SitePoint Sponsor

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 42
  1. #1
    SitePoint Enthusiast
    Join Date
    Dec 2004
    Location
    Canada
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Help with a login script

    Hey, im working on a login script for my site. I have a registration page, which logs the username, password, and other info in my database. I need the login to find the username that the user enters on the login page. Then check the row with that username in it, and check if the password is the same as the one the user enterd.

    If it is, it must load a page, if the password is wronge, i need it to say its wronge.

    Heres what i have so far:

    Code:
    <?php
    // Database Connection
    @mysql_pconnect("localhost", "USERNAME", "PASSWORD"); mysql_select_db("DATABASE") or die("Unable to reach database server. Please try again.");
    
    
    print "Username <input type='text' name='username' maxlength='20'><br>";
    print "Password <input type='password' name='password' maxlength='20'><br>";
    print "<input type='submit' name='submit' value='Login'>";
    
    mysql_query("SELECT * FROM Accounts WHERE Usernames='$username'");
    	if ($mysql_num_rows > 0) {
    		$getUser = $mysql_fetch_array;
    if ($getUser[password] != "$password") { doError('Wrong Username/Password'); }
    		
    $cookieString = $getUser['userid'] . '|' . md5($getUser['password']);
    		setcookie("logindata", base64_encode($cookieString), time() + 31536000);
    	
    		if ($HTTP_REFERER && strpos($HTTP_REFERER, 'Login.php') === FALSE) {
    			doRedirect($HTTP_REFERER);
    		} else {
    			doRedirect("register.php");
    		}
    	} else {
    		doError("There is no user with that name.");
    ?>
    Im not sure how right any of this is, im doing it out of a book. So if anyone could help me fix/finish it, that would be awesome.

    Thx alot,
    X-Factor

  2. #2
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,807
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    Does this script do what you want? If not what errors do you get, if so what is it that you want to do next?

    One suggestion I have is to keep the login page seperate from other content pages ie: do the login check and the either throw up the error or direct the user to a success/ content page.

    EDIT
    OK its early here, the script does the redirection...!
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  3. #3
    SitePoint Enthusiast
    Join Date
    Dec 2004
    Location
    Canada
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Im getting a error, so im not sure if its doing what it wants. Ive changed the script around a bit and heres what I think/need it to be doing:

    Starts a session, connects to the database. Then i have a form that the user must fill out. Then it should look to see which row the username that the user entered in the form is in. Then it has to find out which password is also in that row, and then compare it with the one the user entered. If they are the same. It shows the logged in message, if they are wronge, it shows the error message then dies:

    Code:
     
    <?php
    session_start();  
    header("Cache-control: private");
    // Database Connection
    @mysql_pconnect("localhost", "USERNAME", "PASSWORD"); mysql_select_db("DATABASE") or die("Unable to reach database server. Please try again.");
    
    // Main Page
    
    print "Username <input type='text' name='username' maxlength='20'><br>";
    print "Password <input type='password' name='password' maxlength='20'><br>";
    print "<input type='submit' name='submit' value='Login'>";
    
    
    
    mysql_query("SELECT * FROM Accounts WHERE Usernames='$username'");
    	if ($mysql_num_rows > 0) {
    		$getUser = $mysql_fetch_array;
    if ($getUser[Passwords] != "$password") { doError('Wrong Username/Password');
    die; }
    else {
    Print "You have been logged into robowars, click here to play";
    $_SESSION["username"] = "$username"; 
    $_SESSION["online"] = "yes";
    }
    ?>
    The error im getting is this:

    Parse error: parse error, unexpected $ on line 25.

