /* User submitted edit account form */
      else if(isset($_POST['subedit'])){
         $this->procEditAccount();
      }
      /**
       * The only other reason user should be directed here
       * is if he wants to logout, which means user is
       * logged in currently.
       */
      else if($session->logged_in){
         $this->procLogout();
      }
      /**
       * Should not get here, which means user is viewing this page
       * by mistake and therefore is redirected.
       */
       else{
          header("Location: ".$config['WEB_ROOT'].$config['home_page']);
       }
   }

   /**
    * procLogin - Processes the user submitted login form, if errors
    * are found, the user is redirected to correct the information,
    * if not, the user is effectively logged in to the system.
    */
   function procLogin(){
      global $session, $form;
      /* Login attempt */
      $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember']));
      
      /* Login successful */
      if($retval){
         header("Location: ".$session->referrer);
      }
      /* Login failed */
      else{
         $_SESSION['value_array'] = $_POST;
         $_SESSION['error_array'] = $form->getErrorArray();
         header("Location: ".$session->referrer);
      }
   }
   
   /**
    * procLogout - Simply attempts to log the user out of the system
    * given that there is no logout form to process.
    */
   function procLogout(){
      global $database, $session;
      $config = $database->getConfigs();
      $retval = $session->logout();
      header("Location: ".$config['WEB_ROOT'].$config['home_page']);
   }
   
   /**
    * procRegister - Processes the user submitted registration form,
    * if errors are found, the user is redirected to correct the
    * information, if not, the user is effectively registered with
    * the system and an email is (optionally) sent to the newly
    * created user.
    */
   function procRegister(){
      global $database, $session, $form;
      $config = $database->getConfigs();
  
  /* Checks if registration is disabled */
  if($config['ACCOUNT_ACTIVATION'] == 4){
   $_SESSION['reguname'] = $_POST['user'];
        $_SESSION['regsuccess'] = 6;
header("Location: ".$session->referrer);
  }
  
      /* Convert username to all lowercase (by option) */
      if($config['ALL_LOWERCASE'] == 1){
         $_POST['user'] = strtolower($_POST['user']);
      }
      /* Hidden form field captcha deisgned to catch out auto-fill spambots */
      if (!empty($_POST['killbill'])) { $retval = 2; } else {
      /* Registration attempt */
      $retval = $session->register($_POST['user'], $_POST['pass'], $_POST['conf_pass'], $_POST['email'], $_POST['conf_email']);
      }
      
      /* Registration Successful */
      if($retval == 0){
         $_SESSION['reguname'] = $_POST['user'];
         $_SESSION['regsuccess'] = 0;
         header("Location: ".$session->referrer);
      }
      /* E-mail Activation */
      else if($retval == 3){
         $_SESSION['reguname'] = $_POST['user'];
         $_SESSION['regsuccess'] = 3;
         header("Location: ".$session->referrer);
      }
      /* Admin Activation */
      else if($retval == 4){
         $_SESSION['reguname'] = $_POST['user'];
         $_SESSION['regsuccess'] = 4;
         header("Location: ".$session->referrer);
      }
      /* No Activation Needed but E-mail going out */
      else if($retval == 5){
         $_SESSION['reguname'] = $_POST['user'];
         $_SESSION['regsuccess'] = 5;
         header("Location: ".$session->referrer);
      }
      /* Error found with form */
      else if($retval == 1){
         $_SESSION['value_array'] = $_POST;
         $_SESSION['error_array'] = $form->getErrorArray();
         header("Location: ".$session->referrer);
      }
      /* Registration attempt failed */
      else if($retval == 2){
         $_SESSION['reguname'] = $_POST['user'];
         $_SESSION['regsuccess'] = 2;
         header("Location: ".$session->referrer);
      }
   }
   
