Jump to content

Search the Community

Showing results for tags 'login'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Welcome to PHP Freaks
    • Announcements
    • Introductions
  • PHP Coding
    • PHP Coding Help
    • Regex Help
    • Third Party Scripts
    • FAQ/Code Snippet Repository
  • SQL / Database
    • MySQL Help
    • PostgreSQL
    • Microsoft SQL - MSSQL
    • Other RDBMS and SQL dialects
  • Client Side
    • HTML Help
    • CSS Help
    • Javascript Help
    • Other
  • Applications and Frameworks
    • Applications
    • Frameworks
    • Other Libraries
  • Web Server Administration
    • PHP Installation and Configuration
    • Linux
    • Apache HTTP Server
    • Microsoft IIS
    • Other Web Server Software
  • Other
    • Application Design
    • Other Programming Languages
    • Editor Help (Dreamweaver, Zend, etc)
    • Website Critique
    • Beta Test Your Stuff!
  • Freelance, Contracts, Employment, etc.
    • Services Offered
    • Job Offerings
  • General Discussion
    • PHPFreaks.com Website Feedback
    • Miscellaneous

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Age


Donation Link

Found 27 results

  1. Hi everyone, Anyone recommended me to learn how to set up the login system, it is most advanced system, even longer work. Anyone know link to website that can help me learning about login system? Video will be very appreciate... Thanks, Gary
  2. So i made a login page, but whenever i enter right, wrong, or no password at all, it always displays wrong password. I've been trying to fix it for hours, but I just can't seem to find the error. It's like it's skipping if the password is right statement and goes straight through the else statment. <?php $connection = mysql_connect("com-db-02.student-cit.local","***","***") or die (mysql_error()); if ($connection) echo "Connection successful"; else echo "Connection failed"; $db = mysql_select_db("TEAM20") or die (mysql_error()); ?> <?php $_SESSION['customeremail'] = $_POST['user']; $_SESSION['password'] = $_POST['password']; function signIn() { session_start(); if(!empty($_POST['user'])) { $query = mysql_query("SELECT * FROM customer where customeremail = '$_POST[user]' AND password = '$_POST[password]'"); $row = mysql_fetch_array($query); if(!empty($row['customeremail']) AND !empty($row['password'])) { $_SESSION['customeremail'] = $row['customeremail']; getCustDetails(); echo "Successfully login to user profile page.."; echo "<a href=userlogin.php>Profile</a>"; } else { echo "Sorry... YOU ENTERED WRONG ID AND PASSWORD"; echo "<a href=login.html>Try Again</a>"; } } } function getCustDetails() { $queryId = mysql_query("SELECT customerID, firstname FROM Customer WHERE customeremail = '$_POST[user]'"); while($rowId = mysql_fetch_array($queryId)) { $_SESSION['customerID'] = $rowId['customerID']; $_SESSION['firstname'] = $rowId['firstname']; } echo "Code: ".$_SESSION['customerID']; echo "Name: ".$_SESSION['firstname']; } if(isset($_POST['submit'])) { signIn(); } ?>
  3. Hi, I've been going out of my mid for almost a week now trying to figure out how to make this work... I want multiple users to have their own individual usernames and passwords and be able to log in and view certain pages that non-registered guests can't see. I've set up my databases and usernames and passwords. I've actually gotten my login code to work now and then, but in trying to get sessions to work and not allow just anyone to manually type in the addresses of certain pages I've managed to mess that up and it doesn't work now either. I've been to MANY different sites and used examples but just can't get the login to work properly nor figure out how to get the sessions to check for a logged in user. My code so far...I've taken out my real password login,php <?php $connection = mysql_connect('localhost', 'root', 'mypassword'); if (!$connection){ die("Database Connection Failed" . mysql_error()); } $select_db = mysql_select_db('login'); if (!$select_db){ die("Database Selection Failed" . mysql_error()); } if (isset($_POST['username']) and isset($_POST['password'])){ $username = $_POST['username']; $password = $_POST['password']; $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $query = mysql_query("select * from members where password='$password' AND username='$username'", $connection); $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==1){ session_register("username"); session_register("password"); $_SESSION["authorized"] = true; header("location:membersarea.php"); } else header ("Location: login.html"); } ?> And this is what I put at the top of each secured page... membersarea.php <?php session_start(); if ($_SESSION["authorized"] = true) { } else { header("Location: login.html"); } ?> Thanks in advance!
  4. I am testing to see if PHP variables can pass from previous page to present page to login, I notice it doesn't work in MySQL query from previous to present page. It is like using ID to pass the variable in link like this: "?id=" in link, but I am using submit button. I typed name="user" in previous page, that should pass variable to present, then set up the select in database, but it doesn't do that, what i did do wrong? if ($_POST['submitted']) { $username = $_POST['user']; $password = $_POST['pass']; if ($username && $password) { $log = "SELECT username, password, type FROM username WHERE username = '".$username."' AND WHERE password = '".$password."'"; $result = mysqli_query($Garydb, $log) or die("could not work"); echo "<p>".$result['username']."</p>"; } } Also, I wonder about two query in one sentence, like using 'AND' on sentence, will it works? Please advise me. Thank you in advance time. Gary P.S. how do you type in chart like notepad++ in here? I need to know how to do that, so I show you in number line that you can point much easier to read.