    Any help would be great.
    Thankyou,
    X-Factor

  4. #4
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,807
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    PHP Code:
    <?
    # assuming connection
    # start session
    session_start();
    # open a blank error message
    $error_msg="";
    # check if the form is submitted
    if(isset($_POST['submit_form'])) {
    # if any blank entries, add to the error message
    if(!$_POST['username']) {
    $error_msg .= "Please complete the Username<br>";
    }
    if(!
    $_POST['password']) {
    $error_msg .= "Please complete the Password<br>";
    }
    # if no errors carry on.
    if($error_msg == "") {
    # defin basic variables
    $username $_POST['username'];
    $password $_POST['password'];
    $login_check mysql_query("select username, password from mytable where username='$username' and password='$password") or die(mysql_error());
    # get the rows from the database
    $login_rows mysql_num_rows($login_check);
    # check the number of rows.
    # if there is one...
    if($login_rows >0) {
    # define session variables
    $_SESSION['login'] = 'Logged';
    $_SESSION['username'] = $login_rows['username'];
    $_SESSION['password'] = $login_rows['password'];
    # redirect
     
    header('Location: members_page.php');
    } else {
    echo 
    $error_msg;
    }
    ?>
    <form name="submit_data" action="<? $_SERVER['PHP_SELF']; ?>" method="post">
    <input type="text" name="username"><br>
    <input type="text" name="password">
    <input type="hidden" name="submit_form">
    <input type="submit" name="submit" value="submit" label="submit">

    </form>
    The way I would approach it!

    NOT TESTED!
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  5. #5
    SitePoint Enthusiast
    Join Date
    Dec 2004
    Location
    Canada
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Alright, ill take a look at this.

    Thx alot.


    EDIT:// The code you gave me is giving me this error:


    Parse error: parse error, unexpected $ on line 45

    Im playing around with it, and trying to fix it now.

  6. #6
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,807
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    I am guessing that the error is on line
    PHP Code:
    if ($getUser[Passwords] != "$password") { doError('Wrong 
    if so change it to
    PHP Code:
    if ($getUser[Passwords] != $password) { doError('Wrong 
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  7. #7
    SitePoint Enthusiast
    Join Date
    Dec 2004
    Location
    Canada
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It says the errors on line 45 and on line 45 its just: ?>

    Im also using the code you pasted for me, not mine.

    So there is no: if ($getUser[Passwords] != "$password") { doError('Wrong.

  8. #8
    Umm. PHP Guru....Naaaah jaswinder_rana's Avatar
    Join Date
    Jul 2004
    Location
    canada
    Posts
    3,193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Missing One } Before ?>

  9. #9
    Non-Member bronze trophy geniusgoalie's Avatar
    Join Date
    Sep 2004
    Location
    Buffalo, USA
    Posts
    979
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by jaswinder_rana
    Missing One } Before ?>
    or an extra, is a possibility

  10. #10
    SitePoint Enthusiast
    Join Date
    Dec 2004
    Location
    Canada
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What... I have all the correct }'s... ur saying i need 2 before the ?>?

    Like
    }}
    ?>

    :S

  11. #11
    Umm. PHP Guru....Naaaah jaswinder_rana's Avatar
    Join Date
    Jul 2004
    Location
    canada
    Posts
    3,193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i again looked at your code and OOPS
    you are missing two } before ?>

    2 if statements were not closed after being opened
    i tried it and i can the form

  12. #12
    SitePoint Enthusiast
    Join Date
    Dec 2004
    Location
    Canada
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I found one } that i was missing. I cant find the other tho... Now its giving me this error:

    parse error, unexpected T_STRING on line 43

    Right now my code looks lke this:

    PHP Code:

    <?php
    // Connect to database
    @mysql_pconnect("localhost""USERNAME""PASSWORD"); mysql_select_db("DATABASE") or die("Unable to reach database server. Please try again.");
    // assuming connection 
    // start session 
    session_start(); 
    // open a blank error message 
    $error_msg=""
    // check if the form is submitted 
    if(isset($_POST['submit_form'])) { 
    // if any blank entries, add to the error message 
    if(!$_POST['username']) { 
    $error_msg .= "Please complete the Username<br>"

    if(!
    $_POST['password']) { 
    $error_msg .= "Please complete the Password<br>"

