Search the Community

Hi guys, I have the following logout code, which works just fine, as in it logs the user out and kills the session etc. However, there is one part that is not working and that is updating the database to change the is_logged_in to set to 0 rather than 1, which is set upon login. <?php session_start(); // Start the session // Include database connection require_once('includes/config.php'); // Check if user is logged in if (!empty($_SESSION['user_id'])) { logoutUser($conn, $_SESSION['user_id']); } else { redirectToLogin(); } // Close the database connection $conn->close(); /** * Logs out the user by updating their login status and destroying the session. * * @param mysqli $conn The database connection. * @param int $user_id The ID of the user to log out. */ function logoutUser($conn, $user_id) { // Prepare statement to update user login status $stmt = $conn->prepare("UPDATE users SET is_logged_in = ? WHERE user_id = ?"); $is_logged_in = '0'; // Set user status to logged out $stmt->bind_param("si", $is_logged_in, $user_id); // Execute the statement if ($stmt->execute()) { // Destroy the session session_unset(); session_destroy(); redirectToLogin(); } else { echo "Error updating user status: " . $stmt->error; } // Close the statement $stmt->close(); } /** * Redirects the user to the login page. */ function redirectToLogin() { header("Location: login.php"); exit(); } ?> If anyone can help that would be great. Thanks

Error: Parse error: syntax error, unexpected token "else" in C:\Users\brand\OneDrive\Desktop\XAMAPP\htdocs\Water Tower 2000\index.php on line 139 <?php require_once 'connection.php'; session_start (); if(isset ($_SESSION["admin_login"])) { header ("location:admin/admin_home.php"); } if(isset ($_SESSION["parent_login"])) { header ("location:parent/parent_home.php"); } if(isset ($_SESSION["swimmer_login"])) { header ("location:swimmer/swimmer_home.php"); } if (isset ($_REQUEST['btn_login'])) { $email = $_REQUEST ["txt_email"]; $password = $_REQUEST ["txt_password"]; $email = $_REQUEST ["txt_role"]; if(empty($email)){ $errorMsg[]="please enter yout water tower email"; } else if(empty($password)){ $errorMsg[]="please enter yout water tower email"; } else if(empty($role)){ $errorMsg[]="please enter yout water tower email"; } else if($email AND $password AND $role){ try{ $select_stmt=$db->prepare("SELECT email,password,role FROM masterlogin WHERE email=:uemail AND password=:upassword AND role=:urole"); $select_stmt->bindParam(":uemail",$email); $select_stmt->bindParam(":upassword",$password); $select_stmt->bindParam(":uemail",$role); $select_stmt->excute(); while ($row=$select_stmt->fetch(PDO::FETCH_ASSOC)){ $dbemail =$row["email"]; $dbpassword =$row["password"]; $dbrole =$row["role"]; } if($email!=null AND $password!=null AND $role!=null){ if($select_stmt->rowCount()>0){ if ($email!==$dbemail AND $password==$dbpassword AND $role==$dbrole){ switch($dbrole) { case "admin": $_SESSION ["admin_login"]=$email; $loginMsg="Admin...Your in Water Tower..."; header("refresh:3;admin/admin_home.php"); break; case "parent": $_SESSION["parent_login"]=$email; $loginMsg="Parent...Welcome To Water Tower..."; header("refresh:3;parent/parent_home.php"); break; case "swimmer": $_SESSION ["swimmer_login"]=$email; $loginMsg="Fellow swimmer...Your in Water Tower..."; header("refresh:3;swimmer/swimmer_home.php"); break; default: $errorMsg[]="Sorry but either the email/password/role is wrong"; } } else { $errorMsg="Sorry but either the email/password/role is wrong"; } else { $errorMsg="Sorry but either the email/password/role is wrong"; } } else{ $errorMsg="Sorry but either the email/password/role is wrong"; } } } catch (PDOException $e){ $e->getMassage(); } } else { $errorMsg="Sorry but either the email/password/role is wrong"; } } ?>

