|
PHP - Login Issue In Php.
Hi experts,I have the following problem.I have a file login.php which is used to allow users to log in.When the form is submitted it is redirected to checkuserlogin.php.If the credentials are right he is redirected to main.php.But in main.php if the user clicks back browser button,he is redirected to login.php and in login.php if he presses forward button,he is redirected to main.php.Can any one tell he how to make sure the application is not redirected to main.php when user presses forward button and how to make sure the application is not redirected to login.php when user presses back button.
Similar Tutorialsi just discovered a hole in my scripts relating to access . 1. have a simple login form 2. based on the type of user , he is directed to a page for his options . 3. I now realise that altho each page therefter checks for sessions of the user , he can easily change the url to that of another user and there is no way to prevent it. 4. How can i make sure that each time a page is accessed it is only by the user whom it is meant for. Relevant code snippets below . Thanks ! Swati login.php --------- <?php //error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR); //Process this if statement only if form was submitted if($_POST['submit']){ session_start(); $username=$_POST['username']; $password=$_POST['password']; include ("link.php"); // contains db info //Test for login success $sql = "SELECT * FROM Users WHERE Username='$username' AND Password = '$password'"; $result = mysql_query($sql); if ($myrow = mysql_fetch_assoc($result)){ // echo $sql; $login_success = 'Yes'; $userid = $myrow["Userid"]; $usertype = $myrow["UTID"]; $status = "On"; $url = $PHP_SELF."?".$_SERVER['QUERY_STRING'];; $logout = 'logout.php'; $_SESSION['id']=session_id(); $_SESSION['userid']=$userid; $_SESSION['usertype']=$usertype; $sql2= "insert into Log (Sessionid,Userid,IP,Date,File, Status) values('$_SESSION[id]','$userid','$ip','$tm', '$url', '$status')"; $result2 = mysql_query($sql2) or die ('no access to database: ' . mysql_error()); // echo mysql_error(); } } } ?> Each subsequent page has this header ============================== <? header("Cache-Control: public"); include ("log.php"); //db info for DB along with session start if(!isset($_SESSION['userid'])){ echo "<center><font face='Calibri' size='2' color=red>Sorry, Please login and use this page </font></center>"; exit;} ?> The url of each page : Code: [Select] www.abc.com/example/type1.php?Userid=USER1ID and such a user can easily change the url to Code: [Select] www.abc.com/example/type2.php?Userid=USER1ID and access all the options of type2.php Hi all I have the below login scripts which works great, I need to add a line in to give the user a message if the 'live' entry in the database is 0. Here's my code: Code: [Select] <?php if(isset($_POST['submit'])) { $error = false; $user_login = ($_POST['user_login']); $pass_login = ($_POST['pass_login']); if(!empty($user_login) && !empty($pass_login)) { $check_details=mysql_query("SELECT * FROM `members` WHERE email='".$user_login."' AND password='".sha1($pass_login)."' AND live = 1"); $getdetails=mysql_fetch_array($check_details); $status=mysql_num_rows($check_details); if($status >= "1") { $error = false; $_SESSION['wmmadmin_loggedin'] = "1"; $_SESSION['wmmadmin_email'] = "".$user_login.""; $_SESSION['wmmadmin_username'] = "".$getdetails['name'].""; $_SESSION['wmmadmin_country'] = "".$getdetails['country'].""; $date = date('l jS \of F Y h:i:s A'); mysql_query(" INSERT INTO `logs` SET user = '".$getdetails['name']."', date = '".$date."'" ); header("Location: index.php"); } if(!$status || $status == "0") { $error = true; echo "<div class=\"error\">Error! Login details were incorrect. </div>\n"; echo "<div class=\"error\">Forgot your password? Click the below link: </div>\n"; } } if(empty($user_login) || empty($pass_login)) { $error = true; echo "<div class=\"error\"><strong>Please enter your username and password. </div>\n"; echo "<div class=\"error\">Forgot your password? Click the below link: </div>\n"; } } ?> Many thanks for your help. Pete In my login form I'm getting the error Code: [Select] Notice: Use of undefined constant Errors - assumed 'Errors' in /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php on line 91 Warning: Cannot modify header information - headers already sent by (output started at /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php:91) in /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php on line 91 Warning: Cannot modify header information - headers already sent by (output started at /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php:91) in /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php on line 92 //if the name exists it gives an error if ($check2 != 0) { //Line 85 $error="<span style="; $error .="color:red"; $error .=">"; $error .= "Sorry, the username is already in use."; $error .="</span>"; setcookie(Errors, $error, time()+20); //Line 91 header('Location: /YBK/'); //Line 92 exit; } I have a pretty basic PHP log in code connected to a database of register users. However, it's not allowing any users to enter? Could someone please review the code and let me know if you find any errors? //Create query $qry="SELECT * FROM customers WHERE username='$login' AND password='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['id']; $_SESSION['SESS_FIRST_NAME'] = $member['fname']; $_SESSION['SESS_LAST_NAME'] = $member['lname']; session_write_close(); header("location: key_catalog.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> I have a problem with login issue that when i loggin as student from index.php it should bring me to student_home php.. but it doesnt show anything and just bring me to index.php back.. i mixed up about header and session part..
