Why can't I make it work?
The db.php file just won't connect. Can't you make it easier to connect?
Really don't get it!!
Jacob
| SitePoint Sponsor |
Why can't I make it work?
The db.php file just won't connect. Can't you make it easier to connect?
Really don't get it!!
Jacob
Can you be more specific, Jacob? What did you try? What behaviour were you expecting, and what behaviour did you see?
Kevin Yank
CTO, sitepoint.com
I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
Baby’s got back—a hard back, that is: The Ultimate CSS Reference
help with sign up form to send a email
could someone help me with a sign up form , does any one have sample of a way to , have a email sent to the admin and to the user , when they signup for the first time? much like Kevin's Script, when my form post , it post to a second page to process it , can and will i be able to still send and receive, a comfirm e-mail after ther user sign-up? if anyone could help it would be wicked...
Here's the my sign up form:
<?php
include("config.php");
if($loged=='yes')
{
echo "$lang[registerloged]";
}
else
{
?>
<form action="reg.php" method="post">
:
<input type="text" name="username"><BR>
:
<input type="password" name="password"><BR>
:
<input type="password" name="password2"><BR>
:
<input type="text" name="fname"><BR>
:
<input type="text" name="sname"><BR>
:
<input type="text" name="emaila"><BR>
:
<input type="text" name="country"><BR>
:
<input type="text" name="phone"><BR>
:
<input type="text" name="city"><BR>
<input type="submit" value="<?php echo $lang[registerbutton] ?>">
</form>
<?php
}
?>
Here's the script it post to:
<?
include("config.php");
$connection = mysql_connect("$server", "$db_user", "$db_pass");
$db = mysql_select_db("$database", $connection);
$query = "SELECT * FROM login where username='$username'";
$result = mysql_query($query, $connection);
$exuser=mysql_numrows($result);
?>
<?php
if($username=='' OR $password=='' OR $password2=='' OR $fname=='' OR $sname=='' OR $emaila=='' OR $country=='' OR $city=='' OR $interests=='')
{
echo "$lang[fillfields]";
}
elseif($password!=$password2)
{
echo "$lang[passdontmatch]";
}
elseif($exuser=='1')
{
echo "$lang[usernameregistered]";
}
else
{
include("config.php");
$connection = mysql_connect("$server", "$db_user", "$db_pass");
$db = mysql_select_db("$database", $connection);
$query = "INSERT INTO login (`username`,`password`,`fname`,`sname`,`email`,`country`, '$phone',`city`)".
"VALUES ('$username', '$password', '$fname','$sname', '$emaila', '$country', '$phone', '$city')";
$result = mysql_query($query, $connection);
echo "$lang[thanksregister]";
$ida= uniqid('message');
$ida2= uniqid('$ida');
$nr= uniqid($ida);
$date=date('m.j.Y');
$connection = mysql_connect("$server", "$db_user", "$db_pass");
$db = mysql_select_db("$database", $connection);
$query = "SELECT * FROM usermessages";
$query = "INSERT INTO usermessages (`nomer`, `to`, `from`, `date`, `title`, `message`, `new`) VALUES ('$nr', '$username', 'admin', '$date', '$lang[adminwelcome]', '$lang[adminwelcomemessage]', 'yes')";
$result = mysql_query($query, $connection);
}
?>
is there any way i can get this form to e-mail me and the user ,so i can comfirm the e-mail is vaild, I have a remember me password script, but i still want a comfirm the e-mail aswell ? and one got some tips?
deuce,
I'm working on something similar. If you are using the MD5 hash you should realize it's one-way, which means sending that hashed password to your user wouldn't ring them in when they try to use it.
So what I'm putting together is something where when the user forgets, they go to a page with a form, and upon entering their username, hitting the submit button, the script selects their name in the db, then gets their email address that is on file...
...AND THEN a new password is generated on the fly just like when they first signed up and they got the 'generated password' email sent to them. Having read your posts I understand you are that far already. So, thought you might have some ideas to help build this part?
Do you? Could you look at the thread titled "forgotten password solution". It's not working for me yet ...maybe you can post your ideas and some code to help out. Okay?
Thanks duece, thanks a whole lot!
hello could any one help me with a mail form for feedback from user on my site , i using kevins login script and i want to make form, so the the user does,nt have re enter the user name or email , so that can fill in the other fields and when i recieve there e-mail for it to already says in the message there user name and e-mail in the message, any tips on how i could do this?