Hi Freaks, I'm looking for advice if someones willing to give it. Here's the situation -> I've been working on a project, I started to learn PHP specifically to complete this idea I had. My code has evolved a lot over time as I've started understanding more. Up until today I've been working on it with just the registration functionality, no login. I had my username hardcoded into the $user_obj instantiation. I decided I wanted to try to make category subscription functionality and doing that I realized I was better off finishing the login form first so as to get a users subscriptions into a session variable at login. This has brought about the issue of getting an unassigned variable warning from the User class when not logged in. How I made all my other classes was putting a $user in the __construct parameter for each class. I now feel this may have been a rookie error since I'm having problems with error messages especially undefined array keys and variables when there isn't a session started. It's become a bit of a mess. So the advice I'm looking for and hoping to find here is how you folks handle non $_SESSION sessions, when a user is just scrolling the site not logged in. Did I make a mistake requiring $user for each class __construct? should I move the $user parameter to only the methods that require them? Is there a simpler solution that my inexperience causes to elude me? What would you folks do in this situation?

i want to display 'Welcome userid!' after user has successfully logged in. I managed to display it after successfully logged in, but when the user key in the wrong userid and password, the 'Welcome userid' is also displayed. What should i do about it? Below are my coding: login.html processLogin.php index.html

Hello there, I have this as login in function for an application. function login($username, $password) { $db =& $this->db; Kit::ClassLoader('userdata'); if (Config::Version('DBVersion') < 62) { // We can't do CSPRNG because the field doesn't exist, so we need to do standard user login // This can ONLY happen during an upgrade. $dbh = PDOConnect::init(); $sth = $dbh->prepare('SELECT UserID, UserName, UserPassword, UserTypeID FROM `user` WHERE UserName = :userName'); $sth->execute(array('userName' => $username)); $rows = $sth->fetchAll(); if (count($rows) != 1) { setMessage(__('Username or Password incorrect')); return false; } $userInfo = $rows[0]; // Check the password using a MD5 if ($userInfo['UserPassword'] != md5($password)) { setMessage(__('Username or Password incorrect')); return false; } } else { // Get the SALT for this username if (!$userInfo = $db->GetSingleRow(sprintf("SELECT UserID, UserName, UserPassword, UserTypeID, CSPRNG FROM `user` WHERE UserName = '%s'", $db->escape_string($username)))) { setMessage(__('Username or Password incorrect')); return false; } // User Data Object to check the password $userData = new Userdata($db); // Is SALT empty if ($userInfo['CSPRNG'] == 0) { // Check the password using a MD5 if ($userInfo['UserPassword'] != md5($password)) { setMessage(__('Username or Password incorrect')); return false; } // Now that we are validated, generate a new SALT and set the users password. $userData->ChangePassword(Kit::ValidateParam($userInfo['UserID'], _INT), null, $password, $password, true /* Force Change */); } else { // Check the users password using the random SALTED password if ($userData->validate_password($password, $userInfo['UserPassword']) === false) { setMessage(__('Username or Password incorrect')); return false; } } } // there is a result so we store the userID in the session variable $_SESSION['userid'] = Kit::ValidateParam($userInfo['UserID'], _INT); $_SESSION['username'] = Kit::ValidateParam($userInfo['UserName'], _USERNAME); $_SESSION['usertype'] = Kit::ValidateParam($userInfo['UserTypeID'], _INT); // Set the User Object $this->usertypeid = $_SESSION['usertype']; $this->userid = $_SESSION['userid']; // update the db // write out to the db that the logged in user has accessed the page $SQL = sprintf("UPDATE user SET lastaccessed = '" . date("Y-m-d H:i:s") . "', loggedin = 1 WHERE userid = %d", $_SESSION['userid']); $db->query($SQL) or trigger_error(__('Can not write last accessed info.'), E_USER_ERROR); // Switch Session ID's global $session; $session->setIsExpired(0); $session->RegenerateSessionID(session_id()); return true; } i am trying to squeeze in an alternative authentication for users on ldap as such if local authentication fails // alternativelly validate against Tivoli Directory server $ldap_host = "www.zflexldap.com:389"; $password = "password"; // Tivoli Directory DN $ldap_dn = "ou=users,ou=guests,dc=zflexsoftware,dc=com"; // connect to active directory $ldap = ldap_connect($ldap_host) or die("Couldn't connect to LDAP Server"); //username specified on post form is from TDS server // $dn = "uid=".$username.","; $dn = "uid=guest1,ou=users,ou=guests,dc=zflexsoftware,dc=com"; ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); // verify user and password if($bind = @ldap_bind($ldap, $dn, $password)) all attempts thou has been breaking the application. thanks

My sign in code called activation is the script called activation.php. my login page is login.php and my profile page is the landing page once a successful login in attempt is made. the activation.php is the issue as i us the form in sign.php to login but the activation.php doesn't redirect me to the sign in page once a fail attempt is made or it doesn't redirect me to my profile page once a successful login in attempt is made. The following link has the code:https://gist.github.com/confusedstudent21/410f04991691f485e6c28d1e4050e13a where is it going wrong?