    // if no errors carry on. 
    if($error_msg == "") { 
    // defin basic variables 
    $username $_POST['username']; 
    $password $_POST['password']; 
    $login_check mysql_query("select username, password from mytable where username='$username' and password='$password") or die(mysql_error()); 
    // get the rows from the database 
    $login_rows mysql_num_rows($login_check); 
    }
    // check the number of rows. 
    // if there is one... 
    if($login_rows >0) { 
    // define session variables 
    $_SESSION['login'] = 'Logged'
    $_SESSION['username'] = $login_rows['username']; 
    $_SESSION['password'] = $login_rows['password']; 
    // redirect 
    header('Location: members_page.php'); 
    } else { 
    echo 
    $error_msg;


    if (
    $getUser[Passwords] != "$password") { doError('Wrong 

    <form name="submit_data" action="<? $_SERVER['
    PHP_SELF']; ?>" method="post"> 
    <input type="text" name="username"><br> 
    <input type="text" name="password"> 
    <input type="hidden" name="submit_form"> 
    <input type="submit" name="submit" value="submit" label="submit"> 
    </form> }

    ?>

  13. #13
    Umm. PHP Guru....Naaaah jaswinder_rana's Avatar
    Join Date
    Jul 2004
    Location
    canada
    Posts
    3,193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    try this
    PHP Code:
    <?php
    // Connect to database
    @mysql_pconnect("localhost""USERNAME""PASSWORD"); mysql_select_db("DATABASE") or die("Unable to reach database server. Please try again.");
    // assuming connection
    // start session
    session_start();
    // open a blank error message
    $error_msg="";
    // check if the form is submitted
        
    if(isset($_POST['submit_form']))
        {
            
    // if any blank entries, add to the error message
            
    if(!$_POST['username'])
            {
                
    $error_msg .= "Please complete the Username<br>";
            }
            if(!
    $_POST['password'])
            {
                
    $error_msg .= "Please complete the Password<br>";
            }
            
    // if no errors carry on.
            
    if($error_msg == "")
            {
            
    // defin basic variables
            
    $username $_POST['username'];
            
    $password $_POST['password'];
            
    $login_check mysql_query("select username, password from mytable where username='$username' and password='$password") or die(mysql_error());
            
    // get the rows from the database
            
    $login_rows mysql_num_rows($login_check);
            }
            
    // check the number of rows.
            // if there is one...
            
    if($login_rows >0)
            {
            
    // define session variables
            
    $_SESSION['login'] = 'Logged';
            
    $_SESSION['username'] = $login_rows['username'];
            
    $_SESSION['password'] = $login_rows['password'];
            
    // redirect
            
    header('Location: members_page.php');
            }
            else
            {
                echo 
    $error_msg;
            }

            if (
    $getUser[Passwords] != "$password") { doError('Wrongpassword');}
    }

    ?>

    <form name="submit_data" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    <input type="text" name="username"><br>
    <input type="text" name="password">
    <input type="hidden" name="submit_form">
    <input type="submit" name="submit" value="submit" label="submit">
    </form>
    i think when you changed you forgot to put } before ?>

    and also the the html thingy should be outside the ?>

    and you din't close the password doError('wrongpassword');}

    hope it solves the problem

  14. #14
    SitePoint Enthusiast
    Join Date
    Dec 2004
    Location
    Canada
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Alright, the form is showing, and it works. But now, when i put in a working username and password, then hit the login button it says this:

    You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1

    PHP Code:
    <?php 
    @mysql_pconnect("localhost""USERNAME""PASSWORD"); mysql_select_db("DATABASE") or die("Unable to reach database server. Please try again."); 
    // assuming connection 
    // start session 
    session_start(); 
    // open a blank error message 
    $error_msg=""
    // check if the form is submitted 
        
    if(isset($_POST['submit_form'])) 
        { 
            
    // if any blank entries, add to the error message 
            
    if(!$_POST['username']) 
            { 
                
    $error_msg .= "Please complete the Username<br>"
            } 
            if(!
    $_POST['password']) 
            { 
                
    $error_msg .= "Please complete the Password<br>"
            } 
            
    // if no errors carry on. 
            
    if($error_msg == ""
            { 
            
    // defin basic variables 
            
    $username $_POST['usernames']; 
            
    $password $_POST['passwords']; 
            
    $login_check mysql_query("select Usernames, Passwords from Accounts where usernames='$username' and passwords='$password") or die(mysql_error()); 
            
    // get the rows from the database 
            
    $login_rows mysql_num_rows($login_check); 
            } 
            
    // check the number of rows. 
            // if there is one... 
            