   /**
    * procForgotPass - Validates the given username then if
    * everything is fine, a new password is generated and
    * emailed to the address the user gave on sign up.
    */
   function procForgotPass(){
      global $database, $session, $mailer, $form;
      $config = $database->getConfigs();
      /* Username error checking */
      $subuser = $_POST['user'];
      $subemail = $_POST['email'];
      $field = "user";  //Use field name for username
      if(!$subuser || strlen($subuser = trim($subuser)) == 0){
         $form->setError($field, "* Username not entered<br>");
      }
      else{
         /* Make sure username is in database */
         $subuser = stripslashes($subuser);
         if(strlen($subuser) < $config['min_user_chars'] || strlen($subuser) > $config['max_user_chars'] ||    
            !preg_match("/^[a-z0-9]([0-9a-z_-])+$/i", $subuser) ||
            (!$database->usernameTaken($subuser))){
            $form->setError($field, "* Username does not exist<br>");
          } 
          else if ($database->checkUserEmailMatch($subuser, $subemail) == 0){
           $form->setError($field, "* No Match<br>");
       }
      }
      
      /* Errors exist, have user correct them */
      if($form->num_errors > 0){
         $_SESSION['value_array'] = $_POST;
         $_SESSION['error_array'] = $form->getErrorArray();
      }
      /* Generate new password and email it to user */
      else{
         /* Generate new password */
         $newpass = $session->generateRandStr(8);
         
         /* Get email of user */
         $usrinf = $database->getUserInfo($subuser);
         $email  = $usrinf['email'];
         
         /* Attempt to send the email with new password */
         if($mailer->sendNewPass($subuser,$email,$newpass,$config)){
            /* Email sent, update database */
            $usersalt = $session->generateRandStr(8);
           $newpass = sha1($usersalt.$newpass);
            $database->updateUserField($subuser,"password",$newpass);
            $database->updateUserField($subuser,"usersalt",$usersalt);
            $_SESSION['forgotpass'] = true;
         }
         /* Email failure, do not change password */
         else{
            $_SESSION['forgotpass'] = false;
         }
      }
      
      header("Location: ".$session->referrer);
   }
   
   /**
    * procEditAccount - Attempts to edit the user's account
    * information, including the password, which must be verified
    * before a change is made.
    */
   function procEditAccount(){
      global $session, $form;
      /* Account edit attempt */
      $retval = $session->editAccount($_POST['curpass'], $_POST['newpass'], $_POST['conf_newpass'], $_POST['email']);

      /* Account edit successful */
      if($retval){
         $_SESSION['useredit'] = true;
         header("Location: ".$session->referrer);
      }
      /* Error found with form */
      else{
         $_SESSION['value_array'] = $_POST;
         $_SESSION['error_array'] = $form->getErrorArray();
         header("Location: ".$session->referrer);
      }
   }
};

/* Initialize process */
$process = new Process;

?>

Thankyou for your help in advance.

Hi Please comment on my attempt to create a PHP Login system. (Criticism is cool with me)

Assuming all mySQL queries has been sanitized

Registration
The user's Username and password gets stored in a "User" table.
Username is not encrypted but the password is encrypted.

Login
index.php
The index page holds the HTML Login form.

home.php
Gets the username and password variable from the form in index.php my use of $_POST

a mySQL query runs , (SELECT Username , Password  FROM users WHERE Username = '$Username' and Password = '$Password')
If a result was returned then start a session ,
get the session ID
encrypt the session id and store it into a variable

get the username from $_POST
encrypt the username and store it in variable.

then encrypt ($Username + $Password) and store this valie in a cookie lets call it UUID= encrypt ($Username + $Password,'Whate ever seed i want to use')
store the Username into a cookie.

this all happens in a function.
So on all other pages i would call authenticateme($Username,$Password) which will return
"5474575687568DSGSDFH76dFNGF>LJK" when true and when false it will return
"JFGNXOP{{O&^*%^zsfsd<<"

if (authenticateme($Username,$Password)=='5474575687568DSGSDFH76dFNGF>LJK')
{
//Authenticated Code here
}
else
{
//Not authenticated code here
}

Next time the user goes to index.php it will first check if the user has logged in or not by taking
the current encrypted session id & username from the cookie encrypt it all together.

Then match the result of the encrypted value to the saved cookie UUID, if they match it means its the same user.

then redirect to home.php else show the login  form

Safe or not save ?

