|
PHP - Login Script Not Authenticating
<?php //check for required fields from the form if ((!$_POST['username']) || (!$_POST['password'])) { header("Location: auth1.php"); //header("Location: auth1.php");
exit;
// Create connection
$message=""; } ?> When I enter any username ad password the code from auth2.php (the code above allows a connection anyway) I am attempting to redirect users back to auth1 if there is an incorrect username or password Similar TutorialsHello guys, Is there on web any updated tutorial on how can I add Facebook login on my simple php login script? Hi, Trying PostgreSQL for the first time but not making much progress. Get peer failure when not including a host and Ident error when including a host. Never heard of Ident authentication until today and don't know for sure if I even have such a server running. Using Centos7, PHP7.4 using remi's repo, and PostgreSQL 12 from their repo. Any thoughts? Thanks
try {
//use Unix domain sockets
$dbh = new PDO("pgsql:dbname=postgres", 'postgres', 'secret');
}
catch(Exception $e){
echo($e->getMessage().PHP_EOL);
}
try {
$dbh = new PDO("pgsql:host=localhost;dbname=postgres", 'postgres', 'secret');
}
catch(Exception $e){
echo($e->getMessage().PHP_EOL);
}
try {
$dbh = new PDO("pgsql:host=127.0.0.1;dbname=postgres", 'postgres', 'secret');
}
catch(Exception $e){
echo($e->getMessage().PHP_EOL);
}
SQLSTATE[08006] [7] FATAL: Peer authentication failed for user "postgres" SQLSTATE[08006] [7] FATAL: Ident authentication failed for user "postgres" SQLSTATE[08006] [7] FATAL: Ident authentication failed for user "postgres"
Does anyone know of a json or php method of authenticating a youtube user without using zend? Code: [Select] <?php $id = NULL; $username = 'myYouTubeAccount'; $url = 'http://gdata.youtube.com/feeds/api/users/%s/uploads?orderby=updated&max-results=8'; $xml = simplexml_load_file(sprintf($url, $username)); foreach ($xml->entry as $entry) : $kids = $entry->children('http://search.yahoo.com/mrss/'); $attributes = $kids->group->content[0]->attributes(); $flv = $attributes['url']; $attributes = $kids->group->player->attributes(); $link = $attributes['url']; $querystring = parse_url($link,PHP_URL_QUERY); parse_str($querystring, $id_temp); $id = $id_temp['v']; ?> <a href="<?=$link?>"> <img src="http://i4.ytimg.com/vi/<?=$id?>/default.jpg" /> </a> <?php endforeach; ?> I am moving a site from another server to a new one. I have changed all the code snippets to reflect the new server and the new database but for some reason when I come to login it will not take me further. I know that the code has connected to the database as I have a userlog table on there telling me I when I logged in last. elow is my login.php (there is obviously more than the code included) Code: [Select] <? require 'include/common.inc.php'; require 'include/session.inc.php'; if(($u_username != "") || ($u_password != "")) { $funcResult = authenticateUser($u_username, $u_password, $chkRemember); if(!$funcResult->returnValue) { header("Location: login.php?msg=" . $funcResult->errorMessage); echo "ERROR: " . $funcResult->errorMessage; } else { if($artid!="") { header("Location: news/readarticle.php?artid=$artid"); } else { if($funcResult->errorMessage == "M") { header("Location: members/index.php"); exit; } elseif($funcResult->errorMessage == "B") { header("Location: business/index.php"); exit; } $msg = "Invalid UserName/Password"; } } } ?> <html> <head> <title>Welcome to Newquay Uncovered</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <link href="images/style.css" rel="stylesheet" type="text/css"> <script language="Javascript"> <!-- function validate(frm) { for(i=0;i<frm.length;i++) { if((frm.elements[i].type == "text" || frm.elements[i].type == "password") && frm.elements[i].value == "") { alert("Please fill in the required details"); frm.elements[i].focus(); return false; } } return true; } //--> </script> Here is Common Code: [Select] <? require '/home/xmasphot/public_html/www.newquayuncovered.com/include/db.inc.php'; // require '/dump/ldev/newquayuncovered/revamped/include/db.inc.php'; // USER UPLOAD FOLDER $uploaddir = "/home/xmasphot/public_html/www.newquayuncovered.com/members/uploads/"; // $uploaddir = "/dump/ldev/newquayuncovered/revamped/members/uploads/"; $pic_path = "/members/uploads/"; $nophoto = "/images/nophoto.jpg"; $pending = "/images/pending.jpg"; $fromemailaddresss = "help@newquayuncovered.com"; global $sportspicpath; global $sports_rpicpath; // $sports_rpicpath = "/dump/ldev/newquayuncovered/revamped/admin/sports/images/"; // $sports_picpath = "/newquayuncovered/revamped/admin/sports/images/"; $sports_rpicpath = "/home/xmasphot/public_html/www.newquayuncovered.com/admin/sports/images/"; $sports_picpath = "/admin/sports/images/"; if ($uid == "") { $uid = 0; } function sendErrorPage($mesg) { echo "Error Generated: <BR>$mesg"; exit; } function getDateString() { /* The function getDateString() returns the current date in the * format YYYY-MM-DD. This function is used when inserting date * columns into MySQL table */ return date(Y-m-d); } function getCountry($chk) { $query = "SELECT c_cid, c_cname FROM nq_country ORDER BY c_cname"; $results = mysql_query($query); echo "<option value=''><-- Select --></option>"; while($row = mysql_fetch_object($results)) { if($chk == $row->c_cid) { echo "<option value='$row->c_cid' selected>$row->c_cname</option>\n"; } else { echo "<option value='$row->c_cid'>$row->c_cname</option>\n"; } } } function getGender($chk) { echo "<option value=''><-- Select --></option>\n"; if($chk != "" && $chk == 0) { echo "<option value=0 selected>Female</option>\n"; } else { echo "<option value=0>Female</option>\n"; } if($chk == 1) { echo "<option value=1 selected>Male</option>\n"; } else { echo "<option value=1>Male</option>\n"; } } function getSexuality($chk, $type="") { $arrVals = array( "R" => "Rather Not Say", "S" => "Straight", "O" => "Open Minded", "G" => "Gay/Lesbian", "B" => "BiSexual" ); if($type == 1) { echo $arrVals[$chk]; return; } echo "<option value=''><-- Select --></option>\n"; foreach($arrVals as $abbr=>$val) { if($abbr == $chk) { echo "<option value='" . $abbr . "' selected>" . $val . "</option>\n"; } else { echo "<option value='" . $abbr . "'>" . $val . "</option>\n"; } } } function getDOB_Date($chk) { echo "<option>--</option>\n"; for($i=1; $i<=31; $i++) { if($chk == $i) { echo "<option value=$i selected>$i</option>\n"; } else { echo "<option value=$i>$i</option>\n"; } } } function getDOB_Month($chk) { echo "<option>--</option>\n"; $arr_Month = array('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'); $i = 1; foreach ($arr_Month as $temp) { if($chk == $i) { echo "<option value=$i selected>$temp</option>\n"; } else { echo "<option value=$i>$temp</option>\n"; } $i++; } } function getDOB_Year($chk) { echo "<option>--</option>\n"; for($i=1960; $i<=1999; $i++) { if($chk == $i) { echo "<option value=$i selected>$i</option>\n"; } else { echo "<option value=$i>$i</option>\n"; } } } function getDBConnection() { global $hostName, $databaseName, $userName, $password, $con; // Get a persistent database connection if(!($link = mysql_pconnect($hostName, $userName, $password))) { return new Function_Result("Internal Error: Could not open database connection", null); } // Select mysql database if(!mysql_select_db($databaseName, $link)) { return new Function_Result("Internal Error: Could not select database",null); } return new Function_Result(null, $link); } function logout() { global $uid; global $username; global $isAuthenticated; global $userType; session_start(); global $REMOTE_ADDR; // Get DB Connection $funcResult = getDBConnection(); if($funcResult->returnValue == null) { return $funcResult; } $link = $funcResult->returnValue; $updStmt = "UPDATE nq_userlog SET ul_online_status=0 ,ul_last_logout=now() ,ul_last_logon_ip='$REMOTE_ADDR' WHERE ul_ulid='$uid'"; if(!mysql_query($updStmt, $link)) { return new Function_Result("Cannot update log.", null); } session_unregister("uid"); session_unregister("username"); session_unregister("isAuthenticated"); session_unregister("userType"); return new Function_Result(null, true); } class Function_Result { var $errorMessage; var $returnValue; function Function_Result($errMessage, $retValue) { $this->errorMessage = $errMessage; $this->returnValue = $retValue; } } function validateusername($u_username){ $u_username = trim($u_username); $funcResult = getDBConnection(); if($funcResult->returnValue == null) { return $funcResult; } $link = $funcResult->returnValue; $selectUserStmt = "SELECT u_uid,u_password,u_email FROM nq_user WHERE u_username='$u_username'"; if(!($result = mysql_query($selectUserStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query", null); } if(!($row = mysql_fetch_object($result))) { return new Function_Result("Invalid UserName", null); } return new Function_Result(null,$row); } function dynamicpictures() { $funcResult = getDBConnection(); if($funcResult->returnValue == null) { return $funcResult; } $link = $funcResult->returnValue; $selectUserStmt = "SELECT * FROM nq_pictures LEFT JOIN nq_user on pic_uid=u_uid WHERE pic_approval=1 AND pic_folder=0 AND pic_adult=0 AND pic_filename!='' AND pic_default=1 ORDER BY pic_date DESC LIMIT 5"; if(!($result = mysql_query($selectUserStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query", null); } return new Function_Result(null,$result); } function msgStatus($uid) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT COUNT(*) FROM nq_message WHERE msg_to_uid=$uid AND msg_status=0"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } if(!($row = mysql_fetch_row($result))) { return new Function_Result("Internal Error: Could not assign record", null); } return new Function_Result(null, $row); } function getContact_country() { $query = "SELECT c_cname FROM nq_country ORDER BY c_cname"; $results = mysql_query($query); echo "<option value=''><-- Select --></option>"; while($row = mysql_fetch_object($results)) { echo "<option value='$row->c_cname'>$row->c_cname</option>\n"; } } function getState($ud_cid) { if ($ud_cid==130) { $qry = "limit 0, 54 " ;} elseif ($ud_cid==127) { $qry= "limit 55, 66"; } else { echo "<option value=''><-- Not Applicable --></option>"; return; } $query = "SELECT s_sid, s_sname FROM nq_state $qry" ; echo "<option value=''><-- Please Choose --></option>"; $results = mysql_query($query); while($row = mysql_fetch_object($results)) { echo "<option value='$row->s_sid'>$row->s_sname</option>\n"; } } function selectedstates($ud_cid, $chk) { if ($ud_cid==130) { $qry = "limit 0, 54 " ;} elseif ($ud_cid==127) { $qry= "limit 55, 66"; } else { echo "<option value=''><-- Not Applicable --></option>"; return; } $query = "SELECT s_sid, s_sname FROM nq_state $qry" ; echo "<option value=''><-- Please Choose --></option>"; $results = mysql_query($query); while($row = mysql_fetch_object($results)) { if($chk == $row->s_sid) { echo "<option value='$row->s_sid' selected>$row->s_sname</option>\n"; } else { echo "<option value='$row->s_sid'>$row->s_sname</option>\n"; } } } function getindexpagecontent($indexpageid) { $funcResult = getDBConnection(); if($funcResult->returnValue == null) { return $funcResult; } $link = $funcResult->returnValue; $selectStmt = "Select * from nq_config where con_conid='$indexpageid'"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query $selectStmt", null); } return new Function_Result(null,$result); } function getTop_latest_news($limit=2) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt_Top_latest_news = "SELECT *, CONCAT(LEFT(nwa_content, 90), '...') AS nwa_content FROM nq_newsarticle WHERE (nwa_topstories in (1,2,3)) and nwa_status='1' ORDER BY nwa_topstories ASC limit 0,". $limit; if(!($result_Top_latest_news = mysql_query($selectStmt_Top_latest_news, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt_Top_latest_news", null); } return new Function_Result(null, $result_Top_latest_news); } function Display_Admin_lst_evt() { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt_lst_evt = "SELECT *, DATE_FORMAT(evt_from_date, '%b %d, %Y %h:%i %p') AS evt_fromdate, DATE_FORMAT(evt_to_date, '%b %d, %Y %h:%i %p') AS evt_todate FROM nq_events WHERE evt_uid=0 order by evt_evtid desc limit 0,2"; if(!