    if($login_rows >0
            { 
            
    // define session variables 
            
    $_SESSION['login'] = 'Logged'
            
    $_SESSION['usernames'] = $login_rows['usernames']; 
            
    $_SESSION['passwords'] = $login_rows['passwords']; 
            
    // redirect 
            
    header('Location: members_page.php'); 
            } 
            else 
            { 
                echo 
    $error_msg
            } 

            if (
    $getUser[Passwords] != "$password") { doError("Wrongpassword");} 


    ?> 

    <form name="submit_data" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> 
    Username: <input type="text" name="username"><br> 
    Password: <input type="text" name="password"><br> 
    <input type="hidden" name="submit_form"><br>
    <input type="submit" name="submit" value="submit" label="submit"> 
    </form>
    In my database I have 1 table named "Accounts" and 6 fields named "Usernames", "Passwords", "RobotType", "RobotName", "Gender", "Credits"

    Im using MySQL, and phpmyadmin to manage the database. Im not sure if my new error has to do with the scripting or the database.

    If anyone can help, that would be great. Once I get this figured out, i think i know what im doing from here out.

    Thanks alot,
    X-Factor

  15. #15
    Umm. PHP Guru....Naaaah jaswinder_rana's Avatar
    Join Date
    Jul 2004
    Location
    canada
    Posts
    3,193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    in this query
    $login_check = mysql_query("select Usernames, Passwords from Accounts where usernames='$username' and passwords='$password") or die(mysql_error());

    missing ' after $password

  16. #16
    SitePoint Enthusiast
    Join Date
    Dec 2004
    Location
    Canada
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Alright, now all thats working. Thx alot.

    But theres still more problems

    I dont think its logging the cookies correctly. Because wheni got $username on other pages, it doesnt display the users username.

    Also, when i put in a wronge password it still works, it doesnt give me a error message.

    But on the bright side, theres no errors

    Once again, heres my code:

    PHP Code:
    <?php 
    @mysql_pconnect("localhost""USERNAME""PASSWORD"); mysql_select_db("DATABASE") or die("Unable to reach database server. Please try again."); 
    // assuming connection 
    // start session 
    session_start(); 
    // open a blank error message 
    $error_msg=""
    // check if the form is submitted 
        
    if(isset($_POST['submit_form'])) 
        { 
            
    // if any blank entries, add to the error message 
            
    if(!$_POST['username']) 
            { 
                
    $error_msg .= "Please complete the Username feild<br>"
            } 
            if(!
    $_POST['password']) 
            { 
                
    $error_msg .= "Please complete the Password feild<br>"
            } 
            
    // if no errors carry on. 
            
    if($error_msg == ""
            { 
            
    // defin basic variables 
            
    $username $_POST['usernames']; 
            
    $password $_POST['passwords']; 
            
    $login_check mysql_query("SELECT Usernames, Passwords FROM Accounts WHERE usernames='$username' and passwords='$password'") or die(mysql_error()); 
            
    // get the rows from the database 
            
    $login_rows mysql_num_rows($login_check); 
            } 
            
    // check the number of rows. 
            // if there is one... 
            
    if($login_rows >0
            { 
            
    // define session variables 
            
    $_SESSION["login"] = "Logged"
            
    $_SESSION["username"] = $login_rows["Usernames"]; 
            
    $_SESSION["password"] = $login_rows["Passwords"]; 
            
    // redirect 
            
    header('Location: members_page.php'); 
            } 
            else 
            { 
                echo 
    $error_msg
            } 

            if (
    $getUser[Passwords] != "$password") { doError("Wrongpassword");} 


    ?> 

    <form name="submit_data" action="/PractisePHP/example.php" method="post"> 
    Username: <input type="text" name="username"><br> 
    Password: <input type="text" name="password"><br> 
    <input type="hidden" name="submit_form"><br>
    <input type="submit" name="submit" value="submit" label="submit"> 
    </form>
    Thanks for all the help so far guys.
    Last edited by X-Factor; Dec 31, 2004 at 00:38.

  17. #17
    SitePoint Wizard
    Join Date
    Dec 2004
    Location
    At My Desk!!
    Posts
    1,642
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    u might want to take ur username and pass out the mysql statement!!!
    "Am I the only one doing ASP.NET in Delphi(Pascal)?"