  5. 1. HTML FORM #for user to enter the data <html> <title>reg</title> <style type="text/css"> body { background-color: rgb(200,200,200); color: white; padding: 20px; font-family: Arial, Verdana, sans-serif;} h4 { background-color: DarkCyan; padding: inherit;} h3 { background-color: #ee3e80; padding: inherit;} p { background-color: white; color: rgb(100,100,90); padding: inherit;} </style> <form method="POST" action="login_back.php" enctype="multipart/form-data"></br> &nbsp<font color="DarkCyan"> Choose a user name:</font> <input type="text" name="username"> </br></br> &nbsp<font color="DarkCyan"> First name:</font> <input type="text" name="firstname"/> </br></br> &nbsp<font color="DarkCyan"> Last name:</font><input type="text" name="lastname"/> </br></br> &nbsp<font color="DarkCyan"> File: <input type="file" name="image"></font> </br></br> <input type="submit" value="Save and Proceed"> </form> </html> ---------- 2 STORING IN DATABASE #backend processing to store and retrieve data from db <?php error_reporting(0); #echo "<body style='background-color:rgb(200,200,200)'>"; session_start(); #if( isset($_POST['username']) && isset($_FILES['image']) ) #{ $_SESSION['username']=$_POST['username']; $_SESSION['firstname']=$_POST['firstname']; $lastname=$_POST['lastname']; $file=$_FILES['image']['tmp_name']; $image_size=getimagesize($_FILES['image']['tmp_name']); if(!isset($file)) echo"please select an image"; else { #$image=$_FILES['image']['tmp_image']; //grabing the file content $image_name=$_FILES['image']['name']; //grabing image name $image_size=getimagesize($_FILES['image']['tmp_name']); //getting image size } echo "</br>"; #connection to db mysql_connect("localhost","root","")or die(mysql_error()); mysql_select_db("wordgraphic")or die(mysql_error()); #checking the available username $query = mysql_query("SELECT * FROM userdata WHERE username = '" . $_SESSION['username'] . "'" ); $ans=mysql_num_rows($query); if ($ans > 0) { echo "Username already in use please try another."; } else if($image_size==FALSE) { echo"That's not an image."; } else { #Insert data into mysql #1.Inserting user name & image into db $sql="INSERT INTO userdata(username, firstname, lastname, image)VALUES('" . $_SESSION['username'] . "', '" . $_SESSION['firstname'] . "', '$lastname','$image')"; $result1=mysql_query($sql); if($result1) { echo "</br>"; echo "Registration successful"; echo "</br>"; //displaying image $lastid=mysql_insert_id();//get the id of the last record echo "uploaded image is :"; echo "<img src='get.php?id=".$lastid."'>"; > this command has some mistake }#if insertion into db successful else { echo "Problem in database operation"; } }# else block of unique username n img }#end of isset ?> ---------- 3. GET.PHP #additional file that retrieve image from database <?php #connection to db mysql_connect("localhost","root","")or die(mysql_error()); mysql_select_db("wordgraphic")or die(mysql_error()); if(isset($_REQUEST['id']) ) > this block of code is not running { $mid=(int)($_REQUEST['id']); $image=mysql_query("SELECT * FROM userdata WHERE id=$mid") or die("Invalid query: " . mysql_error()); $image=mysql_fetch_assoc($image); $image=$image['image']; header("Content-type: image/jpeg"); echo $image; } else echo"error"; ?>
  6. Hi, I am trying to create a login system in PHP, but I am not the greatest at PHP so I am using a source code which I found online as I found it to be more secure as it uses things like salted passwords. Anyway I am trying to add more fields to the register system so it adds them to the mysql, the source has a way to do this with arrays, but it is quite complicated so I am just using variables from the original file. There are 2 files: register.php and class.loginsys.php which contains all the functions. At first the query syntax was incorrect so I decided to use the variables created in register.php in the class.loginsys, but now it's giving me an out of memory error: Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 28672 bytes) in C:\xampp\htdocs\ls\class.loginsys.php on line 34 Which I am unsure of how to fix. I have tried using different variable names, checking the line, checking the whole register.php file for anything rogue. Here is the code: Top part of register.php <?php include "config.php"; ?> Config.php: <?php require "class.loginsys.php"; $LS=new LoginSystem(); ?> Then actual register part from register.php: <?php if( isset($_POST['submit']) ){ $firstname2 = $_POST['firstname']; $lastname2 = $_POST['lastname']; $user2 = $_POST['username']; $sex2 = $_POST['sex']; $country2 = $_POST['strCountryChoice']; $email2 = $_POST['email']; $pass2 = $_POST['pass']; $pass3 = $_POST['pass2']; $birthdate2 = $_POST['birthdate']; $created2 = date("Y-m-d H:i:s"); //need to add a lot more validation functions.. AKA Check if email exists and username. Password > 5 chars if( $user2=="" || $email2=="" || $pass2=='' || $pass3=='' || $firstname2=='' || $lastname2=='' || $sex2=='' || $country2=='' || $birthdate2=='' ){ echo "Fields Left Blank","Some Fields were left blank. Please fill up all fields."; exit; } if( !$LS->validEmail($email2) ){ echo "E-Mail Is Not Valid", "The E-Mail you gave is not valid"; exit; } if( !ctype_alnum($user2) ){ echo "Invalid Username", "The Username is not valid. Only ALPHANUMERIC characters are allowed and shouldn't exceed 10 characters."; exit; } if($pass2 != $pass3){ echo "Passwords Don't Match","The Passwords you entered didn't match"; exit; } $createAccount2 = $LS->register($user2, $pass2, array( "email" => $email2, "name" => $firstname2, "lastname" => $lastname2, "gender" => $sex2, "country" => $country2, "DOB" => $birthdate2, "created" => date("Y-m-d H:i:s") // Just for testing ) ); //$createAccount = $LS->register($firstname,$lastname,$user,$sex,$country,$email,$pass,$birthdate,$created); if($createAccount2 === "exists"){ echo "User Exists."; }elseif($createAccount2 === true){ echo "Success. Created account."; } } ?> And the function from the class: /* A function to register a user with passing the username, password and optionally any other additional fields. */ public function register( $id, $password, $other = array() ){ if( $this->userExists($id) && (isset($other['email']) && $this->userExists($other['email'])) ){ return "exists"; }else{ $randomSalt = $this->rand_string(20); $saltedPass = hash('sha256', "{$password}{$this->passwordSalt}{$randomSalt}"); if( count($other) == 0 ){ /* If there is no other fields mentioned, make the default query */ //old query: ("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`) VALUES(:username, :password, :passwordSalt)"); //new query: ("INSERT INTO `{$this->dbtable}` (`username`, 'email' , `password`, `password_salt` , 'name' , 'lastname' , 'gender' , 'country' , 'DOB') VALUES(:username, :email, :pass, :passwordSalt, :firstname, :lastname, :gender, :country, :DOB)"); $sql = $this->dbh->prepare("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`) VALUES(:username, :password, :passwordSalt)"); }else{ /* if there are other fields to add value to, make the query and bind values according to it */ //old query: ("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`, $columns) VALUES(:username, :password, :passwordSalt, :$colVals)"); //new query: ("INSERT INTO `{$this->dbtable}` (`username`, 'email' , `password`, `password_salt` , 'name' , 'lastname' , 'gender' , 'country' , 'DOB') VALUES(:username, :email, :pass, :passwordSalt, :firstname, :lastname, :gender, :country, :DOB)"); $keys = array_keys($other); $columns = implode(",", $keys); $colVals = implode(",:", $keys); //l= $this->dbh->prepare("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`, $columns) VALUES(:username, :password, :passwordSalt, :$colVals)"); //INSERT INTO MyGuests (firstname, lastname, email)cLUES ('John', 'Doe', 'john@example.com') $sql = $this->dbh->prepare("INSERT INTO `{$this->dbtable}` (username,email,password,password_salt,name,lastname,created,gender,country,DOB) VALUES ('$username2','$email2','$pass2','$saltedPass','$firstname2','$lastname2','$created2','$gender2','$country2','$birthdate2')"); print($sql); foreach($other as $key => $value){ $value = htmlspecialchars($value); $sql->bindValue(":$key", $value); } } /* Bind the default values */ $sql->bindValue(":username", $id); $sql->bindValue(":password", $saltedPass); $sql->bindValue(":passwordSalt", $randomSalt); $sql->execute(); return true; } } Thanks for your help. I am doing this because for a hobby I am trying to create a browser based game in which I use this login system to login the user to a main page then code all of the other pages myself. I have posted on stackoverflow and someone on their suggested that I should use a framework. If this is the case, can someone point me in the right direction? Thanks again, if you need any info ask.