($result_lst_evt = mysql_query($selectStmt_lst_evt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query $result_lst_evt", null); } return new Function_Result(null, $result_lst_evt); } function get_News_links($name,$limit) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt_Newslink = "SELECT *, CONCAT(LEFT(nwa_content, 50), '...') AS content, CONCAT(LEFT(nwa_title, 50), '...') AS title FROM nq_newsarticle left join nq_newscategory on nwc_nwcid=nwa_nwcid WHERE nwc_name='$name' order by nwa_createdate desc limit 0 , ". $limit; if(!($result_Newslink = mysql_query($selectStmt_Newslink, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt_Newslink", null); } return new Function_Result(null, $result_Newslink); } function getNightlife_title() { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_nightlife WHERE nl_parent !=0 ORDER BY nl_lastupdated desc"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getNightlife_details($nl_nlid) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_nightlife where nl_parent !=0 AND nl_nlid = '$nl_nlid'"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getNightlife_homepage_details($nl_nlid) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_nightlife where nl_parent !=1 AND nl_nlid = '$nl_nlid'"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getNightlife_title_topten() { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_nightlife where nl_parent !=0 ORDER BY nl_lastupdated desc limit 0,10"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getSection($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_section where sec_secid='$id'"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getTop_sectionStories($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_sectionstory WHERE ssty_secid='$id' and ssty_position !='0' ORDER BY ssty_sstyid desc limit 0,3"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getTopLink($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_sectionlinks WHERE slnk_secid='$id' ORDER BY slnk_lastupdated desc"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getAllStories($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_sectionstory WHERE ssty_secid='$id' ORDER BY ssty_lastupdated desc"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getStorydetails($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_sectionstory where ssty_sstyid='$id'"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getAllLink($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_sectionlinks left join nq_section on sec_secid=slnk_secid WHERE slnk_secid='$id' ORDER BY slnk_slnkid desc"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getLinkdetails($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_sectionlinks WHERE slnk_slnkid='$id'"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getTopBeaches($limit) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; if ($limit == "") { $selectStmt = "SELECT * FROM nq_beaches where bch_position !='0' order by bch_position asc"; } else { $selectStmt = "SELECT * FROM nq_beaches where bch_position !='0' order by bch_position asc limit 0, $limit"; } if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getBeachDetails($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_beaches where bch_bchid ='$id'"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getTopBeachsafety($limit) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; if ($limit == "") { $selectStmt = "SELECT * FROM nq_beachsafety where bs_position !='0' order by bs_position asc"; } else { $selectStmt = "SELECT * FROM nq_beachsafety where bs_position !='0' order by bs_position asc limit 0, $limit"; } if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getBeachSafetyDetails($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_beachsafety where bs_bsid ='$id'"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getTopSectionCategory($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_sectioncategory WHERE scat_secid='$id' and scat_position !='0' ORDER BY scat_position asc"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getAllSectionCategory($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_sectioncategory left join nq_section on scat_secid=sec_secid WHERE scat_secid='$id' and scat_position !=0 ORDER BY scat_position asc"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getAllSectionArticle($id,$cat) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_sectionlinks left join nq_section on sec_secid=slnk_secid WHERE slnk_secid='$id' and slnk_scatid='$cat' ORDER BY slnk_slnkid desc"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getUserTypeCheck($name) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_user where u_username='$name'"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } if(!($row = mysql_fetch_object($result))) { return new Function_Result("Could not assign records.", null); } return new Function_Result(null, $row); } function getBigAdd($secid) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT count(*) as rcount FROM nq_assingbanner LEFT JOIN nq_banner ON ban_banid=ab_banid WHERE ban_bannertype=1 AND ab_secid='".$secid."'"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } $rowad = mysql_fetch_object($result); if ($rowad->rcount > 0) { $rd = rand(0,$rowad->rcount)-1; if($rd < 0){ $rd = 0; } $sqlad = "SELECT * FROM nq_assingbanner LEFT JOIN nq_banner ON ban_banid=ab_banid WHERE ban_bannertype=1 AND ab_secid='".$secid."' limit $rd,1"; $resultad = mysql_query($sqlad); if(mysql_num_rows($resultad) > 0) { $rowad = mysql_fetch_object($resultad); if($rowad->ban_target == "n"){ $target = "_blank"; } else { $target = "_self"; } $ret_value="<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\"><tr height=\"18\"><td height=\"62\" align=\"center\" valign=\"middle\"><a href =\"".$rowad->ban_page."\" target=\"".$target."\"><img src=\""; if($rowad->ban_image !='') { $ret_value.="/admin/images/ads/".$rowad->ban_image; } else { $ret_value.=$rowad->ban_url; } $ret_value.="\" border=\"0\" alt=\"".$rowad->ban_alttext."