Hi Guys, Im new here, Can someone please help me and tell me why my PHP code isn't working :/


<?php
session_start();
$sql = mysql_connect('localhost', 'putwriter_login', 'MyPassHere');

if(!$sql){

die(mysql_error());
}
mysql_select_db('putwriter_college');


$user = mysql_real_escape_string($_POST['user']);
$pass = mysql_real_escape_string($_POST['password']);


$sqlSel = mysql_query("SELECT * FROM `putwriter_college`.`Login` WHERE `EmailAddress`=$user AND `Password`=$pass LIMIT 1;");
while($row = mysql_fetch_assoc($sqlSel)){

echo 'Im probably not here';

if(($row['EmailAddress'] == $user) && ($row['Password'] == $pass)){

$_SESSION['loggedIn'] = md5('someSessId');

echo "<meta http-equiv='refresh' content='2;url=./home.php'>";

}else{

die('FAIL');

}
}

?>


This is what I get :
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/putwriter/domains/putwriter.co.uk/public_html/login.php on line 16

Hello,
I have found this forum very useful and i hope i will get some help from here.

I am nill in php so if someone help i am thankful, I actually want to know how to add facebook login in php files.. I have 2 pages of sms script one is index.php where is form like name, number, textbox and captcha then send button.. and second file is send.php where has api to send sms. I have seen some sites there is button login with facebook after login there sms form shows and in name field there person name already written and field locked and in number field there we have to write number and text box, captcha.. without login sms form not showing... So how to do this can someone help me? if some one really want to help i can also give him sample of site where i have seen this and i need exact like this pm me for sample...

how to submit registration to database....for it to follow through?
also how to get the login to really go thorugh?

please help






<html>

<?php session_start(); require_once 'database.php'; if (isset($_SESSION['user'])){ echo "Welcome ".$_SESSION['user']; ?>   <?php } elseif(isset($_SESSION['admin'])){ echo"Welcome ".$_SESSION['admin']; echo"<br><br>You are logged in as an Admin"; ?>  <?php }else{ ?>      <?php } ?>

<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico">




<form id='login' action="login2.php" method='post' accept-charset='UTF-8'>
<body>
<body bgcolor="#E6E6FA">






<fieldset >






<div align="right"/>
<legend> Login </legend>




<input type='hidden' name='submitted' id='submitted' value='1'/>





<label for='username' >UserName*:</label>





<input type='text' name='username' id='username'  maxlength="50" />





<label for='password' >Password*:</label>





<input type='password' name='password' id='password' maxlength="50" />





<input type='submit' name='Submit' value='Submit' />




<div align="right"/>
</fieldset>

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head><H1><div align="center"/>WELCOME TO UNDERGROUND RECRUITS!</H1>
   <title>SIGN UP</title>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style type="text/css">
body, label,a
{
   font-family : Arial, Helvetica, sans-serif;
   font-size : 12px;
}
.formcontainer
{
text-align:left;
width:330px;
border-top: 1px solid;
border-bottom: 1px solid;
padding:10px;
margin: auto;
}
.para
{
margin-bottom: 10px;
}
</style>
<link rel="STYLESHEET" type="text/css" href="pwdwidget.css" />
<script src="pwdwidget.js" type="text/javascript"></script>

</head>

<body >
<div class='formcontainer'>
<h1>Register</h1>
<form method="post"  action="database.php">
   <div class='para'>
      <label for='name'>Name: </label><br />
      <input type="text" id='name' name="name"/>
   </div>
   <div class='para'>
      <label for='email'>Email:</label><br />
      <input type="text" id='email' name="email"/>

</div>
   <div class='para'>
      <label for='username'>Username:</label><br />
      <input type="text" id='username' name="username"/>




   </div>
   <div class='para'>
      <label for='regpwd'>Password:</label> <br />
      <div class='pwdwidgetdiv' id='thepwddiv'></div>
                   <input type="password" id='password' name="password"/>


      <script  type="text/javascript" >
      var pwdwidget = new PasswordWidget('thepwddiv','regpwd');
      pwdwidget.MakePWDWidget();
      </script>
      <noscript>
      <div><input type='password' id='regpwd' name='regpwd' /></div>      
      </noscript>
   </div>
   <div class='para'><br /><br />
   <input type="submit" name='submit' value="submit" />
   </div>
</form>
</div>






</form>
</body>
</html>