  7. Hi, Just wondering if someone could point me in the right direction, I have a simple PHP MySQL login script which passes/stores data via sessions. It works fine, there is no problem with it. All I would like to do is pass some additional data from the users MySQL table. Currently it users just username and password, but I would like it to pass firstname and surname data as well. So when a user logs in with their username and password, on the next page it might say Welcome, Michael Smith. The script below is originally setup for the username to be a persons name, as it's used in the login welcome message in the login.php But I might change the username to be an email address, if I can pull in the additional data. config.php <?php /***************************** File: includes/config.php Written by: Frost of Slunked.com Tutorial: User Registration and Login System ******************************/ // start the session before any output. session_start(); // Set the folder for our includes $sFolder = '/predictor/login'; /*************** Database Connection You will need to change the user (user) and password (password) to what your database information uses. Same with the database name if you used something else. ****************/ mysql_connect('localhost', 'root', '') or trigger_error("Unable to connect to the database: " . mysql_error()); mysql_select_db('football') or trigger_error("Unable to switch to the database: " . mysql_error()); /*************** password salts are used to ensure a secure password hash and make your passwords much harder to be broken into Change these to be whatever you want, just try and limit them to 10-20 characters each to avoid collisions. ****************/ define('SALT1', '24859f@#$#@$'); define('SALT2', '^&@#_-=+Afda$#%'); // require the function file require_once($_SERVER['DOCUMENT_ROOT'] . $sFolder . '/includes/functions.php'); // default the error variable to empty. $_SESSION['error'] = ""; // declare $sOutput so we do not have to do this on each page. $sOutput=""; ?> login.php <?php /***************************** File: login.php Written by: Frost of Slunked.com Tutorial: User Registration and Login System ******************************/ require($_SERVER['DOCUMENT_ROOT'] . '/predictor/login/includes/config.php'); // If the user is logging in or out // then lets execute the proper functions if (isset($_GET['action'])) { switch (strtolower($_GET['action'])) { case 'login': if (isset($_POST['username']) && isset($_POST['password'])) { // We have both variables. Pass them to our validation function if (!validateUser($_POST['username'], $_POST['password'])) { // Well there was an error. Set the message and unset // the action so the normal form appears. $_SESSION['error'] = "Bad username or password supplied."; unset($_GET['action']); } }else { $_SESSION['error'] = "Username and Password are required to login."; unset($_GET['action']); } break; case 'logout': // If they are logged in log them out. // If they are not logged in, well nothing needs to be done. if (loggedIn()) { logoutUser(); $sOutput .= '<h1>Logged out!</h1><br />You have been logged out successfully. <br /><h4>Would you like to go to <a href="index.php">site index</a>?</h4>'; }else { // unset the action to display the login form. unset($_GET['action']); } break; } } $sOutput .= '<div id="index-body">'; // See if the user is logged in. If they are greet them // and provide them with a means to logout. if (loggedIn()) { $sOutput .= '<h1>Logged In!</h1><br /><br /> Hello, ' . $_SESSION["username"] . ' how are you today?<br /><br /> <h4>Would you like to <a href="login.php?action=logout">logout</a>?</h4> <h4>Would you like to go to <a href="index.php">site index</a>?</h4>'; }elseif (!isset($_GET['action'])) { // incase there was an error // see if we have a previous username $sUsername = ""; if (isset($_POST['username'])) { $sUsername = $_POST['username']; } $sError = ""; if (isset($_SESSION['error'])) { $sError = '<span id="error">' . $_SESSION['error'] . '</span><br />'; } $sOutput .= '<h2>Login to our site</h2><br /> <div id="login-form"> ' . $sError . ' <form name="login" method="post" action="login.php?action=login"> Username: <input type="text" name="username" value="' . $sUsername . '" /><br /> Password: <input type="password" name="password" value="" /><br /><br /> <input type="submit" name="submit" value="Login!" /> </form> </div> <h4>Would you like to <a href="login.php">login</a>?</h4> <h4>Create a new <a href="register.php">account</a>?</h4>'; } $sOutput .= '</div>'; // lets display our output string. echo $sOutput; ?> functions.php <?php /***************************** File: includes/functions.php Written by: Frost of Slunked.com Tutorial: User Registration and Login System ******************************/ /*********** bool createAccount (string $pUsername, string $pPassword) Attempt to create an account for the passed in username and password. ************/ function createAccount($pUsername, $pPassword, $pFirstname, $pSurname) { // First check we have data passed in. if (!empty($pUsername) && !empty($pPassword) && !empty($pFirstname) && !empty($pSurname)) { $uLen = strlen($pUsername); $pLen = strlen($pPassword); $fLen = strlen($pFirstname); $sLen = strlen($pSurname); // escape the $pUsername to avoid SQL Injections $eUsername = mysql_real_escape_string($pUsername); $sql = "SELECT username FROM users WHERE username = '" . $eUsername . "' LIMIT 1"; // Note the use of trigger_error instead of or die. $query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error()); // Error checks (Should be explained with the error) if ($uLen <= 4 || $uLen >= 11) { $_SESSION['error'] = "Username must be between 4 and 11 characters."; }elseif ($pLen < 6) { $_SESSION['error'] = "Password must be longer then 6 characters."; }elseif (mysql_num_rows($query) == 1) { $_SESSION['error'] = "Username already exists."; }else { // All errors passed lets // Create our insert SQL by hashing the password and using the escaped Username. $sql = "INSERT INTO users (`username`, `password`, `firstname`, `surname`) VALUES ('" . $eUsername . "', '" . hashPassword($pPassword, SALT1, SALT2) . "', '" . $pFirstname . "', '" . $pSurname . "');"; $query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error()); $sql2 = "INSERT INTO predictions (userID, predictionID, week) SELECT LAST_INSERT_ID(), id, week FROM fixtures"; $query = mysql_query($sql2) or trigger_error("Query Failed: " . mysql_error()); if ($query) { return true; } } } return false; } /*********** string hashPassword (string $pPassword, string $pSalt1, string $pSalt2) This will create a SHA1 hash of the password using 2 salts that the user specifies. ************/ function hashPassword($pPassword, $pSalt1="2345#$%@3e", $pSalt2="taesa%#@2%^#") { return sha1(md5($pSalt2 . $pPassword . $pSalt1)); } /*********** bool loggedIn verifies that session data is in tack and the user is valid for this session. ************/ function loggedIn() { // check both loggedin and username to verify user. if (isset($_SESSION['loggedin']) && isset($_SESSION['userID']) && isset($_SESSION['username'])) { return true; } return false; } /*********** bool logoutUser Log out a user by unsetting the session variable. ************/ function logoutUser() { // using unset will remove the variable // and thus logging off the user. unset($_SESSION['username']); unset($_SESSION['userID']); unset($_SESSION['loggedin']); return true; } /*********** bool validateUser Attempt to verify that a username / password combination are valid. If they are it will set cookies and session data then return true. If they are not valid it simply returns false. ************/ function validateUser($pUsername, $pPassword) { // See if the username and password are valid. $sql = "SELECT * FROM users WHERE username = '" . mysql_real_escape_string($pUsername) . "' AND password = '" . hashPassword($pPassword, SALT1, SALT2) . "' LIMIT 1"; $query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error()); // If one row was returned, the user was logged in! if (mysql_num_rows($query) == 1) { $row = mysql_fetch_assoc($query); $_SESSION['username'] = $row['username']; $_SESSION['userID'] = $row['userID']; $_SESSION['password'] = $row['password']; $_SESSION['loggedin'] = true; return true; } return false; } ?> USERS TABLE ID username password firstname surname 1 rich 12345 Richard Branson 2 alan 67898 Lord Sugar