  18. #18
    SitePoint Wizard
    Join Date
    Dec 2004
    Location
    At My Desk!!
    Posts
    1,642
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    first thing i noticed is that u ddint start the session forst thing. sessions wont work unless session_start() goes at vry beginning of the page before anything else is ouput even before the <html> tags
    "Am I the only one doing ASP.NET in Delphi(Pascal)?"

  19. #19
    SitePoint Wizard
    Join Date
    Dec 2004
    Location
    At My Desk!!
    Posts
    1,642
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    try changing this:


    PHP Code:
    $login_check mysql_query("SELECT Usernames, Passwords FROM Accounts WHERE usernames='$username' and passwords='$password'") or die(mysql_error()); 
    to this:
    PHP Code:
    $login_check mysql_query("SELECT Usernames, Passwords FROM Accounts WHERE usernames='$username' OR passwords='$password'") or die(mysql_error()); 
    by the way, when u have a statement in MySQL such as AND, WHERE, FROM, they need to be in caps lock uppercase, and i see from your code that it is lowercase but anyhow try the OR instead of AND
    "Am I the only one doing ASP.NET in Delphi(Pascal)?"

  20. #20
    SitePoint Wizard
    Join Date
    Dec 2004
    Location
    At My Desk!!
    Posts
    1,642
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    is it jus the login page that you want or registration aswell??
    "Am I the only one doing ASP.NET in Delphi(Pascal)?"

  21. #21
    SitePoint Wizard
    Join Date
    Dec 2004
    Location
    At My Desk!!
    Posts
    1,642
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    this will work!!

    PHP Code:
    <?php
          
         
    if ($_POST)
    {

     
    $UserName $_POST['YOURFIELDNAME'];
     
    $Pass $_POST['YOURFIELDPASS'];

     
    $Connect mysql_connect('localhost''YOURUSERNAME''YOURPASS') or die(mysql_error());
     
     
    mysql_select_db('YOURDATABASE'$Connect);
     
     
    $Result mysql_query("SELECT UserName, Pass FROM YOURTABLE"$Connect)or die(mysql_error());
         
    while (
    $MyRow mysql_fetch_row($Result))
        {    
        
    $User $MyRow[0];
        
    $Password $MyRow[1];
                if (
    $MyRow[0]  == $UserName)
                {
                    if (
    $MyRow[1] == $Pass)
                    {
                    
                    
    $_SESSION['UserName'] = $UserName;
                    
                    echo 
    "<br><br><h3><center>You are now logged in as $UserName!"?><br><br> Return to the <a href="/index.php">Home Page</a><br></center></h3> <?php 
                    $ValidAccess 
    TRUE;
                    }
                }    
                                
        }
        
                        if (
    $ValidAccess == FALSE
                        {
                        echo 
    "<br><br><h3>I'm sorry but you have entered the wrong information, please try again!</h3>";
                        }
        
    }
     
     
     
     
     
    if (
    $_POST == FALSE)
     {
     
     
    ?>
      </p>
      <p align="center" class="style9">&nbsp;</p>
      <form name="form1" method="post" action="">
        <h3 align="center" class="style9">
          <label>User Name:
          <input name="UserName" type="text" id="UserName">
          </label>
          <label></label>
        </h3>
        <p align="center" class="style9">
          <label>Password:</label>
          <label>
          <input name="Pass" type="password" id="Pass">
    </label>
        </p>
        <p align="center" class="style9">
            <label>      </label>
          <span class="style9">
          <label> </label>
          <label>
          <input type="submit" name="Submit" value="Submit">
          </label>
          <label>
          <input type="reset" name="Reset" value="Reset">
          </label>
          <label> </label>
          <label> </label>
          <label></label>
          <label></label>
          </span>
          <label></label>
        </p>
        <h4>
          <label> </label>
        </h4>
      </form>
      <?php
      
    }
      
      
      
    ?>

    You will have to rename the UserName and Pass in the MySQL query at the top but that will work otherwise!! Let me know if there is any problems


    Just another point dont forget u need this at the very top of your page before anything:
    PHP Code:
    <?php
    session_start
    ()
    header("Cache-control: Private")
    ?>
    "Am I the only one doing ASP.NET in Delphi(Pascal)?"