\"></a></td> </tr> </table>"; } return new Function_Result(null,$ret_value); } else { return new Function_Result(null,"<br>"); } } function getTwoSmallAdd($secid) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $sqlad = "SELECT * FROM nq_assingbanner LEFT JOIN nq_banner ON ban_banid=ab_banid WHERE ban_bannertype=2 AND ab_secid='".$secid."' order by rand() limit 0,2"; $resultad = mysql_query($sqlad); $ret_value="<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">"; while($rowad = mysql_fetch_object($resultad)) { if($rowad->ban_target == "n"){ $target = "_blank"; } else { $target = "_self"; } $ret_value.="<tr><td height=\"20\" valign=\"top\"><img src=\"/images/spcr.gif\" width=\"1\" height=\"1\"></td></tr><tr><td valign=\"top\"><a href=\"".$rowad->ban_page."\" target=\"".$target."\"><img src=\""; if($rowad->ban_image !='') { $ret_value.="/admin/images/ads/".$rowad->ban_image; } else { $ret_value.=$rowad->ban_url; } $ret_value.="\" border=\"0\" alt=\"".$rowad->ban_alttext."\"></a></td></tr>"; } $ret_value.="</table>"; return new Function_Result(null,$ret_value); } ?> And finally session Code: [Select] <? function setUserSession($u_uid, $u_username, $type) { global $uid; global $username; global $isAuthenticated; global $userType; session_start(); session_register("uid"); session_register("username"); session_register("isAuthenticated"); session_register("userType"); $uid = $u_uid; $username = $u_username; $isAuthenticated = true; $userType = $type; return true; } /***** SESSION HANDLING - ENDS HERE *****/ function authenticateUser($u_username, $u_password, $chkRemember) { $u_username = trim($u_username); $u_password = trim($u_password); $chkRemember=($chkRemember); if(($u_username == "") || ($u_password == "")) { sendErrorPage("The username/password you have entered is invalid. Please try again."); exit; } //$cryptPassword = crypt($u_password, CRYPT_STD_DES); // Get DB Connection $funcResult = getDBConnection(); if($funcResult->returnValue == null) { return $funcResult; } $link = $funcResult->returnValue; $selectUserStmt = "SELECT u_uid, u_username, u_type FROM nq_user WHERE u_username='$u_username' AND u_password='$u_password' and u_status!='U'"; if(!($result = mysql_query($selectUserStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query", null); } if(!($row = mysql_fetch_row($result))) { return new Function_Result("Invalid UserName/Password", null); } else { if ($chkRemember==1){ setcookie("newquay",$row[1],time()+60*60*24*30); } else { setcookie("newquay","",time()+60*60*24*30); } setUserSession($row[0], $row[1], $row[2]); global $REMOTE_ADDR; $updStmt = "UPDATE nq_userlog SET ul_last_updated=now(), ul_last_logon_ip='$REMOTE_ADDR', ul_online_status=1 WHERE ul_ulid=$row[0]"; if(!mysql_query($updStmt, $link)) { return new Function_Result("Cannot update log.<BR>$updStmt", null); } return new Function_Result($row[2], true); } } ?> The site isn't doing anything when I enter username and password, just bringing me back to the same page. Also I am unable to access the areas of the site that are only for registered members. Any help here would be greatly apprecaited, I have spent days on this now. Thanks in advance! There are a few other bugs that need ironing out too. You can view the site at www.newquayuncovered.com Sorry if i posted this in the wrong place but i dident see anthing about Active Directory or Security Questions
But has anyone used Active Directory as their User Database? Has anyone even tryed braking Active Directory with injection attacks?
Notes that i have found so far:
Php Sends to CMD first so encode userdata in base64 as a transport layer
$rand is a random number to prevent users from useing Success: as a ligitimate user
You will need to clean up the many many spaces that powershell sends back as it is a concole
Special Charicters dont need to be escaped
I am using
Win 2008 RC2
Apache
PHP (of course)
Powershell
Active Directory
PHP Script
$psScriptPath = 'C:/Apache/PSScripts/' //Path outside Website Root
$rand = mt_rand(mt_getrandmax(),mt_getrandmax());
//UTF-8 Standard only
$username = utf8_decode($_POST["username"]);
$password = utf8_decode($_POST["password"]);
$base64_username = base64_encode($username); //Transport Layer Base64
$base64_password = base64_encode($password); //Transport Layer Base64
//The danger happens here as it is sent to powershell.
$query = shell_exec('powershell.exe -ExecutionPolicy ByPass -command "' . $psScriptPath . '" < NUL -rand "' . $rand . '" < NUL -base64_username "' . $base64_username . '" < NUL -base64_password "' . $base64_password . '" < NUL');// Execute the PowerShell script, passing the parameters
Powershell Script
#*=============================================================================
#* Script Name: adpwchange2014.ps1
#* Created: 2014-10-07
#* Author:
#* Purpose: This is a simple script that queries AD users.
#* Reference Website: http://theboywonder.co.uk/2012/07/29/executing-powershell-using-php-and-iis/
#*
#*=============================================================================
#*=============================================================================
#* PARAMETER DECLARATION
#*=============================================================================
param(
[string]$base64_username,
[string]$base64_password,
[string]$rand
)
#*=============================================================================
#* IMPORT LIBRARIES
#*=============================================================================
if ((Get-Module | where {$_.Name -match "ActiveDirectory"}) -eq $null){
#Loading module
Write-Host "Loading module AcitveDirectory..."
Import-Module ActiveDirectory
}else{
write-output "Error: Please install ActiveDirectory Module"
EXIT
NUL
Stop-Process -processname powershell*
}
#*=============================================================================
#* PARAMETERS
#*=============================================================================
$username = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_username))
$password = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_password))
