Jump to content

Search the Community

Showing results for tags 'login'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Welcome to PHP Freaks
    • Announcements
    • Introductions
  • PHP Coding
    • PHP Coding Help
    • Regex Help
    • Third Party Scripts
    • FAQ/Code Snippet Repository
  • SQL / Database
    • MySQL Help
    • PostgreSQL
    • Microsoft SQL - MSSQL
    • Other RDBMS and SQL dialects
  • Client Side
    • HTML Help
    • CSS Help
    • Javascript Help
    • Other
  • Applications and Frameworks
    • Applications
    • Frameworks
    • Other Libraries
  • Web Server Administration
    • PHP Installation and Configuration
    • Linux
    • Apache HTTP Server
    • Microsoft IIS
    • Other Web Server Software
  • Other
    • Application Design
    • Other Programming Languages
    • Editor Help (PhpStorm, VS Code, etc)
    • Website Critique
    • Beta Test Your Stuff!
  • Freelance, Contracts, Employment, etc.
    • Services Offered
    • Job Offerings
  • General Discussion
    • PHPFreaks.com Website Feedback
    • Miscellaneous

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Age


Donation Link

  1. Hi, I am trying to create a login system in PHP, but I am not the greatest at PHP so I am using a source code which I found online as I found it to be more secure as it uses things like salted passwords. Anyway I am trying to add more fields to the register system so it adds them to the mysql, the source has a way to do this with arrays, but it is quite complicated so I am just using variables from the original file. There are 2 files: register.php and class.loginsys.php which contains all the functions. At first the query syntax was incorrect so I decided to use the variables created in register.php in the class.loginsys, but now it's giving me an out of memory error: Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 28672 bytes) in C:\xampp\htdocs\ls\class.loginsys.php on line 34 Which I am unsure of how to fix. I have tried using different variable names, checking the line, checking the whole register.php file for anything rogue. Here is the code: Top part of register.php <?php include "config.php"; ?> Config.php: <?php require "class.loginsys.php"; $LS=new LoginSystem(); ?> Then actual register part from register.php: <?php if( isset($_POST['submit']) ){ $firstname2 = $_POST['firstname']; $lastname2 = $_POST['lastname']; $user2 = $_POST['username']; $sex2 = $_POST['sex']; $country2 = $_POST['strCountryChoice']; $email2 = $_POST['email']; $pass2 = $_POST['pass']; $pass3 = $_POST['pass2']; $birthdate2 = $_POST['birthdate']; $created2 = date("Y-m-d H:i:s"); //need to add a lot more validation functions.. AKA Check if email exists and username. Password > 5 chars if( $user2=="" || $email2=="" || $pass2=='' || $pass3=='' || $firstname2=='' || $lastname2=='' || $sex2=='' || $country2=='' || $birthdate2=='' ){ echo "Fields Left Blank","Some Fields were left blank. Please fill up all fields."; exit; } if( !$LS->validEmail($email2) ){ echo "E-Mail Is Not Valid", "The E-Mail you gave is not valid"; exit; } if( !ctype_alnum($user2) ){ echo "Invalid Username", "The Username is not valid. Only ALPHANUMERIC characters are allowed and shouldn't exceed 10 characters."; exit; } if($pass2 != $pass3){ echo "Passwords Don't Match","The Passwords you entered didn't match"; exit; } $createAccount2 = $LS->register($user2, $pass2, array( "email" => $email2, "name" => $firstname2, "lastname" => $lastname2, "gender" => $sex2, "country" => $country2, "DOB" => $birthdate2, "created" => date("Y-m-d H:i:s") // Just for testing ) ); //$createAccount = $LS->register($firstname,$lastname,$user,$sex,$country,$email,$pass,$birthdate,$created); if($createAccount2 === "exists"){ echo "User Exists."; }elseif($createAccount2 === true){ echo "Success. Created account."; } } ?> And the function from the class: /* A function to register a user with passing the username, password and optionally any other additional fields. */ public function register( $id, $password, $other = array() ){ if( $this->userExists($id) && (isset($other['email']) && $this->userExists($other['email'])) ){ return "exists"; }else{ $randomSalt = $this->rand_string(20); $saltedPass = hash('sha256', "{$password}{$this->passwordSalt}{$randomSalt}"); if( count($other) == 0 ){ /* If there is no other fields mentioned, make the default query */ //old query: ("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`) VALUES(:username, :password, :passwordSalt)"); //new query: ("INSERT INTO `{$this->dbtable}` (`username`, 'email' , `password`, `password_salt` , 'name' , 'lastname' , 'gender' , 'country' , 'DOB') VALUES(:username, :email, :pass, :passwordSalt, :firstname, :lastname, :gender, :country, :DOB)"); $sql = $this->dbh->prepare("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`) VALUES(:username, :password, :passwordSalt)"); }else{ /* if there are other fields to add value to, make the query and bind values according to it */ //old query: ("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`, $columns) VALUES(:username, :password, :passwordSalt, :$colVals)"); //new query: ("INSERT INTO `{$this->dbtable}` (`username`, 'email' , `password`, `password_salt` , 'name' , 'lastname' , 'gender' , 'country' , 'DOB') VALUES(:username, :email, :pass, :passwordSalt, :firstname, :lastname, :gender, :country, :DOB)"); $keys = array_keys($other); $columns = implode(",", $keys); $colVals = implode(",:", $keys); //l= $this->dbh->prepare("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`, $columns) VALUES(:username, :password, :passwordSalt, :$colVals)"); //INSERT INTO MyGuests (firstname, lastname, email)cLUES ('John', 'Doe', 'john@example.com') $sql = $this->dbh->prepare("INSERT INTO `{$this->dbtable}` (username,email,password,password_salt,name,lastname,created,gender,country,DOB) VALUES ('$username2','$email2','$pass2','$saltedPass','$firstname2','$lastname2','$created2','$gender2','$country2','$birthdate2')"); print($sql); foreach($other as $key => $value){ $value = htmlspecialchars($value); $sql->bindValue(":$key", $value); } } /* Bind the default values */ $sql->bindValue(":username", $id); $sql->bindValue(":password", $saltedPass); $sql->bindValue(":passwordSalt", $randomSalt); $sql->execute(); return true; } } Thanks for your help. I am doing this because for a hobby I am trying to create a browser based game in which I use this login system to login the user to a main page then code all of the other pages myself. I have posted on stackoverflow and someone on their suggested that I should use a framework. If this is the case, can someone point me in the right direction? Thanks again, if you need any info ask.