I' m looking to make a email form , where the user does'nt have to type in there e-mail or username, just the fields in the form, but when i receive there email to get the there user info? and so it sends the admin (me) and the user a comfim message ...
Guys,
Sorry to belabor this point, but I'm also stumped on how to make 'access control' discontinue asking for log in on every page even after the user has already logged in. The script below is pretty much a carbon copy of Kevin Yank's script with customized html.
I am using a common header file on all pages and working through Yahoo web hosting.
I have included <?php include 'accesscontrol.php'; ?> at the top of my index page and other protected pages. I have linked all pages primarily through my header file.
Any suggestions? I still can't get the other pages to recognized that the user has already logged in.
I included the entire access control script below.
<?php // accesscontrol.php
include_once 'common.inc';
include_once 'db.inc';
session_start();
$uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];
if(!isset($uid)) {
?>
<html>
<head>
<title>mcmillanart: Log in</title> </head>
<body>
<td VALIGN=TOP COLSPAN="5" WIDTH="499" HEIGHT="">
<blockquote><font face="Helvetica, Arial, sans-serif" color="#3366ff"
size="+1">Log in to mcmillanart</font>
<p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
<table border="0" cellpadding="0" cellspacing="5">
<tr valign="center">
<td align="right">
<font face="Helvetica, Arial, sans-serif"
size="-1">User Name</font></font>
</td> <td>
<input name="uid" type="text" maxlength="100" size="15" />
</td>
</tr><tr valign="center">
<td align="right">
<font face="Helvetica, Arial, sans-serif"
size="-1">Password</font></font>
</td> <td>
<input name="pwd" type="password" maxlength="100" size="15" />
</td>
</tr>
<tr>
<td align="right" colspan="2">
<input type="submit" value="Log in" />
<hr noshade="noshade" />
<br>Not a member? <a href="http://mcmillanart.com/join.php">Join</a>.
</td>
</tr>
</table>
</form>
</td></tr></table>
</body>
</html>
<?php
exit;
}
$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;
dbConnect("sessions" );
$sql = "SELECT * FROM user WHERE
userid = '$uid' AND password = '$pwd'";
$result = mysql_query($sql);
if (!$result) {
error('An error occurred while checking your '.
'login details.\\nIf this error persists, please '.
'contact info@mcmillanart.com.');
}
if (mysql_num_rows($result) == 0) {
unset($_SESSION['uid']);
unset($_SESSION['pwd']);
?>
<html>
<head>
<title> Access Denied </title> </head>
<body>
<td VALIGN=TOP COLSPAN="5" WIDTH="470" HEIGHT="">
<blockquote><font face="Helvetica, Arial, sans-serif" color="#3366ff"
size="+1">Log in error</font>
<table border="0" cellpadding="0" cellspacing="5" WIDTH="470">
<tr valign="top">
<td align="left">
<p>
You may have typed an incorrect user name or password. Are you a registered user on this site?<p> <a href="<?=$_SERVER['PHP_SELF']?>">Try again</a> | <a href="http://mcmillanart.com/join.php">Join</a></p>
</td>
</tr>
</table>
</body>
</html>
<?php
exit;
}
$username = mysql_result($result,0,'fullname');
?>
Sorry for the above question. I found the answer clearly stated in another (old) thread. Humbling experience.
Well explained in full of good information. One question though, the user is emailed a link to http://.../activate.php Did I miss something, I didn't see that in the tutorial or the zip file.
Kevin,
Great script! I also used the original script (b4 your update). I actually started my own rewrite for higher security, only to come back here and see everything I just wrote already done!
Anyhow, I would like to raise the security level somewhat. I've already upped the password stored in mysql to a md5 hash. Now my concern is the password variable passed through the session. I'd like to encrypt that as well, but I was thinking that encrypting it would cause problems with the database validation.
This is probably overkill, but I have a couple of sites where security is a concern and I'd like to cover all bases. Any suggestions?
