tecmeister Posted May 25, 2008 Share Posted May 25, 2008 Hi, I have seem to have already asked this question. But the script that i used didn't seem to work. This is the script that im using. Login page <form name="form1" method="post" action="checklogin.php"> <td width="872"> <table width="26%" border="0" cellpadding="3" cellspacing="1" bgcolor="" align="right"> <tr> <td colspan="3"> </td> </tr> <tr> <td width="58">Username</td> <td width="3">:</td> <td width="174"><input name="username" type="text" id="username"></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="password" type="password" id="password"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="Submit" value="Login"> <a href="register.html">Register</a></td> </tr> </table> </td> </form> checklogin page <?php session_start(); $_SESSION['username']; ?> <?php //Database Information $dbhost = "localhost"; $dbname = "**********"; $dbuser = "**********"; $dbpass = "********"; // Connect to server and select databse. mysql_connect("$dbhost", "$dbname", "$dbpass")or die("cannot connect"); mysql_select_db("$dbname")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['username']; $mypassword=$_POST['password']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM members WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("username"); session_register("password"); echo "login Successful"; } else { echo "Wrong Username or Password"; } ?> All of the script that i have done so far works fine. It is the members only page. Member only page <?php session_start(); if (isset($_SESSION['username'])) { } else { echo "SORRY YOU ARE AUTHORIZED TO VEIW THIS SITE!!!"; } ?> It comes up with SORRY YOU ARE AUTHORIZED TO VEIW THIS SITE!!! Please will you be able to help me and tell me where i have gone wrong. Thanks for your help, tecmeister Quote Link to comment https://forums.phpfreaks.com/topic/107242-solved-members-access-only/ Share on other sites More sharing options...
.josh Posted May 25, 2008 Share Posted May 25, 2008 so uh, how do you get from your login page to your member only page? Quote Link to comment https://forums.phpfreaks.com/topic/107242-solved-members-access-only/#findComment-549852 Share on other sites More sharing options...
tecmeister Posted May 26, 2008 Author Share Posted May 26, 2008 Sorry i missed out header("location:Members Page/index.php"); Quote Link to comment https://forums.phpfreaks.com/topic/107242-solved-members-access-only/#findComment-549863 Share on other sites More sharing options...
redarrow Posted May 26, 2008 Share Posted May 26, 2008 add the redirect ok also consider md5() for password..... <?php session_start(); $dbhost = "localhost"; $dbname = "**********"; $dbuser = "**********"; $dbpass = "********"; mysql_connect("$dbhost", "$dbname", "$dbpass")or die("cannot connect"); mysql_select_db("$dbname")or die("cannot select DB"); $mypassword = mysql_real_escape_string(stripslashes($_POST['password'])); $myusername = mysql_real_escape_string(stripslashes($_POST['username'])); $sql="SELECT * FROM members WHERE username='$myusername' AND password='$mypassword'"; $result=mysql_query($sql)or die(mysql_error()); if(mysql_num_rows($result)==1){ while($row=mysql_fetch_assoc($result)){ $_SESSION['username']=$row['username']; $_SESSION['password']=$row['password']; echo "login Successful"; exit; } }else{ echo "Wrong Username or Password"; exit; } ?> <?php session_start(); if( (! $_SESSION['username'] )|| (! $_SESSION['password']) ){ echo "SORRY YOU ARE AUTHORIZED TO VEIW THIS SITE!!!"; exit; }else{ echo " user ".$_SESSION['username']." loged in.... "; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/107242-solved-members-access-only/#findComment-549878 Share on other sites More sharing options...
tecmeister Posted May 26, 2008 Author Share Posted May 26, 2008 Thank you so much. I would use md5 (), but it gives the user a 15 digit password and i dont think that they will be able to remember the password that they were given. Much appreciated for your help. Quote Link to comment https://forums.phpfreaks.com/topic/107242-solved-members-access-only/#findComment-549892 Share on other sites More sharing options...
redarrow Posted May 26, 2008 Share Posted May 26, 2008 A user get sent a defult password then the user can change it i hope .......... Quote Link to comment https://forums.phpfreaks.com/topic/107242-solved-members-access-only/#findComment-549893 Share on other sites More sharing options...
tecmeister Posted May 26, 2008 Author Share Posted May 26, 2008 This is all new to me. So what script will i need for the users to be able to change the password. Also so i will be be asking how to create a page where the user can get their profile. Quote Link to comment https://forums.phpfreaks.com/topic/107242-solved-members-access-only/#findComment-549933 Share on other sites More sharing options...
ohdang888 Posted May 26, 2008 Share Posted May 26, 2008 that ok that it creates a long set of digits... md5 the password before you insert it into the Database... for example... lets say someone enters their password in as "bored" then when you insert it into the db, you actually just insert the md5 of it (23452345234 e.i.) then when they log in, you run the md5 of waht they entered to what is in the database.... Quote Link to comment https://forums.phpfreaks.com/topic/107242-solved-members-access-only/#findComment-549941 Share on other sites More sharing options...
Chezshire Posted May 26, 2008 Share Posted May 26, 2008 Hello, Two Questions: One - shouldn't the initial warning read 'SORRY YOU ARE NOT AUTHORIZED TO VEIW THIS SITE!!!" instead of reading [i[sORRY YOU ARE AUTHORIZED TO VEIW THIS SITE!!!"; [/i] TWO: What exactly is 'MD5'? What does it mean? Why would you do this? ('i'm a complete novice so i always have dumb questions.) thanks for any insights! Quote Link to comment https://forums.phpfreaks.com/topic/107242-solved-members-access-only/#findComment-550259 Share on other sites More sharing options...
wrathican Posted May 26, 2008 Share Posted May 26, 2008 MD5 is a way of encrypting a string. personally i would use SHA1 hashing because its more secure. in relation to the actual topic: tech, the user does not need to remember the hashed password as long as you hash the password they post from the form. //user registers so first you would generate a password encrypt it store in db pass gets sent to the user //when a user logs in post the password to the login script hash it retrieve the password from the db compare the db pass and hashed posted password set session if they match to enable the user to change their password all you need to do is perform a mysql update query it is advisable for the change password form to contain three password boxes, current pass, new pass, confirm new pass. //to change a password user submits the form hash the old password check the pass against db pass check both new passwords match hash the new password update the database good luck Quote Link to comment https://forums.phpfreaks.com/topic/107242-solved-members-access-only/#findComment-550278 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.