  2. Sorry for many posts, trying to make my website When I press the register button on my website it will just act as if the page is refreshing and not send any information to mysql I believe I have connected everything up correctly, can anyone tell my what I have done wrong please? If you want to check out the website to see what is going on check out www.jokestary.comli.com <?php //This function will display the registration form function register_form(){ $date = date('D, M, Y'); echo "<form action='?act=register' method='post'>" ."Username: <input type='text' name='username' size='30'><br>" ."Password: <input type='password' name='password' size='30'><br>" ."Confirm your password: <input type='password' name='password_conf' size='30'><br>" ."Email: <input type='text' name='email' size='30'><br>" ."<input type='hidden' name='date' value='$date'>" ."<input type='submit' value='Register'>" ."</form>"; } //This function will register users data function register(){ //Connecting to database include('connect.php'); if(!$connect){ die(mysql_error()); } //Selecting database $select_db = mysql_select_db("database", $connect); if(!$select_db){ die(mysql_error()); } //Collecting info $username = $_REQUEST['username']; $password = $_REQUEST['password']; $pass_conf = $_REQUEST['password_conf']; $email = $_REQUEST['email']; $date = $_REQUEST['date']; //Here we will check do we have all inputs filled if(empty($username)){ die("Please enter your username!<br>"); } if(empty($password)){ die("Please enter your password!<br>"); } if(empty($pass_conf)){ die("Please confirm your password!<br>"); } if(empty($email)){ die("Please enter your email!"); } //Let's check if this username is already in use $user_check = mysql_query("SELECT username FROM users WHERE username='$username'"); $do_user_check = mysql_num_rows($user_check); //Now if email is already in use $email_check = mysql_query("SELECT email FROM users WHERE email='$email'"); $do_email_check = mysql_num_rows($email_check); //Now display errors if($do_user_check > 0){ die("Username is already in use!<br>"); } if($do_email_check > 0){ die("Email is already in use!"); } //Now let's check does passwords match if($password != $pass_conf){ die("Passwords don't match!"); } //If everything is okay let's register this user $insert = mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')"); if(!$insert){ die("There's little problem: ".mysql_error()); } echo $username.", you are now registered. Thank you!<br><a href=login.php>Login</a> | <a href=index.php>Index</a>"; } switch($act){ default; register_form(); break; case "register"; register(); break; } ?> Here is the connect.php code <?php $hostname="mysql6.000webhost.com"; //local server name default localhost $username="a5347792_users"; //mysql username default is root. $password=""; //blank if no password is set for mysql. $database="a5347792_users"; //database name which you created $con=mysql_connect($hostname,$username,$password); if(! $con) { die('Connection Failed'.mysql_error()); } mysql_select_db($database,$con); ?>
  3. Hi experts,I have the following problem.I have a file login.php which is used to allow users to log in.When the form is submitted it is redirected to checkuserlogin.php.If the credentials are right he is redirected to main.php.But in main.php if the user clicks back browser button,he is redirected to login.php and in login.php if he presses forward button,he is redirected to main.php.Can any one tell he how to make sure the application is not redirected to main.php when user presses forward button and how to make sure the application is not redirected to login.php when user presses back button.
  4. Hi could you help me get this login page working? I made a form which posts to login.php the "user" and "pass". Then this is my code for login.php: <?php include("mysql_connect.inc.php"); ?> <?php $user = $_POST['user']; $pass = $_POST['pass']; session_start(); $query = mysqli_query("SELECT * FROM users WHERE username='$user'"); $results = mysqli_query($con, $query) or die(mysqli_error($con)); $resultsarray = mysql_fetch_array($userresults); if (isset($_POST['user']) && $_POST['user'] == $query && isset($_POST['pass']) && $_POST['pass'] == $query) { $_SESSION['username'] = $_POST['user']; echo "<p>Login success. You are logged in as: " . $_SESSION['username'] . "</p>Return to mainpage, click <a href='index.php'>here</a>!"; } else { echo "<p>Wrong username or password.</p>"; } mysqli_close($con); ?>
  5. Hi to everyone, I'm new to the forum and I'm posting here because I ended up in a logical problem for my next script development. I need to get some data of external websites (with vbulletin board), perfectly legal. Using file_get_contents i can print the page content on my server and then use jquery's powerful selectors to get my data. The problem is that these data are shown only to logged in users so i would need this script (maybe using cURL?) to either login to the external website and then persists the connection or maybe if the user who is executing my script is already logged in that website then use his login? (most likely impossible I think..) This is my code so far (found on some sites and merged into this) $data = array('vb_login_username' => 'Scanu', 'vb_login_password' => 'grgfgrgrfbtgbt'); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://www.vbulletin.org/forum/login.php?do=login"); curl_setopt($ch, CURLOPT_AUTOREFERER, true); curl_setopt($ch, CURLOPT_COOKIESESSION, true); curl_setopt($ch, CURLOPT_FAILONERROR, false); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false); curl_setopt($ch, CURLOPT_FRESH_CONNECT, true); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($ch, CURLOPT_POSTFIELDS, $data); $result = curl_exec($ch); curl_close($ch); $pattern = "#Set-Cookie: (.*?; path=.*?;.*?)\n#"; preg_match_all($pattern, $result, $matches); array_shift($matches); $cookie = implode("\n", $matches[0]); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://www.vbulletin.org/forum/"); curl_setopt($ch, CURLOPT_COOKIE, $cookie); curl_setopt($ch, CURLOPT_AUTOREFERER, true); curl_setopt($ch, CURLOPT_COOKIESESSION, true); curl_setopt($ch, CURLOPT_FAILONERROR, false); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false); curl_setopt($ch, CURLOPT_FRESH_CONNECT, true); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_POST, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); $result = curl_exec($ch); curl_close($ch); echo $result; ?> It just shows the same page for unregistered users. Any help or advice is appreciated, i'm very new to this type of script..
  6. I am using PHP 5.3 iis7 and SLQ Server 2005. I know the script gets to the session part and creates a temp file in C:/windows/temp folder (see info below), but when I try to login and redirect to the index.php it give a 500 error on the login.php page. login.php index.php conifg.php temp file - C:\windows\temp <?php //set ini ini_set('session.gc_maxlifetime', 900); if(!ini_get('session.auto_start')){ session_start(); } // include file include ('config.php'); include (LIB_PATH.'functions.php'); include(LIB_PATH.'sqlsrv_connect.php'); if($_SESSION['user_id']){ Header("Location: index.php"); } if($_POST['submit']){ $user1 = trim($_POST['user']); $pass1 = trim($_POST['pass']); $user= "'$user1'"; $pass= "'$pass1'"; if($user == '' or $pass == ''){ $error = 'You forgot to enter your user_name and your password!'; }else{ $query = "SELECT * FROM users WHERE user_name = $user and pass = $pass"; $params = array(); $options = array( "Scrollable" => SQLSRV_CURSOR_KEYSET ); $r = sqlsrv_query ($database, $query, $params, $options); $num = sqlsrv_num_rows($r); if ($num >0) { while ($user_data = sqlsrv_fetch_array($r, SQLSRV_FETCH_ASSOC)) { $_SESSION['user_id'] = $user_data['user_id']; $_SESSION['user_name'] = $user_data['user_name']; $_SESSION['user_level'] = $user_data['user_level']; $_SESSION['user_rep'] = $user_data['rep'];} Header("Location: index.php"); }else{ $error = 'Wrong username or password!'; } } } //template include(TEMP_PATH.'login_tpl.php'); ?> <?php //set ini ini_set('session.gc_maxlifetime', 900); if(!ini_get('session.auto_start')){ session_start(); } // include file include ('config.php'); //include (LIB_PATH.'functions.php'); include(LIB_PATH.'sqlsrv_connect.php'); if(!$_SESSION['user_id']){ Header("Location: login.php"); } $database //template include(TEMP_PATH.'index_tpl.php'); ?> <?php date_default_timezone_set('America/Los_Angeles'); //config directory define( 'DS', DIRECTORY_SEPARATOR ); define( 'DS', D ); define('SITE_PATH', dirname(__FILE__) . DS); define('LIB_PATH', SITE_PATH . 'lib' . DS); define('TEMP_PATH', SITE_PATH . 'templates' . DS); define('SO_PER_PAGE',20); ?> user_id|s:1:"6";user_name|s:2:"EM";user_level|s:1:"1";user_rep|s:0:"";
  7. As long as it's SQL injection proof, would it be alright for me to let non-members add comments to a post and give the Author the ability to delete them?