#*=============================================================================
#* INITIALISE VARIABLES
#*=============================================================================
# Increase buffer width/height to avoid PowerShell from wrapping the text before
# sending it back to PHP (this results in weird spaces).
$pshost = Get-Host
$pswindow = $pshost.ui.rawui
$newsize = $pswindow.buffersize
$newsize.height = 1000
$newsize.width = 300
$pswindow.buffersize = $newsize
#*=============================================================================
#* EXCEPTION HANDLER
#*=============================================================================
#*=============================================================================
#* FUNCTION LISTINGS
#*=============================================================================
Function Test-ADAuthentication {
Param($Auth_User, $Auth_Pass)
Write-Output "Running Function Test-ADAuthenication"
$domain = $env:USERDOMAIN
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$pc = New-Object System.DirectoryServices.AccountManagement.PrincipalContext($ct, $domain)
$pc.ValidateCredentials($Auth_User, $Auth_Pass).ToString()
}
#*=============================================================================
#* SCRIPT BODY
#*=============================================================================
Write-Output $PSVersionTable
Write-Output " "
$authentication = Test-ADAuthentication "$username" "$password"
if ($authentication -eq $TRUE) {
Write-Output "Success:$rand Authentication"
}elseif ($authentication -eq $FALSE) {
Write-Output "Failed:$rand Authentication"
}else {
Write-Output "Error: EOS"
EXIT
NUL
Stop-Process -processname powershell*
}
#*=============================================================================
#* SCRIPT Exit
#*=============================================================================
Write-Output "End Of Script"
EXIT
NUL
Stop-Process -processname powershell*
Do you use the OS userids or do you keep them separate in MYSQL? Must users login to a website and request a token to use for REST API requests? Did you use a framework provided method? I need something ultra-simple Hello everyone, I am brand new to php and am starting off my journey by trying to create a simple login/register script. I have run into a bit of difficulty, however, and cannot seem to get this to work. I know that the register script is very basic (lacks strlen check, doesn't verify that both passwords are the same, etc.), but for the time being I simply want to have a functional script. Then I can continue learning by adding more components. Here are the login.php, checklogin.php, and register.php files (in this order). I believe that the login/checklogin files work, but the register file just shows the form without actually writing to DB when it is submitted. Thank you very much for your help. Code: [Select] <html> <body> <b> Member Login </b> <br /> <form name="input" action="checklogin.php" method="post"> Username : <input type="text" name="myusername" id="username"> <br /> Password : <input type="password" name="mypassword" id="password"> <br /> <input type="checkbox" name="remember" value="checkbox"> Remember me <br /> <input type="submit" value="Login"> Not a member? <a href="./register.php">Register!</a> </form> </body> </html> Code: [Select] <?php $host="localhost"; $usr="root"; $pwd=""; $db="MemberDB"; $tbl_name="members"; mysql_connect($host, $usr, $pwd) or die("Unable to connect"); mysql_select_db($db) or die("Unable to select database"); $myusr = $_POST['myusername']; $mypswd = md5($_POST['mypassword']); $myusername = stripslashes(strip_tags($myusr)); $mypassword = stripslashes(strip_tags($mypswd)); $myusername = mysql_real_escape_string($myusr); $mypassword = mysql_real_escape_string($mypswd); $sql="SELECT *FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if ($count==1) { session_register("myusername"); session_register("mypassword"); header("location:menu.php"); } else { echo "Incorrect Username or Password"; } ?> Code: [Select] <?php $host="localhost"; $usr="root"; $pwd=""; $db="MemberDB"; $tbl_name="members"; mysql_connect($host, $usr, $pwd) or die("Unable to connect"); mysql_select_db($db) or die("Unable to select database"); if (isset($_POST['register'])) { $query = "INSERT INTO members ('username', 'password', 'email') VALUES('$_POST[username]', 'md5($_POST[password1])', '$_POST[email]')"; mysql_query($db,$query) or die(); mysql_close(); echo "You have successfully registered!"; } else{ ?> <html> <body> <b> Register</b> <br /> <form name="register" action="./register.php" method="post"> Username : <input type="text" name="username" id="username"> <br /> Password : <input type="password" name="password" id="password1"> <br /> Confirm Password : <input type="password" name="password2" id="password2"> <br /> Email: <input type="text" name="email" id="email"> <br /> <input type="submit" value="register"> </form> </body> </html> <?php } ?> Hi I need help with my login script it says invalid password even when its correct however if i take out the md5 encryption of the password and use the encrypted password saved on mysql table it works please help? here is the code im using thanks: Code: [Select] <? // Use session variable on this page. This function must put on the top of page. session_start(); ////// Logout Section. Delete all session variable. session_destroy(); $message=""; ////// Login Section. $Login=$_POST['submit']; if($Login){ // If clicked on Login button. $username=$_POST['username']; $md5_password=md5($_POST['password']); // Encrypt password with md5() function. // Connect database. $host="localhost"; // Host name. $db_user="removed"; // MySQL username. $db_password="removed"; // MySQL password. $database="removed"; // Database name. mysql_connect($host,$db_user,$db_password); mysql_select_db($database); // Check matching of username and password. $result=mysql_query("select * from signup where username='$username' and password='$md5_password'"); if(mysql_num_rows($result)!='0'){ // If match. session_register("username"); // Craete session username. header("location:main.php"); // Re-direct to main.php exit; }else{ // If not match. $message="--- Incorrect Username or Password ---"; } } // End Login authorize check. ?> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title></title> </head> <body> </tr> <? echo $message; ?> <form name="register" method="post" action="<? echo $PHP_SELF; ?>"> <tr> <td height="586" colspan="8" align="center" valign="top"><p> </p> <table> <tr> <td height="45" colspan="2" class="class2 style34"><div align="center"><a href="file:///F|/signin.html">Sign In</a>:</div></td> </tr> <tr> <td colspan="2"><div align="right"></div></td> </tr> <tr> <td width="76" height="45"><div align="right"><span class="class2 style34">Username<span class="style39">..