I am using this https://github.com/ircmaxell/password_compat I have no problem using it on a local server. But as soon as I test it on a live server, it gives me an error like this. Parse error: syntax error, unexpected '{' in /home/public_html/sub/snippets/password.php on line 19 The error is on the same line as the beginning of the code in that library. Why is this happening?

I have been working on a login form, I have completed the registration side but the login form is proving to be fighting back. I have just jumped into the world of PDO and only recently PHP in a serious way. I have been trying to use the password_verify(); function but I have spent so long on it now trying to get it working I have made it more difficult than it should be and probably is. I would be grateful if someone could take a look at my code and just tell me what I am doing wrong. I have tested it with the username and password hard coded in and it returns an array however if I comment out the hard coded username and password I get an empty array. I dare say that someone will see the issue straight away but I cannot get my head round it. <?php session_start(); error_reporting(0); require '../php_inc/connection/connect.php'; require_once '../php_inc/functions.php'; $error = ''; // all error messages will use this variable $msg = 'Please fill in both fields and answer the captcha, they are all required to log in.'; if(isset($_POST['submitted'])){ $dbuname = 'dashby'; // As if check with DB - If I comment these 2 out and try to get data from DB I get empty array $hashed = '$2y$12$7hcyfm7UjboYGaNLF7vK1.qroo3YkvhKAR8EfxG1byEMkNB0oSQgi'; // As if check with DB - same password require 'Captcha.php'; $username = escape_in($_POST['username']); // Username $captcha = escape_in($_POST['captchaResult']); //Captcha $unhashed = escape_in($_POST['password']); //Password b4 hashing takes place //$submittedPassword = password_hash($unhashed, PASSWORD_DEFAULT, ['cost' => 12]); // connect to the database so the checks can be done. if($pdo){ $stmt = $pdo->prepare("select * from users where username = :username && password = :password"); $stmt->bindParam(":username", $username); $stmt->bindParam(":password", $unhashed); // If $hashed is the variable I get an array returned, as $unhashed I get an empty array echo '<pre>'; if($stmt->execute()){ $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); print_r($rows); } } echo '</pre>'; if($total == $getCaptchaResults){ //Capcha OK if(password_verify($unhashed, $hashed)){ //$msg = ''; //$error .= 'Password match'; if($username == $dbuname){ //$msg = ''; //$error .= 'Captcha, username and password ok'; // working to this point $_SESSION['username']; //header('Location: welcomelogged.php'); } else { $msg = ''; $error .= 'Denied wrong username and/or password'; } } else { $msg = ''; $error .= 'Denied wrong password and/or username'; } } else { if(($total != $getCaptchaResults)){ $msg = ''; $error .= 'Captcha Wrong'; } } }// post submitted brace ?> The if statements all work bar the password_verify when I comment out the hard coded variables out, directly under if(isset($_POST['submitted'])) {} I would be grateful if someone could steer me in the right direction. Thanks in advance.