index.php
<?php
include('header.php');
//Start session
session_start();
//Unset the variables stored in session
unset($_SESSION['id']);
?>
<body>
<?php include('navhead.php'); ?>
<div class="container">
<div class="row-fluid">
<div class="span3">
<div class="hero-unit-3">
<div class="alert-index alert-success">
<i class="icon-calendar icon-large"></i>
<?php
$Today = date('y:m:d');
$new = date('l, F d, Y', strtotime($Today));
echo $new;
?>
</div>
</div>
<div class="hero-unit-1">
<ul class="nav nav-pills nav-stacked">
<li class="nav-header">Links</li>
<li class="active"><a href="#"><i class="icon-home icon-large"></i> Home
<div class="pull-right">
<i class="icon-double-angle-right icon-large"></i>
</div>
</a></li>
<li><a href="sitemap.php"><i class="icon-sitemap icon-large"></i> Site Map
<div class="pull-right">
<i class="icon-double-angle-right icon-large"></i>
</div>
</a></li>
<li><a href="contact.php"><i class="icon-envelope-alt icon-large"></i> Contact Us
<div class="pull-right">
<i class="icon-double-angle-right icon-large"></i>
</div>
</a>
</li>
<li class="nav-header">About US</li>
<li><a href="#mission" role="button" data-toggle="modal"><i class="icon-book icon-large"></i> Mission
<div class="pull-right">
<i class="icon-double-angle-right icon-large"></i>
</div>
</a></li>
<li><a href="#vision" role="button" data-toggle="modal"><i class="icon-book icon-large"></i> Vision
<div class="pull-right">
<i class="icon-double-angle-right icon-large"></i>
</div>
</a></li>
<li><a href="history.php"><i class="icon-list-alt icon-large"></i> History
<div class="pull-right">
<i class="icon-double-angle-right icon-large"></i>
</div>
</a></li>
</ul>
</div>
<br>
</div>
<div class="span9">
<section class="main">
<div class="custom-calendar-wrap">
<div id="custom-inner" class="custom-inner">
<div class="custom-header clearfix">
<nav>
<span id="custom-prev" class="custom-prev"></span>
<span id="custom-next" class="custom-next"></span>
</nav>
<h2 id="custom-month" class="custom-month"></h2>
<h3 id="custom-year" class="custom-year"></h3>
</div>
<div id="calendar" class="fc-calendar-container"></div>
</div>
</div>
</section>
<div class="alert alert-info">
<button type="button" class="close" data-dismiss="alert">×</button>
<strong>Head Up!</strong> Welcome to Morpheus.
</div>
<div class="slider-wrapper theme-default">
<?php include('slider.php'); ?>
</div>
<!-- end slider -->
</div>
</div>
</div>
<!---------------->
<div class="container">
<div class="row-fluid">
<div class="span12">
<div class="row-fluid">
<div class="span9">
<div class="alert alert-success"><i class="icon-file icon-large"></i> <strong>Mission</strong></div>
<div class="hero-unit-2">
Announcements
</div>
</div>
<div class="span3">
<div class="alert alert-info">
<i class="icon-building icon-large"></i> Faculty
</div>
<div class="hero-unit-3">
<p><a href=""><i class="icon-sign-blank"></i> Faculty</a></p>
<p><a href=""><i class="icon-sign-blank"></i> Faculty</a></p>
<p><a href=""><i class="icon-sign-blank"></i> Faculty</a></p>
<p><a href=""><i class="icon-sign-blank"></i> Faculty</a></p>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="alert alert-success"><i class="icon-file icon-large"></i> <strong>Project</strong></div>
<div class="hero-unit-2">
Project
</div>
<?php include('footer.php'); ?>
</div>
</body>
</html>
navhead.php
<div class="row-fluid">
<div class="span12">
<div class="navbar navbar-fixed-top navbar-inverse">
<div class="navbar-inner">
<div class="container">
<a class="btn btn-navbar" data-toggle="collapse" data-targer=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</a>
<div class="nav-collapse collapse">
<i class="icon-facebook-sign icon-large" id="color_white"></i>
<i class="icon-twitter icon-large" id="color_white"></i>
<i class="icon-google-plus icon-large" id="color_white"></i>
<i class="icon-github-alt icon-large" id="color_white"></i>
<i class="icon-linkedin-sign icon-large" id="color_white"></i>
<div class="pull-right">
<form class="navbar-search pull-left">
<i class="icon-search icon-large" id="color_white"></i>
<input type="text" class="search-query" placeholder="Search">
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="hero-unit-header">
<div class="container">
<div class="row-fluid">
<div class="span12">
<div class="row-fluid">
<div class="span6">
<img src="admin/images/head.png">
</div>
<div class="span6">
<div class="pull-right">
<!--- login button -->
<div class="btn-group">
<button class="btn btn-success"><i class="icon-signin icon-large"></i> Login</button>
<button class="btn dropdown-toggle" data-toggle="dropdown">
<span class="caret"></span>
</button>
<ul class="dropdown-menu">
<li><a href="#student" role="button" data-toggle="modal"><i class="icon-user icon-large"></i> Student</a></li>
<li><a href="#teacher" role="button" data-toggle="modal"><i class="icon-user-md icon-large"></i> Teacher</a></li>
</ul>
</div>
<!-- end login -->
<?php include('student_modal.php'); ?>
<?php include('teacher_modal.php'); ?>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
student_modal.php
<div id="student" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-header">
</div>
<div class="modal-body">
<div class="alert alert-info">
<button type="button" class="close" data-dismiss="alert">×</button>
<strong>Login Student!</strong> Please Enter the Details Below.