  8. Hi, wish somebody can help me T_T I'm little bit confused how to make user log-in based on country or territory, what I'm talking about is like this: The User table is: id_user | username | password | level | id_country The Country table is: id | country_name And when user login, there's a data entry form and there is a drop-down/combo-box in a form, that filled with user countries, like this: Country: [____] --> This part is automatically filled/disabled field if a user log-in with their username based on level and countries. Province: [____] --> This is a chained combo-box from countries City: [____] --> Also this chained to Province What I mean is, when user's log-in with their country id, so the "Country Combo-Box" will be automatically filled and disabled. So user can't choose another country, only their country based on username and territories. Thank you for all your help. Best regards, Kris I have this scripts: login_form.php <div><center> <form name="logForm" method="post" action="login_validation.php"> <table class="table-list" width="500" border="0" cellpadding="2" cellspacing="1" bgcolor="#999999"> <tr> <td width="106" rowspan="5" align="center" bgcolor="#CCCCCC"><img src="images/padlock.png" width="116" height="75" /></td> <th colspan="2" bgcolor="#CCCCCC"><b>LOGIN FORM </b></td> </tr> <tr> <td width="117" bgcolor="#FFFFFF"><b>Username</b></td> <td width="263" bgcolor="#FFFFFF"><b>: <input name="txtUser" type="text" size="30" maxlength="20" /> </b></td> </tr> <tr> <td bgcolor="#FFFFFF"><b>Password</b></td> <td bgcolor="#FFFFFF"><b>: <input name="txtPassword" type="password" size="30" maxlength="20" /> </b></td> </tr> <tr> <td bgcolor="#FFFFFF"><b>Access Level</b></td> <td bgcolor="#FFFFFF"><b>: <select name="comboLevel"> <option value="BLANK">- Choose -</option> <?php $level = array("operator", "admin"); foreach ($level as $p) { if ($_POST['comboLevel']==$p) { $check="selected"; } else { $check = ""; } echo "<option value='$p' $check>$p</option>"; } ?> </select> </b></td> </tr> <tr> <td bgcolor="#FFFFFF"> </td> <td bgcolor="#FFFFFF"><input type="submit" name="btnLogin" value=" Login " /></td> </tr> </table> </form> </center></div> and this validation script: login_validation.php <?php if(isset($_POST['btnLogin'])){ $msgError = array(); if ( trim($_POST['txtUser'])=="") { $pesanError[] = "Username </b> cannot empty !"; } if (trim($_POST['txtPassword'])=="") { $msgError[] = "Password </b> cannot empty !"; } if (trim($_POST['comboLevel'])=="BLANK") { $msgError[] = "Level</b> not picked !"; } $txtUser = $_POST['txtUser']; $txtUser = str_replace("'","´",$txtUser); $txtPassword=$_POST['txtPassword']; $txtPassword= str_replace("'","´",$txtPassword); $comboLevel =$_POST['comboLevel']; if (count($msgError)>=1 ){ echo "<div class='mssgBox'>"; echo "<img src='images/exclamation.png'> <br><hr>"; $noMsg=0; foreach ($msgError as $index=>$show_msg) { $noMsg++; echo " $noMsg. $show_msg<br>"; } echo "</div> <br>"; include "login.php"; } else { $loginSql = "SELECT * FROM user WHERE username='".$txtUser."' AND password='".md5($txtPassword)."' AND level='$comboLevel'"; $loginQry = mysql_query($loginSql, $conndb) or die ("Query Error : ".mysql_error()); if (mysql_num_rows($loginQry) >=1) { $loginData = mysql_fetch_array($loginQry); $_SESSION['SES_LOGIN'] = $loginData['id_user']; $_SESSION['SES_USER'] = $loginData['username']; if($comboLevel=="admin") { $_SESSION['SES_ADMIN'] = "admin"; } if($comboLevel=="operator") { $_SESSION['SES_OPERATOR'] = "operator"; } // Refresh echo "<meta http-equiv='refresh' content='0; url=?page=Main-Page'>"; } else { echo "You Not Login As ".$_POST['comboLevel']; } } } ?> Thank you for all help.... T_T thank you..
  9. Hi experts,I have the following problem.I have a file login.php which is used to allow users to log in.When the form is submitted it is redirected to checkuserlogin.php.If the credentials are right he is redirected to main.php.But in main.php if the user clicks back browser button,he is redirected to login.php and in login.php if he presses forward button,he is redirected to main.php.Can any one tell he how to make sure the application is not redirected to main.php when user presses forward button and how to make sure the application is not redirected to login.php when user presses back button.
  10. hey guys, HOpe you can help me. I need a code about "Lock out after serveral attemps", and "Change password after first login"
  11. My sign in code called activation is the script called activation.php. my login page is login.php and my profile page is the landing page once a successful login in attempt is made. the activation.php is the issue as i us the form in sign.php to login but the activation.php doesn't redirect me to the sign in page once a fail attempt is made or it doesn't redirect me to my profile page once a successful login in attempt is made. The following link has the code:https://gist.github.com/confusedstudent21/410f04991691f485e6c28d1e4050e13a where is it going wrong?
  12. i want to display 'Welcome userid!' after user has successfully logged in. I managed to display it after successfully logged in, but when the user key in the wrong userid and password, the 'Welcome userid' is also displayed. What should i do about it? Below are my coding: login.html processLogin.php index.html
  13. Hi everyone I am building a CRM system/invoicing system in my spare time and on this system I have 2 login pages (there is a reason but its long). one for the CRM system and one for the invoicing section. They bother work perfectly well but I have a really annoying issue, If I were to store the login information to chrome passwords for example to the CRM system It would auto suggest to the other login and vice versa. This wouldn't be a problem but the CRM login is username based, the invoicing section is login by email for additional security. they're both called login.php the two files are /htdocs/login.php and /htdocs/invoicing/login.php I added a remember me cookie to the CRM system in hope that this would get around the issue but unfortunately the chrome saved information over rides this, I also tried autocomplete="off" as I am using bootstrap as a framework. How can I get around this?