How can I allow my user to update the profile once there logged in, by using a form does and any one have a sample on how to do this with Kevien artical?
hello I been try to get kevin post for change password to work and I read his artical about 4.2 but still no luck. Here's my code i been trying
I made, i think changes for 4.2
if any one could help me trouble shoot this would be a big help.PHP Code:<?php
include('accesscontrol.php');
if ($chgpw == ""):
html_header(); // Print standard page header
?>
<p>This page will become a little more functional later,
but for now you can change your password if you wish:</p>
<form action="<?=$_SERVER['PHP_SELF']?>" method="POST">
<center>
<table border=0 cellpadding=0 cellspacing=0>
<tr>
<td align=right><p>New password: <input
type=password name=newpw></td>
</tr>
<tr>
<td align=right><p>Retype: <input type=password
name=newpw2></td>
</tr>
<tr>
<td align=right><input type=submit name=chgpw
value=" OK "></td>
</tr>
</table>
</form>
<?
else:
if ($_POST['newpw'] != $_POST['newpw2'] {
error_message("The two password fields did
not match! Please try again.");
}
if ($_POST['newpw'] == "") {
error_message("You did not provide a
password. Please try again.");
}
$sql = "UPDATE user SET password=PASSWORD('$newpw')
WHERE userid='$userid'";
if (mysql_query($sql)):
// Update the password in the user's session
$userpassword=$newpw;
html_header();
?>
<p><STRONG>Password change successful!</STRONG></p>
<p>Your password has been changed! Click
<a href="index.php">here</a> to return to the main page of
the Web site.</p>
<?
else:
error_message("A database error occurred
while processing your request.\\nIf the problem persists,
please contact [email]you@email.com[/email].\\n".
mysql_error());
endif;
endif;
html_footer();
?>
anyone feel free to drop some tips or if you have a working change password for this script would help too
Last edited by deuce777; Oct 2, 2003 at 09:34.
Hello,
I have Kevins script setup and I am having a problem I can go directly to the protectedpage.php and even though I have
include './inc/accesscontrol.php';
on the top it still loads the page?? Also I made a seperate page with just a login box and I can just click the submit button in the login box without typing in anything and it will take me to my protected page??
please help.
Sessionmedia,
Sounds like the include isn't working. Try putting some judiciously-placed echo commands in the accesscontrol.php script to verify that the script is being loaded, and to figure out what it's doing.
Last edited by Kevin Yank; Oct 5, 2003 at 17:50.
Kevin Yank
CTO, sitepoint.com
I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
Baby’s got back—a hard back, that is: The Ultimate CSS Reference
deuce777,
You need to change this line:to this:Code:if ($chgpw == "" ):for PHP 4.2 compatibility.Code:if (isset($_POST['chgpw'])):
Kevin Yank
CTO, sitepoint.com
I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
Baby’s got back—a hard back, that is: The Ultimate CSS Reference
I am looking for some security articles on user managment systems. I would like a way to have the sessions not store the password or username and still have it secured. Do you know of any good site resouces?
I was just trying out Kevin's script without any modification. One thing is odd, and that is that every time I try to access a page that includes "accesscontrol.php", that is the page is protected by "accesscontrol.php", I have to login each time.
Can anyone tell me why is that happening? I am using PHP 4.3.2 over IIS 5.1 on Windows XP Pro.
Here is the actual code:
Thank you for your time.PHP Code:<?php // accesscontrol.php
include_once 'common.php';
include_once 'db.php';
session_start();
$uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];
if(!isset($uid)) {
?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> Please Log In for Access </title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1> Login Required </h1>
<p>You must log in to access this area of the site. If you are
not a registered user, <a href="signup.php">click here</a>
to sign up for instant access!</p>
<p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
User ID: <input type="text" name="uid" size="8" /><br />
Password: <input type="password" name="pwd" SIZE="8" /><br />
<input type="submit" value="Log in" />
</form></p>
</body>
</html>
<?php
exit;
}
$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;
dbConnect("dbname"); // Change the database name
$sql = "SELECT * FROM user WHERE
userid = '$uid' AND password = PASSWORD('$pwd')";
$result = mysql_query($sql);
if (!$result) {
error('A database error occurred while checking your '.
'login details.\\nIf this error persists, please '.
'contact [email]you@example.com[/email].');
}
if (mysql_num_rows($result) == 0) {
unset($_SESSION['uid']);
unset($_SESSION['pwd']);
?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> Access Denied </title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1> Access Denied </h1>
<p>Your user ID or password is incorrect, or you are not a
registered user on this site. To try logging in again, click
<a href="<?=$_SESSION['PHP_SELF']?>">here</a>.</p>
</body>
</html>
<?php
exit;
}
$username = mysql_result($result,0,'fullname');
?>
Where was I yesterday?
Mojo, you may need to change session.save_path in php.ini
What I'm doing is tightening up the security a little with hashed passwords both in the db, in the sessions, and some other minor stuff. I want the password that is stored in the pwd session variable to be hashed. Rather than just passed in clear form.