</div>
<form class="form-horizontal" method="post">
<div class="control-group">
<label class="control-label" for="inputEmail">Username</label>
<div class="controls">
<input type="text" name="username" id="inputEmail" placeholder="Username">
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputPassword">Password</label>
<div class="controls">
<input type="password" name="password" id="inputPassword" placeholder="Password">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" name="login" class="btn btn-info"><i class="icon-signin icon-large"></i> Sign in</button>
</div>
</div>
<?php
if (isset($_POST['login'])) {
function clean($str) {
$str = @trim($str);
if (get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
$username = clean($_POST['username']);
$password = clean($_POST['password']);
$query = mysql_query("select * from student where username='$username' and password='$password'") or die(mysql_error());
$count = mysql_num_rows($query);
$row = mysql_fetch_array($query);
if ($count > 0) {
session_start();
session_regenerate_id();
$_SESSION['id'] = $row['student_id'];
header('location:student_home.php');
session_write_close();
exit();
} else {
header('error_login.php');
?>
<?php
}
}
?>
</form>
<!-- teacher -->
</div>
<div class="modal-footer">
<button class="btn" data-dismiss="modal" aria-hidden="true"><i class="icon-remove-sign icon-large"></i> Close</button>
</div>
</div>
login_student.php
[php]<?php
include('header.php');
//Start session
session_start();
//Unset the variables stored in session
unset($_SESSION['id']);
?>
<body>
<?php include('navhead.php'); ?>
<div class="container">
<div class="row-fluid">
<div class="span10">
<ul class="breadcrumb">
<li class="active">Login<span class="divider">/</span></li>
<li><a href="login_student.php"><i class="icon-group icon-large"></i> Teacher</a><span class="divider">/</span></li>
<li class="active"><i class="icon-group icon-large"></i> Student</li>
<div class="pull-right">
<li>
<i class="icon-calendar icon-large"></i>
<?php
$Today = date('y:m:d');
$new = date('l, F d, Y', strtotime($Today));
echo $new;
?>
</li>
</div>
</ul>
<div class="alert alert-info">
<button type="button" class="close" data-dismiss="alert">×</button>
<strong>Login Student!</strong> Please Enter the Details Below.
</div>
<form class="form-horizontal" method="post">
<div class="control-group">
<label class="control-label" for="inputEmail">Username</label>
<div class="controls">
<input type="text" name="username" id="inputEmail" placeholder="Username">
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputPassword">Password</label>
<div class="controls">
<input type="password" name="password" id="inputPassword" placeholder="Password">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" name="login" class="btn btn-info"><i class="icon-signin"></i> Sign in</button>
</div>
</div>
<?php
if (isset($_POST['login'])) {
function clean($str) {
$str = @trim($str);
if (get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
$username = clean($_POST['username']);
$password = clean($_POST['password']);
$query = mysql_query("select * from user where username='$username' and password='$password'") or die(mysql_error());
$count = mysql_num_rows($query);
$row = mysql_fetch_array($query);
if ($count > 0) {
session_start();
session_regenerate_id();
$_SESSION['id'] = $row['user_id'];
header('location:student_home.php');
session_write_close();
exit();
} else {
session_write_close();
?>
<div class="pull-right">
<button type="button" class="close" data-dismiss="alert">×</button>
<div class="alert alert-danger"><i class="icon-remove-sign"></i> Access Denied</div>
</div>
<?php
exit();
}
}
?>
</form>
</div>
<div class="span2">
<div class="hero-unit-1">
<ul class="nav nav-pills nav-stacked">
<li class="nav-header">Links</li>
<li><a href="index.php"><i class="icon-home icon-large"></i> Home</a></li>
<li><a href="#"><i class="icon-file-alt icon-large"></i> New And Events</a></li>
<li><a href="#"><i class="icon-sitemap icon-large"></i> Site Map</a></li>
<li><a href="#"><i class="icon-envelope-alt icon-large"></i> Contact Us</a></li>
<li class="nav-header">About US</li>
<li><a href="#"><i class="icon-book icon-large"></i> Mission</a></li>
<li><a href="#"><i class="icon-book icon-large"></i> Vision</a></li>
<li><a href="#"><i class="icon-list-alt icon-large"></i> History</a></li>
</ul>
</div>
</div>
</div>
<?php include('footer.php'); ?>
</div>
</body>
</html>
login_student.php
<?php
include('header.php');
//Start session
session_start();
//Unset the variables stored in session
unset($_SESSION['id']);
?>
<body>
<?php include('navhead.php'); ?>
<div class="container">
<div class="row-fluid">
<div class="span10">
<ul class="breadcrumb">
<li class="active">Login<span class="divider">/</span></li>
<li><a href="login_student.php"><i class="icon-group icon-large"></i> Teacher</a><span class="divider">/</span></li>
<li class="active"><i class="icon-group icon-large"></i> Student</li>
<div class="pull-right">
<li>
<i class="icon-calendar icon-large"></i>
<?php
$Today = date('y:m:d');
$new = date('l, F d, Y', strtotime($Today));
echo $new;
?>
</li>
</div>
</ul>
<div class="alert alert-info">
<button type="button" class="close" data-dismiss="alert">×</button>
<strong>Login Student!</strong> Please Enter the Details Below.