  14. I am trying to create a remote login to one website using mine. The users will need to enter their username and password on my site, and if they are registered to my website, their login credentials will be sent to another website and a page will be retrieved. I am stuck at sending the users' data to the original site. The original site's viewsource is this.. <form method=post> <input type="hidden" name="action" value="logon"> <table border=0> <tr> <td>Username:</td> <td><input name="username" type="text" size=30></td> </tr> <tr> <td>Password:</td> <td><input name="password" type="password" size=30></td> </tr> <td></td> <td align="left"><input type=submit value="Sign In"></td> </tr> <tr> <td align="center" colspan=2><font size=-1>Don't have an Account ?</font> <a href="?action=newuser"><font size=-1 color="#0000EE">Sign UP Now !</font></a></td> </tr> </table> I have tried this code, but not works. <?php $username="username"; $password="password"; $url="http://www.example.com/index.php"; $postdata = "username=".$username."&password=".$password; $ch = curl_init(); curl_setopt ($ch, CURLOPT_URL, $url); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"); curl_setopt ($ch, CURLOPT_TIMEOUT, 60); curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ch, CURLOPT_REFERER, $url); curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata); curl_setopt ($ch, CURLOPT_POST, 1); $result = curl_exec ($ch); header('Location: track.html'); //echo $result; curl_close($ch); ?> Any help would be appreciated, Thanks in advance.
  15. Hello there, I have this as login in function for an application. function login($username, $password) { $db =& $this->db; Kit::ClassLoader('userdata'); if (Config::Version('DBVersion') < 62) { // We can't do CSPRNG because the field doesn't exist, so we need to do standard user login // This can ONLY happen during an upgrade. $dbh = PDOConnect::init(); $sth = $dbh->prepare('SELECT UserID, UserName, UserPassword, UserTypeID FROM `user` WHERE UserName = :userName'); $sth->execute(array('userName' => $username)); $rows = $sth->fetchAll(); if (count($rows) != 1) { setMessage(__('Username or Password incorrect')); return false; } $userInfo = $rows[0]; // Check the password using a MD5 if ($userInfo['UserPassword'] != md5($password)) { setMessage(__('Username or Password incorrect')); return false; } } else { // Get the SALT for this username if (!$userInfo = $db->GetSingleRow(sprintf("SELECT UserID, UserName, UserPassword, UserTypeID, CSPRNG FROM `user` WHERE UserName = '%s'", $db->escape_string($username)))) { setMessage(__('Username or Password incorrect')); return false; } // User Data Object to check the password $userData = new Userdata($db); // Is SALT empty if ($userInfo['CSPRNG'] == 0) { // Check the password using a MD5 if ($userInfo['UserPassword'] != md5($password)) { setMessage(__('Username or Password incorrect')); return false; } // Now that we are validated, generate a new SALT and set the users password. $userData->ChangePassword(Kit::ValidateParam($userInfo['UserID'], _INT), null, $password, $password, true /* Force Change */); } else { // Check the users password using the random SALTED password if ($userData->validate_password($password, $userInfo['UserPassword']) === false) { setMessage(__('Username or Password incorrect')); return false; } } } // there is a result so we store the userID in the session variable $_SESSION['userid'] = Kit::ValidateParam($userInfo['UserID'], _INT); $_SESSION['username'] = Kit::ValidateParam($userInfo['UserName'], _USERNAME); $_SESSION['usertype'] = Kit::ValidateParam($userInfo['UserTypeID'], _INT); // Set the User Object $this->usertypeid = $_SESSION['usertype']; $this->userid = $_SESSION['userid']; // update the db // write out to the db that the logged in user has accessed the page $SQL = sprintf("UPDATE user SET lastaccessed = '" . date("Y-m-d H:i:s") . "', loggedin = 1 WHERE userid = %d", $_SESSION['userid']); $db->query($SQL) or trigger_error(__('Can not write last accessed info.'), E_USER_ERROR); // Switch Session ID's global $session; $session->setIsExpired(0); $session->RegenerateSessionID(session_id()); return true; } i am trying to squeeze in an alternative authentication for users on ldap as such if local authentication fails // alternativelly validate against Tivoli Directory server $ldap_host = "www.zflexldap.com:389"; $password = "password"; // Tivoli Directory DN $ldap_dn = "ou=users,ou=guests,dc=zflexsoftware,dc=com"; // connect to active directory $ldap = ldap_connect($ldap_host) or die("Couldn't connect to LDAP Server"); //username specified on post form is from TDS server // $dn = "uid=".$username.","; $dn = "uid=guest1,ou=users,ou=guests,dc=zflexsoftware,dc=com"; ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); // verify user and password if($bind = @ldap_bind($ldap, $dn, $password)) all attempts thou has been breaking the application. thanks
  16. I am using this https://github.com/ircmaxell/password_compat I have no problem using it on a local server. But as soon as I test it on a live server, it gives me an error like this. Parse error: syntax error, unexpected '{' in /home/public_html/sub/snippets/password.php on line 19 The error is on the same line as the beginning of the code in that library. Why is this happening?