So i made a login page, but whenever i enter right, wrong, or no password at all, it always displays wrong password. I've been trying to fix it for hours, but I just can't seem to find the error. It's like it's skipping if the password is right statement and goes straight through the else statment. <?php $connection = mysql_connect("com-db-02.student-cit.local","***","***") or die (mysql_error()); if ($connection) echo "Connection successful"; else echo "Connection failed"; $db = mysql_select_db("TEAM20") or die (mysql_error()); ?> <?php $_SESSION['customeremail'] = $_POST['user']; $_SESSION['password'] = $_POST['password']; function signIn() { session_start(); if(!empty($_POST['user'])) { $query = mysql_query("SELECT * FROM customer where customeremail = '$_POST[user]' AND password = '$_POST[password]'"); $row = mysql_fetch_array($query); if(!empty($row['customeremail']) AND !empty($row['password'])) { $_SESSION['customeremail'] = $row['customeremail']; getCustDetails(); echo "Successfully login to user profile page.."; echo "<a href=userlogin.php>Profile</a>"; } else { echo "Sorry... YOU ENTERED WRONG ID AND PASSWORD"; echo "<a href=login.html>Try Again</a>"; } } } function getCustDetails() { $queryId = mysql_query("SELECT customerID, firstname FROM Customer WHERE customeremail = '$_POST[user]'"); while($rowId = mysql_fetch_array($queryId)) { $_SESSION['customerID'] = $rowId['customerID']; $_SESSION['firstname'] = $rowId['firstname']; } echo "Code: ".$_SESSION['customerID']; echo "Name: ".$_SESSION['firstname']; } if(isset($_POST['submit'])) { signIn(); } ?>

Hi everyone I am building a CRM system/invoicing system in my spare time and on this system I have 2 login pages (there is a reason but its long). one for the CRM system and one for the invoicing section. They bother work perfectly well but I have a really annoying issue, If I were to store the login information to chrome passwords for example to the CRM system It would auto suggest to the other login and vice versa. This wouldn't be a problem but the CRM login is username based, the invoicing section is login by email for additional security. they're both called login.php the two files are /htdocs/login.php and /htdocs/invoicing/login.php I added a remember me cookie to the CRM system in hope that this would get around the issue but unfortunately the chrome saved information over rides this, I also tried autocomplete="off" as I am using bootstrap as a framework. How can I get around this?

Hi, The 'admin' section of my website stopped working a couple of months ago and I'm just trying to fix it - I was getting an error about Session_Register being deprecated and I'm now trying to knife and fork my way around it with results from various google searches. I'm an advanced SQL user but only occasionally dabble with PHP so any help would be appreciated. So, basic set up, login page checks credentials against the DB, a session cookie is set and you're let into the admin area - my script is looping me back to the login page as my !isset is true.....because I can't figure out how to set it with the new functions! This is the login include..... <?php $host="database.lcn.com"; // Host name $username="blahblah"; // Mysql username $password="blahblah"; // Mysql password $db_name="blahblah_db"; // Database name $tbl_name="users"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['username']; $mypassword= md5($_POST['pass']); // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM users WHERE is_obv = '1' and username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION['username'] = $myusername; $_SESSION['pass'] = $mypassword; header("location:../admin"); } else { header("location:http://www.web.co.uk/ooops"); } ?> and this is the 'login_success' include that I include on each protected page.... <? session_start(); if(!isset($_SESSION['username'])){ header("location:http://www.web.co.uk/login"); } ?> Darren