</div>
<form class="form-horizontal" method="post">
<div class="control-group">
<label class="control-label" for="inputEmail">Username</label>
<div class="controls">
<input type="text" name="username" id="inputEmail" placeholder="Username">
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputPassword">Password</label>
<div class="controls">
<input type="password" name="password" id="inputPassword" placeholder="Password">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" name="login" class="btn btn-info"><i class="icon-signin"></i> Sign in</button>
</div>
</div>
<?php
if (isset($_POST['login'])) {
function clean($str) {
$str = @trim($str);
if (get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
$username = clean($_POST['username']);
$password = clean($_POST['password']);
$query = mysql_query("select * from user where username='$username' and password='$password'") or die(mysql_error());
$count = mysql_num_rows($query);
$row = mysql_fetch_array($query);
if ($count > 0) {
session_start();
session_regenerate_id();
$_SESSION['id'] = $row['user_id'];
header('location:student_home.php');
session_write_close();
exit();
} else {
session_write_close();
?>
<div class="pull-right">
<button type="button" class="close" data-dismiss="alert">×</button>
<div class="alert alert-danger"><i class="icon-remove-sign"></i> Access Denied</div>
</div>
<?php
exit();
}
}
?>
</form>
</div>
<div class="span2">
<div class="hero-unit-1">
<ul class="nav nav-pills nav-stacked">
<li class="nav-header">Links</li>
<li><a href="index.php"><i class="icon-home icon-large"></i> Home</a></li>
<li><a href="#"><i class="icon-file-alt icon-large"></i> New And Events</a></li>
<li><a href="#"><i class="icon-sitemap icon-large"></i> Site Map</a></li>
<li><a href="#"><i class="icon-envelope-alt icon-large"></i> Contact Us</a></li>
<li class="nav-header">About US</li>
<li><a href="#"><i class="icon-book icon-large"></i> Mission</a></li>
<li><a href="#"><i class="icon-book icon-large"></i> Vision</a></li>
<li><a href="#"><i class="icon-list-alt icon-large"></i> History</a></li>
</ul>
</div>
</div>
</div>
<?php include('footer.php'); ?>
</div>
</body>
</html>
I have this working code except I can't redirect to a thank you page when a new user registers. When they login it works without issue. I just don't know where or what to put for the registration part.
Here is my Code. Any help would be much appreciated.
<?php I am createing a simply quiz site, where in order to participate in the quiz, you must first be logged in. While working on my local machine, the code works perfectly. I use the followin to create a session ID; $_SESSION['SESS_ID'] = $member['id']; Then, on my main page where i want dynamic code i include the following; if(!isset($_SESSION['SESS_ID']) || (trim($_SESSION['SESS_ID']) == '')) { print (" <div style='float:left; width:400px; height:215px; margin-left:500px;'> <form class='login' method='post' action='login-form.php' style='float:right; margin-top:120px;' > <input type='submit' class='button' name='submit' value='Sign In' style='float:right ; margin-right:20px;'> </form> <p style=' margin-top:170px; margin-left:160px;'>New Member? Start <a href='register-form.php'>Here</a></p> </div> " ); } else { print "<h4 style='float:right; text-align: right; margin-top:150px; margin-right:50px;'>Welcome ". $_SESSION['SESS_NAME']. " <a href='logout.php' style='float:right; text-align:right;'>Sign Out</a></h4> "; For some reason, when the site is on the server, the session ID does not seam to get passed along. Any Ideas how to remediy this? the website is kingdomquiz.com if anybody is interested. Hi all, Sorry to be a pain, but I've been out of the php game for quite a few years and have just come back to it briefly to help someone out. I've been using an old admin auth script that I used to use a long time ago but it's not working, and I can't for the life of me work it out :/ I apologise for the noobishness of the code, but as I said, it's been a long time. Any and all help would be very greatly appreciated. Here is the code: <? require("config.php"); mysql_connect($server,$login,$password) or die('Error connecting to server'); mysql_select_db($base) or die('Error connecting to database'); $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login'"); $data = @mysql_fetch_array($req); $member_name = $data["username"]; $member_pass = $data["mempass"]; $member_userlevel = $data["level"]; if($member_pass == $admin_pass) { SetCookie("mgdwebby","$member_name:$member_pass:$member_userlevel"); } include("header.php"); ?> <? if($action=="login") { if($admin_login==""){ echo"Wrong info. "; } elseif($admin_pass==""){ echo"Wrong info. "; } else{ require("config.php"); mysql_connect($server,$login,$password) or die('Error connecting to server'); mysql_select_db($base) or die('Error connecting to database'); $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login'"); $data = @mysql_fetch_array($req); $member_name = $data["username"]; $member_pass = $data["mempass"]; if($member_pass == $admin_pass) { echo"<head><meta http-equiv=\"refresh\" content=\"2;URL=admin.php\"></head><br><center>Please Wait.</center><br>"; $auth = explode(":",$HTTP_COOKIE_VARS["mgdwebby"]); if(empty($auth[0]) || empty($auth[1])) { } else { echo"Welcome<br>"; include("admin_left.php"); } } else { echo"Wrong info. "; } } } else { echo"<form method='post' action='?action=login'> <table width='307' align='center' cellspacing='0' cellpading='0' border='0'> <tr> <td width='200'> Login : </td> <td> <input type='text' name='admin_login'></td> </tr> <tr> <td width='200'> Password : </td> <td> <input type='password' name='admin_pass'></td> </tr> <tr> <td colspan='2' align='center'><center><input type='submit' value='Login'></center></td> </table> "; } ?> <? include("footer.php"); ?> Could anyone help me making a login function that checks the txt document if user and pw exists/are correct? -and if they are, sends you to a logged in page. This is for a assignment which is why I have to store the information in a text document, I know it's unsafe. Also i know i should use $_Sessions but I'm not sure how to use it and where to put it.