  8. After getting my site hacked, I'm not really up for learning PhP, so I'm trying to use uMScript. On the demo site, and when I just load up the files on my server, it will redirect upon log in. But when I then use my styling, for some reason the login_submit.php gives me a blank page and does not redirect, nor does it log the user in. I don't change anything except the positioning of the forum and the container around it, no PhP or JS changes, weird? I can not seem to get a hold of the creator, nor can I find a user script that matches what I'm looking for. Heck, I'm so close to going mad, I'm even willing to pay someone to do the user PhP for me haha Has anyone used this script successfully? You can try it out here: http://mod-universe.com/index.php Demo: http://www.venturehapa.biz/umscript/demo/index.php (I couldn't get the demo credentials to log in, created a new user = Okriani, kieran09)
  9. Hello PHP freaks, my codes dont allow me to log-in to Student Home with unique id. It says "Invalid Login or Password" this is my form <tr bgcolor="#E1E1E1" class="stylesmall"> <td width="35%" align="left" class="style7 style1">Learner Id : </td> <td width="65%" align="left"><input name="learner_id" type="text" id="learner_id" action="Student_Home.php" method="post"></td> </tr> <tr bgcolor="#E1E1E1" class="stylesmall"> <td align="left" class="style7 style1">Password:</td> <td align="left"><input name="student_password" type="password" id="student_password">< /td> and this is my handler. <?php session_start(); include 'Connect.php'; $flag = ""; $learner_id = $_POST['learner_id']; $student_id = $_POST['student_id']; $student_password = $_POST['student_password']; $query = "select last_login_date from student_information where student_id='$student_id' and student_password='$student_password'"; $result = mysql_query($query,$link_id); if(mysql_error() != null){ die(mysql_error()); } if($date = mysql_fetch_array($result)) { $lastdate = $date['last_login_date']; $date2 = date("d-m-Y h:i A",strtotime($lastdate)); $_SESSION["student_id"] = $_POST["student_id"]; $_SESSION["lastlogin"] =$date2; $_SESSION["type"] = "Student"; mysql_query("UPDATE student_information SET last_login_date=now() where student_id='$student_id'",$link_id); if(mysql_error() != null){ die(mysql_error()); } header("location: Student_Home.php?id={$student_id}"); die(); } else { $flag = "invalid"; header("location:Student_login.php?flag=$flag"); die(); } ?> PLease help me PHP friends to correct my codes.
  10. Hi! I have read like crazy to find a tutorial on a login page without My_SQL. Anyway I am working on a easy login/logged out page with sessions. Here is the login page with tree users in an array. The things that I need some hints to solve is, when clicking on login the error message don't show. Instead the script goes to the logged in page right away. And when you write the wrong password you get loged in anyway. I am not sure how or if it's possible to write a varible to a file this way. But I tried and recived a parse error with the txt varible. When searching for topics I get more confused with the My_SQL varibles. I am near a breaking point at cracking the first step on PHP, but need some advice. <?php $page_title = 'Logged in'; //Dynamic title include('C:/wamp/www/PHP/includes/header.html'); ?> <?php session_start(); //A array for the sites users with passwords $users = array( 'Dexter'=>'meow1', 'Garfield'=>'meow2', 'Miro'=>'meow3' ); //A handle to save the varible users to file on a new line from the last entry $handle = fopen("newusers.txt, \n\r") $txt = $users; fclose($handle); if(isset($_GET['logout'])) { $_SESSION['username'] = ''; header('Location: ' . $_SERVER['PHP_SELF']); } if(isset($_POST['username'])) { if($users[$_POST['username']] == $_POST['password']) { $_SESSION['username'] = $_POST['username']; }else { echo "Something went wrong, Please try again"; } } ?> <?php echo "<h3>Login</h3>"; echo "<br />"; ?> <!--A legend form to login--> <fieldset><legend>Fill in your username and password</legend> <form name="login" action="777log.php" method="post"> Username: <br /> <input type="text" name="username" value="" /><br /> Password: <br /> <input type="password" name="password" value="" /><br /> <br /> <input type="submit" name="submit" value="Login" /> </fieldset> </form> <?php //Footer include file include('C:/wamp/www/PHP/includes/footer.html'); ?> The logged in page <?php //Header $page_title = 'Reading a file'; include('C:/wamp/www/PHP/includes/header.html'); ?> <?php session_start(); //Use an array forthe sites users $users = array( 'Dexter'=>'meow1', 'Garfield'=>'meow2', 'Miro'=>'meow3' ); // if(isset($_GET['logout'])) { $_SESSION['username'] = ''; echo "You are now loged out"; //The user is loged out and returned to the login page header('Location: ' . $_SERVER['PHP_SELF']); } if(isset($_POST['username'])) { //Something goes wrong here when login without any boxes filled if($users[$_POST['username']] == $_POST['password']) { $_SESSION['username'] = $_POST['username']; }else { echo "Something went wrong, Please try again"; $redirect = "Location: 777.php"; } } ?> <?php if($_SESSION['username']): ?> <p><h2>Welcome <?=$_SESSION['username']?></h2></p> <p align="right"><a href="777.php">Logga ut</a></p><?php endif; ?> <p>Today Ben&Jerrys Chunky Monkey is my favorite!</p> <?php //Footer include('C:/wamp/www/PHP/includes/footer.html'); ?>
  11. i need help with a login i have on my site. I'm new to this so i dont know if i'll get any help
  12. Hello All I would appreciate any help anyone could give me in solving this issue. I have been using this Login-Redirect script from mpdolan, and it was working perfectly fine. However, my web host has recently just upgraded from php 5.2 to php 5.3 (php 5.3.18 to be exact) and now the redirect function no longer properly works. Unfortunately, the guy who made the script is not responding to any requests for help and has since removed any links to download the script from his site. If you would like the zip file with all the required files I would be happy to upload it to a dropbox or something. Just note, i'm pretty much a noob here. I know just a little bit about this stuff, but not a lot. I've tried everything I can think of to find the problem, but with no reasonable luck. I'll go through what I tried below. Here are parts of the script, let me know if you need more... The html login page references the following php file redirect.php <? //prevents caching header("Expires: Sat, 01 Jan 2000 00:00:00 GMT"); header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); header("Cache-Control: post-check=0, pre-check=0",false); session_cache_limiter(); session_start(); //clear session variables session_unset(); //require the functions file require ("config.php"); require ("functions.php"); //check to see if cookies are already set, remember me if ((!$lr_user) || (!$lr_pass)) { $username = $_POST[username]; $password = $_POST[password]; }else{ $username = $lr_user; $password = $lr_pass; } //if username or password is blank, send to errorlogin.html if ((!$username) || (!$password)) { header("Location:$base_dir/errorlogin.html"); exit; } //sets cookies to remember this computer if the user asks to if ($_POST[remember] == "Yes") { setcookie("lr_user", $username, $duration, "/", $domain); setcookie("lr_pass", $password, $duration, "/", $domain); } if ($_POST[activate] == "Yes") { //make the connection to the database $connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error()); $db = @mysql_select_db($db_name,$connection)or die(mysql_error()); //build and issue the query $sql ="UPDATE $table_name SET verified = '1' WHERE username = '$_POST[username]'"; $result = @mysql_query($sql,$connection) or die(mysql_error()); } //sets session variables sess_vars($base_dir, $server, $dbusername, $dbpassword, $db_name, $table_name, $username, $password); //check to see if the user has to change their password if ($_SESSION[pchange] == "1") { $_SESSION[redirect] = "$base_dir/pass_change.html"; } //check to see if the user has activated the account if ($_SESSION[verified] == "0") { $_SESSION[redirect] = "$base_dir/not_activated.html"; } //make the connection to the database $connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error()); $db = @mysql_select_db($db_name,$connection)or die(mysql_error()); //build and issue the query $sql ="SELECT * FROM banned"; $result = @mysql_query($sql,$connection) or die(mysql_error()); while ($sql = mysql_fetch_object($result)) { $banned = $sql -> no_access; if ($username == $banned || $REMOTE_ADDR == $banned) { include ('banned.html'); exit; } } $last_log = last_login(); //updates table with last log as now $sql = "UPDATE $table_name SET last_login = '$last_log' WHERE username = '$_SESSION[user_name]'"; $result = @mysql_query($sql,$connection) or die(mysql_error()); if (($_SESSION[redirect] != "$base_dir/errorlogin.html") && ($log_login == "1")) { include('loglogin.php'); } //redirects the user header("Location:$_SESSION[redirect]"); ?> <head><title>Redirect</title></head> in the redirect file, the following two files are required note: I have replaced any personal info with ***** (5 asterisk) config.php <?php //set up the names of the database and table $db_name ="*****_UsersLogin"; $table_name ="authorize"; //connect to the server and select the database $server = "localhost"; $dbusername = "*****"; $dbpassword = "*****"; //domain information $domain = ".*****.ca"; //Change to "0" to turn off the login log $log_login = "1"; //base_dir is the location of the files, ie http://www.yourdomain/login $base_dir = "http://www.*****.ca/Client"; //length of time the cookie is good for - 7 is the days and 24 is the hours //if you would like the time to be short, say 1 hour, change to 60*60*1 $duration = time()+(60*60*24*30); //the site administrator\'s email address $adminemail = "*****@gmail.com"; //sets the time to EST $zone=3600*-5; //do you want the verify the new user through email if the user registers themselves? //yes = "0" : no = "1" $verify = "0"; //default redirect, this is the URL that all self-registered users will be redirected to $default_url = "http://www.*****.ca"; //minimum and maximum password lengths $min_pass = 4; $max_pass = 20; $num_groups = 0+2; $group_array = array("Users","Administrators"); ?> functions.php <?php //function to get the date function last_login() { $date = gmdate("Y-m-d"); return $date; } //function that sets the session variable function sess_vars($base_dir, $server, $dbusername, $dbpassword, $db_name, $table_name, $user, $pass) { //make connection to dbase $connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error()); $db = @mysql_select_db($db_name,$connection) or die(mysql_error()); $sql = "SELECT * FROM $table_name WHERE username = '$user' and password = password('$pass')"; $result = @mysql_query($sql, $connection) or die(mysql_error()); //get the number of rows in the result set $num = mysql_num_rows($result); //set session variables if there is a match if ($num != 0) { while ($sql = mysql_fetch_object($result)) { $_SESSION[first_name] = $sql -> firstname; $_SESSION[last_name] = $sql -> lastname; $_SESSION[user_name] = $sql -> username; $_SESSION[password] = $sql -> password; $_SESSION[group1] = $sql -> group1; $_SESSION[group2] = $sql -> group2; $_SESSION[group3] = $sql -> group3; $_SESSION[pchange] = $sql -> pchange; $_SESSION[email] = $sql -> email; $_SESSION[redirect] = $sql -> redirect; $_SESSION[verified] = $sql -> verified; $_SESSION[last_login] = $sql -> last_login; } }else{ $_SESSION[redirect] = "$base_dir/errorlogin.html"; } } //functions that will determine if access is allowed function allow_access($group) { if ($_SESSION[group1] == "$group" || $_SESSION[group2] == "$group" || $_SESSION[group3] == "$group" || $_SESSION[group1] == "Administrators" || $_SESSION[group2] == "Administrators" || $_SESSION[group3] == "Administrators" || $_SESSION[user_name] == "$group") { $allowed = "yes"; }else{ $allowed = "no"; } return $allowed; } //function to check the length of the requested password function password_check($min_pass, $max_pass, $pass) { $valid = "yes"; if ($min_pass > strlen($pass) || $max_pass < strlen($pass)) { $valid = "no"; } return $valid; } ?> For the redirected link to be secure and only someone who has logged in with the proper credentials can see it, I am required to put the following php code on the redirected page <?php //prevents caching header("Expires: Sat, 01 Jan 2000 00:00:00 GMT"); header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); header("Cache-Control: post-check=0, pre-check=0",false); session_cache_limiter(); session_start(); //this should the the absolute path to the config.php file //(ie /home/website/yourdomain/login/config.php or //the location in relationship to the page being protected - ie ../login/config.php ) require('/home/*****/public_html/Client/config.php'); //this should the the absolute path to the functions.php file - see the instrcutions for config.php above require('/home/*****/public_html/Client/functions.php'); //this is group name or username of the group or person that you wish to allow access to // - please be advise that the Administrators Groups has access to all pages. if (allow_access(Users) != "yes") { //this should the the absolute path to the no_access.html file - see above include ('/home/*****/public_html/Client/no_access.html'); exit; } ?> So.. before the update to php 5.3 this code worked flawlessly. Clients would login with their username and password on my site, and it would redirect them to the php page with their content that included the code above. Now after the update what happens is, even after using a correct username/password combination the no_access.html (see below) page is displayed instead, but the link displayed in the browser IS the correct redirected link! What's also strange is, if you then try to login again since this page has the form to do so, you get a 404 error because it is trying to find the redirect.php file in the redirected link instead of the website.ca/Client/ dir it is actually in. So, I tried to put a copy of the redirect.php, config.php, functions.php and a few others in the redirected link directory just for kicks, and tried again and it works! The problem is, the client basically has to login twice.. the first time always fails, but sends them to the redirected link, then when they try again IF I also put those files into their directory then it will work on this second try. So, I am at a loss as to what is going on here, and would appreciate any help on getting this up and running properly again on php 5.3 Many thanks! no_access.html <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>NO ACCESS ALLOWED</title> </head> <body> <b><font size="6">Access Denied!!!</font></b><p>Please login with proper credentials:</p> <FORM METHOD="POST" ACTION="redirect.php"> <P><font face="Verdana" size="2" color="#2852A8"><STRONG>Username:</STRONG><BR> </font><font color="#2852A8" face="Verdana"> <INPUT TYPE="text" NAME="username" SIZE=25 MAXLENGTH=25></font></p> <P><font face="Verdana" size="2" color="#2852A8"><STRONG>Password:</STRONG><BR> </font><font color="#2852A8" face="Verdana"> <INPUT TYPE="password" NAME="password" SIZE=25 MAXLENGTH=25></font></p> <P><font face="Verdana"><font color="#2852A8"> <input type="checkbox" name="remember" value="Yes"></font><font size="2" color="#2852A8">Remember me from this computer</font></font></p> <P><font color="#2852A8"> <INPUT TYPE="submit" NAME="submit" VALUE="Login" style="font-family: Verdana"></font></P> </FORM> <p> </p> </body> </html>
  13. I need my user to log in to use their "admin panel" functions. I have this bit of html for them to enter their username/password: <form id="form1" name="form1" method="post" action="functions/loginprocess.php"> <table> <tr> </tr> <tr> <td>Username:</td> <td><input type="text" name="username" id="username" /></td> </tr> <tr> <td>Password</td> <td><input type="password" name="password" id="password" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="button" id="button" value="Login" /></td> </tr> </table> </form> This bit of code at the top of the html to start the session: <?php session_start(); $err = $_GET['e']; ?> This bit of code at the top of the index page to redirect to the login screen <?php session_start(); $l=6; $a="out"; if(isset($_SESSION['username'])) { $l=$_SESSION['username']; $a="in"; } else { header('Location: login.php?e=Login to use the administration functions'); } $err = $_GET['e']; ?> And this code to perform the log in functions: <?php session_start(); $username = $_POST['username']; $password = $_POST['password']; $conn = mysqli_connect("Connection String"); $username = mysqli_real_escape_string($conn, $username); $query="SELECT * FROM users WHERE username='$username' AND userpassword='$password'"; $result = mysqli_query($conn, $query); if(mysqli_num_rows($result) == 0) // User not found. So, redirect to login_form again. { $conn->close(); header('Location: ../login.php?e=User not found'); exit(); } $userData = mysqli_fetch_array($result); $hash = hash('sha256', $userData['cmspassword']."$password"); //echo "$hash"; if($hash != $userData['userpassword']) // Incorrect password. So, redirect to login_form again. { $conn->close(); header('Location: ../login.php?e=Incorrect login details'); exit(); } else{ // Redirect to home page after successful login. $_SESSION['username'] = $username; $_SESSION['user'] = $userData['userid']; $_SESSION['sp'] = $userData['cmspassword']; $conn->close(); header('Location: ../index.php'); exit(); } ?> And the database table is called 'users' with the following columns: userid username useremail userpassword cmspassword However, as stated in the title of this post, I appear to be stuck in a loop where whenever I enter the user credentials it just keeps looping round the "user not found" message on line 16. Can anyone help me, I am well and truly stuck on how to get out of this loop? I know I've gone wrong somewhere, just can't see where
  14. I was wondering what most of you guys use to prevent against SQL injection? This is what I am currently using. function transform_HTML($string, $length = NULL){ $string = trim($string); $string = utf8_decode($string); $string = htmlentities($string, ENT_NOQUOTES); $string = str_replace("\"", """, $string); $string = str_replace("#", "#", $string); $string = str_replace("$", "$", $string); $string = str_replace("%", "%", $string); $string = str_replace("&", "&", $string); $string = str_replace("'", "'", $string); $string = str_replace("(", "(", $string); $string = str_replace(")", ")", $string); $string = str_replace("*", "*", $string); $string = str_replace("+", "+", $string); $string = str_replace(",", ",", $string); $string = str_replace("-", "-", $string); $string = str_replace("/", "/", $string); $string = str_replace(":", ":", $string); $string = str_replace(";", ";", $string); $string = str_replace("<", "<", $string); $string = str_replace("=", "=", $string); $string = str_replace(">", ">", $string); $string = str_replace("?", "?", $string); $string = str_replace("@", "@", $string); $string = str_replace("[", "[", $string); $string = str_replace("]", "]", $string); $string = str_replace("^", "^", $string); $string = str_replace("_", "_", $string); $string = str_replace("`", "`", $string); $string = str_replace("{", "{", $string); $string = str_replace("|", "|", $string); $string = str_replace("}", "}", $string); $string = str_replace("~", "~", $string); $length = intval($length); if ($length > 0){ $string = substr($string, 0, $length); } return $string; } Which then gets called by: if ($action == 'login'){ // Login Action $_SESSION['loginerror'] = FALSE; $myusername = transform_HTML($_POST['login-username'], 21); $mypassword = transform_HTML($_POST['login-password'], 21); $sql="SELECT * FROM $table[users] WHERE username='$myusername' and password=MD5('$mypassword')"; $result=mysqli_query($db, $sql); // Mysql_num_row is counting table row $count=mysqli_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Login Stuff } Is there a more efficient way, or more secure way of doing this?