  22. #22
    SitePoint Enthusiast
    Join Date
    Dec 2004
    Location
    Canada
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey, well this is awesome webnoob. But its always saying wronge information, and im sure its right. I put my username, and password, and database in. Then I changed the query to the correct information.

    I saw Username = $username in there alot. My feilds in my database named "Accounts" are Usernames and Passwords.

    So i have changed them from Username to Usernames and Password to Passwords.

    I may have done that wronge, or missed one.

    Heres the code with all my info besides the username, pass, and DB this time :P (thx)

    PHP Code:
    <?php 
    session_start
    () 
    header("Cache-control: Private")   <=== I had to remove thisi was getting a error otherwize
    ?> 


    <?php 
           
         
    if ($_POST


    $UserName $_POST['Usernames']; 
    $Pass $_POST['Passwords']; 

    $Connect mysql_connect('localhost''USERNAME''PASSWORD') or die(mysql_error()); 

    mysql_select_db('DATABASE'$Connect); 

    $Result mysql_query("SELECT Usernames, Passwords FROM Accounts"$Connect)or die(mysql_error()); 
         
    while (
    $MyRow mysql_fetch_row($Result)) 
        {     
        
    $User $MyRow[0]; 
        
    $Password $MyRow[1]; 
                if (
    $MyRow[0]  == $UserName
                { 
                    if (
    $MyRow[1] == $Pass
                    { 
                     
                    
    $_SESSION['Username'] = $UserName
                     
                    echo 
    "<br><br><h3><center>You are now logged in as $UserName!"?><br><br> Return to the <a href="/index.php">Home Page</a><br></center></h3> <?php 
                    $ValidAccess 
    TRUE
                    } 
                }     
                                 
        } 
         
                        if (
    $ValidAccess == FALSE
                        { 
                        echo 
    "<br><br><h3>I'm sorry but you have entered the wrong information, please try again!</h3>"
                        } 
         






    if (
    $_POST == FALSE


    ?> 
      </p> 
      <p align="center" class="style9">&nbsp;</p> 
      <form name="form1" method="post" action=""> 
        <h3 align="center" class="style9"> 
          <label>User Name: 
          <input name="UserName" type="text" id="UserName"> 
          </label> 
          <label></label> 
        </h3> 
        <p align="center" class="style9"> 
          <label>Password:</label> 
          <label> 
          <input name="Pass" type="password" id="Pass"> 
    </label> 
        </p> 
        <p align="center" class="style9"> 
            <label>      </label> 
          <span class="style9"> 
          <label> </label> 
          <label> 
          <input type="submit" name="Submit" value="Submit"> 
          </label> 
          <label> 
          <input type="reset" name="Reset" value="Reset"> 
          </label> 
          <label> </label> 
          <label> </label> 
          <label></label> 
          <label></label> 
          </span> 
          <label></label> 
        </p> 
        <h4> 
          <label> </label> 
        </h4> 
      </form> 
      <?php 
      

       
       
      
    ?>
    Thx ALOT, for everyones help.

  23. #23
    SitePoint Wizard
    Join Date
    Dec 2004
    Location
    At My Desk!!
    Posts
    1,642
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    1 thing there is a form on that page, if you are using that one u will need to change the info bask, i.e Change Username to UserName as that is what is set in the form i have supplied, if not delete my form and put in yours in place below the
    PHP Code:
    if ($_POST == FALSE)
    {
    ?> 
    and dont delete the bit at the bottom

    PHP Code:
    <?php
    }

    ?>
    as this closes the if statement!!

    Also try this:



    i forgot to add this in, put this bit of cade where the other 2 variables are i.eusernames and passwords, here it is:

    PHP Code:
    $ValidAccess FALSE
    also change that line that errors and put this in, its my fault i forgot to end the line with a ;

    PHP Code:
    <?
    session_start
    ();
    header("Cache-control: private");
    ?>
    that one will work (dont forget right at the top and you MUST have this in there or the session wont work)

    I ya still having trouble, email me with your database name and ill write the script as i would mine and test it with my database then all u will have to do is edit the MySQL username and pass!!!
    "Am I the only one doing ASP.NET in Delphi(Pascal)?"