</span></span></div></td> <td width="256"><div align="center"><span class="class2 style34"> <input name="username" type="text" id="username" size="20" height="14" /> </span></div></td> </tr> <tr> <td height="45"><div align="right"><span class="class2 style34">Password <span class="style39">..</span></span></div></td> <td><div align="center"><span class="class2 style34"> <input name="password" type="password" id="password" size="20" height="14" /> </span></div></td> </tr> <tr> <td height="45" colspan="2"><div align="center"><span class="class2 style34"> <input name="submit" type="submit" id="submit" value="Sign In" /> </span></div></td> </tr> </table></td> </tr> </form> </table> </div> </body> </html> MOD EDIT: Database credentials removed, [code] . . . [/code] tags added. Hello everyone, The last few weeks I've asked a few questions. From the answers given, I've finished my login script. But, I am a noob at oop php and I have also no clue if there are any security holes. So my question to you guys is: What have i done wrong? What can i do better? And what's missing? I also have a one basic question: I have't declared any variable to public, protected or private. Is it better to declare every variabe? or only a few? Here is my code: Index.php: <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { require('classes/class_lib.php'); if(isset($_POST['username'])){ $username = $_POST['username']; } if(isset($_POST['password'])){ $password = $_POST['password']; } try{ $user = new User; $user->login($username, $password); } catch(MysqlException $error){ echo $error->getError(); } catch(LoginException $error){ echo $error->getError(); } } ?> // form etc. And my class_lib.php: <?php class MysqlException extends Exception{ public function getError(){ $errorMessage = 'Er is een fout opgetreden in '.$this->getFile().' op regel '.$this->getLine().'<br />'; $errorMessage .= 'Foutmelding: <i>'.$this->getMessage().'</i><br />'; return $errorMessage; } } class LoginException extends Exception{ public function getError(){ $errorMessage = $this->getMessage(); return $errorMessage; } } class Mysql{ public function __construct(){ $this->db = new mysqli('localhost','root','','login'); if($this->db->connect_error){ throw new MysqlException('Kan geen verbinding maken.'); } } public function escapeString($string){ $this->string = $this->db->real_escape_string($string); return $string; } } class Query extends Mysql{ public function runQuery($query){ $this->result = $this->db->query($query); if(!$this->result){ throw new MysqlException('Er is iets fout gegaan tijdens het uitvoeren van de query.'); } } public function returnQuery(){ return $this->result->num_rows; if(!$this->result){ throw new MysqlException('Er is iets fout gegaan tijdens het ophalen van de resultaten.'); } } } class User{ public function __construct(){ $this->mysql = new Mysql; $this->query = new Query; } public function login($username, $password){ $this->username = $this->mysql->escapeString($username); $this->password = $this->mysql->escapeString($password); $this->setQuery = "SELECT gebruikerid FROM gebruikers WHERE gebruikersnaam='" . $this->username . "' AND wachtwoord='" . $this->password . "'"; $this->query->runQuery($this->setQuery); if($this->query->returnQuery() > 0){ return true; }else{ if(empty($username) || empty($password)){ throw new LoginException('U moet alle velden invullen.'); }else{ throw new LoginException('Uw logingegevens kloppen niet.'); } } } } ?> Hey, could someone help me with login script ? I've got registration script. It contains 3 files: reg.php <?php require_once 'database.php'; ?> <h1><strong>Register</strong></h1> <form name="register" method="post" action="regcheck.php"> <label> <input type="text" name="user" id="user"> Username<br /> </label> <br /> <label> <input type="password" name="pass" id="pass"> Password<br /> </label> <br /> <label> <input type="text" name="email" id="email"> Email<br /> </label> <label> <input type="submit" name="reg" id="reg" value="Register"> </label> </form> regcheck.php <?php $email = $_POST['email']; if( isset( $_POST['user'] ) && isset( $_POST['pass'] ) && isset( $_POST['email'] ) ) { if( strlen( $_POST['user'] ) < 4 ) { echo "Username is too short"; } elseif( strlen( $_POST['pass'] ) < 4 ) { echo "Password is too short"; } elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)) { echo "Bad email address"; } elseif( $_POST['pass'] == $_POST['user'] ) { echo"Username and password can't be the same"; } else { include( 'database.php' ); $username = mysql_real_escape_string( $_POST['user'] ); $password = mysql_real_escape_string( $_POST['pass'] ); $email = mysql_real_escape_string( $_POST['email'] ); $sqlCheckForDuplicateN = "SELECT username FROM user WHERE username = '". $username ."'"; $sqlCheckForDuplicateE = "SELECT email FROM user WHERE email = '". $email ."'"; if( mysql_num_rows( mysql_query( $sqlCheckForDuplicateE ) ) == 0 && mysql_num_rows( mysql_query( $sqlCheckForDuplicateN ) ) == 0 ) { $sqlRegUser = "INSERT INTO user( username, password, email ) VALUES( '". $username ."', '". $password ."', '". $email ."' )"; if( !mysql_query( $sqlRegUser ) ) { echo "You Could Not Register Because Of An Unexpected Error."; } else { echo "You Are Registered And Can Now Login"; } } elseif( !(mysql_num_rows( mysql_query( $sqlCheckForDuplicateE ) ) == 0)) { echo "The Email You Have Entered Is Already Being Used. Please Try Another One."; } elseif( !(mysql_num_rows( mysql_query( $sqlCheckForDuplicateN ) ) == 0)) { echo "The Username You Have Entered Is Already Being Used. Please Try Another One."; } elseif( !(mysql_num_rows( mysql_query( $sqlCheckForDuplicateE ) ) == 0) && !(mysql_num_rows( mysql_query( $sqlCheckForDuplicateN ) ) == 0)) { echo "The Email and Username You Have Entered Is Already Being Used. Please Try Another One."; } } } else { echo "You Could Not Be Registered Because Of Missing Data."; } ?> database.php <? $con = mysql_connect('host','username','password'); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db('dbname'); ?> So could someone help me with login ??? Hey everyone. I currently have a login script that uses cookies to check if the user is logged in. But I have been told that even if I have used md5() then the the password is still at risk, so I was wondering if using sessions would be better, or if there was some way to make the passwords in the cookies more secure? Here is the code I currently have to secure passwords in the cookie: Code: [Select] $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['username'] = addslashes($_POST['username']); } Hey so this is my login script but when i enter something into the username and password box and submit it, the page just refreshes.