  15. I'm just a beginner with PHP. I created a PHP login system. Now I want to echo the username to the logged in user on the index.php page. Here's the code I have so far. It would be great if someone could suggest a way of doing this. Thanks! login.php <?php session_start(); require_once 'classes/Membership.php'; $membership = new Membership(); // If the user clicks the "Log Out" link on the index page. if(isset($_GET['status']) && $_GET['status'] == 'loggedout') { $membership->log_User_Out(); } // Did the user enter a password/username and click submit? if($_POST && !empty($_POST['username']) && !empty($_POST['pwd'])) { $response = $membership->validate_User($_POST['username'], $_POST['pwd']); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Login</title> <link rel="stylesheet" type="text/css" href="css/default.css" /> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script> <script type="text/javascript" src="js/main.js"></script> </head> <body> <div id="login"> <form method="post" action=""> <h2>Login <small>enter your credentials</small></h2> <p> <label for="username">Username: </label> <input type="text" name="username" /> </p> <p> <label for="pwd">Password: </label> <input type="password" name="pwd" /> </p> <p> <input type="submit" id="submit" value="Login" name="submit" /> </p> </form> <?php if(isset($response)) echo "<h4 class='alert'>" . $response . "</h4>"; ?> </div><!--end login--> </body> </html> index.php (the page that the user is redirected to after logging in) <?php require_once 'classes/Membership.php'; $membership = New Membership(); $membership->confirm_Member(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" href="css/default.css" /> <!--[if lt IE 7]> <script type="text/javascript" src="js/DD_belatedPNG_0.0.7a-min.js"></script> <![endif]--> <title>Untitled Document</title> </head> <body> <div id="container"> <p> You have logged in. </p> <a href="login.php?status=loggedout">Log Out</a> </div><!--end container--> </body> </html> membership.php <?php require 'Mysql.php'; class Membership { function validate_user($un, $pwd) { $mysql = New Mysql(); $ensure_credentials = $mysql->verify_Username_and_Pass($un, md5($pwd)); if($ensure_credentials) { $_SESSION['status'] = 'authorized'; header("location: index.php"); } else return "Please enter a correct username and password"; } function log_User_Out() { if(isset($_SESSION['status'])) { unset($_SESSION['status']); if(isset($_COOKIE[session_name()])) setcookie(session_name(), '', time() - 1000); session_destroy(); } } function confirm_Member() { session_start(); if($_SESSION['status'] !='authorized') header("location: login.php"); } } mysql.php <?php require_once 'includes/constants.php'; class Mysql { private $conn; function __construct() { $this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or die('There was a problem connecting to the database.'); } function verify_Username_and_Pass($un, $pwd) { $query = "SELECT * FROM users WHERE username = ? AND password = ? LIMIT 1"; if($stmt = $this->conn->prepare($query)) { $stmt->bind_param('ss', $un, $pwd); $stmt->execute(); if($stmt->fetch()) { $stmt->close(); return true; } } } } Thanks a lot!
  16. Hello I am trying to create a password storing application, but cannot figure out the best way to store account passwords. The application wont store just user passwords to login, but passwords for other accounts. For example Client wants to be able to store all their Facebook and twitter passwords on the site, then log in when they want to find it. I was going to make it so the admin needed repeat their password they used to login to the application to retrieve another password, all of this is no problem, its just encrypting the passwords and being able to "un-encrypt" it later so they can see it. Any help would be appreciated, the person doesn't really care if its secure, they just want me to store the strings in the Database to be retrieved later, but I want to make it secure. Thank you
  17. Hello I'm new on this forum, I have a commercial project (a software with licence renovation every year), I want to every time I have a new client, register on a mysql database, so when the client pay (on paypal) a licence renovation after the payment redirect to a php login site, when the client get logged show a kind of validator where the client can type the renovation number to generate and show the unlock code at the same time automatically it is sent to the clients email, after that, if the user wants to log in again, show only the unlock code, until the client do a payment and show the validator again, and so on.. Is all this possible? I already have a hosting with php and mysql database, but I don't have any knowledge on php, also I have no idea how to make the validator on a website, but It's based on math operations so I think it wont be a problem
  18. Hey ,, i would to know how can i redirect the users after login or register to the same that you were in automatically without LINK ! i'm in a photo page if i login or register redirect me to photo page if i'm in another page redirect me to the same page that's what i mean
  19. Hi PHP Freaks! I'm one of the newer users here, yep. And this is my first post here ^.^ I have recently started working on my very simple script in PHP. Parse username/password, perform checks against array to see if username exists and if password is correct for specified user. Print out a message as a finish result. And here is what my problem is.. So far I have written this code (PHP): <?php // List of users and their password. $users = array(1 => 'admin', 2 => 'UserTwo', 3 => 'UserThree', 4 => 'UserFour'); $pass = array(1 => '1234', 2 => 'second', 3 => 'third', 4 => 'fourth'); // Compare username parameter against users list (check if user exists). if (in_array($_GET['username'], $users)) { // User is found. Compare password parameter against pass list corresponding to user ID in array. $userId = array_search($_GET['username'], $users); // Compare password parameter against pass list (using specific userId to check if password is valid). if ($_GET['password'] != $pass[userId]) { echo 'You have entered invalid password.'; } else { echo 'Welcome, '.$_GET['username'].'!'; } } else { // User is not found. echo 'You have entered invalid user name.'; } ?> I guess some of you experienced in PHP understand what I am doing up there Basically I wanted to parse username/password arguments to the URL. That works just fine ( echo $_GET['username'] . '<br>' . $_GET['password']; ) ( Just a note, I use Xampp, so it is http://localhost/login.php?username=admin&password=1234 ) Problem starts at line 9.. I am unsure about that part (I just written it out of my mind and little documentation I have found on their official website) with userId and then comparing it to correspond to the user (like like associating password to specific user id, users[0] = admin to have password 1234, users[1] , and so). Could somebody fix this and post up the code, much appreciated (excuse me for little English mistakes, it is not my native language, I do my best to keep it well) Also include a little description or just explain it in several words, what/where I messed up Thanks in advance. Regards, - OmegaExtern
  20. Dear All, I am new to php i have created login/Sign up pages and problem is i needd code to display logout after users login into system but in my system both login/Register is dislaying after login also Please help me in this one..