  17. Hi Guys. I have a problem. If I try to log on my side with Facebook come the error: Forbidden You don't have permission to access /login.php on this server. The normal login works however. Here is my .htaccess file: ServerSignature Off <FilesMatch "\.(flv|gif|jpg|jpeg|png|ico|css)$"> # Header set Cache-Control "max-age=2592000, public" </FilesMatch> RewriteEngine on # 6G BLACKLIST/FIREWALL (beta) # @ http://perishablepress.com/6g-beta/ # Last updated 1/28/2013 # Edited for use with YourArcadeScript # Last YAS update 4/14/2013 # 6G:[REQUEST STRINGS] <ifModule mod_alias.c> RedirectMatch 403 /(\$|\*)/?$ RedirectMatch 403 (?i)([a-zA-Z0-9]{60}) RedirectMatch 403 (?i)(https?|ftp|php)\:/ RedirectMatch 403 (?i)(\"|\.|\_|\&|\&amp)$ RedirectMatch 403 (?i)(\=\\\'|\=\\%27|/\\\'/?)\. RedirectMatch 403 (?i)/(([0-9]{5})|([0-9]{6}))\-([0-9]{10})\.(gif|jpg|png) #RedirectMatch 403 (?i)(\,|//|\)\+|/\,/|\{0\}|\(/\(|\+\+\+|\||\\\"\\\") RedirectMatch 403 (?i)\.(asp|bash|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf|well) RedirectMatch 403 (?i)/(^$|1|addlink|btn_hover|contact?|dkscsearch|dompdf|easyboard|ezooms|formvars|fotter|fpw|i|imagemanager|index1|install|iprober|legacy\-comments|join|js\-scraper|mapcms|mobiquo|phpinfo|phpspy|pingserver|playing|postgres|product|register|scraper|shell|signup|single\-default|t|sqlpatch|test|textboxes.css|thumb|timthumb|topper|tz|ucp_profile|visit|webring.docs|webshell|)\.php RedirectMatch 403 (?i)/(\=|\$\&|\_mm|administrator|auth|bytest|cachedyou|cgi\-|cvs|config\.|crossdomain\.xml|dbscripts|e107|etc/passwd|function\.array\-rand|function\.parse\-url|livecalendar|localhost|makefile|muieblackcat|release\-notes|rnd|sitecore|tapatalk|wwwroot) RedirectMatch 403 (?i)(\$\(this\)\.attr|\_vti\_|\(null\)|$itemURL|ask/data/ask|com\_crop|document\)\.ready\(fu|echo.*kae|eval\(|fckeditor\.htm|function.parse|function\(\)|gifamp|hilton.ch|index.php\&amp\;quot|jfbswww|monstermmorpg|msnbot\.htm|netdefender/hui|phpMyAdmin/config|proc/self|skin/zero_vote|/spaw2?|text/javascript|this.options) </ifModule> # 6G:[QUERY STRINGS] <IfModule mod_rewrite.c> RewriteCond %{REQUEST_URI} !^/$ [NC] RewriteCond %{QUERY_STRING} (mod|path|tag)= [NC,OR] # {too small kills captcha image} RewriteCond %{QUERY_STRING} ([a-z0-9]{75}) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR] RewriteCond %{QUERY_STRING} (\?|\*|;|'|"|\)|\[|\]|=\\\'$|%0A|%0D|%22|%27|%3C|%00|%2e%2e) [NC,OR] RewriteCond %{QUERY_STRING} (benchmark|boot.ini|declare|drop|echo.*kae|environ|etc/passwd|execute|input_file|insert|md5|mosconfig|scanner|select|union) [NC] RewriteRule .* - [F,L] </IfModule> # 6G:[USER AGENTS] <ifModule mod_setenvif.c> SetEnvIfNoCase User-Agent ^$ keep_out SetEnvIfNoCase User-Agent (<|>|'|<|%0A|%0D|%27|%3C|%3E|%00|href\s) keep_out SetEnvIfNoCase User-Agent (archiver|binlar|casper|checkprivacy|clshttp|cmsworldmap|comodo|curl|diavol|dotbot|email|extract|feedfinder|flicky|grab|harvest|httrack|ia_archiver|jakarta|kmccrew|libwww|loader|miner|nikto|nutch|planetwork|purebot|pycurl|python|scan|skygrid|sucker|turnit|vikspider|wget|winhttp|youda|zmeu|zune) keep_out <limit GET POST PUT> Order Allow,Deny Allow from all Deny from env=keep_out </limit> </ifModule> # 6G:[REFERRERS] <IfModule mod_rewrite.c> RewriteCond %{HTTP_REFERER} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_REFERER} ([a-z0-9]{42}) [NC] RewriteRule .* - [F] </IfModule> # 6G:[BAD IPS] <Limit GET POST PUT> Order Allow,Deny Allow from all # uncomment/edit/repeat next line to block IPs # Deny from 123.456.789 </Limit> ####################### ## YAS 2.5.1 URL Rewrites ####################### RewriteRule page-(.*)\.html$ index.php?act=$1&id&page=$2 RewriteRule edit-profile.html$ index.php?act=editprofile RewriteRule "^game/([0-9]+)/(.*)\.html$" index.php?act=game&id=$1 [Last] RewriteRule category/([0-9]+)/([0-9]+)\.html$ index.php?act=cat&id=$1&page=$2 #RewriteRule category/(.*)-([0-9]+)/page([0-9]+)\.html$ index.php?act=cat&id=$2&page=$3 RewriteRule forumtopics/(.*)/(.*)\.html$ index.php?act=forumtopics&id=$1 [Last] RewriteRule terms.html$ index.php?act=terms RewriteRule aboutus.html$ index.php?act=aboutus RewriteRule contactus.html$ index.php?act=contactus RewriteRule members.html$ index.php?act=members RewriteRule news.html$ index.php?act=news RewriteRule links.html$ index.php?act=links RewriteRule addlink.html$ index.php?act=addlink RewriteRule editavatar.html$ index.php?act=editavatar RewriteRule favourites.html$ index.php?act=favourites RewriteRule profile.html$ index.php?act=profile RewriteRule register.html$ index.php?act=register RewriteRule forgotpassword.html$ index.php?act=forgotpassword RewriteRule members/(.*)\.html$ index.php?act=members&page=$1 RewriteRule showmember/(.*)\.html$ index.php?act=showmember&id=$1 RewriteRule shownews/(.*)\.html$ index.php?act=shownews&id=$1 RewriteRule links/(.*)\.html$ index.php?act=links&page=$1 RewriteRule favourites/(.*)\.html$ index.php?act=favourites&page=$1 RewriteRule download.html$ index.php?act=download RewriteRule download/(.*)\.html$ index.php?act=download&page=$1 RewriteRule unsubscribe.html$ index.php?act=unsubscribe RewriteRule mostplayed.html$ index.php?act=mostplayed RewriteRule mostplayed/(.*).html$ index.php?act=mostplayed&page=$1 [L] RewriteRule newest.html$ index.php?act=newest RewriteRule newest/(.*)\.html$ index.php?act=newest&page=$1 [L] RewriteRule toprated.html$ index.php?act=toprated RewriteRule toprated/(.*)\.html$ index.php?act=toprated&page=$1 [L] RewriteRule tellafriend.html$ index.php?act=tellafriend RewriteRule videos.html$ index.php?act=videos RewriteRule videos/(.*)\.html$ index.php?act=videos&page=$1 RewriteRule all-categories.html$ index.php?act=allcategories RewriteRule all-categories/(.*)\.html$ index.php?act=allcategories&page=$1 RewriteRule most-played.html$ index.php?act=mostplayed RewriteRule random.html$ index.php?act=random RewriteRule search/(.*)/page(.*)$ index.php?act=search&q=$1&page=$2 RewriteRule career.html$ index.php?act=career RewriteRule faq.html$ index.php?act=faq RewriteRule privacy.html$ index.php?act=privacy RewriteRule forum.html$ index.php?act=forum RewriteRule forumcats.html$ index.php?act=forumcats RewriteRule forumcats/(.*)/(.*)\.html$ index.php?act=forumcats&id=$1&page=$2 RewriteRule recentsearches.html$ index.php?act=recentsearches RewriteRule createtopic-([0-9]+).html$ index.php?act=createtopic&cat=$1 RewriteRule submitgame.html$ index.php?act=submitgame #RewriteRule forgotpassword.php$ index.php?act=forgotpassword RewriteRule pass_reset_complete.html$ index.php?act=pass_reset_complete I would be very glad if someone could help me. I'm sorry for my English, I'm from Germany.
  18. I wanted to create a simpe secured login form. after hours of googling i found tat using these will help 1.PDO statements. 2.session_hijackin soultions 3.password protection with salt My questions... 1.what else more should i add?? 2.i want to know if i want to use ajax here, will that make my site less-secured? if so, how do i use send data to check to db via ajax in a secured way?? Help plssss........... huge, loads of thanks in advances...