<?php
echo "
<h1>LOGIN</h1>
<form action='' method='POST'>
<table>
<tr>
<td>
<b>Username:</b>
</td>
<td>
<input type='text' name='username' placeholder='Enter your username'>
</td>
</tr>
<tr>
<td>
<b>Password:</b>
</td>
<td>
<input type='password' name='password' placeholder='Enter your password'>
</td>
<td>
<input type='submit' value='login' name='submit'>
</td>
</tr>
</form>
";
$host = "localhost";
$username = "root";
$password = "";
$db_name = "website";
mysql_connect("$host", "$username", "$password") or die("Could not connect");
mysql_select_db("$db_name") or die("Could not find database");
if(isset($_POST['submit'])) {
if(!empty($_POST['username'])) {
$sql = "SELECT * FROM members WHERE username='$username' AND password='$password'";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count==1) {
$row = mysql_fetch_array($sql);
$bancheck = mysql_query($row);
if($row['active']==0 && count==0) {
include 'userban.html';
} else if($count==1 && $bancheck==1) {
$_SESSION['username'] = "$username";
include '/home/user/index.php';
} else {
echo "You entered invalid information";
}
}
}
}
?>
Hello everybody! I am trying to make a forum for my class and I will do it from scratch I am from Denmark so my english could be a little wrong! Sorry! The problem is when i try to login, I allways get the error that I had defined to do.. But only if both password and username dosn't exist... Before i post the code i will give you a translation: Brugernavn = Username kodeord = password brugerid = userid My register.php file works fine! But I will post them both: This is the register form: http://pastebin.com/h6fgHSFB And here are the code for my login.php, the strange thing is, that i do not get any kind of error dont even mysql errors, that i had hope on so i could fix it! http://pastebin.com/Vc8Gt9SY Hope you guys would like to help me! Best Regards Jesper Jensen from denmark jesper@dh-data.dk Hello everyone, I have just finished coding a logion/register/logout script. I am quite new to PHP (this was my first task to begin the learning process!). The scripts now work fine and gets the job done. It incorporates a database and has a number of checks in place. I know that the code is probably pretty ugly however and not as efficient as it could be. Could anyone suggest places where I could improve it or security issues with it? I have tried to secure it against sql injection; it also ensures that no fields are blank and that the two passwords in registration are the same and I have also made username a unique field in database. Thanks in advance for any help or guidance. Here are the scripts: index.html, checklogin.php, register.php, menu.php, and logout.php <html> <body> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form name="input" action="checklogin.php" method="post"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Member Login </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="username" type="text" id="username"></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="password" type="password" id="mypassword"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="login" value="Login"></td> </tr> </table> </td> </form> </tr> </table> <center>Not a member? <a href="./register.php">Register!</a></center> </body> </html> <?php $host="localhost"; $usr="root"; $pwd="******"; $db="*****"; $tbl_name="members"; mysql_connect($host, $usr, $pwd) or die(mysql_error()); mysql_select_db($db) or die(mysql_error()); $initialusr = $_POST['username']; $initialpwd = $_POST['password']; $secondusr = stripslashes($initialusr); $secondpwd = stripslashes($initialpwd); $pswd = mysql_real_escape_string($secondpwd); $myusr = mysql_real_escape_string($secondusr); $mypswd= md5($pswd); $sql="SELECT *FROM $tbl_name WHERE username='$myusr' and password='$mypswd'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if ($count==1) { session_start(); $_SESSION['username'] = $myusr; header("location:menu.php"); } else { echo "Incorrect Username or Password"; } ?> <?php $host="localhost"; $usr="root"; $pwd="*****"; $db="***********"; $tbl_name="members"; mysql_connect($host, $usr, $pwd) or die(mysql_error()); mysql_select_db($db) or die(mysql_error()); if (isset($_POST['register']) && $_POST['username'] && $_POST['password'] && $_POST['confirm'] && $_POST['email'] && $_POST['password'] == $_POST['confirm']) { $pwd = mysql_real_escape_string("$_POST[password]"); $md5pwd = md5("$pwd"); $usr = mysql_real_escape_string("$_POST[username]"); $email = mysql_real_escape_string("$_POST[email]"); $query = "INSERT INTO members (username, password, email) VALUES('$usr', '$md5pwd', '$email')"; mysql_query($query) or die(mysql_error()); mysql_close(); echo "You have successfully registered!"; } else{ ?> <html> <body> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form name="input" action="register.php" method="post"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Register</strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="username" type="text" id="username"></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="password" type="password" id="password"></td> </tr> <tr> <td>Confirm Password</td> <td>:</td> <td><input name="confirm" type="password" id="confirm"></td> </tr> <tr> <td>Email</td> <td>:</td> <td><input name="email" type="text" id="email"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="register" value="Register"></td> </tr> </table> </td> </form> </tr> </table> </body> </html> <?php } ?> <?php session_start(); if (!isset($_SESSION['username'])){ header("location:index.html"); } else { ?> <html> <body> <?php $username = $_SESSION['username']; echo "Welcome " . $username . " !"; ?> <br /> <a href = logout.php>Log out</a> </body> </html> <?php } ?> <?php session_start(); session_destroy(); header("location:index.html") ?> hi guys, any help will be much appreciated!! basically i have a login script, that i want to check mutliple tables and i am stuggling to get it to work! what i have is basically: <?php session_start(); $_SESSION['loggedin'] = false; include("functions.php"); extract($_POST); $query = "SELECT * From table1 WHERE email='$email' and password='$password';"; $result = doQuery($query); if($result==false) { $query = "SELECT * From table2 WHERE email='$email' and password='$password';"; $result = doQuery($query); if($result==false) { $query = "SELECT * From table3 WHERE email='$email' and password='$password';"; $result = doQuery($query); if($result==false) { $query = "SELECT * From table4 WHERE email='$email' and password='$password';"; $result = doQuery($query); if($result==false) { } else { if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $_SESSION['loggedin'] = true; $_SESSION['id'] = $_POST['id']; header("Location:1"); } else { header("Location:wrong.php"); } } } else { if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $_SESSION['loggedin'] = true; $_SESSION['id'] = $_POST['id']; header("Location:2"); } else { header("Location:wrong.php"); } } } else { if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $_SESSION['loggedin'] = true; $_SESSION['id'] = $_POST['id']; header("Location:3"); } else { header("Location:wrong.php"); } } } else { if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $_SESSION['loggedin'] = true; $_SESSION['id'] = $_POST['id']; header("Location:4"); } else { header("Location:wrong.php"); } } ?