So far I have created the form which has 2 buttons one for registering and one for logging in. I have also created the registration function which checks the text file if the username already exists if not it will register it.
<html lang="eng">
<head>
<link rel="stylesheet" href="style.css">
<title>name</title>
</head>
<body>
<div class="formdiv">
<h2>Log in or register</h2>
<form action="" method="post">
<p>Username<p style="color:black">*</p> <input type="text" name="user" placeholder="Type in your username" required>
<p>Password<p style="color:black">*</p> <input type="password" name="pw" placeholder="Type in your password" required>
<?php
if (isset($_POST['saveBtn'])){
$username = $_POST['user'];
$password = $_POST['pw'];
$error = register($username);
if ($error == '') {
echo "User: $username has been registered!<br/>";
}
else echo $error;
}
?>
<input type="submit" name="saveBtn" value="Save new user">
<input type="submit" name="loginBtn" value="Login">
</form>
</div>
<?php // Registration
function register($user){
$textError = '';
// Check and see if user exists
$UserPassTxt = fopen("userpwd.txt","a+"); // Opens text doc
rewind($UserPassTxt);
while (!feof($UserPassTxt)) {
$line = fgets($UserPassTxt);
$tmp = explode(':', $line);
if ($tmp[0] == $user) {
$textError = "Username already exists!";
break;
}
}
if ($textError == ''){
$hash = password_hash('', PASSWORD_DEFAULT);
fwrite($UserPassTxt, "\n$user: $hash");
}
fclose($UserPassTxt); // Closes txt doc
return $textError;
}
?>
<?php //Login
function login($user, $pass){
}
?>
</body>
///here's my best attempt at the function
<?php //Login
$error = '0';
if (isset($_POST['loginBtn'])){
$username = $_POST['user'];
$password = $_POST['pw'];
$error = login($username,$password);
}
function login($user, $pass){
$errorText = '';
$validUser = false;
$UserPassTxt = fopen("userpwd.txt","r");
rewind($UserPassTxt);
while (!feof($UserPassTxt)) {
$line = fgets($UserPassTxt);
$tmp = explode(':', $line);
if ($tmp[0] == $user) {
if (trim($tmp[1]) == trim(password_hash('', PASSWORD_DEFAULT))){
$validUser= true;
$_SESSION['user'] = $user;
}
break;
}
}
fclose($UserPassTxt);
if ($validUser != true) $errorText = "Not correct username or password";
if ($validUser == true) $_SESSION['validUser'] = true;
else $_SESSION['validUser'] = false;
return $errorText;
}
function logoutUser(){
unset($_SESSION['validUser']);
unset($_SESSION['user']);
}
function checkUser(){
if ((!isset($_SESSION['validUser'])) || ($_SESSION['validUser'] != true)){
header('Location: index.php');
}
}
?>
Hi All, I Have an issue validating and inserting the data in to the database. I am beginner and the error message is new to me however i have google it but unable to find hope any one can help Thanks in advanced. Error : "Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\signupck.php on line 32 Deprecated: Function eregi() is deprecated in C:\wamp\www\signupck.php on line 50 Welcome, You have successfully signed up Click here to login" Please find the Code Below: File name:signup.php Code: [Select] <!doctype html public "-//w3c//dtd html 3.2//en"> <html> <head> <title>Fast Fix Pro Signup</title> <script type="text/javascript"> function validate(form) { if(form1.userid.value == "") { alert('Please enter userid '); form1.userid.focus(); return false; } if(form1.userid.value == "") { alert('Please enter userid '); form1.userid.focus(); return false; } if(form1.password.value == "") { alert('Please enter password '); form1.password.focus(); return false; } if(form1.password2.value == "") { alert('Please renter the password '); form1.password2.focus(); return false; } if(form1.email.value == "") { alert('Please enter Email '); form1.email.focus(); return false; } if(form1.fname.value == "") { alert('Please enter First Name '); form1.fname.focus(); return false; } if(form1.lname.value == "") { alert('Please enter Last Name '); form1.lname.focus(); return false; } if (!document.form1.agree.checked) { alert("Please Read the guidlines and check the box below ."); return false; } return true; } </script> </head> <body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#800080" alink="#ff0000"> <br/> <br/> <table width='67%' height="454" border='0' align=center cellpadding='0' cellspacing='0'><form name="form1" method=post action="signupck.php" onsubmit='return validate(this)'><input type="hidden" name="todo" value=post> <tr bgcolor='#f1f1f1'><td align=center colspan=2><font face='Verdana' size='2' ><b>Signup</b></td></tr> <tr bgcolor='#f1f1f1'><td > <font face='Verdana' size='2' >User ID</td><td ><font face='Verdana' size='2'><input type=text name=userid></td></tr> <tr ><td > <font face='Verdana' size='2' >Password</td><td ><font face='Verdana' size='2'><input name=password type=password></td></tr> <tr bgcolor='#f1f1f1'><td > <font face='Verdana' size='2' >Re-enter Password</td><td ><font face='Verdana' size='2'><input name=password2 type=password></td></tr> <tr ><td ><font face='Verdana' size='2' > Email</td><td ><input type=text name=email></td></tr> <tr bgcolor='#f1f1f1'><td > <font face='Verdana' size='2' >First Name</td><td ><font