  19. Hi there PHPFreaks, phreak3r here again. The thread I posted yesterday has been solved. If any staff come across this, please lock it to prevent further discussion; I would appreciate that, please and thank you! I am back with another problem! This forum is all contained in one page. I am doing a very basic login system for now (I will add in everything else in later) and it does not work. I go to submit the forum and the values are displayed in the url after the page refreshes. Here's the code for the login.php script involved: <?php 2 include('header.php'); 3 require('dbcon/dbcon.php'); 4 ?> 5 6 <?php 7 if (isset($_POST['submit'])) { 8 $username = mysqli_real_escape_string($conn, $_POST['username']); 9 $password = mysqli_real_escape_string($conn, $_POST['password']); 10 $sql = "SELECT * FROM profile0 WHERE username = '$username' "; 11 $query = mysqli_query($conn, $sql); 12 13 if (mysqli_num_rows($query) == 1) { 14 // init session 15 // redirect to new page 16 header('main.php'); 17 } 18 } 19 ?> 20 21 <!DOCTYPE html> 22 <html> 23 <head> 24 <title>soapbox - log in</title> 25 </head> 26 <body> 27 <form action="login.php" method"POST"> 28 <br><input type="text" name="username" placeholder="Username"><br> 29 <br><input type="password" name="password" placeholder="Password"><br> 30 <input type="submit" name="submit" value="Submit"> 31 </form> 32 </body> 33 </html> EDIT: No errors in the error log.
  20. Hi I have a question about generating a unique access token. I have read a lot on the internet about just using the php 'random_bytes' function. However I have found a scenario (although highly unlikely) where a session could potentially be hijacked. User 1 logs in and gets an access token of 'abcdef' (simplifying things). User 1 uses the system for a period of time but the token expires but doesn't get refreshed yet (as user 1 is idle) (so client still has access token stored on client). In the mean time User 1 decides to use a different device to login to their account which generates a new access token 'zxcvbn'. But then User 2 logs in and they get an access token of 'abcdef' as it is unique (like I say highly unlikely but still possible). Then User 1 goes back to their original device and tries to resume session (client still has 'abcdef' as an access token so it sends that to the server which then it finds it but is actually now against a different user), and then hijacks User 2's session unknowingly. What is the best way around this, what about always adding the internal user ID number to the token to make sure it will always be against the same user (and always truly unique for that user)? So we would end up with 'abcdef1' for user 1 and User 2s access token would be 'abcdef2' if the above scenario was to occur so we would never get a potential hijack of sessions? I know this sounds convoluted but just wanted peoples thoughts?
  21. Sorry for many posts, trying to make my website When I press the register button on my website it will just act as if the page is refreshing and not send any information to mysql I believe I have connected everything up correctly, can anyone tell my what I have done wrong please? If you want to check out the website to see what is going on check out www.jokestary.comli.com <?php //This function will display the registration form function register_form(){ $date = date('D, M, Y'); echo "<form action='?act=register' method='post'>" ."Username: <input type='text' name='username' size='30'><br>" ."Password: <input type='password' name='password' size='30'><br>" ."Confirm your password: <input type='password' name='password_conf' size='30'><br>" ."Email: <input type='text' name='email' size='30'><br>" ."<input type='hidden' name='date' value='$date'>" ."<input type='submit' value='Register'>" ."</form>"; } //This function will register users data function register(){ //Connecting to database include('connect.php'); if(!$connect){ die(mysql_error()); } //Selecting database $select_db = mysql_select_db("database", $connect); if(!$select_db){ die(mysql_error()); } //Collecting info $username = $_REQUEST['username']; $password = $_REQUEST['password']; $pass_conf = $_REQUEST['password_conf']; $email = $_REQUEST['email']; $date = $_REQUEST['date']; //Here we will check do we have all inputs filled if(empty($username)){ die("Please enter your username!<br>"); } if(empty($password)){ die("Please enter your password!<br>"); } if(empty($pass_conf)){ die("Please confirm your password!<br>"); } if(empty($email)){ die("Please enter your email!"); } //Let's check if this username is already in use $user_check = mysql_query("SELECT username FROM users WHERE username='$username'"); $do_user_check = mysql_num_rows($user_check); //Now if email is already in use $email_check = mysql_query("SELECT email FROM users WHERE email='$email'"); $do_email_check = mysql_num_rows($email_check); //Now display errors if($do_user_check > 0){ die("Username is already in use!<br>"); } if($do_email_check > 0){ die("Email is already in use!"); } //Now let's check does passwords match if($password != $pass_conf){ die("Passwords don't match!"); } //If everything is okay let's register this user $insert = mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')"); if(!$insert){ die("There's little problem: ".mysql_error()); } echo $username.", you are now registered. Thank you!<br><a href=login.php>Login</a> | <a href=index.php>Index</a>"; } switch($act){ default; register_form(); break; case "register"; register(); break; } ?> Here is the connect.php code <?php $hostname="mysql6.000webhost.com"; //local server name default localhost $username="a5347792_users"; //mysql username default is root. $password=""; //blank if no password is set for mysql. $database="a5347792_users"; //database name which you created $con=mysql_connect($hostname,$username,$password); if(! $con) { die('Connection Failed'.mysql_error()); } mysql_select_db($database,$con); ?>
  22. Unfortunately my ideas out pace my skills. I have a database that I would like certain people to access their own info, but nobody else's. It's not super sensitive info and won't mean much to anyone other than the end user but we don't like the idea of others accessing it so we'd like to put some protection on it. What I was hoping for is a dropdown list (there's about 30 or so clients that would be in a mysql table) where they can pick out their name, then text box for the password. When they hit submit button it would lead them to their own page with a table and their own info from a mysql table. I can get each one of these details to work separately, but I'm having trouble putting them all together (the password is where things get muddled). Can anyone point me to a place where they've already figured this out? Thanks!