  21. Hello everybody. I have a school grade script, it's contain of admins, teachers and students. this script is written in Arabic, by the way i'm from Syria. The script is working on my localhost very good, but on the web don't work any way. I think the problem in the Login code, and here it is : <?php session_start(); //================================================== include("admin/config.php"); //================================================== include("admin/setting.php"); include("Check.php"); echo $stylescript; echo $stylebody; //================================================== $titlepage = "$schoolsname - Login page"; //================================================== if ($action == 'trylogin') { if(($user_name_insert == "") OR ($user_password_insert == "")) { $result = mysql_query("SELECT template_content FROM school_template where template_name = '".ErrorInsertUserNameAndPassword."'"); $result_info = mysql_fetch_array($result); $ErrorInsertUserNameAndPassword = $result_info["template_content"]; $ErrorInsertUserNameAndPassword = str_replace("\"","'",$ErrorInsertUserNameAndPassword); eval("\$ErrorInsertUserNameAndPassword = \"$ErrorInsertUserNameAndPassword\";"); echo $ErrorInsertUserNameAndPassword; exit; } $result = mysql_query("SELECT * FROM school_user where user_name = '$user_name_insert'"); $result_num = mysql_num_rows($result); if ($result_num == 0) { $result = mysql_query("SELECT template_content FROM school_template where template_name = '".ErrorWrongUserNameInsert."'"); $result_info = mysql_fetch_array($result); $ErrorWrongUserNameInsert = $result_info["template_content"]; $ErrorWrongUserNameInsert = str_replace("\"","'",$ErrorWrongUserNameInsert); eval("\$ErrorWrongUserNameInsert = \"$ErrorWrongUserNameInsert\";"); echo $ErrorWrongUserNameInsert; exit; } else { $result_info = mysql_fetch_array($result); $user_password = $result_info['user_password']; $user_password2 = $result_info['user_password2']; $user_group_id = $result_info['user_group_id']; $user_user_id = $result_info['user_user_id']; if(($user_password_insert <> $user_password) and ($user_password_insert <> $user_password2)) { $result = mysql_query("SELECT template_content FROM school_template where template_name = '".ErrorWrongUserPasswordInsert."'"); $result_info = mysql_fetch_array($result); $ErrorWrongUserPasswordInsert = $result_info["template_content"]; $ErrorWrongUserPasswordInsert = str_replace("\"","'",$ErrorWrongUserPasswordInsert); eval("\$ErrorWrongUserPasswordInsert = \"$ErrorWrongUserPasswordInsert\";"); echo $ErrorWrongUserPasswordInsert; exit; } else { $new_value_lasttime = time(); if($user_group_id == 1) { $result = mysql_query("SELECT * FROM school_employee where employee_id = $user_user_id"); $result_info = mysql_fetch_array($result); $user_full_name = $result_info['employee_full_name']; $user_login_lasttime = $result_info['employee_login_lasttime']; include("user_login_lasttime_text.php"); $date_to_convert = $user_login_lasttime; $sho_time=1; //include("hejri.php"); $user_login_lasttime = $date_result; $result = mysql_query("UPDATE school_employee SET employee_login_lasttime = '$new_value_lasttime',employee_count_login = employee_count_login+1 WHERE employee_id = $user_user_id"); } if($user_group_id == 3) { $result = mysql_query("SELECT * FROM school_employee where employee_id = $user_user_id"); $result_info = mysql_fetch_array($result); $user_full_name = $result_info['employee_full_name']; $user_login_lasttime = $result_info['employee_login_lasttime']; include("user_login_lasttime_text.php"); $date_to_convert = $user_login_lasttime; $sho_time=1; //include("hejri.php"); $user_login_lasttime = $date_result; $result = mysql_query("UPDATE school_employee SET employee_login_lasttime = '$new_value_lasttime',employee_count_login = employee_count_login+1 WHERE employee_id = $user_user_id"); } if($user_group_id == 4) { if($HTTP_SESSION_VARS['S_pas_login'] == 1){$welcomepas ="ولي امر : ";} $result = mysql_query("SELECT * FROM school_student where student_id = $user_user_id"); $result_info = mysql_fetch_array($result); $user_full_name = $welcomepas.''.$result_info['student_full_name']; $user_login_lasttime = $result_info['student_login_lasttime']; include("user_login_lasttime_text.php"); $date_to_convert = $user_login_lasttime; $sho_time=1; //include("hejri.php"); $user_login_lasttime = $date_result; if($user_password_insert == $user_password2) { $S_pas_login = 1; $S_student_login = 0; session_register("S_pas_login"); session_register("S_student_login"); $result = mysql_query("UPDATE school_student SET student_login_pas_lasttime = '$new_value_lasttime',student_pas_login_count = student_pas_login_count+1 WHERE student_id = $user_user_id"); } elseif($user_password_insert == $user_password) { $S_pas_login = 0; $S_student_login = 1; session_register("S_pas_login"); session_register("S_student_login"); $result = mysql_query("UPDATE school_student SET student_login_lasttime = '$new_value_lasttime',student_login_count = student_login_count+1 WHERE student_id = $user_user_id"); } } $S_user_user_id = $user_user_id; session_register("S_user_user_id"); $S_user_group_id = $user_group_id; session_register("S_user_group_id"); $S_user_full_name = $user_full_name; session_register("S_user_full_name"); $S_user_login_lasttime = $user_login_lasttime; session_register("S_user_login_lasttime"); $S_user_login_lasttime_text = $user_login_lasttime_text; session_register("S_user_login_lasttime_text"); echo "<p dir='rtl'>Accepted..</p>"; exit("<META HTTP-EQUIV='refresh' CONTENT='2 URL=index.php'>"); } } } $result = mysql_query("SELECT template_content FROM school_template where template_name = '".login."'"); $result_info = mysql_fetch_array($result); $login = $result_info["template_content"]; $login = str_replace("\"","'",$login); eval("\$login = \"$login\";"); echo $login; ?> Any one can help me please.. I need Ur help. Thank you....
  22. When I try to login with my username and password, nothing happens. I only get an error from this line in login.php: "if ($_POST['action']=='logout') {" So what could be wrong? Login.php: <?php session_start(); /*Om användaren har tryck på loggut-knappen så verkställs sessionen.*/ if ($_POST['action']=='logout') { session_unset(); } if (! isset($_SESSION['username'])) { if (isset($_POST['username'])) { $username = addslashes($_POST['username']); $pswd = addslashes($_POST['pswd']); /*Här försöker vi koppla upp mot databasen*/ mysql_connect('localhost', 'root', '') or die("Kan inte koppla upp mot db-servern"); mysql_select_db("db_film") or die("Kan inte koppla upp mot db"); /*Här hämtas namn, användarnamn och lösenord från tabellen users i databasen. Om de inskrivna värdena stämmer överens med uppgifterna i databasen så skickas vi till publishpost.php. */ $query = "SELECT username FROM users WHERE username='$username' AND pswd=md5('$pswd')"; echo "<pre>$query</pre>"; $result = mysql_query($query); if (mysql_num_rows($result) == 1){ // $_SESSION['firstname'] = mysql_result($result,0,"firstname"); $_SESSION['username'] = mysql_result($result,0,"username"); $user = $_POST['username']; $salt = "somestring"; $_SESSION['token'] = md5($salt . $user . $salt); $token = $_SESSION['token']; header("location: publishpost.php"); } /*Om uppgifterna inte stämmer så stannar användaren kvar på login.php och en text skrivs ut som talar om att man inte har blivit inloggad.*/ else { $username = $_SESSION['username']; header("location: login.php"); echo ("Du är inte inloggad"); } } } ?> Checklogin.php: <?php /* En session för att logga in */ session_start(); $user = $_SESSION['username']; $salt = "somestring"; $token = md5($salt . $user . $salt); if (isset($_SESSION['name']) AND $_SESSION['token'] == $token) { $name = $_SESSION['name']; } else { header("location: login.php"); } ?>
  23. Hi everyone. I'm working on a simple app for internal use for a small company. I am having difficulties getting the account logins working correctly, and I believe it has something to do with $_SESSION not being set like I expected it to. Now I am fairly new to PHP, and have been learning as I go. index.php contains this: <?php session_start(); require_once('includes/config.inc.php'); require_once('includes/functions.inc.php'); // Check login status -- if not logged in, redirect to login screen if (check_login_status() == false) { redirect('login.php'); } So when I load the app, I'm redirected to login.php: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-type" content="text/html;charset=utf-8" /> <title>Login Page</title> <link rel="stylesheet" type="text/css" href="css/login.css" /> </head> <body> <form id="login-form" method="post" action="includes/login.inc.php"> <fieldset> <legend>Login to Inventory System</legend> <p>Please enter your username and password to access the Inventory system</p> <label for="username"> <input type="text" name="username" id="username" />Username: </label> <label for="password"> <input type="password" name="password" id="password" />Password: </label> <label> <input type="submit" name="submit" id="submit" value="Login" /> </label> </fieldset> </form> </body> </html> When I hit submit on the login page, includes/login.inc.php is called: <?php session_start(); require_once('config.inc.php'); require_once('functions.inc.php'); // Escape any unsafe characters before querying database $username = $con->real_escape_string($_POST['username']); $password = $con->real_escape_string($_POST['password']); // Construct SQL statement for query & execute $query = "SELECT * FROM users WHERE username = '" . $username . "' AND password = '" . MD5($password) . "'"; $result = mysqli_query($con,$query) or die(mysqli_error($con)); // If one row is returned, username and password are valid if (is_object($result) && $result->num_rows == 1) { $_SESSION['logged_in'] = true; redirect('../index.php'); } else { redirect('../login.php'); } ?> Now I've been able to determine that the login is being processed successfully, because if I disable the check_login_status function in index.php, I'm redirected to index.php if I login with a valid account. Under the same conditions, an incorrect password will reload login.php. With the function disabled, I've also tried adding "print_r($_SESSION)" at the top of index.php, but nothing ever loads, which makes me think something is wrong with my function. functions.inc.php: <?php function redirect($page) { header('Location: ' . $page); exit(); } function check_login_status() { // IF $_SESSION['logged_in'] is set, return the status if (isset($_SESSION['logged_in'])) { return $_SESSION['logged_in']; } return false; } ?> config.inc.php: <?php $con=mysqli_connect("server_name","user","pass","db_name"); if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } ?> I'm really at a loss, and I don't know where the problem is. I've checked for syntax errors with "php -l file.php" and found no syntax errors. I'm not sure how to do any other debugging with this, or what I'm missing. Help is truly appreciated! EDIT: Yes, I know MD5 passwords are not recommended, and that will be changed to use salt once I can get functionality in my app. I will also be escaping/preparing all MySQL queries once I get the login piece working.
  24. Hello everyone, I am trying to create a database login but i am not having any luck. I am not sure what is wrong. I feel everything is in order but I am new and don't really know what to look for. If someone could help me get this up and running, i'd greatly appreciate it. I've spent over 20 hours. I know it isn't exteremely diffuclt but I am fustrated and about to give up . Some help would me great! 1st page: Login.html ( I left out the formatting, heres just the form) file:///C:/Users/Stahlsta/Desktop/PHP/Login.html <form name="form 1" method="post" action="KitchenDatabase.php"> <Center><table width="20%" border="0" cellspacing="0" bgcolor="blue" frame="box" > <tr> <td><h3>Username:</h3></td> <td><input name="username" type="text" id="username" ></td></tr> <tr> <td><h3>Password:</h3></td> <td><input name="password" type="text" id="password" ></td></tr> <tr> <td colspan="2" align="center"> <input type="submit" name="Submit" value="Login"/> <input type="submit" value="Guest Log in"/></td></tr> </table> </Center> </form> When I click login: I want to access KitchenDatabase.php 2nd page:KitchenDatabase.php - This page should link to loginsuccess.php <?php $host="localhost:3306"; // Host name $Owner_fName="username"; // Mysql username $Owner_password="password"; // Mysql password $db_name="2013-wstahl"; // Database name $tbl_name="Owner"; // Table name // Connect to server and select databse. mysql_connect("$host", "$Owner_fName", "$Owner_password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $Owner_fName=$_POST['username']; $Owner_password=$_POST['password']; // To protect MySQL injection (more detail about MySQL injection) $Owner_fName = stripslashes($Owner_fName); $Owner_password = stripslashes($Owner_password); $Owner_fName = mysql_real_escape_string($Owner_fName); $Owner_password = mysql_real_escape_string($Owner_password); $sql="SELECT * FROM $tbl_name WHERE username='$Owner_fName' and password='$Owner_password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $username and $password, table row must be 1 row if($count==1){ // Register $Owner_fName, $Owner_password and redirect to file "loginsuccess.php" session_register("username"); session_register("password"); header("location:loginsuccess.php"); } else { echo "Wrong Username or Password"; } ?> Page 3:loginsuccess.php - This page should link to KitchenDatabase.html <?php session_start(); if(!session_is_registered(username)){ header("KitchenDatabase.html"); } ?