face='Verdana' size='2'><input type=text name=fname></td></tr> <tr ><td > <font face='Verdana' size='2' >Last Name</td><td ><font face='Verdana' size='2'><input type=text name=lname></td></tr> <tr bgcolor='#f1f1f1' ><td > <font face='Verdana' size='2' >I agree to terms and conditions</td><td ><font face='Verdana' size='2'><input type=checkbox name=agree value='yes'></td></tr> <tr ><td align=center colspan=2><input type=submit value=Signup> <input name="Reset" type=reset value=Reset> <td colspan=2 align=left> </td></td></tr> </table> <center> <br><font face='Verdana' size='2' ><a href='login.php'>Already a member ? Please Login</a></font></center> </body> </html> File Name :signuppck.php Code: [Select] <?php include ("Connection.php");// database connection details stored here ?> <!doctype html public "-//w3c//dtd html 3.2//en"> <html> <head> <title>(Type a title for your page here)</title> <meta name="GENERATOR" content="Arachnophilia 4.0"> <meta name="FORMATTER" content="Arachnophilia 4.0"> </head> <body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#800080" alink="#ff0000"> <?php extract($_POST); //<---I don't recommand this really if(isset($todo) and $todo=="post") { $status = "OK"; $msg=""; // if userid is less than 3 char then status is not ok if(!isset($userid) or strlen($userid) <3) { $msg=$msg."User id should be =3 or more than 3 char length<BR>"; $status= "NOTOK"; } if(mysql_num_rows(mysql_query("SELECT userid FROM signup WHERE userid = '$userid LIMIT 1' "))) <-------------------(line 32) { $msg=$msg."Userid already exists. Please try another one<BR>"; $status= "NOTOK"; } if ( strlen($password) < 3 ) { $msg=$msg."Password must be more than 3 char legth<BR>"; $status= "NOTOK"; } if ( $password <> $password2 ) { $msg=$msg."Both passwords are not matching<BR>"; $status= "NOTOK"; } if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) <--------------- (Line 50) { $msg=$msg."enter valid email address<BR>"; $status= "NOTOK"; } if ($agree<>"yes") { $msg=$msg."You must agree to terms and conditions<BR>"; $status= "NOTOK"; } if($status<>"OK") { echo "<font face='Verdana' size='2' color=red>$msg</font><br><input type='button' value='Retry' onClick='history.go(-1)'>"; }else{ // if all validations are passed. $query=mysql_query("INSERT INTO signup(userid,password,email,Fname,Lname) values('$userid','$password','$email','$fname','$lname')");; echo "<font face='Verdana' size='2' color=green>Welcome, You have successfully signed up<br><br><a href=login.php>Click here to login</a><br></font>"; } } ?> </body> </html> File Name :<include file> Code: [Select] <HTML> <HEAD> <TITLE>Connecting to Database</TITLE> </HEAD> <BODY> <?php $db = "quantas"; mysql_connect("localhost","root","") or die (mysql_error()); mysql_select_db($db); ?> </BODY> </HTML> Is there a way to get current logged in username and based on that redirect to a different page? I’m using the following secure PHP login without MySql as a login system: https://sourceforge.net/projects/phploginbyvallastech/ Now I’m looking to redirect each logged in user to their personalized page. But I can’t figure out how to A) fetch the current logged in user and B) redirect multiple users. This code redirects to the latter address, but the username based redirect is not working: <?php session_start(); if ($_SESSION["username"]==User1){ header("location: user1content.php"); exit; } else { header("location: generalcontent.php"); exit; } { ?> <?php } ?>
So it’s clearly not fetching the logged in user. Though <?php echo $login->username; ?> fetches the username just fine. hi i need help an idea how can i separate members from admins since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 ) (its session login form only that i made it work other tutorials wre too old or something) how what i want to do is separate members and admins because admin need more rights to do now i have idea but dont know will it work like that what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work? and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag? Hello guys, Is there on web any updated tutorial on how can I add Facebook login on my simple php login script? Hi guys, Can anyone assist me. I am trying to create a login for admin and user (if user not a member click register link) below is my code: But whenever I enter the value as: Username: admin Password:123 - I got an error message "That user does not exist!" Any suggestion and help would be appreciated. Thanks. login.php <?php //Assigned varibale $error_msg as empty //$error_msg = ""; session_start(); $error_msg = ""; if (isset($_POST['submit'])) { if ($a_username = "admin" && $a_password = "123") { //Define $_POST from form text feilds $username = $_POST['username']; $password = $_POST['password']; //Add some stripslashes $username = stripslashes($username); $password = stripslashes($password); //Check if usernmae and password is good, if it is it will start session if ($username == $a_username && $password == $a_password) { session_start(); $_SESSION['session_logged'] = 'true'; $_SESSION['session_username'] = $username; //Redirect to admin page header("Location: admin_area.php"); } } $username = (isset($_POST['username'])) ? $_POST['username'] : ''; $password = (isset($_POST['password'])) ? $_POST['password'] : ''; if($username && $password) { $connect = mysql_connect("localhost", "root", "") or die ("Couldn't connect!"); mysql_select_db("friendsdb") or die ("Couldn't find the DB"); $query = mysql_query ("SELECT * FROM `user` WHERE username = '$username'"); $numrows = mysql_num_rows($query); if ($numrows != 0){ while ($row = mysql_fetch_array($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } //Check to see if they are match! if ($username == $dbusername && md5($password) == $dbpassword) { header ("Location: user_area.php"); $_SESSION['username'] = $username; } else $error_msg = "Incorrect password!"; //code of login }else $error_msg = "That user does not exist!"; //echo $numrows; } else $error_msg = "Please enter a username and password!"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login Page</title> </head> <body> <br /> <?php require "header.php"; ?><br /> <div align="center"> <table width="200" border="1"> <?php // If $error_msg not equal to emtpy then display error message if($error_msg!="") echo "<div id=\"error_message\"style=\"color:red; \">$error_msg</div><br />";?> <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post"> <!--form action="login_a.php" method="post"--> Username: <input type="text" name="username" /><br /><br /> Password: <input type="password" name="password" /><br /><br /> <input type="submit" name = "submit" value="Log in" /> </form> <p> </p> Register a <a href="register.php">New User</a> </table> </div> </body> </html> Hi guys. What I want to create is really complicated. Well I have a login system that works with post on an external website. I have my own website, but they do not give me access to the database for security reasons, therefore I have to use their login system to verify my users. What their website does is that it has a post, with username and password. The POST website is lets say "https://www.example.com/login". If login is achieved (i.e. username and password are correct), it will redirect me to "https://www.example.com/login/success" else it will redirect me to "https://www.example.com/login/retry". So I want a PHP script that will do that post, and then according to the redirected website address it will return me TRUE for success, FALSE for not successful login. Any idea?? Thanks How to add the ability to login with username or email for login?
<?php
ob_start();
include('../header.php');
include_once("../db_connect.php");
session_start();
if(isset($_SESSION['user_id'])!="") {
header("Location: ../dashboard");
}
if (isset($_POST['login'])) {
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$result = mysqli_query($conn, "SELECT * FROM users WHERE email = '" . $email. "' and pass = '" . md5($password). "'");
if ($row = mysqli_fetch_array($result)) {
$_SESSION['user_id'] = $row['uid'];
$_SESSION['user_name'] = $row['user'];
$_SESSION['user_email'] = $row['email'];
header("Location: ../dashboard");
} else {
$error_message = "Incorrect Email or Password!!!";
}
}
?>
Hi everyone i wonder if you can help me he I need a script for a login and check login- create cookie. Here is my form: <form method="post" action="check_login.php"> <p> <input type="submit" name="Submit2" value="go" /> </fieldset> </p> </form> that sends it to check_login (which BEFORE i deleted something by accident, used to take me to a username and password box) But now all it does is send me straight to the memebrs area??? Can i change the check_login.php script to make it work correctly: Code: [Select] <?php // Connects to your Database mysql_connect("server", "user", "password") or die(mysql_error()); mysql_select_db("DB") or die(mysql_error()); //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['upassword']) { } else { header("Location: members_area.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['upassword']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['upassword'] = stripslashes($_POST['upassword']); $info['upassword'] = stripslashes($info['upassword']); $_POST['upassword'] = md5($_POST['upassword']); //gives error if the password is wrong if ($_POST['upassword'] != $info['upassword']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['upassword'], $hour); //then redirect them to the members area header("Location: members_area.php"); } } } else { // if they are not logged in ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table width="316" height="120" border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="upassword" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> Hello, I am once again desperately asking for your help, I am working on a simple login page and I am having trouble actually getting it to login. I display error messages for if the user doesn't enter anything but I can't seem to get it to work for if the credentials are wrong. It logs the user in whether the information is right or not and i dont even know what to do now
This is the code any suggestions would be greatly appreciated
<?php
/*
Name: Deanna Slotegraaf
