pojr Posted June 8, 2008 Share Posted June 8, 2008 Okay, I own http://www.dan92.yfma.com/ (supposed to be Chankys.com, but someone stole my domain name the day I tried to register; it was apparently a friend from another site). Everything on there so far is going pretty good, but now, I am in a pickle. I don't know how to login to accounts, and if I ever were to, I wouldn't know how to stay logged in. Could someone give me a hand? Quote Link to comment Share on other sites More sharing options...
pojr Posted June 9, 2008 Author Share Posted June 9, 2008 Bump. Quote Link to comment Share on other sites More sharing options...
blueman378 Posted June 9, 2008 Share Posted June 9, 2008 so many include errors.... anyway have you got a user management system at all? Quote Link to comment Share on other sites More sharing options...
keeB Posted June 9, 2008 Share Posted June 9, 2008 Looks like his site got hacked Quote Link to comment Share on other sites More sharing options...
pojr Posted June 9, 2008 Author Share Posted June 9, 2008 I do. Hang on, let me update the site. I accidentally moved some file around. Quote Link to comment Share on other sites More sharing options...
serverman Posted June 9, 2008 Share Posted June 9, 2008 you know altho i hate IE i use it anyways on this computer. it is the number one used browser over firefox. you really should make your site look good in IE and Firefox because it is said that over 52% is IE and 39% is firefox and rest is other (info from http://www.w3schools.com/browsers/browsers_stats.asp ) and im sure its not hard to do afew changes. Quote Link to comment Share on other sites More sharing options...
blueman378 Posted June 9, 2008 Share Posted June 9, 2008 ok well obviously you have the ability to register, but people cant login after this? so whaty you will need to do is have a form which the user enters thier username and password, this form is then sent to a page which queries the database to check if a row is there that has a username and password equal to what they have entered, if this is true then log them in otherwise tell them bad password/username if it is true you will then want to set sessions with the details of the user, eg username, id, and any other information, you will also want to set a session called logged_in or something similar so you can check if a user is logged in, you then use these variables all over the site, to check if the user is logged in use a if statement, if($_SESSION[logged_in] == 1) { logged in info } else { not logged in info } be sure to on every page that a user wil have access to add session_start(); at the VERY top hope this helps, Matt Quote Link to comment Share on other sites More sharing options...
pojr Posted June 10, 2008 Author Share Posted June 10, 2008 I just gave a login script a shot. It failed. Why did it? Here's the script: mysql_connect("localhost", "dan92_happy", "XXXXXXXXXXXX") or die(mysql_error()); mysql_select_db("dan92_admin") or die(mysql_error()); $name = $_POST['username']; $pass = $_POST['password']; $namepass = "$name $password"; $results = mysql_query("SELECT * FROM user WHERE nm='$name' ORDER BY id") or die(mysql_error()); $id = $_POST['id']; while($row = mysql_fetch_array( $results )) { echo "Attempting to log onto "; echo $row['nm']; echo "..."; $nm = $row['nm']; $pw = $row['pwl']; } $nmpw = "$nm $pw"; if ( $namepass == $nmpw ) { echo "<h1>Success!</h1> <p>You have logged into your account. Now you can post on the forums.</p>"; $usr = intval($_COOKIE['usr']); setcookie('usr', $usr = $nm, strtotime('+30 days')); } else { echo "<h1>Failure!</h1> <p>You were unsuccessful in logging in. Please try again.</p>"; } ?> You can try making an account, and logging in to http://www.dan92.yfma.com/forums/ (The form is way down at the bottom), but even with the correct password and user name input, the login always results failure. 'login.php' uses the code I had just place on this message. Quote Link to comment Share on other sites More sharing options...
blueman378 Posted June 10, 2008 Share Posted June 10, 2008 well that doesnt really make sense, try something like <?php mysql_connect("localhost", "dan92_happy", "XXXXXXXXXXXX") or die(mysql_error()); mysql_select_db("dan92_admin") or die(mysql_error()); $name = $_POST['username']; $pass = $_POST['password']; $results = mysql_query("SELECT * FROM user WHERE nm='$name' AND pass='$pass'") or die(mysql_error()); $num_rows = mysql_num_rows($results; if($num_rows == 1) { echo "<h1>Success!</h1> <p>You have logged into your account. Now you can post on the forums.</p>"; while($user = mysql_fetch_array($results)) { $_SESSION[username] = $user[nm]; $_SESSION[id] = $user[id]; $_SESSION[level] = $user[level]; $_SESSION[logged_in] = 1; } } else { echo "Bad Username/Password Combination"; } ?> and at the start of all pages have Session_Start(); and then heres a example to show guest if the user is not logged in or show a username if they are logged in, and lets say your levels are 1 = normal user 2 = admin <?php Session_Start(); echo "Welcome"; if($_SESSION[logged_in] == 1) { echo "$_SESSION[username] <a href=\"profile.php?id=$_SESSION[id]\">My Profile</a> || <a href=\"logout.php">Logout</a>"; if($_SESSION[level] == 2) { echo "<br><a href=\"admin/index.php\">Admin Center</a>"; } } else { echo "Guest"; } ?> i took out the cookies as untill you have a basic login system dont bother messing with cookies, ive assumed alot of your column names but im guessing it should be relativily correct. so yeah try that tell me if it works or not, you can add cookies in later once you have it working basically Quote Link to comment Share on other sites More sharing options...
pojr Posted June 10, 2008 Author Share Posted June 10, 2008 Wow; you're my hero. I had to change a few things around to make it function, and make it custom, so it works perfectly. Quote Link to comment Share on other sites More sharing options...
FlyingIsFun1217 Posted June 10, 2008 Share Posted June 10, 2008 In that case, just echo out all PHP errors. FlyingIsFun1217 Quote Link to comment Share on other sites More sharing options...
blueman378 Posted June 10, 2008 Share Posted June 10, 2008 glad i could help, i must point out however that this is very basic, interms of security its unsecure, youll need to add in things like mysql injection protection, md5ing passwords ect Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.