Search the Community
Showing results for tags 'user authentication'.
-
Below code is working fine but i need to redirect on 3 different pages and its giving me error. My table structure is as User table Email Password admin@yahoo.com 123 tariq@yahoo.com 987 bilal@yahoo.com 456 if user name is like; admin@yahoo.com the page should redirect on welcome.php if user name is like; info@aiousoft.com the page should redirect to welcome2.php and if user doesnot exist in database then give error as ELSE "user doesnot exist" thanks signin.php <html><head><title>Sign In</title></head><body> <?php include 'header.php'; ?> <?php include 'menu.php'; ?> <center> <form method="post" action="checklogin.php"> <h3>Please Signin</h3> <table width="400" border="0"> <tr><td>Email</td> <td><input name="email" type="text" id="email"></td></tr> <tr><td>Password</td> <td><input name="password" type="password" id="password"></td></tr> </table> <p><label> <input type="submit" email="submit" value="Submit"> </label><input email="reset" type="reset"> </p> </form> </center> </body> </html> checklogin.php <html><head><title>Check Login</title></head><body> <?php include 'header.php'; include 'menu.php'; $email=$_POST['email']; $password=$_POST['password']; @ $db = mysql_pconnect('localhost', 'root', ''); if (!$db) { echo 'Error: Could not connect to database. Please try again later.'; exit;} mysql_select_db('car'); $q=mysql_query("select * from user where email='".$email."' and password='".$password."' ") or die(mysql_error()); $res=mysql_fetch_row($q); if($res) { header('location:welcome.php'); } else { echo' Please signin again as your user name and password is not valid'; } ?> </body> </html> header.php menu.php
-
<?php /*** begin the session ***/ session_start(); if(!isset($_SESSION['user_id'])) { $message = 'You must be logged in to access this page'; } else { try { /*** connect to database ***/ /*** mysql hostname ***/ $mysql_hostname = 'localhost'; /*** mysql username ***/ $mysql_username = 'root'; /*** mysql password ***/ $mysql_password = 'root'; /*** database name ***/ $mysql_dbname = 'login'; /*** select the users name from the database ***/ $dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password); /*** $message = a message saying we have connected ***/ /*** set the error mode to excptions ***/ $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); /*** prepare the insert ***/ $stmt = $dbh->prepare("SELECT phpro_username FROM phpro_users WHERE phpro_user_id = :phpro_user_id"); /*** bind the parameters ***/ $stmt->bindParam(':phpro_user_id', $_SESSION['user_id'], PDO::PARAM_INT); /*** execute the prepared statement ***/ $stmt->execute(); /*** check for a result ***/ $phpro_username = $stmt->fetchColumn(); /*** if we have no something is wrong ***/ if($phpro_username == false) { $message = 'Access Error'; } else { $message = 'Welcome '.$phpro_username; } } catch (Exception $e) { /*** Error!! ***/ $message = 'We are unable to process your request. Please try again later"'; } } ?> <html> <head> <title>My Account</title> <link rel="stylesheet" type="text/css" href="css/main.css" /> </head> <body> <h3><?php echo $message; ?></h3> </body> </html> members.php <html> <head> <title>Log in</title> </head> <body> <h2>Login Here</h2> <form action="login_submit.php" method="post"> <fieldset> <p> <label for="phpro_username">Username</label> <input type="text" id="phpro_username" name="phpro_username" value="" maxlength="20" /> </p> <p> <label for="phpro_password">Password</label> <input type="text" id="phpro_password" name="phpro_password" value="" maxlength="20" /> </p> <p> <input type="submit" value="Login" /> </p> </fieldset> </form> </body> </html> login.php <?php /*** begin our session ***/ session_start(); /*** check if the users is already logged in ***/ if(isset( $_SESSION['user_id'] )) { $message = 'Users is already logged in'; } /*** check that both the username, password have been submitted ***/ if(!isset( $_POST['phpro_username'], $_POST['phpro_password'])) { $message = 'Please enter a valid username and password'; } /*** check the username is the correct length ***/ elseif (strlen( $_POST['phpro_username']) > 20 || strlen($_POST['phpro_username']) < 4) { $message = 'Incorrect Length for Username'; } /*** check the password is the correct length ***/ elseif (strlen( $_POST['phpro_password']) > 20 || strlen($_POST['phpro_password']) < 4) { $message = 'Incorrect Length for Password'; } /*** check the username has only alpha numeric characters ***/ elseif (ctype_alnum($_POST['phpro_username']) != true) { /*** if there is no match ***/ $message = "Username must be alpha numeric"; } /*** check the password has only alpha numeric characters ***/ elseif (ctype_alnum($_POST['phpro_password']) != true) { /*** if there is no match ***/ $message = "Password must be alpha numeric"; } else { /*** if we are here the data is valid and we can insert it into database ***/ $phpro_username = filter_var($_POST['phpro_username'], FILTER_SANITIZE_STRING); $phpro_password = filter_var($_POST['phpro_password'], FILTER_SANITIZE_STRING); /*** now we can encrypt the password ***/ $phpro_password = sha1( $phpro_password ); /*** connect to database ***/ /*** mysql hostname ***/ $mysql_hostname = 'localhost'; /*** mysql username ***/ $mysql_username = 'root'; /*** mysql password ***/ $mysql_password = 'root'; /*** database name ***/ $mysql_dbname = 'login'; try { $dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password); /*** $message = a message saying we have connected ***/ /*** set the error mode to excptions ***/ $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); /*** prepare the select statement ***/ $stmt = $dbh->prepare("SELECT phpro_user_id, phpro_username, phpro_password FROM phpro_users WHERE phpro_username = :phpro_username AND phpro_password = :phpro_password"); /*** bind the parameters ***/ $stmt->bindParam(':phpro_username', $phpro_username, PDO::PARAM_STR); $stmt->bindParam(':phpro_password', $phpro_password, PDO::PARAM_STR, 40); /*** execute the prepared statement ***/ $stmt->execute(); /*** check for a result ***/ $user_id = $stmt->fetchColumn(); /*** if we have no result then fail boat ***/ if($user_id == false) { $message = 'Login Failed'; } /*** if we do have a result, all is well ***/ else { /*** set the session user_id variable ***/ $_SESSION['user_id'] = $user_id; /*** tell the user we are logged in ***/ $message = 'You are now logged in'; } } catch(Exception $e) { /*** if we are here, something has gone wrong with the database ***/ $message = 'We are unable to process your request. Please try again later"'; } } ?> <html> <head> </head> <body> <p><?php echo $message; ?> </body> </html> login_sumbit.php I am unable to see the $message = 'Welcome '.$phpro_username; that the successful login should be generating
- 10 replies
-
- php
- authentication
-
(and 2 more)
Tagged with:
-
Dear friends, I am using the XML-RPC Server to implement a simple login authentication as a web service . So I wrote a function in wp-includes\class-wp-xmlrpc-server.php like function web_auth($host, $db, $dbuser, $dbpass, $username, $password) { $dbhandle = mysql_connect($host, $dbuser, $dbpass) or die("Unable to connect to MySQL"); $selected = mysql_select_db($db,$dbhandle) or die("Could not select database"); //$md5_password = md5($password); $md5_password = wp_hash_password($password); $result = mysql_query("SELECT count(*) AS total FROM wp_users WHERE user_login='$username' AND user_pass='$md5_password' AND user_status=0"); $data=mysql_fetch_assoc($result); //echo "SELECT count(*) AS total FROM wp_users WHERE user_login='$username' AND user_pass='$md5_password' AND user_status=0"; //die($data['total']); if($data['total'] == 1) { return true; } return false; } But the password hash mechanism is not make things proper. Please help me to find the exact password in line $md5_password = wp_hash_password($password); Waiting your fast reply Thanks, Anes