  24. #24
    SitePoint Wizard swdev's Avatar
    Join Date
    Oct 2004
    Location
    UK
    Posts
    1,053
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try this version of the code

    PHP Code:
      <?php
      session_start
    ();
      
      
    $error_msg '';
      
    $username '';
      
    $password '';
      
      
    // clear session variables
      
    $_SESSION['login'] = '';
      
    $_SESSION['username'] = '';
      
    $_SESSION['password'] = '';
      
      
    // add your connect and select database code here
      
      
      // check if the form is submitted
      
    if(isset($_POST['submit_form']))
      {
          
    // validate POST variables.
          // Should do better checks e.g. make sure only alphanumeric characters in username / password
          
    if(!$_POST['username'])
          {
              
    $error_msg .= 'Please complete the Username<br>';
          }
        
    $username $_POST['username'];
      
          if(!
    $_POST['password'])
          {
              
    $error_msg .= 'Please complete the Password<br>';
          }
        
    $password $_POST['password'];
      
          
    // if no errors carry on.
          
    if('' == $error_msg
          {
             
    $sql 'SELECT Usernames, Passwords FROM Accounts WHERE';
             
    $sql .= ' Usernames = \'' $username '\'';
             
    $sql .= ' AND ';
             
    $sql .= ' Passwords = \'' $password '\'';
          
    $login_check mysql_query($sql);
          
          if (
    false === $login_check)
          {
              
    $error_msg .= $sql ' failed due to ' mysql_error() . '<br />'
          }
          else
          {
            
    // get the rows from the database
            
    $login_rows mysql_num_rows($login_check);
        
              
    // there should be onyl 1row in the database for this username / password combination
            
    if(== $login_rows)
            {
              
    // define session variables
              
    $_SESSION['login'] = 'Logged';
              
    $_SESSION['username'] = $username;
              
    $_SESSION['password'] = $password;
              
    // redirect
              
    header('Location: members_page.php');
              exit;
            }
            else
            {
                
    $error_msg .= ' Invalid username / password combination<br />';
            }
          }
          }
          echo 
    $error_msg;
      }
      
      
    ?>
      
      <form name="submit_data" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
      <input type="text" name="username" value="<?php echo $username ?>"><br>
      <input type="text" name="password" value="<?php echo $password?>">
      <input type="hidden" name="submit_form">
      <input type="submit" name="submit" value="submit" label="submit">
      
      </form>
    I have tidied up the code a little bit, so that if an error occurs, the previously entered username and / or password are re-displayed on the form.
    If any SQL errors are generated, they are displayed and the form is re-displayed as well.
    I have removed the hidden field from the form as it is not required.
    I test for exaclty 1 row being returned from the database. If 0 rows are returned, then the username / password combination is wrong. If more than 1 row is returned, you probbly has duplicate data in your database - not a good thing.
    I clear out the $_SESSION variables before doing anything. This makes sure that the session variables are stored only when correct data in entered.

    webnoob

    Oh dear, you have given X-Factor some bad advice.

    1) SQL keywords, when used with MySQL, can be in any case you feel like. A lot of people use UPPERCASE to distinguish between the SQL keywords, column names and variables.
    2) You should always use the power of SQL to restrict the number of records returned to PHP. Basically your PHP code does what the SQL code does but in a far less efficient manner.

    Hope this helps

  25. #25
    SitePoint Wizard
    Join Date
    Dec 2004
    Location
    At My Desk!!
    Posts
    1,642
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    well i have used the sql statements in lowercase and they didnt work and i have also been told this is the case, so i thought what i was saying was true!

    X-Factor i apologise for the information and hope u get it sorted!

    And considering i have only been learning PHP/MySQL for 3 months (and this is my first programming language) i dont think that my script was to bad!

    If you would like to post a script on "PHP/MySQL efficiency" swdev i would be more than happy to read it!

    Thanks for the advice
    "Am I the only one doing ASP.NET in Delphi(Pascal)?"


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •