Search the Community

Hi to everyone, I'm new to the forum and I'm posting here because I ended up in a logical problem for my next script development. I need to get some data of external websites (with vbulletin board), perfectly legal. Using file_get_contents i can print the page content on my server and then use jquery's powerful selectors to get my data. The problem is that these data are shown only to logged in users so i would need this script (maybe using cURL?) to either login to the external website and then persists the connection or maybe if the user who is executing my script is already logged in that website then use his login? (most likely impossible I think..) This is my code so far (found on some sites and merged into this) $data = array('vb_login_username' => 'Scanu', 'vb_login_password' => 'grgfgrgrfbtgbt'); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://www.vbulletin.org/forum/login.php?do=login"); curl_setopt($ch, CURLOPT_AUTOREFERER, true); curl_setopt($ch, CURLOPT_COOKIESESSION, true); curl_setopt($ch, CURLOPT_FAILONERROR, false); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false); curl_setopt($ch, CURLOPT_FRESH_CONNECT, true); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($ch, CURLOPT_POSTFIELDS, $data); $result = curl_exec($ch); curl_close($ch); $pattern = "#Set-Cookie: (.*?; path=.*?;.*?)\n#"; preg_match_all($pattern, $result, $matches); array_shift($matches); $cookie = implode("\n", $matches[0]); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://www.vbulletin.org/forum/"); curl_setopt($ch, CURLOPT_COOKIE, $cookie); curl_setopt($ch, CURLOPT_AUTOREFERER, true); curl_setopt($ch, CURLOPT_COOKIESESSION, true); curl_setopt($ch, CURLOPT_FAILONERROR, false); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false); curl_setopt($ch, CURLOPT_FRESH_CONNECT, true); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_POST, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); $result = curl_exec($ch); curl_close($ch); echo $result; ?> It just shows the same page for unregistered users. Any help or advice is appreciated, i'm very new to this type of script..

I am using PHP 5.3 iis7 and SLQ Server 2005. I know the script gets to the session part and creates a temp file in C:/windows/temp folder (see info below), but when I try to login and redirect to the index.php it give a 500 error on the login.php page. login.php index.php conifg.php temp file - C:\windows\temp <?php //set ini ini_set('session.gc_maxlifetime', 900); if(!ini_get('session.auto_start')){ session_start(); } // include file include ('config.php'); include (LIB_PATH.'functions.php'); include(LIB_PATH.'sqlsrv_connect.php'); if($_SESSION['user_id']){ Header("Location: index.php"); } if($_POST['submit']){ $user1 = trim($_POST['user']); $pass1 = trim($_POST['pass']); $user= "'$user1'"; $pass= "'$pass1'"; if($user == '' or $pass == ''){ $error = 'You forgot to enter your user_name and your password!'; }else{ $query = "SELECT * FROM users WHERE user_name = $user and pass = $pass"; $params = array(); $options = array( "Scrollable" => SQLSRV_CURSOR_KEYSET ); $r = sqlsrv_query ($database, $query, $params, $options); $num = sqlsrv_num_rows($r); if ($num >0) { while ($user_data = sqlsrv_fetch_array($r, SQLSRV_FETCH_ASSOC)) { $_SESSION['user_id'] = $user_data['user_id']; $_SESSION['user_name'] = $user_data['user_name']; $_SESSION['user_level'] = $user_data['user_level']; $_SESSION['user_rep'] = $user_data['rep'];} Header("Location: index.php"); }else{ $error = 'Wrong username or password!'; } } } //template include(TEMP_PATH.'login_tpl.php'); ?> <?php //set ini ini_set('session.gc_maxlifetime', 900); if(!ini_get('session.auto_start')){ session_start(); } // include file include ('config.php'); //include (LIB_PATH.'functions.php'); include(LIB_PATH.'sqlsrv_connect.php'); if(!$_SESSION['user_id']){ Header("Location: login.php"); } $database //template include(TEMP_PATH.'index_tpl.php'); ?> <?php date_default_timezone_set('America/Los_Angeles'); //config directory define( 'DS', DIRECTORY_SEPARATOR ); define( 'DS', D ); define('SITE_PATH', dirname(__FILE__) . DS); define('LIB_PATH', SITE_PATH . 'lib' . DS); define('TEMP_PATH', SITE_PATH . 'templates' . DS); define('SO_PER_PAGE',20); ?> user_id|s:1:"6";user_name|s:2:"EM";user_level|s:1:"1";user_rep|s:0:"";

After getting my site hacked, I'm not really up for learning PhP, so I'm trying to use uMScript. On the demo site, and when I just load up the files on my server, it will redirect upon log in. But when I then use my styling, for some reason the login_submit.php gives me a blank page and does not redirect, nor does it log the user in. I don't change anything except the positioning of the forum and the container around it, no PhP or JS changes, weird? I can not seem to get a hold of the creator, nor can I find a user script that matches what I'm looking for. Heck, I'm so close to going mad, I'm even willing to pay someone to do the user PhP for me haha Has anyone used this script successfully? You can try it out here: http://mod-universe.com/index.php Demo: http://www.venturehapa.biz/umscript/demo/index.php (I couldn't get the demo credentials to log in, created a new user = Okriani, kieran09)

Hello PHP freaks, my codes dont allow me to log-in to Student Home with unique id. It says "Invalid Login or Password" this is my form <tr bgcolor="#E1E1E1" class="stylesmall"> <td width="35%" align="left" class="style7 style1">Learner Id : </td> <td width="65%" align="left"><input name="learner_id" type="text" id="learner_id" action="Student_Home.php" method="post"></td> </tr> <tr bgcolor="#E1E1E1" class="stylesmall"> <td align="left" class="style7 style1">Password:</td> <td align="left"><input name="student_password" type="password" id="student_password">< /td> and this is my handler. <?php session_start(); include 'Connect.php'; $flag = ""; $learner_id = $_POST['learner_id']; $student_id = $_POST['student_id']; $student_password = $_POST['student_password']; $query = "select last_login_date from student_information where student_id='$student_id' and student_password='$student_password'"; $result = mysql_query($query,$link_id); if(mysql_error() != null){ die(mysql_error()); } if($date = mysql_fetch_array($result)) { $lastdate = $date['last_login_date']; $date2 = date("d-m-Y h:i A",strtotime($lastdate)); $_SESSION["student_id"] = $_POST["student_id"]; $_SESSION["lastlogin"] =$date2; $_SESSION["type"] = "Student"; mysql_query("UPDATE student_information SET last_login_date=now() where student_id='$student_id'",$link_id); if(mysql_error() != null){ die(mysql_error()); } header("location: Student_Home.php?id={$student_id}"); die(); } else { $flag = "invalid"; header("location:Student_login.php?flag=$flag"); die(); } ?> PLease help me PHP friends to correct my codes.

Hi! I have read like crazy to find a tutorial on a login page without My_SQL. Anyway I am working on a easy login/logged out page with sessions. Here is the login page with tree users in an array. The things that I need some hints to solve is, when clicking on login the error message don't show. Instead the script goes to the logged in page right away. And when you write the wrong password you get loged in anyway. I am not sure how or if it's possible to write a varible to a file this way. But I tried and recived a parse error with the txt varible. When searching for topics I get more confused with the My_SQL varibles. I am near a breaking point at cracking the first step on PHP, but need some advice. <?php $page_title = 'Logged in'; //Dynamic title include('C:/wamp/www/PHP/includes/header.html'); ?> <?php session_start(); //A array for the sites users with passwords $users = array( 'Dexter'=>'meow1', 'Garfield'=>'meow2', 'Miro'=>'meow3' ); //A handle to save the varible users to file on a new line from the last entry $handle = fopen("newusers.txt, \n\r") $txt = $users; fclose($handle); if(isset($_GET['logout'])) { $_SESSION['username'] = ''; header('Location: ' . $_SERVER['PHP_SELF']); } if(isset($_POST['username'])) { if($users[$_POST['username']] == $_POST['password']) { $_SESSION['username'] = $_POST['username']; }else { echo "Something went wrong, Please try again"; } } ?> <?php echo "<h3>Login</h3>"; echo "<br />"; ?> <!--A legend form to login--> <fieldset><legend>Fill in your username and password</legend> <form name="login" action="777log.php" method="post"> Username: <br /> <input type="text" name="username" value="" /><br /> Password: <br /> <input type="password" name="password" value="" /><br /> <br /> <input type="submit" name="submit" value="Login" /> </fieldset> </form> <?php //Footer include file include('C:/wamp/www/PHP/includes/footer.html'); ?> The logged in page <?php //Header $page_title = 'Reading a file'; include('C:/wamp/www/PHP/includes/header.html'); ?> <?php session_start(); //Use an array forthe sites users $users = array( 'Dexter'=>'meow1', 'Garfield'=>'meow2', 'Miro'=>'meow3' ); // if(isset($_GET['logout'])) { $_SESSION['username'] = ''; echo "You are now loged out"; //The user is loged out and returned to the login page header('Location: ' . $_SERVER['PHP_SELF']); } if(isset($_POST['username'])) { //Something goes wrong here when login without any boxes filled if($users[$_POST['username']] == $_POST['password']) { $_SESSION['username'] = $_POST['username']; }else { echo "Something went wrong, Please try again"; $redirect = "Location: 777.php"; } } ?> <?php if($_SESSION['username']): ?> <p><h2>Welcome <?=$_SESSION['username']?></h2></p> <p align="right"><a href="777.php">Logga ut</a></p><?php endif; ?> <p>Today Ben&Jerrys Chunky Monkey is my favorite!</p> <?php //Footer include('C:/wamp/www/PHP/includes/footer.html'); ?>

i need help with a login i have on my site. I'm new to this so i dont know if i'll get any help

Hello All I would appreciate any help anyone could give me in solving this issue. I have been using this Login-Redirect script from mpdolan, and it was working perfectly fine. However, my web host has recently just upgraded from php 5.2 to php 5.3 (php 5.3.18 to be exact) and now the redirect function no longer properly works. Unfortunately, the guy who made the script is not responding to any requests for help and has since removed any links to download the script from his site. If you would like the zip file with all the required files I would be happy to upload it to a dropbox or something. Just note, i'm pretty much a noob here. I know just a little bit about this stuff, but not a lot. I've tried everything I can think of to find the problem, but with no reasonable luck. I'll go through what I tried below. Here are parts of the script, let me know if you need more... The html login page references the following php file redirect.php <? //prevents caching header("Expires: Sat, 01 Jan 2000 00:00:00 GMT"); header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); header("Cache-Control: post-check=0, pre-check=0",false); session_cache_limiter(); session_start(); //clear session variables session_unset(); //require the functions file require ("config.php"); require ("functions.php"); //check to see if cookies are already set, remember me if ((!$lr_user) || (!$lr_pass)) { $username = $_POST[username]; $password = $_POST[password]; }else{ $username = $lr_user; $password = $lr_pass; } //if username or password is blank, send to errorlogin.html if ((!$username) || (!$password)) { header("Location:$base_dir/errorlogin.html"); exit; } //sets cookies to remember this computer if the user asks to if ($_POST[remember] == "Yes") { setcookie("lr_user", $username, $duration, "/", $domain); setcookie("lr_pass", $password, $duration, "/", $domain); } if ($_POST[activate] == "Yes") { //make the connection to the database $connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error()); $db = @mysql_select_db($db_name,$connection)or die(mysql_error()); //build and issue the query $sql ="UPDATE $table_name SET verified = '1' WHERE username = '$_POST[username]'"; $result = @mysql_query($sql,$connection) or die(mysql_error()); } //sets session variables sess_vars($base_dir, $server, $dbusername, $dbpassword, $db_name, $table_name, $username, $password); //check to see if the user has to change their password if ($_SESSION[pchange] == "1") { $_SESSION[redirect] = "$base_dir/pass_change.html"; } //check to see if the user has activated the account if ($_SESSION[verified] == "0") { $_SESSION[redirect] = "$base_dir/not_activated.html"; } //make the connection to the database $connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error()); $db = @mysql_select_db($db_name,$connection)or die(mysql_error()); //build and issue the query $sql ="SELECT * FROM banned"; $result = @mysql_query($sql,$connection) or die(mysql_error()); while ($sql = mysql_fetch_object($result)) { $banned = $sql -> no_access; if ($username == $banned || $REMOTE_ADDR == $banned) { include ('banned.html'); exit; } } $last_log = last_login(); //updates table with last log as now $sql = "UPDATE $table_name SET last_login = '$last_log' WHERE username = '$_SESSION[user_name]'"; $result = @mysql_query($sql,$connection) or die(mysql_error()); if (($_SESSION[redirect] != "$base_dir/errorlogin.html") && ($log_login == "1")) { include('loglogin.php'); } //redirects the user header("Location:$_SESSION[redirect]"); ?> <head><title>Redirect</title></head> in the redirect file, the following two files are required note: I have replaced any personal info with ***** (5 asterisk) config.php <?php //set up the names of the database and table $db_name ="*****_UsersLogin"; $table_name ="authorize"; //connect to the server and select the database $server = "localhost"; $dbusername = "*****"; $dbpassword = "*****"; //domain information $domain = ".*****.ca"; //Change to "0" to turn off the login log $log_login = "1"; //base_dir is the location of the files, ie http://www.yourdomain/login $base_dir = "http://www.*****.ca/Client"; //length of time the cookie is good for - 7 is the days and 24 is the hours //if you would like the time to be short, say 1 hour, change to 60*60*1 $duration = time()+(60*60*24*30); //the site administrator\'s email address $adminemail = "*****@gmail.com"; //sets the time to EST $zone=3600*-5; //do you want the verify the new user through email if the user registers themselves? //yes = "0" : no = "1" $verify = "0"; //default redirect, this is the URL that all self-registered users will be redirected to $default_url = "http://www.*****.ca"; //minimum and maximum password lengths $min_pass = 4; $max_pass = 20; $num_groups = 0+2; $group_array = array("Users","Administrators"); ?> functions.php <?php //function to get the date function last_login() { $date = gmdate("Y-m-d"); return $date; } //function that sets the session variable function sess_vars($base_dir, $server, $dbusername, $dbpassword, $db_name, $table_name, $user, $pass) { //make connection to dbase $connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error()); $db = @mysql_select_db($db_name,$connection) or die(mysql_error()); $sql = "SELECT * FROM $table_name WHERE username = '$user' and password = password('$pass')"; $result = @mysql_query($sql, $connection) or die(mysql_error()); //get the number of rows in the result set $num = mysql_num_rows($result); //set session variables if there is a match if ($num != 0) { while ($sql = mysql_fetch_object($result)) { $_SESSION[first_name] = $sql -> firstname; $_SESSION[last_name] = $sql -> lastname; $_SESSION[user_name] = $sql -> username; $_SESSION[password] = $sql -> password; $_SESSION[group1] = $sql -> group1; $_SESSION[group2] = $sql -> group2; $_SESSION[group3] = $sql -> group3; $_SESSION[pchange] = $sql -> pchange; $_SESSION[email] = $sql -> email; $_SESSION[redirect] = $sql -> redirect; $_SESSION[verified] = $sql -> verified; $_SESSION[last_login] = $sql -> last_login; } }else{ $_SESSION[redirect] = "$base_dir/errorlogin.html"; } } //functions that will determine if access is allowed function allow_access($group) { if ($_SESSION[group1] == "$group" || $_SESSION[group2] == "$group" || $_SESSION[group3] == "$group" || $_SESSION[group1] == "Administrators" || $_SESSION[group2] == "Administrators" || $_SESSION[group3] == "Administrators" || $_SESSION[user_name] == "$group") { $allowed = "yes"; }else{ $allowed = "no"; } return $allowed; } //function to check the length of the requested password function password_check($min_pass, $max_pass, $pass) { $valid = "yes"; if ($min_pass > strlen($pass) || $max_pass < strlen($pass)) { $valid = "no"; } return $valid; } ?> For the redirected link to be secure and only someone who has logged in with the proper credentials can see it, I am required to put the following php code on the redirected page <?php //prevents caching header("Expires: Sat, 01 Jan 2000 00:00:00 GMT"); header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); header("Cache-Control: post-check=0, pre-check=0",false); session_cache_limiter(); session_start(); //this should the the absolute path to the config.php file //(ie /home/website/yourdomain/login/config.php or //the location in relationship to the page being protected - ie ../login/config.php ) require('/home/*****/public_html/Client/config.php'); //this should the the absolute path to the functions.php file - see the instrcutions for config.php above require('/home/*****/public_html/Client/functions.php'); //this is group name or username of the group or person that you wish to allow access to // - please be advise that the Administrators Groups has access to all pages. if (allow_access(Users) != "yes") { //this should the the absolute path to the no_access.html file - see above include ('/home/*****/public_html/Client/no_access.html'); exit; } ?> So.. before the update to php 5.3 this code worked flawlessly. Clients would login with their username and password on my site, and it would redirect them to the php page with their content that included the code above. Now after the update what happens is, even after using a correct username/password combination the no_access.html (see below) page is displayed instead, but the link displayed in the browser IS the correct redirected link! What's also strange is, if you then try to login again since this page has the form to do so, you get a 404 error because it is trying to find the redirect.php file in the redirected link instead of the website.ca/Client/ dir it is actually in. So, I tried to put a copy of the redirect.php, config.php, functions.php and a few others in the redirected link directory just for kicks, and tried again and it works! The problem is, the client basically has to login twice.. the first time always fails, but sends them to the redirected link, then when they try again IF I also put those files into their directory then it will work on this second try. So, I am at a loss as to what is going on here, and would appreciate any help on getting this up and running properly again on php 5.3 Many thanks! no_access.html <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>NO ACCESS ALLOWED</title> </head> <body> <b><font size="6">Access Denied!!!</font></b><p>Please login with proper credentials:</p> <FORM METHOD="POST" ACTION="redirect.php"> <P><font face="Verdana" size="2" color="#2852A8"><STRONG>Username:</STRONG><BR> </font><font color="#2852A8" face="Verdana"> <INPUT TYPE="text" NAME="username" SIZE=25 MAXLENGTH=25></font></p> <P><font face="Verdana" size="2" color="#2852A8"><STRONG>Password:</STRONG><BR> </font><font color="#2852A8" face="Verdana"> <INPUT TYPE="password" NAME="password" SIZE=25 MAXLENGTH=25></font></p> <P><font face="Verdana"><font color="#2852A8"> <input type="checkbox" name="remember" value="Yes"></font><font size="2" color="#2852A8">Remember me from this computer</font></font></p> <P><font color="#2852A8"> <INPUT TYPE="submit" NAME="submit" VALUE="Login" style="font-family: Verdana"></font></P> </FORM> <p> </p> </body> </html>

I need my user to log in to use their "admin panel" functions. I have this bit of html for them to enter their username/password: <form id="form1" name="form1" method="post" action="functions/loginprocess.php"> <table> <tr> </tr> <tr> <td>Username:</td> <td><input type="text" name="username" id="username" /></td> </tr> <tr> <td>Password</td> <td><input type="password" name="password" id="password" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="button" id="button" value="Login" /></td> </tr> </table> </form> This bit of code at the top of the html to start the session: <?php session_start(); $err = $_GET['e']; ?> This bit of code at the top of the index page to redirect to the login screen <?php session_start(); $l=6; $a="out"; if(isset($_SESSION['username'])) { $l=$_SESSION['username']; $a="in"; } else { header('Location: login.php?e=Login to use the administration functions'); } $err = $_GET['e']; ?> And this code to perform the log in functions: <?php session_start(); $username = $_POST['username']; $password = $_POST['password']; $conn = mysqli_connect("Connection String"); $username = mysqli_real_escape_string($conn, $username); $query="SELECT * FROM users WHERE username='$username' AND userpassword='$password'"; $result = mysqli_query($conn, $query); if(mysqli_num_rows($result) == 0) // User not found. So, redirect to login_form again. { $conn->close(); header('Location: ../login.php?e=User not found'); exit(); } $userData = mysqli_fetch_array($result); $hash = hash('sha256', $userData['cmspassword']."$password"); //echo "$hash"; if($hash != $userData['userpassword']) // Incorrect password. So, redirect to login_form again. { $conn->close(); header('Location: ../login.php?e=Incorrect login details'); exit(); } else{ // Redirect to home page after successful login. $_SESSION['username'] = $username; $_SESSION['user'] = $userData['userid']; $_SESSION['sp'] = $userData['cmspassword']; $conn->close(); header('Location: ../index.php'); exit(); } ?> And the database table is called 'users' with the following columns: userid username useremail userpassword cmspassword However, as stated in the title of this post, I appear to be stuck in a loop where whenever I enter the user credentials it just keeps looping round the "user not found" message on line 16. Can anyone help me, I am well and truly stuck on how to get out of this loop? I know I've gone wrong somewhere, just can't see where

I was wondering what most of you guys use to prevent against SQL injection? This is what I am currently using. function transform_HTML($string, $length = NULL){ $string = trim($string); $string = utf8_decode($string); $string = htmlentities($string, ENT_NOQUOTES); $string = str_replace("\"", """, $string); $string = str_replace("#", "#", $string); $string = str_replace("$", "$", $string); $string = str_replace("%", "%", $string); $string = str_replace("&", "&", $string); $string = str_replace("'", "'", $string); $string = str_replace("(", "(", $string); $string = str_replace(")", ")", $string); $string = str_replace("*", "*", $string); $string = str_replace("+", "+", $string); $string = str_replace(",", ",", $string); $string = str_replace("-", "-", $string); $string = str_replace("/", "/", $string); $string = str_replace(":", ":", $string); $string = str_replace(";", ";", $string); $string = str_replace("<", "<", $string); $string = str_replace("=", "=", $string); $string = str_replace(">", ">", $string); $string = str_replace("?", "?", $string); $string = str_replace("@", "@", $string); $string = str_replace("[", "[", $string); $string = str_replace("]", "]", $string); $string = str_replace("^", "^", $string); $string = str_replace("_", "_", $string); $string = str_replace("`", "`", $string); $string = str_replace("{", "{", $string); $string = str_replace("|", "|", $string); $string = str_replace("}", "}", $string); $string = str_replace("~", "~", $string); $length = intval($length); if ($length > 0){ $string = substr($string, 0, $length); } return $string; } Which then gets called by: if ($action == 'login'){ // Login Action $_SESSION['loginerror'] = FALSE; $myusername = transform_HTML($_POST['login-username'], 21); $mypassword = transform_HTML($_POST['login-password'], 21); $sql="SELECT * FROM $table[users] WHERE username='$myusername' and password=MD5('$mypassword')"; $result=mysqli_query($db, $sql); // Mysql_num_row is counting table row $count=mysqli_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Login Stuff } Is there a more efficient way, or more secure way of doing this?

I'm just a beginner with PHP. I created a PHP login system. Now I want to echo the username to the logged in user on the index.php page. Here's the code I have so far. It would be great if someone could suggest a way of doing this. Thanks! login.php <?php session_start(); require_once 'classes/Membership.php'; $membership = new Membership(); // If the user clicks the "Log Out" link on the index page. if(isset($_GET['status']) && $_GET['status'] == 'loggedout') { $membership->log_User_Out(); } // Did the user enter a password/username and click submit? if($_POST && !empty($_POST['username']) && !empty($_POST['pwd'])) { $response = $membership->validate_User($_POST['username'], $_POST['pwd']); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Login</title> <link rel="stylesheet" type="text/css" href="css/default.css" /> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script> <script type="text/javascript" src="js/main.js"></script> </head> <body> <div id="login"> <form method="post" action=""> <h2>Login <small>enter your credentials</small></h2> <p> <label for="username">Username: </label> <input type="text" name="username" /> </p> <p> <label for="pwd">Password: </label> <input type="password" name="pwd" /> </p> <p> <input type="submit" id="submit" value="Login" name="submit" /> </p> </form> <?php if(isset($response)) echo "<h4 class='alert'>" . $response . "</h4>"; ?> </div><!--end login--> </body> </html> index.php (the page that the user is redirected to after logging in) <?php require_once 'classes/Membership.php'; $membership = New Membership(); $membership->confirm_Member(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" href="css/default.css" /> <!--[if lt IE 7]> <script type="text/javascript" src="js/DD_belatedPNG_0.0.7a-min.js"></script> <![endif]--> <title>Untitled Document</title> </head> <body> <div id="container"> <p> You have logged in. </p> <a href="login.php?status=loggedout">Log Out</a> </div><!--end container--> </body> </html> membership.php <?php require 'Mysql.php'; class Membership { function validate_user($un, $pwd) { $mysql = New Mysql(); $ensure_credentials = $mysql->verify_Username_and_Pass($un, md5($pwd)); if($ensure_credentials) { $_SESSION['status'] = 'authorized'; header("location: index.php"); } else return "Please enter a correct username and password"; } function log_User_Out() { if(isset($_SESSION['status'])) { unset($_SESSION['status']); if(isset($_COOKIE[session_name()])) setcookie(session_name(), '', time() - 1000); session_destroy(); } } function confirm_Member() { session_start(); if($_SESSION['status'] !='authorized') header("location: login.php"); } } mysql.php <?php require_once 'includes/constants.php'; class Mysql { private $conn; function __construct() { $this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or die('There was a problem connecting to the database.'); } function verify_Username_and_Pass($un, $pwd) { $query = "SELECT * FROM users WHERE username = ? AND password = ? LIMIT 1"; if($stmt = $this->conn->prepare($query)) { $stmt->bind_param('ss', $un, $pwd); $stmt->execute(); if($stmt->fetch()) { $stmt->close(); return true; } } } } Thanks a lot!

Hello I am trying to create a password storing application, but cannot figure out the best way to store account passwords. The application wont store just user passwords to login, but passwords for other accounts. For example Client wants to be able to store all their Facebook and twitter passwords on the site, then log in when they want to find it. I was going to make it so the admin needed repeat their password they used to login to the application to retrieve another password, all of this is no problem, its just encrypting the passwords and being able to "un-encrypt" it later so they can see it. Any help would be appreciated, the person doesn't really care if its secure, they just want me to store the strings in the Database to be retrieved later, but I want to make it secure. Thank you

Hello I'm new on this forum, I have a commercial project (a software with licence renovation every year), I want to every time I have a new client, register on a mysql database, so when the client pay (on paypal) a licence renovation after the payment redirect to a php login site, when the client get logged show a kind of validator where the client can type the renovation number to generate and show the unlock code at the same time automatically it is sent to the clients email, after that, if the user wants to log in again, show only the unlock code, until the client do a payment and show the validator again, and so on.. Is all this possible? I already have a hosting with php and mysql database, but I don't have any knowledge on php, also I have no idea how to make the validator on a website, but It's based on math operations so I think it wont be a problem

Hey ,, i would to know how can i redirect the users after login or register to the same that you were in automatically without LINK ! i'm in a photo page if i login or register redirect me to photo page if i'm in another page redirect me to the same page that's what i mean

Hi PHP Freaks! I'm one of the newer users here, yep. And this is my first post here ^.^ I have recently started working on my very simple script in PHP. Parse username/password, perform checks against array to see if username exists and if password is correct for specified user. Print out a message as a finish result. And here is what my problem is.. So far I have written this code (PHP): <?php // List of users and their password. $users = array(1 => 'admin', 2 => 'UserTwo', 3 => 'UserThree', 4 => 'UserFour'); $pass = array(1 => '1234', 2 => 'second', 3 => 'third', 4 => 'fourth'); // Compare username parameter against users list (check if user exists). if (in_array($_GET['username'], $users)) { // User is found. Compare password parameter against pass list corresponding to user ID in array. $userId = array_search($_GET['username'], $users); // Compare password parameter against pass list (using specific userId to check if password is valid). if ($_GET['password'] != $pass[userId]) { echo 'You have entered invalid password.'; } else { echo 'Welcome, '.$_GET['username'].'!'; } } else { // User is not found. echo 'You have entered invalid user name.'; } ?> I guess some of you experienced in PHP understand what I am doing up there Basically I wanted to parse username/password arguments to the URL. That works just fine ( echo $_GET['username'] . '<br>' . $_GET['password']; ) ( Just a note, I use Xampp, so it is http://localhost/login.php?username=admin&password=1234 ) Problem starts at line 9.. I am unsure about that part (I just written it out of my mind and little documentation I have found on their official website) with userId and then comparing it to correspond to the user (like like associating password to specific user id, users[0] = admin to have password 1234, users[1] , and so). Could somebody fix this and post up the code, much appreciated (excuse me for little English mistakes, it is not my native language, I do my best to keep it well) Also include a little description or just explain it in several words, what/where I messed up Thanks in advance. Regards, - OmegaExtern

Dear All, I am new to php i have created login/Sign up pages and problem is i needd code to display logout after users login into system but in my system both login/Register is dislaying after login also Please help me in this one..

Hello everybody. I have a school grade script, it's contain of admins, teachers and students. this script is written in Arabic, by the way i'm from Syria. The script is working on my localhost very good, but on the web don't work any way. I think the problem in the Login code, and here it is : <?php session_start(); //================================================== include("admin/config.php"); //================================================== include("admin/setting.php"); include("Check.php"); echo $stylescript; echo $stylebody; //================================================== $titlepage = "$schoolsname - Login page"; //================================================== if ($action == 'trylogin') { if(($user_name_insert == "") OR ($user_password_insert == "")) { $result = mysql_query("SELECT template_content FROM school_template where template_name = '".ErrorInsertUserNameAndPassword."'"); $result_info = mysql_fetch_array($result); $ErrorInsertUserNameAndPassword = $result_info["template_content"]; $ErrorInsertUserNameAndPassword = str_replace("\"","'",$ErrorInsertUserNameAndPassword); eval("\$ErrorInsertUserNameAndPassword = \"$ErrorInsertUserNameAndPassword\";"); echo $ErrorInsertUserNameAndPassword; exit; } $result = mysql_query("SELECT * FROM school_user where user_name = '$user_name_insert'"); $result_num = mysql_num_rows($result); if ($result_num == 0) { $result = mysql_query("SELECT template_content FROM school_template where template_name = '".ErrorWrongUserNameInsert."'"); $result_info = mysql_fetch_array($result); $ErrorWrongUserNameInsert = $result_info["template_content"]; $ErrorWrongUserNameInsert = str_replace("\"","'",$ErrorWrongUserNameInsert); eval("\$ErrorWrongUserNameInsert = \"$ErrorWrongUserNameInsert\";"); echo $ErrorWrongUserNameInsert; exit; } else { $result_info = mysql_fetch_array($result); $user_password = $result_info['user_password']; $user_password2 = $result_info['user_password2']; $user_group_id = $result_info['user_group_id']; $user_user_id = $result_info['user_user_id']; if(($user_password_insert <> $user_password) and ($user_password_insert <> $user_password2)) { $result = mysql_query("SELECT template_content FROM school_template where template_name = '".ErrorWrongUserPasswordInsert."'"); $result_info = mysql_fetch_array($result); $ErrorWrongUserPasswordInsert = $result_info["template_content"]; $ErrorWrongUserPasswordInsert = str_replace("\"","'",$ErrorWrongUserPasswordInsert); eval("\$ErrorWrongUserPasswordInsert = \"$ErrorWrongUserPasswordInsert\";"); echo $ErrorWrongUserPasswordInsert; exit; } else { $new_value_lasttime = time(); if($user_group_id == 1) { $result = mysql_query("SELECT * FROM school_employee where employee_id = $user_user_id"); $result_info = mysql_fetch_array($result); $user_full_name = $result_info['employee_full_name']; $user_login_lasttime = $result_info['employee_login_lasttime']; include("user_login_lasttime_text.php"); $date_to_convert = $user_login_lasttime; $sho_time=1; //include("hejri.php"); $user_login_lasttime = $date_result; $result = mysql_query("UPDATE school_employee SET employee_login_lasttime = '$new_value_lasttime',employee_count_login = employee_count_login+1 WHERE employee_id = $user_user_id"); } if($user_group_id == 3) { $result = mysql_query("SELECT * FROM school_employee where employee_id = $user_user_id"); $result_info = mysql_fetch_array($result); $user_full_name = $result_info['employee_full_name']; $user_login_lasttime = $result_info['employee_login_lasttime']; include("user_login_lasttime_text.php"); $date_to_convert = $user_login_lasttime; $sho_time=1; //include("hejri.php"); $user_login_lasttime = $date_result; $result = mysql_query("UPDATE school_employee SET employee_login_lasttime = '$new_value_lasttime',employee_count_login = employee_count_login+1 WHERE employee_id = $user_user_id"); } if($user_group_id == 4) { if($HTTP_SESSION_VARS['S_pas_login'] == 1){$welcomepas ="ولي امر : ";} $result = mysql_query("SELECT * FROM school_student where student_id = $user_user_id"); $result_info = mysql_fetch_array($result); $user_full_name = $welcomepas.''.$result_info['student_full_name']; $user_login_lasttime = $result_info['student_login_lasttime']; include("user_login_lasttime_text.php"); $date_to_convert = $user_login_lasttime; $sho_time=1; //include("hejri.php"); $user_login_lasttime = $date_result; if($user_password_insert == $user_password2) { $S_pas_login = 1; $S_student_login = 0; session_register("S_pas_login"); session_register("S_student_login"); $result = mysql_query("UPDATE school_student SET student_login_pas_lasttime = '$new_value_lasttime',student_pas_login_count = student_pas_login_count+1 WHERE student_id = $user_user_id"); } elseif($user_password_insert == $user_password) { $S_pas_login = 0; $S_student_login = 1; session_register("S_pas_login"); session_register("S_student_login"); $result = mysql_query("UPDATE school_student SET student_login_lasttime = '$new_value_lasttime',student_login_count = student_login_count+1 WHERE student_id = $user_user_id"); } } $S_user_user_id = $user_user_id; session_register("S_user_user_id"); $S_user_group_id = $user_group_id; session_register("S_user_group_id"); $S_user_full_name = $user_full_name; session_register("S_user_full_name"); $S_user_login_lasttime = $user_login_lasttime; session_register("S_user_login_lasttime"); $S_user_login_lasttime_text = $user_login_lasttime_text; session_register("S_user_login_lasttime_text"); echo "<p dir='rtl'>Accepted..</p>"; exit("<META HTTP-EQUIV='refresh' CONTENT='2 URL=index.php'>"); } } } $result = mysql_query("SELECT template_content FROM school_template where template_name = '".login."'"); $result_info = mysql_fetch_array($result); $login = $result_info["template_content"]; $login = str_replace("\"","'",$login); eval("\$login = \"$login\";"); echo $login; ?> Any one can help me please.. I need Ur help. Thank you....

When I try to login with my username and password, nothing happens. I only get an error from this line in login.php: "if ($_POST['action']=='logout') {" So what could be wrong? Login.php: <?php session_start(); /*Om användaren har tryck på loggut-knappen så verkställs sessionen.*/ if ($_POST['action']=='logout') { session_unset(); } if (! isset($_SESSION['username'])) { if (isset($_POST['username'])) { $username = addslashes($_POST['username']); $pswd = addslashes($_POST['pswd']); /*Här försöker vi koppla upp mot databasen*/ mysql_connect('localhost', 'root', '') or die("Kan inte koppla upp mot db-servern"); mysql_select_db("db_film") or die("Kan inte koppla upp mot db"); /*Här hämtas namn, användarnamn och lösenord från tabellen users i databasen. Om de inskrivna värdena stämmer överens med uppgifterna i databasen så skickas vi till publishpost.php. */ $query = "SELECT username FROM users WHERE username='$username' AND pswd=md5('$pswd')"; echo "<pre>$query</pre>"; $result = mysql_query($query); if (mysql_num_rows($result) == 1){ // $_SESSION['firstname'] = mysql_result($result,0,"firstname"); $_SESSION['username'] = mysql_result($result,0,"username"); $user = $_POST['username']; $salt = "somestring"; $_SESSION['token'] = md5($salt . $user . $salt); $token = $_SESSION['token']; header("location: publishpost.php"); } /*Om uppgifterna inte stämmer så stannar användaren kvar på login.php och en text skrivs ut som talar om att man inte har blivit inloggad.*/ else { $username = $_SESSION['username']; header("location: login.php"); echo ("Du är inte inloggad"); } } } ?> Checklogin.php: <?php /* En session för att logga in */ session_start(); $user = $_SESSION['username']; $salt = "somestring"; $token = md5($salt . $user . $salt); if (isset($_SESSION['name']) AND $_SESSION['token'] == $token) { $name = $_SESSION['name']; } else { header("location: login.php"); } ?>

Hi everyone. I'm working on a simple app for internal use for a small company. I am having difficulties getting the account logins working correctly, and I believe it has something to do with $_SESSION not being set like I expected it to. Now I am fairly new to PHP, and have been learning as I go. index.php contains this: <?php session_start(); require_once('includes/config.inc.php'); require_once('includes/functions.inc.php'); // Check login status -- if not logged in, redirect to login screen if (check_login_status() == false) { redirect('login.php'); } So when I load the app, I'm redirected to login.php: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-type" content="text/html;charset=utf-8" /> <title>Login Page</title> <link rel="stylesheet" type="text/css" href="css/login.css" /> </head> <body> <form id="login-form" method="post" action="includes/login.inc.php"> <fieldset> <legend>Login to Inventory System</legend> <p>Please enter your username and password to access the Inventory system</p> <label for="username"> <input type="text" name="username" id="username" />Username: </label> <label for="password"> <input type="password" name="password" id="password" />Password: </label> <label> <input type="submit" name="submit" id="submit" value="Login" /> </label> </fieldset> </form> </body> </html> When I hit submit on the login page, includes/login.inc.php is called: <?php session_start(); require_once('config.inc.php'); require_once('functions.inc.php'); // Escape any unsafe characters before querying database $username = $con->real_escape_string($_POST['username']); $password = $con->real_escape_string($_POST['password']); // Construct SQL statement for query & execute $query = "SELECT * FROM users WHERE username = '" . $username . "' AND password = '" . MD5($password) . "'"; $result = mysqli_query($con,$query) or die(mysqli_error($con)); // If one row is returned, username and password are valid if (is_object($result) && $result->num_rows == 1) { $_SESSION['logged_in'] = true; redirect('../index.php'); } else { redirect('../login.php'); } ?> Now I've been able to determine that the login is being processed successfully, because if I disable the check_login_status function in index.php, I'm redirected to index.php if I login with a valid account. Under the same conditions, an incorrect password will reload login.php. With the function disabled, I've also tried adding "print_r($_SESSION)" at the top of index.php, but nothing ever loads, which makes me think something is wrong with my function. functions.inc.php: <?php function redirect($page) { header('Location: ' . $page); exit(); } function check_login_status() { // IF $_SESSION['logged_in'] is set, return the status if (isset($_SESSION['logged_in'])) { return $_SESSION['logged_in']; } return false; } ?> config.inc.php: <?php $con=mysqli_connect("server_name","user","pass","db_name"); if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } ?> I'm really at a loss, and I don't know where the problem is. I've checked for syntax errors with "php -l file.php" and found no syntax errors. I'm not sure how to do any other debugging with this, or what I'm missing. Help is truly appreciated! EDIT: Yes, I know MD5 passwords are not recommended, and that will be changed to use salt once I can get functionality in my app. I will also be escaping/preparing all MySQL queries once I get the login piece working.

Hello everyone, I am trying to create a database login but i am not having any luck. I am not sure what is wrong. I feel everything is in order but I am new and don't really know what to look for. If someone could help me get this up and running, i'd greatly appreciate it. I've spent over 20 hours. I know it isn't exteremely diffuclt but I am fustrated and about to give up . Some help would me great! 1st page: Login.html ( I left out the formatting, heres just the form) file:///C:/Users/Stahlsta/Desktop/PHP/Login.html <form name="form 1" method="post" action="KitchenDatabase.php"> <Center><table width="20%" border="0" cellspacing="0" bgcolor="blue" frame="box" > <tr> <td><h3>Username:</h3></td> <td><input name="username" type="text" id="username" ></td></tr> <tr> <td><h3>Password:</h3></td> <td><input name="password" type="text" id="password" ></td></tr> <tr> <td colspan="2" align="center"> <input type="submit" name="Submit" value="Login"/> <input type="submit" value="Guest Log in"/></td></tr> </table> </Center> </form> When I click login: I want to access KitchenDatabase.php 2nd page:KitchenDatabase.php - This page should link to loginsuccess.php <?php $host="localhost:3306"; // Host name $Owner_fName="username"; // Mysql username $Owner_password="password"; // Mysql password $db_name="2013-wstahl"; // Database name $tbl_name="Owner"; // Table name // Connect to server and select databse. mysql_connect("$host", "$Owner_fName", "$Owner_password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $Owner_fName=$_POST['username']; $Owner_password=$_POST['password']; // To protect MySQL injection (more detail about MySQL injection) $Owner_fName = stripslashes($Owner_fName); $Owner_password = stripslashes($Owner_password); $Owner_fName = mysql_real_escape_string($Owner_fName); $Owner_password = mysql_real_escape_string($Owner_password); $sql="SELECT * FROM $tbl_name WHERE username='$Owner_fName' and password='$Owner_password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $username and $password, table row must be 1 row if($count==1){ // Register $Owner_fName, $Owner_password and redirect to file "loginsuccess.php" session_register("username"); session_register("password"); header("location:loginsuccess.php"); } else { echo "Wrong Username or Password"; } ?> Page 3:loginsuccess.php - This page should link to KitchenDatabase.html <?php session_start(); if(!session_is_registered(username)){ header("KitchenDatabase.html"); } ?> Page 4:I wont bore you witht he code, i dont think it's important for the login work. (file:///C:/Users/Stahlsta/Desktop/PHP/KitchenDatabase.html) Everything is based off this database. KitchenDatabase.sql # # DUMP FILE # # Database is ported from MS Access #------------------------------------------------------------------ # Created using "MS Access to MySQL" form http://www.bullzip.com # Program Version 5.1.242 # # OPTIONS: # sourcefilename=C:\Users\wstahl\Desktop\KBdatabase1.accdb # sourceusername= # sourcepassword= # sourcesystemdatabase= # destinationdatabase=2013-wstahl # storageengine=MyISAM # dropdatabase=0 # createtables=1 # unicode=1 # autocommit=1 # transferdefaultvalues=1 # transferindexes=1 # transferautonumbers=1 # transferrecords=1 # columnlist=0 # tableprefix= # negativeboolean=0 # ignorelargeblobs=0 # memotype=LONGTEXT # CREATE DATABASE IF NOT EXISTS `2013-wstahl`; USE `2013-wstahl`; # # Table structure for table 'Fridge' # DROP TABLE IF EXISTS `Fridge`; CREATE TABLE `Fridge` ( `Fridge_ID` INTEGER NOT NULL, `Owner_ID` INTEGER NOT NULL, `Room_Loc` VARCHAR(255), INDEX (`Owner_ID`), PRIMARY KEY (`Fridge_ID`), FOREIGN KEY (`Owner_ID`) REFERENCES `Owner` ) ENGINE=myisam DEFAULT CHARSET=utf8; SET autocommit=1; # # Dumping data for table 'Fridge' # INSERT INTO `Fridge` VALUES (100, 100, 'Kitchen'); INSERT INTO `Fridge` VALUES (101, 101, 'Wills'); INSERT INTO `Fridge` VALUES (102, 102, 'Taylors'); INSERT INTO `Fridge` VALUES (103, 103, 'Matts'); INSERT INTO `Fridge` VALUES (104, 104, 'Felixs'); INSERT INTO `Fridge` VALUES (105, 105, 'Anthonys'); INSERT INTO `Fridge` VALUES (106, 106, 'Sams'); # 7 records # # Table structure for table 'Guest' # DROP TABLE IF EXISTS `Guest`; CREATE TABLE `Guest` ( `Guest_ID` INTEGER NOT NULL AUTO_INCREMENT, `Guest_fName` VARCHAR(50), `Guest_lName` VARCHAR(50), `Over21` TINYINT(1) DEFAULT 0, `Owner_ID` INTEGER NOT NULL, INDEX (`Over21`), PRIMARY KEY (`Guest_ID`), FOREIGN KEY (`Owner_ID`) REFERENCES `Owner` ) ENGINE=myisam DEFAULT CHARSET=utf8; SET autocommit=1; # # Dumping data for table 'Guest' # INSERT INTO `Guest` VALUES (1, 'Harry', 'Potter', 1, 101); INSERT INTO `Guest` VALUES (2, 'Jamie', 'Kurtis', 1, 102); INSERT INTO `Guest` VALUES (3, 'Bucky', 'Smith', 0, 103); INSERT INTO `Guest` VALUES (4, 'Nick', 'Crawl', 1, 101); INSERT INTO `Guest` VALUES (5, 'Matt', 'Taylor', 0, 104); INSERT INTO `Guest` VALUES (6, 'Martha', 'Stewart', 1,105); INSERT INTO `Guest` VALUES (7, 'Kris', 'Durdon', 0, 105); INSERT INTO `Guest` VALUES (8, 'Mike', 'Micheals', 1, 102); # 8 records # # Table structure for table 'Item' # DROP TABLE IF EXISTS `Item`; CREATE TABLE `Item` ( `Item_ID` INTEGER NOT NULL AUTO_INCREMENT, `Item_Name` VARCHAR(255), `Item_Cost` DECIMAL(19,4), `Exp_Date` DATETIME, `Item_Qty` INTEGER, `Owner_ID` INTEGER, `Fridge_ID` INTEGER, `Store_ID` INTEGER, PRIMARY KEY (`Item_ID`), FOREIGN KEY (`Owner_ID`) REFERENCES `Owner`, FOREIGN KEY (`Fridge_ID`) REFERENCES `Fridge`, FOREIGN KEY (`Store_ID`) REFERENCES `Store`, INDEX (`Fridge_ID`), INDEX (`Owner_ID`), INDEX (`Store_ID`) ) ENGINE=myisam DEFAULT CHARSET=utf8; SET autocommit=1; # # Dumping data for table 'Item' # INSERT INTO `Item` VALUES (1, 'eggs', 2.09, '2013-11-11 00:00:00', 2, 100, 100, 200); INSERT INTO `Item` VALUES (2, 'milk', 3.49, '2013-11-07 00:00:00', 2, 100, 100, 201); INSERT INTO `Item` VALUES (3, 'Bread', 3.09, '2013-11-08 00:00:00', 1, 101, 101, 201); INSERT INTO `Item` VALUES (4, 'cheese', 4.01, '2013-12-30 00:00:00', 2, 101, 100, 200); INSERT INTO `Item` VALUES (5, 'hot dogs', .97, '2014-01-16 00:00:00', 3, 102, 102, 200); INSERT INTO `Item` VALUES (6, 'rolls', 3.09, '2013-11-25 00:00:00', 6, 102, 102, 200); INSERT INTO `Item` VALUES (7, 'noodles', .99, NULL, 4, 103, 103, 202); INSERT INTO `Item` VALUES (8, 'sauce', 4.09, '2013-11-20 00:00:00', 2, 103, 103, 202); INSERT INTO `Item` VALUES (9, 'rice', .98, NULL, 12, 104, 104, 200); INSERT INTO `Item` VALUES (10, 'beans', 1.49, '2013-12-18 00:00:00', 2, 104, 100, 202); INSERT INTO `Item` VALUES (11, 'hamburgers', 6.99, '2013-12-25 00:00:00', 8, 105, 100, 200); INSERT INTO `Item` VALUES (12, 'buns', 3.09, '2013-12-19 00:00:00', 8, 105, 105, 200); INSERT INTO `Item` VALUES (13, 'onions', .99, NULL, 3, 106, 106, 202); INSERT INTO `Item` VALUES (14, 'soup', 1.99, '2014-04-16 00:00:00', 5, 106, 106, 200); INSERT INTO `Item` VALUES (15, 'icream', 3.09, NULL, NULL, NULL, 101, NULL); INSERT INTO `Item` VALUES (16, 'Bacon', 5.15, '2013-10-16 00:00:00', 1, 101, 101, 202); INSERT INTO `Item` VALUES (17, 'Hot sauce', 2.79, '2013-11-22 00:00:00', 3, 101, 101, 200); INSERT INTO `Item` VALUES (18, 'ketchup', 3.5, NULL, 1, 101, 101, 201); INSERT INTO `Item` VALUES (19, 'crunch cereal', 3.49, '2014-01-22 00:00:00', 2, 101, 101, 201); # 19 records # # Table structure for table 'Owner' # DROP TABLE IF EXISTS `Owner`; CREATE TABLE `Owner` ( `Owner_ID` INTEGER NOT NULL, `Owner_fName` VARCHAR(255) NOT NULL, `Owner_lname` VARCHAR(255), `Owner_password` VARCHAR(50), PRIMARY KEY (`Owner_ID`) ) ENGINE=myisam DEFAULT CHARSET=utf8; SET autocommit=1; # # Dumping data for table 'Owner' # INSERT INTO `Owner` VALUES (100, 'All', 'NULL', 'NULL'); INSERT INTO `Owner` VALUES (101, 'Will', 'Stahl', password); INSERT INTO `Owner` VALUES (102, 'Taylor', 'Ryzuk', NULL); INSERT INTO `Owner` VALUES (103, 'Matt', 'Sheehan', NULL); INSERT INTO `Owner` VALUES (104, 'Felix', 'Burgos', NULL); INSERT INTO `Owner` VALUES (105, 'Anthony', 'Lombardi', NULL); INSERT INTO `Owner` VALUES (106, 'Sam', 'Gutzmer', NULL); # 7 records # # Table structure for table 'Store' # DROP TABLE IF EXISTS `Store`; CREATE TABLE `Store` ( `Store_ID` INTEGER NOT NULL, `Store_Name` VARCHAR(255) NOT NULL, `Store_City` VARCHAR(255), PRIMARY KEY (`Store_ID`) ) ENGINE=myisam DEFAULT CHARSET=utf8; SET autocommit=1; # # Dumping data for table 'Store' # INSERT INTO `Store` VALUES (200, 'Walmart', 'Oswego'); INSERT INTO `Store` VALUES (201, 'Bryne', 'Oswego'); INSERT INTO `Store` VALUES (202, 'Kinneys', 'Oswego'); INSERT INTO `Store` VALUES (203, 'Price Chopper', 'Oswego'); # 4 records Am I even close? I've come to far to quit. Please help me get this working Kudos, Fridge.html Fridge.php KitchenDatabase.html KitchenDatabase.php Login.html loginsuccess.php

Hello, I was making a login page with PHP and Mysql and have managed to debug all the errors, but the page says 'Wrong Username or Password' even though i have typed in the right password from the table. I was wondering if anyone could help me. Thanks I have 4 php files: main_login.php check_login.php login_success.php logout.php Here is all the code: main_login.php: <table> <tr> <form name="form1" method="post" action="check_login.php"> <td> <table> <tr> <td><strong>Login form: </strong></td> </tr> <tr> <td>UserName</td> <td>:</td> <td><input name="myusername" type="text" id="myusername"/></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="mypassword" type="text" id="mypassword"/> </td> </tr> <tr> <td> </td> <td> </td> <td><input type="Submit" name="Submit" value="Login"/></td> </tr> </table> </td> </form> </tr> </table> <?php ?> check_login.php: <?php $host = "localhost"; $Username = "christopher"; $Password = "password"; $db_name = "test_db"; $tbl_name = "test"; //CONNECT TO SERVER mysql_connect("$host", "$Username", "$Password") or die("CANNOT CONNECT"); mysql_select_db("$db_name") or die("CANNOT SELECT DB"); //USERNAME AND PASSWORD FROM FORM $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; //SECURITY PROTECTION $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result = mysql_query($sql); $count = mysql_num_rows($result); $count = 1; if($count == 1){ session_register("myusername"); session_register("mypassword"); header("Location: http://localhost/login/2/login_success.php/"); } else { echo "Wrong Username Or Password"; } ?> login_success.php <?php session_start(); echo "login successful.."; if(!session_is_registered(myusername)){ header("location:main_login.php"); } ?> <html> <body> LOGIN SUCCESSFUL </body> </html> logout.php: <?php session_start(); session_destroy(); ?> check_login.php login_success.php logout.php main_login.php

**Sessions or Cookies Hi, As the title of the topic says... I'm working on a project and I need to make a login system for an admin panel. And I'm not sure which one to use. Sessions or cookies? And an other question. I managed to make it so the login creates a coockie of the username and IP combined. But I don't know how I can call it. Since Here's my Login code that creates the cookies: class auth { function user_info_check( $username, $password ) { global $db; $sql = " SELECT * FROM users WHERE username = '".$username."'"; if(!$result = $db->query($sql)){ die('There was an error running the query [' . $db->error . ']'); } if ( $result->num_rows < 1 ) die('Account dosen\'t exists'); $row = $result->fetch_assoc(); $pass1 = $row['password']; $user1 = $row['username']; $permission = $row['permission']; if ( $username != $user1 ) { die('Account dosen\'t exists'); } if ( $password != $pass1 ) { die('Wrong Password'); } return array($username,$permission); } function login() { global $username, $password; // Returns the User's Username and Permission $info = $this->user_info_check($username,$password); setcookie($info[0]."-permission", $info[1], time()+3600); setcookie("user-".$info[0], $username, time()+3600); } } The user_info_check() uses the username and password from the login form, to get the requested data, which is the username and permission. But my problem is... if I create the session named "user-Andor" for example, Andor is the username, How can I call it if I don't have the username saved anywhere? Thanks!

hi guys. im a newbie in this forum and im glad that i found this. anyway, i have a problem with my code. i am creating a register and login application using php. however its not passing the data properly. i have tried to echo it and still its not showing. can anybody help me on this please? any assistance would be greatly appreciated here is my code for my init.php <?php session_start(); require 'database/connect.php'; require 'functions/general.php'; require 'functions/users.php'; if (logged_in() == true) { $session_user_id = $_SESSION['userid']; $user_data = user_data($session_user_id, 'userid', 'username', 'password', 'firstname', 'lastname', 'email'); } $errors = array(); ?> and this is my users.php which i think where lies the problem. i will just include the code of the function that creates the error. <?php function user_data($userid) { $data = array(); $userid = (int)$userid; $func_num_args = func_num_args(); $func_get_args = func_get_args(); if($func_num_args > 0) { unset($func_get_args[0]); $fields = '`' . implode('', $func_get_args) . '`'; $data = mysql_fetch_assoc(mysql_query("SELECT '$fields' FROM users WHERE userid = '$userid'")); print_r($data); return $data; } } ?> supposedly it should print the query stored in $data however its not doing that

Hello All ! I have been learning and doing at the same time. I came across a login design using J-query sliding panel, that i gratefully used. The rest of the query page was empty. Then I came across a tutorial on dynamic pages and so I thought it would be a good idea to put this dynamic page on the front of the login j-query page. I did so and it worked. When i use the J-query panel it worked fine. Then i implemented the dynamic pages and when i tried that out, the jquery panel vanished and the dynamic page appeared as a standalone website. Any ideas how I may retain my login and the dynamic page and let them work harmoniously together. Thanks all in advance.

Hi, I am having trouble with this code and would like to see if anyone can help me. I have been trying to write a bit of code that would check in the database if the users role is either admin or something else. and then allow them to view the page or show a message stating "they are not the admin" Heres is the code. <?php require("head.php"); include("navbar.php"); require("common.php"); { $query = " SELECT id, username, password, salt, email, role FROM users WHERE username = :username "; $query_params = array( 'role' => $_POST['role'] ); $row = $stmt->fetch(); $_SESSION['role'] = $row; if($_SESSION["role"]=='admin'){ echo "<h1 class='container well'>YOU ARE IN!</h1>"; } else { echo "<h1 class='container well'>you need the admin role!!!!</h1>"; } } include("footer.php"); ?> I think I have mucked this up completely and might be writing the wrong thing? or I am missing a big chunk. Any help would be much appreciated.

I was hoping to have a little help getting this to work. I installed VanillaForum on my website, and wanted to hook my login system into it so they shared a common username, and password (and if possible not have to log in twice) I am using JPMaster's login script found at http://www.evolt.org/node/60384 I was able to get his scripts to read Vanilla's DB and reconize the username and password, but it errors out during the proccessing Hopfully you all can help me out so i can get this working (Yes i know the DB info in the script isnt correct i removed my info when posting this) Login.zip any help will be very helpful Thanks in advanced