  23. Hi Everyone So I've been recently working on a script which will store login IP's and ban them on failed attempts Although I have a little problem, for some reason it doesnt redirect to the banned page when they should be, unless there is a successful login or if they come off of the login page so they can keep bruteforcing as much as they like all the time they stay on that page. Have i got something wrong? please bear in mind I haven't put in place when login successful remove the warnings count. here is the login.php <!DOCTYPE html> <?php require ('../Functions/functions.php'); require('../database/pdo_connection.php'); //first lets get the IP that logged in $login_ip = $_SERVER['REMOTE_ADDR']; securityBanCheck($login_ip); if (isset($_POST['Login'])) { //Set session timeout to 2 weeks session_set_cookie_params(1*7*24*60*60); session_start(); $error=''; // Currently A Blank Error Message $username=$_POST['userName']; //Grab the hash $selectPasswordHash = "SELECT username,secret FROM MC_users WHERE email=email=:username OR username=:username"; $hashresult= $pdo->prepare($selectPasswordHash); $hashresult->bindParam(':username', $username); $hashresult->execute(); $row = $hashresult->fetch(PDO::FETCH_ASSOC); $hash = $row['secret']; //got the hash //lets verify it if (password_verify($_POST['password'],$hash) === true){ //login correct $login_user = $row['username']; //Set the Session $_SESSION['login_user']=$login_user; // Redirect to dashboard.php header ("Location: ../dashboard.php"); } else { $error = 'Username or Password in invalid'; $error2 = 'Try Logging in with your email instead'; //Bruteforce Detection //lets check if there is already warnings $checkWarnings = "SELECT Warning_count FROM MC_login_security WHERE Warning_count > 0 AND Login_IP=:loginIP ORDER BY Timestamp DESC"; $warningsResult = $pdo->prepare($checkWarnings); $warningsResult->bindParam(':loginIP',$login_ip); $warningsResult->execute(); $warningAmount = 1; $banTime = 0; if ($warningsResult->rowCount() > 0){ $warningRow = $warningsResult->fetch(PDO::FETCH_ASSOC); $warningRowCount = $warningRow['Warning_count']; $warningAmount = $warningRowCount + 1; securityBanCheck($login_ip); } //Lets log this in the DB $insertWarning = "INSERT INTO MC_login_security (Login_user_name,Login_IP,Warning_count,timestamp) VALUES (:loginUser,:Login_ip,:warningAmount,:dateToday)"; $insertResult = $pdo->prepare($insertWarning); $insertResult->execute(array(':loginUser'=>$username, ':Login_ip'=>$login_ip, ':warningAmount'=>$warningAmount, ':dateToday'=>date('Y-m-d H:i:s'))); } } //Lastly if the user is logged in, point them back to the Dashboard if(isset($_SESSION['login_user'])){ header("location: ../dashboard.php");} ?> the security check function which is called at the start of the login page AND if the password is entered incorrectly function securityBanCheck($login_ip){ //call the url function for redirects url(); $todaysDate = date('Y-m-d H:i:s'); require (PHP_PATH .'/database/pdo_connection.php'); $checkBan = "SELECT Warning_count,Timestamp,Ban_time FROM MC_login_security WHERE Warning_count > 4 AND Login_IP=:loginIP ORDER BY Timestamp DESC"; $checkResult = $pdo->prepare($checkBan); $checkResult->bindParam(':loginIP',$login_ip); $checkResult->execute(); if ($checkResult->rowCount() > 0){ $banRow = $checkResult->fetch(PDO::FETCH_ASSOC); $warningCount = $banRow['Warning_count']; $timeStamp = $banRow['Timestamp']; $bantime = $banRow['Ban_time']; echo "did we get here?"; //if theyre banned direct them to the banned page and stop this script from going any further if ($bantime > $todaysDate){ header('Location: '. SERVER_PATH .'banned.php'); die(); } //if theyre currently not banned check their warnings and if needed add a ban. if ($warningCount == 4){ $bantime = date('Y-m-d H:i:s', strtotime($timeStamp . '+1 hour')); echo $bantime; }elseif ($warningCount == 9){ $bantime = date('Y-m-d H:i:s', strtotime($timeStamp . '+1 day')); }elseif ($warningCount == 14){ $bantime = date('Y-m-d H:i:s', strtotime($timeStamp . '+1 month')); } //ultimately if we got to this stage we would be adding a ban $insertBanTime = "UPDATE MC_login_security SET Ban_time = :banTime WHERE Login_IP = :loginIP ORDER BY Timestamp DESC"; $banResult = $pdo->prepare($insertBanTime); $banResult->execute(array(':banTime'=>$bantime, ':loginIP'=>$login_ip));; } } Any help given is greatly appreciated and i thank everyone in advance for all the support I get form this amazing forum. thanks Mooseh
  24. somebody have an example or reference for PHP code that make login to a website and handle with the redirection after? thanks!
  25. Im having a problem with login system. its telling me my username and password are wrong when i know they are not. here is my login.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <meta charset="UTF-8"> <title>Server 2 Server | Log in</title> <meta content='width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no' name='viewport'> <!-- Bootstrap 3.3.4 --> <link href="bootstrap/css/bootstrap.min.css" rel="stylesheet" type="text/css" /> <!-- Font Awesome Icons --> <link href="https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" type="text/css" /> <!-- Theme style --> <link href="dist/css/AdminLTE.min.css" rel="stylesheet" type="text/css" /> <!-- iCheck --> <link href="plugins/iCheck/square/blue.css" rel="stylesheet" type="text/css" /> <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries --> <!-- WARNING: Respond.js doesn't work if you view the page via file:// --> <!--[if lt IE 9]> <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script> <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> <![endif]--> </head> <body class="login-page"> <div class="login-box"> <div class="login-logo"> <a href="../../index2.html"><b>Server</b>2SERVER</a> </div><!-- /.login-logo --> <div class="login-box-body"> <p class="login-box-msg">Sign in to view the control panel</p> <?php if(!empty($_GET['msg'])) { $msg = $_GET['msg']; //GET the message if($msg!=''): echo '<p>'.$msg.'</p>'; endif; } ?> <form action="check_login.php" method="post"> <div class="form-group has-feedback"> <input type="text" class="form-control" placeholder="Email" name="username" id="username"/> <span class="glyphicon glyphicon-envelope form-control-feedback"></span> </div> <div class="form-group has-feedback"> <input type="password" class="form-control" placeholder="Password" name="password" id="password"/> <span class="glyphicon glyphicon-lock form-control-feedback"></span> </div> <div class="row"> <div class="col-xs-8"> </div><!-- /.col --> <div class="col-xs-4"> <button type="submit" class="btn btn-primary btn-block btn-flat">Sign In</button> </div><!-- /.col --> </div> </form> <a href="#">I forgot my password</a><br> </div><!-- /.login-box-body --> </div><!-- /.login-box --> <!-- jQuery 2.1.4 --> <script src="../../plugins/jQuery/jQuery-2.1.4.min.js"></script> <!-- Bootstrap 3.3.2 JS --> <script src="../../bootstrap/js/bootstrap.min.js" type="text/javascript"></script> <!-- iCheck --> <script src="../../plugins/iCheck/icheck.min.js" type="text/javascript"></script> <script> $(function () { $('input').iCheck({ checkboxClass: 'icheckbox_square-blue', radioClass: 'iradio_square-blue', increaseArea: '20%' // optional }); }); </script> </body> </html> check_login.php <?php define(DOC_ROOT,dirname(__FILE__)); // To properly get the config.php file $username = $_POST['username']; //Set UserName $password = $_POST['password']; //Set Password $msg =''; if(isset($username, $password)) { ob_start(); include(DOC_ROOT.'/config.php'); //Initiate the MySQL connection // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($username); $mypassword = stripslashes($password); $myusername = mysqli_real_escape_string($dbC, $myusername); $mypassword = mysqli_real_escape_string($dbC, $mypassword); $sql="SELECT * FROM login_admin WHERE user_name='$myusername' and user_pass=SHA('$mypassword')"; $result=mysqli_query($dbC, $sql); // Mysql_num_row is counting table row $count=mysqli_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "dashboard.php" session_register("admin"); session_register("password"); $_SESSION['name']= $myusername; header("location:dashboard.php"); } else { $msg = "Wrong Username or Password. Please retry"; header("location:login.php?msg=$msg"); } ob_end_flush(); } else { header("location:login.php?msg=Please enter a username and password"); } ?> it just keeys telling my my password and user and incorrect please help
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.