My problem is the first authentication works fine, but if you go to a second protected page the hash changes and you must log in again (but it fails because the hash is different.. I know because I printed out the sql statements.)
I'm pretty sure what is happening is the script is working fine on the first pass, but on the second pass it is creating a hash of a hash as it loops through again.
I took some of the html out to shorten the code for easier reading.
PHP Code:<?php // accesscontrol.php
include ('configmain.inc.php');
session_start();
$uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];
// HERE IS THE TROUBLE AREA
$pwd=md5($pwd);
if(!isset($uid) || !isset($pwd) )
{
?>
<html>
</html>
<?php
exit;
}
$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;
$sql = "SELECT * FROM members WHERE uname = '$uid' AND pword = '$pwd' ";
echo "$sql";
$result = mysql_query($sql);
if (!$result) {
echo "A database error occurred while checking your ".
"login details.\\nIf this error persists, please ".
"contact [email]webmaster@somedomain.com[/email]";
}
if (mysql_num_rows($result) == 0) {
unset($_SESSION['uid']);
unset($_SESSION['pwd']);
?>
<html>
<head>
</html>
<?php
exit;
}
?>
Last edited by vxpress; Oct 7, 2003 at 16:47.
Er, probably not. It is already pointed to an existing directory.Originally Posted by Sn2
Mojo, you may need to change session.save_path in php.ini
Where was I yesterday?
ok, for those interested, I completed the "security tightening" on the script that I started awhile ago. It uses md5 passwords (about as secure as it gets), scrubs user input, and encrypts the password that is passed through the session variable. Combine all this with the fact that the script checks the db each time the page is loaded, then you have a pretty secure script.
I had to use the if statements option for the isset area to solve a problem, but it works the same. Just not as pretty.
I took out the html code, you're on your own for that. You'll also need to modify the script you use to add the user to the db. It will need to add the password to the db in md5 format. The password field in the db will need to be modified to accept 32 characters.
Let me know if you see anything I missed
PHP Code:<?php // accesscontrol.php
include ('config.inc.php');
session_start();
if (isset($_POST['uid'])) {
$uid = $_POST['uid'];
} else {
$uid = $_SESSION['uid'];
}
if (isset($_POST['pwd'])) {
$pwd = md5($_POST['pwd']);
} else {
$pwd = $_SESSION['pwd'];
}
if(!isset($uid) || !isset($pwd) )
{
?>
<html>
</html>
<?php
exit;
}
//Clean the input
$uid=addslashes(strip_tags($uid));
$pwd=addslashes(strip_tags($pwd));
//this puts the variable into the session
$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;
$sql = "SELECT * FROM members WHERE uname = '$uid' AND pword = '$pwd' ";
echo "$sql";
$result = mysql_query($sql);
if (!$result) {
echo "A database error occurred while checking your ".
"login details.\\nIf this error persists, please ".
"contact [email]webmaster@somedomain.com[/email]";
}
if (mysql_num_rows($result) == 0) {
unset($_SESSION['uid']);
unset($_SESSION['pwd']);
?>
<html>
<head>
<title> Access Denied </title>
</head>
</html>
<?php
exit;
}
?>
Outstanding. I've been using PERL and mySQL for years now and have been warry of PHP. I've created my own scripts to mimic this access control, but this PHP example far surpasses it. Thanks for the excellent article.
It would be handy if the first time the author shows the form to enter your info and says "here's the code" that he actually lists out the PHP code for checking the _POST variables are filled in... I'm having one heck of a time figuring out WHERE to place the PHP code to do that! UGgh... we get snippets and snippets and nothing in ORDER!
Point taken, although the complete, working code for the article is offered for download at the end of the article.
Kevin Yank
CTO, sitepoint.com
I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
Baby’s got back—a hard back, that is: The Ultimate CSS Reference
how can i get this to check if this fields match on sign up
here's what i'm trying for example on a for like many that ask you to enter you e-mail twice, and for them two match i want do this with your sign up form?
PHP Code:else:
// Process signup submission
dbConnect('users_crazy_jp');
if ($_POST['newid']=='' or $_POST['newemail']==''
or $_POST['newname']=='') {
error('One or more required fields were left blank.\\n'.
'Please fill them in and try again.');
}
elseif($newemail!=$newid)
{
('passdontmatch');
}
Posting Permissions
Bookmarks