Course Code: WEBD3201
Date: 2020-09-22
*/
$file = "sign-in.php";
$date = "2020-09-22";
$title = "WEBD3201 Login Page";
$description = "This page was created for WEBD3201 as a login page for a real estate website";
$banner = "Login Page";
require 'header.php';
$error = "";
if($_SERVER["REQUEST_METHOD"] == "GET")
{
$username = "";
$password = "";
$lastaccess = "";
$error = "";
$result = "";
$validUser = "";
}
else if($_SERVER["REQUEST_METHOD"] == "POST")
{
$conn;
$username = trim($_POST['username']); //Remove trailing white space
$password = trim($_POST['password']); //Remove trailing white space
if (!isset($username) || $username == "") {
$error .= "<br/>Username is required";
}
if (!isset($password) || $password == ""){
$error .= "<br/>Password is required";
}
if ($error == "") {
$password = md5($password);
$query = "SELECT * FROM users WHERE EmailAddress='$username' AND Password='$password'";
$results = pg_query($conn, $query);
//$_SESSION['username'] = $username;
//$_SESSION['success'] = "You are now logged in";
header('location: dashboard.php');
}else {
$error .= "Username and/or Password is incorrect";
}
}
?>
<div class = "form-signin">
<?php
echo "<h2 style='color:red; font-size:20px'>".$error."</h2>";
?>
<form action = "<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<label for="uname"><b>Login ID</b></label>
<input type="text" name="username" value="<?php echo $username; ?>"/>
<br/>
<label for="psw"><b>Password</b></label>
<input type="password" name="password" value="<?php echo $password; ?>"/>
<br/>
<button type="submit" name="login_user">Login</button>
<button type="reset">Reset</button></div>
</form>
</div>
<?php require "footer.php"; ?>
Folks, I remember once having a php or html5 issue where the first option had to be blank in the drop down. Otherwise, it wasn't working. What wasn't working ? How wasn't working ? I can't remember. either php had difficulty reading user input or the drop down was not showing any options. And so, I had to add a blank value. So, something like this wasn't working ...
<label for="tos_agreement">Agree to TOS or not ?</label> <select name="tos_agreement" id="tos_agreement"> <option value="yes">Yes</option> <option value="no">No</option> </select>
And, I think I added a blank value, at somebody's advice, to get it to work. I think it was something like this, if I remember correctly:
<label for="tos_agreement">Agree to TOS or not ?</label> <select name="tos_agreement" id="tos_agreement"> <option value=" ">Select here</option> <option value="yes">Yes</option> <option value="no">No</option> </select>
Or, maybe it was something like this:
<label for="tos_agreement">Agree to TOS or not ?</label> <select name="tos_agreement" id="tos_agreement"> <option value=" "></option> <option value="yes">Yes</option> <option value="no">No</option> </select>
I can't remember. All I remember slightly that there was a blank value. I been going through my php files to find that particular file to jog my memory but I failed to find it. Can you folks explain to me if a blank value is required or not ? What is the benefit/disaster of adding it and how should the blank value be added ? Show me an example.
Was this a php or html 5 issue ? Can anybody fugure ?
Thank You Hi, I have this code below which groups all the SubHeading together and then queries the same table to find RiskConsequence which are grouped that match SubHeading then to query this table one more last time with all the Risk Mitigation that matches the grouped RiskConsequence. Problem I get is it does the SubHeading, the RiskConsequences it only does one of them not all of them before it moves onto the RiskMitigation. I know I have a php coding issue just cant see the wood from the tree's as the queries work. Code: [Select] <?php include ("include.php"); $query = "SELECT * FROM tblriskassessmentdatabank GROUP BY SubHeading"; $results = mysql_query($query) or die("Error: " . mysql_error()); while($row1 = mysql_fetch_array($results)){ echo'<a href="#" onClick="return(changeDisplay(';echo"'";echo($row1[SubHeading]);echo"'))";echo'">';echo($row1[SubHeading]);echo'</a><br /><br />'; echo'<div id="';echo($row1[SubHeading]); echo'" class="HideText">'; $risksub = $row1[SubHeading]; $query1 = "SELECT * FROM tblriskassessmentdatabank GROUP By RiskConsequence"; $results1 = mysql_query($query1) or die("Error: " . mysql_error()); while($row2 = mysql_fetch_array($results1)){ echo'<a href="#" onClick="return(changeDisplay(';echo"'";echo($row2[RiskConsequence]);echo"'))";echo'">';echo($row2[RiskConsequence]);echo'</a><br />'; echo'<div id="';echo($row2[RiskConsequence]); echo'" class="HideText">'; $risksub1 = $row2[RiskConsequence]; $query1 = "SELECT * FROM tblriskassessmentdatabank WHERE RiskConsequence = '$risksub1'"; $results1 = mysql_query($query1) or die("Error: " . mysql_error()); while($row3 = mysql_fetch_array($results1)){ echo'<input name="checkbox[]" type="checkbox" id="checkbox[]" value="';echo($row3[IssueNumber]);echo'" /> <label for="checkbox[]"></label>';echo($row3[RiskMitigation]);echo'<br /><br />'; } echo'</div>'; } echo'</div>'; } ?> |
|||||||