Hi Everyone So I've been recently working on a script which will store login IP's and ban them on failed attempts Although I have a little problem, for some reason it doesnt redirect to the banned page when they should be, unless there is a successful login or if they come off of the login page so they can keep bruteforcing as much as they like all the time they stay on that page. Have i got something wrong? please bear in mind I haven't put in place when login successful remove the warnings count. here is the login.php <!DOCTYPE html> <?php require ('../Functions/functions.php'); require('../database/pdo_connection.php'); //first lets get the IP that logged in $login_ip = $_SERVER['REMOTE_ADDR']; securityBanCheck($login_ip); if (isset($_POST['Login'])) { //Set session timeout to 2 weeks session_set_cookie_params(1*7*24*60*60); session_start(); $error=''; // Currently A Blank Error Message $username=$_POST['userName']; //Grab the hash $selectPasswordHash = "SELECT username,secret FROM MC_users WHERE email=email=:username OR username=:username"; $hashresult= $pdo->prepare($selectPasswordHash); $hashresult->bindParam(':username', $username); $hashresult->execute(); $row = $hashresult->fetch(PDO::FETCH_ASSOC); $hash = $row['secret']; //got the hash //lets verify it if (password_verify($_POST['password'],$hash) === true){ //login correct $login_user = $row['username']; //Set the Session $_SESSION['login_user']=$login_user; // Redirect to dashboard.php header ("Location: ../dashboard.php"); } else { $error = 'Username or Password in invalid'; $error2 = 'Try Logging in with your email instead'; //Bruteforce Detection //lets check if there is already warnings $checkWarnings = "SELECT Warning_count FROM MC_login_security WHERE Warning_count > 0 AND Login_IP=:loginIP ORDER BY Timestamp DESC"; $warningsResult = $pdo->prepare($checkWarnings); $warningsResult->bindParam(':loginIP',$login_ip); $warningsResult->execute(); $warningAmount = 1; $banTime = 0; if ($warningsResult->rowCount() > 0){ $warningRow = $warningsResult->fetch(PDO::FETCH_ASSOC); $warningRowCount = $warningRow['Warning_count']; $warningAmount = $warningRowCount + 1; securityBanCheck($login_ip); } //Lets log this in the DB $insertWarning = "INSERT INTO MC_login_security (Login_user_name,Login_IP,Warning_count,timestamp) VALUES (:loginUser,:Login_ip,:warningAmount,:dateToday)"; $insertResult = $pdo->prepare($insertWarning); $insertResult->execute(array(':loginUser'=>$username, ':Login_ip'=>$login_ip, ':warningAmount'=>$warningAmount, ':dateToday'=>date('Y-m-d H:i:s'))); } } //Lastly if the user is logged in, point them back to the Dashboard if(isset($_SESSION['login_user'])){ header("location: ../dashboard.php");} ?> the security check function which is called at the start of the login page AND if the password is entered incorrectly function securityBanCheck($login_ip){ //call the url function for redirects url(); $todaysDate = date('Y-m-d H:i:s'); require (PHP_PATH .'/database/pdo_connection.php'); $checkBan = "SELECT Warning_count,Timestamp,Ban_time FROM MC_login_security WHERE Warning_count > 4 AND Login_IP=:loginIP ORDER BY Timestamp DESC"; $checkResult = $pdo->prepare($checkBan); $checkResult->bindParam(':loginIP',$login_ip); $checkResult->execute(); if ($checkResult->rowCount() > 0){ $banRow = $checkResult->fetch(PDO::FETCH_ASSOC); $warningCount = $banRow['Warning_count']; $timeStamp = $banRow['Timestamp']; $bantime = $banRow['Ban_time']; echo "did we get here?"; //if theyre banned direct them to the banned page and stop this script from going any further if ($bantime > $todaysDate){ header('Location: '. SERVER_PATH .'banned.php'); die(); } //if theyre currently not banned check their warnings and if needed add a ban. if ($warningCount == 4){ $bantime = date('Y-m-d H:i:s', strtotime($timeStamp . '+1 hour')); echo $bantime; }elseif ($warningCount == 9){ $bantime = date('Y-m-d H:i:s', strtotime($timeStamp . '+1 day')); }elseif ($warningCount == 14){ $bantime = date('Y-m-d H:i:s', strtotime($timeStamp . '+1 month')); } //ultimately if we got to this stage we would be adding a ban $insertBanTime = "UPDATE MC_login_security SET Ban_time = :banTime WHERE Login_IP = :loginIP ORDER BY Timestamp DESC"; $banResult = $pdo->prepare($insertBanTime); $banResult->execute(array(':banTime'=>$bantime, ':loginIP'=>$login_ip));; } } Any help given is greatly appreciated and i thank everyone in advance for all the support I get form this amazing forum. thanks Mooseh

I am testing to see if PHP variables can pass from previous page to present page to login, I notice it doesn't work in MySQL query from previous to present page. It is like using ID to pass the variable in link like this: "?id=" in link, but I am using submit button. I typed name="user" in previous page, that should pass variable to present, then set up the select in database, but it doesn't do that, what i did do wrong? if ($_POST['submitted']) { $username = $_POST['user']; $password = $_POST['pass']; if ($username && $password) { $log = "SELECT username, password, type FROM username WHERE username = '".$username."' AND WHERE password = '".$password."'"; $result = mysqli_query($Garydb, $log) or die("could not work"); echo "<p>".$result['username']."</p>"; } } Also, I wonder about two query in one sentence, like using 'AND' on sentence, will it works? Please advise me. Thank you in advance time. Gary P.S. how do you type in chart like notepad++ in here? I need to know how to do that, so I show you in number line that you can point much easier to read.