> Page 4:I wont bore you witht he code, i dont think it's important for the login work. (file:///C:/Users/Stahlsta/Desktop/PHP/KitchenDatabase.html) Everything is based off this database. KitchenDatabase.sql # # DUMP FILE # # Database is ported from MS Access #------------------------------------------------------------------ # Created using "MS Access to MySQL" form http://www.bullzip.com # Program Version 5.1.242 # # OPTIONS: # sourcefilename=C:\Users\wstahl\Desktop\KBdatabase1.accdb # sourceusername= # sourcepassword= # sourcesystemdatabase= # destinationdatabase=2013-wstahl # storageengine=MyISAM # dropdatabase=0 # createtables=1 # unicode=1 # autocommit=1 # transferdefaultvalues=1 # transferindexes=1 # transferautonumbers=1 # transferrecords=1 # columnlist=0 # tableprefix= # negativeboolean=0 # ignorelargeblobs=0 # memotype=LONGTEXT # CREATE DATABASE IF NOT EXISTS `2013-wstahl`; USE `2013-wstahl`; # # Table structure for table 'Fridge' # DROP TABLE IF EXISTS `Fridge`; CREATE TABLE `Fridge` ( `Fridge_ID` INTEGER NOT NULL, `Owner_ID` INTEGER NOT NULL, `Room_Loc` VARCHAR(255), INDEX (`Owner_ID`), PRIMARY KEY (`Fridge_ID`), FOREIGN KEY (`Owner_ID`) REFERENCES `Owner` ) ENGINE=myisam DEFAULT CHARSET=utf8; SET autocommit=1; # # Dumping data for table 'Fridge' # INSERT INTO `Fridge` VALUES (100, 100, 'Kitchen'); INSERT INTO `Fridge` VALUES (101, 101, 'Wills'); INSERT INTO `Fridge` VALUES (102, 102, 'Taylors'); INSERT INTO `Fridge` VALUES (103, 103, 'Matts'); INSERT INTO `Fridge` VALUES (104, 104, 'Felixs'); INSERT INTO `Fridge` VALUES (105, 105, 'Anthonys'); INSERT INTO `Fridge` VALUES (106, 106, 'Sams'); # 7 records # # Table structure for table 'Guest' # DROP TABLE IF EXISTS `Guest`; CREATE TABLE `Guest` ( `Guest_ID` INTEGER NOT NULL AUTO_INCREMENT, `Guest_fName` VARCHAR(50), `Guest_lName` VARCHAR(50), `Over21` TINYINT(1) DEFAULT 0, `Owner_ID` INTEGER NOT NULL, INDEX (`Over21`), PRIMARY KEY (`Guest_ID`), FOREIGN KEY (`Owner_ID`) REFERENCES `Owner` ) ENGINE=myisam DEFAULT CHARSET=utf8; SET autocommit=1; # # Dumping data for table 'Guest' # INSERT INTO `Guest` VALUES (1, 'Harry', 'Potter', 1, 101); INSERT INTO `Guest` VALUES (2, 'Jamie', 'Kurtis', 1, 102); INSERT INTO `Guest` VALUES (3, 'Bucky', 'Smith', 0, 103); INSERT INTO `Guest` VALUES (4, 'Nick', 'Crawl', 1, 101); INSERT INTO `Guest` VALUES (5, 'Matt', 'Taylor', 0, 104); INSERT INTO `Guest` VALUES (6, 'Martha', 'Stewart', 1,105); INSERT INTO `Guest` VALUES (7, 'Kris', 'Durdon', 0, 105); INSERT INTO `Guest` VALUES (8, 'Mike', 'Micheals', 1, 102); # 8 records # # Table structure for table 'Item' # DROP TABLE IF EXISTS `Item`; CREATE TABLE `Item` ( `Item_ID` INTEGER NOT NULL AUTO_INCREMENT, `Item_Name` VARCHAR(255), `Item_Cost` DECIMAL(19,4), `Exp_Date` DATETIME, `Item_Qty` INTEGER, `Owner_ID` INTEGER, `Fridge_ID` INTEGER, `Store_ID` INTEGER, PRIMARY KEY (`Item_ID`), FOREIGN KEY (`Owner_ID`) REFERENCES `Owner`, FOREIGN KEY (`Fridge_ID`) REFERENCES `Fridge`, FOREIGN KEY (`Store_ID`) REFERENCES `Store`, INDEX (`Fridge_ID`), INDEX (`Owner_ID`), INDEX (`Store_ID`) ) ENGINE=myisam DEFAULT CHARSET=utf8; SET autocommit=1; # # Dumping data for table 'Item' # INSERT INTO `Item` VALUES (1, 'eggs', 2.09, '2013-11-11 00:00:00', 2, 100, 100, 200); INSERT INTO `Item` VALUES (2, 'milk', 3.49, '2013-11-07 00:00:00', 2, 100, 100, 201); INSERT INTO `Item` VALUES (3, 'Bread', 3.09, '2013-11-08 00:00:00', 1, 101, 101, 201); INSERT INTO `Item` VALUES (4, 'cheese', 4.01, '2013-12-30 00:00:00', 2, 101, 100, 200); INSERT INTO `Item` VALUES (5, 'hot dogs', .97, '2014-01-16 00:00:00', 3, 102, 102, 200); INSERT INTO `Item` VALUES (6, 'rolls', 3.09, '2013-11-25 00:00:00', 6, 102, 102, 200); INSERT INTO `Item` VALUES (7, 'noodles', .99, NULL, 4, 103, 103, 202); INSERT INTO `Item` VALUES (8, 'sauce', 4.09, '2013-11-20 00:00:00', 2, 103, 103, 202); INSERT INTO `Item` VALUES (9, 'rice', .98, NULL, 12, 104, 104, 200); INSERT INTO `Item` VALUES (10, 'beans', 1.49, '2013-12-18 00:00:00', 2, 104, 100, 202); INSERT INTO `Item` VALUES (11, 'hamburgers', 6.99, '2013-12-25 00:00:00', 8, 105, 100, 200); INSERT INTO `Item` VALUES (12, 'buns', 3.09, '2013-12-19 00:00:00', 8, 105, 105, 200); INSERT INTO `Item` VALUES (13, 'onions', .99, NULL, 3, 106, 106, 202); INSERT INTO `Item` VALUES (14, 'soup', 1.99, '2014-04-16 00:00:00', 5, 106, 106, 200); INSERT INTO `Item` VALUES (15, 'icream', 3.09, NULL, NULL, NULL, 101, NULL); INSERT INTO `Item` VALUES (16, 'Bacon', 5.15, '2013-10-16 00:00:00', 1, 101, 101, 202); INSERT INTO `Item` VALUES (17, 'Hot sauce', 2.79, '2013-11-22 00:00:00', 3, 101, 101, 200); INSERT INTO `Item` VALUES (18, 'ketchup', 3.5, NULL, 1, 101, 101, 201); INSERT INTO `Item` VALUES (19, 'crunch cereal', 3.49, '2014-01-22 00:00:00', 2, 101, 101, 201); # 19 records # # Table structure for table 'Owner' # DROP TABLE IF EXISTS `Owner`; CREATE TABLE `Owner` ( `Owner_ID` INTEGER NOT NULL, `Owner_fName` VARCHAR(255) NOT NULL, `Owner_lname` VARCHAR(255), `Owner_password` VARCHAR(50), PRIMARY KEY (`Owner_ID`) ) ENGINE=myisam DEFAULT CHARSET=utf8; SET autocommit=1; # # Dumping data for table 'Owner' # INSERT INTO `Owner` VALUES (100, 'All', 'NULL', 'NULL'); INSERT INTO `Owner` VALUES (101, 'Will', 'Stahl', password); INSERT INTO `Owner` VALUES (102, 'Taylor', 'Ryzuk', NULL); INSERT INTO `Owner` VALUES (103, 'Matt', 'Sheehan', NULL); INSERT INTO `Owner` VALUES (104, 'Felix', 'Burgos', NULL); INSERT INTO `Owner` VALUES (105, 'Anthony', 'Lombardi', NULL); INSERT INTO `Owner` VALUES (106, 'Sam', 'Gutzmer', NULL); # 7 records # # Table structure for table 'Store' # DROP TABLE IF EXISTS `Store`; CREATE TABLE `Store` ( `Store_ID` INTEGER NOT NULL, `Store_Name` VARCHAR(255) NOT NULL, `Store_City` VARCHAR(255), PRIMARY KEY (`Store_ID`) ) ENGINE=myisam DEFAULT CHARSET=utf8; SET autocommit=1; # # Dumping data for table 'Store' # INSERT INTO `Store` VALUES (200, 'Walmart', 'Oswego'); INSERT INTO `Store` VALUES (201, 'Bryne', 'Oswego'); INSERT INTO `Store` VALUES (202, 'Kinneys', 'Oswego'); INSERT INTO `Store` VALUES (203, 'Price Chopper', 'Oswego'); # 4 records Am I even close? I've come to far to quit. Please help me get this working Kudos, Fridge.html Fridge.php KitchenDatabase.html KitchenDatabase.php Login.html loginsuccess.php
  25. Hello, I was making a login page with PHP and Mysql and have managed to debug all the errors, but the page says 'Wrong Username or Password' even though i have typed in the right password from the table. I was wondering if anyone could help me. Thanks I have 4 php files: main_login.php check_login.php login_success.php logout.php Here is all the code: main_login.php: <table> <tr> <form name="form1" method="post" action="check_login.php"> <td> <table> <tr> <td><strong>Login form: </strong></td> </tr> <tr> <td>UserName</td> <td>:</td> <td><input name="myusername" type="text" id="myusername"/></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="mypassword" type="text" id="mypassword"/> </td> </tr> <tr> <td> </td> <td> </td> <td><input type="Submit" name="Submit" value="Login"/></td> </tr> </table> </td> </form> </tr> </table> <?php ?> check_login.php: <?php $host = "localhost"; $Username = "christopher"; $Password = "password"; $db_name = "test_db"; $tbl_name = "test"; //CONNECT TO SERVER mysql_connect("$host", "$Username", "$Password") or die("CANNOT CONNECT"); mysql_select_db("$db_name") or die("CANNOT SELECT DB"); //USERNAME AND PASSWORD FROM FORM $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; //SECURITY PROTECTION $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result = mysql_query($sql); $count = mysql_num_rows($result); $count = 1; if($count == 1){ session_register("myusername"); session_register("mypassword"); header("Location: http://localhost/login/2/login_success.php/"); } else { echo "Wrong Username Or Password"; } ?> login_success.php <?php session_start(); echo "login successful.."; if(!session_is_registered(myusername)){ header("location:main_login.php"); } ?> <html> <body> LOGIN SUCCESSFUL </body> </html> logout.php: <?php session_start(); session_destroy(); ?> check_login.php login_success.php logout.php main_login.php
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.