> Hi! I need help with the login script i wrote. Please help me get it working. The section related to guest works fine however it always gives me error message when i get to the queryA and queryB stages. Thanks! I've already got the database running, using MySQL. Name of database - connectiontracker; tables- user_admin, user_user Here's the script: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/xhtml1-loose.dtd"> <?php session_start(); $userType = $_POST["userType"]; $userName = $_POST["username"]; $passWord = $_POST["password"]; $link = mysqli_connect("localhost", "ct1", "ctcfgb") Or die('Could not connect '. mysqli_error()); switch ($userType) { case "admin": if (isset($userName) && isset($passWord)) { $dbTableA = "user_admin"; mysqli_select_db($link, "connectiontracker") Or die ("Database unavailable"); $queryA = "SELECT * FROM $dbTableA WHERE username='$userName' AND password='$passWord'"; $resultA = mysqli_query($queryA) or die("Verification Error A"); if(mysqli_num_rows($resultA) == 1) { $_SESSION = true; header ('Location: welcomeadmin.php'); } else echo "Incorrect administrator username and/or password"; } break; case "user": if (isset($userName) && isset($passWord)) { $dbTableB = "user_user"; mysqli_select_db($link, "connectiontracker") Or die ("Database unavailable"); $queryB = "SELECT * FROM $dbTableB WHERE username='$userName' AND password='$passWord'"; $resultB = mysqli_query($queryB) or die("Verification Error B"); if(mysqli_num_rows($resultB) == 1) { $_SESSION = true; header ('Location: welcomeuser.php'); } else echo "Incorrect Organization/Individual username and/or password"; } break; case "guest": header ('Location: welcomeguest.php'); break; } if (!isset($_POST['Enter'])) { ?> <html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <title>Login to Connection Tracker</title> <!-- <link rel="stylesheet" href="ct_style1.css" type="text/css"> --> </head> <body> Please select from the following: <br /> <form action="<?php echo $PHP_SELF;?>" method="post"> <select name="userType"> <option value="admin">Administrator</option> <option value="user" selected>Organization</option> <option value="guest">Guest</option> </select> <br /> Please leave the following fields blank if entering the system as Guest <br /> Username: <input type="text" name="username"> <br /> Password: <input type="text" name="password"> <input type="submit" name="Enter"/> <br /> </form> </body> </html> <?php } mysqli_close($link); ?> I am looking to use this for an admin panel.
session_start.php
"session_start()" "if statement" where it checks if a successful login is givenIs it necessary to include "session_start.php" into the top of each script file? If I just include "session_start.php" into the top of the "main" file where the other script files are included inside of the "main" as well, then I have it in ways where the other script files could get called up through the URL.(?) I thought it is a bit too much to include "session_start.php" into each script file. Is there a way where this can be done with more simple ways? I would appreciate the suggestions a lot. Hi, I am trying to make a login script that uses the user's id from the database, and tries to match it up with the user and password sent by the login form. My checklogin.php page, just jumps back to the index.php page for some reason. I don't know why. I get the following errors, any help greatly appreciated. thank you. Notice: Undefined index: myusername in /hermes/bosweb/web173/b1739/public_htmlchecklogin.php on line 19 Notice: Undefined index: mypassword in /hermes/bosweb/web173/b1739/public_html/checklogin.php on line 20 Wrong Username or Password Here is my code to check the id. I can't figure out what is wrong. Code: [Select] <?php ini_set ("display_errors", "1"); error_reporting(E_ALL); $host = ""; $database = ""; $username = ""; $password = ""; $tbl_name = "users"; $conn = mysql_connect($host, $username, $password) or die("Could not connect: " . mysql_error()); if($conn) { mysql_select_db($database); } else { echo "failed to select database"; } // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT id FROM $tbl_name WHERE username='$myusername' and password= SHA1('$mypassword')"; $result=mysql_query($sql); $query_data = mysql_fetch_row($result); // Mysql_num_row is counting table row $count=mysql_num_rows($result) ; // If result matched id, table row must be 1 row if($count==1){ session_start(); $_SESSION['userid']=$query_data[0]; header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?> where do i download a login script like this used here at phpfreaks
Okay, a few of you have been helping me with a login script problem. I have changed it quite a bit again, but I am still running into a little bit of a problem. When I click the submit button it just clears the form fields and stays on the login page. Also, I have used error_reporting(E_ALL) to help me out with debugging. I took care of three bugs on my own but I cant seem to clear the two remaining bugs and the fact that it is not forwarding me to any page with my header statement. Thanks for your help in advance! Here is my code from my 'login.php' file. <?php session_start(); error_reporting (E_ALL); include("config.php"); if($_SERVER["REQUEST_METHOD"] == "POST") { // username and password sent from form $myusername=addslashes($_POST['username']); $mypassword=addslashes($_POST['password']); $sql="SELECT id FROM admin WHERE username='$myusername' and passcode='$mypassword'"; $result=mysql_query($sql); $row=mysql_fetch_array($result); $active=$row['active']; $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1) { session_register("myusername"); $_SESSION['login_user']=$myusername; header("location: main_interface.php"); } else { $error="The username or password you entered is invalid, please check your credentials and try again"; } } ?> <form action="" method="post"> <label>Username :</label> <input type="text" name="username"/><br /> <label>Password :</label> <input type="password" name="password"/><br/> <input type="submit" value=" Submit "/><br /> </form> Here are the error messages on the page Notice: Undefined index: active in login.php on line 20 Warning: Cannot modify header information - headers already sent by (output started at login.php:1) in login.php on line 29 Thanks in advance for your help! |
|||||||