Jump to content

Noobie Stuff: Very Basics Explained Easily


Pudgemeister

Recommended Posts

  • Replies 117
  • Created
  • Last Reply

Top Posters In This Topic

ok.

if ne1 is getting annoyed with me getting this wrong-please give up.

but i have done what you have said and now it just shows a blank page.

the code is now this and i am confident it is right according to what u said.

[code]<?php

include ("dbinfo.inc.php");

$username=$_POST['username'];
$password=$_POST['password'];

$query_1="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result_1=mysql_query($query_1) or die(mysql_error());
$num=mysql_num_rows($result_1); // returns numbers of matches found.

if ($num===0) {
    echo 'Your Password And/Or Username Are Not Correct-Please Try Again <a href="index.php">Here</a>';
    } else {
$query_2="SELECT id FROM users WHERE username = '$username' AND password = '$password'";
$result_2=mysql_query($query_2) or die(mysql_error());
$id=mysql_fetch_array($result_2); // returns the data found-hopefully.
echo $row['id'];
};
?>[/code]

blank page-no id from id field.

i know i know its my fault.

i am still working on it and reading your posts after i send this
Link to comment
Share on other sites

Hi All Again.

im having a prob with the sessions now.

im confused about it all.

i know i have to have session_start() at the top of every page right under <?php and not have any echos or prints near it.

but its the variable set and everything i dont understand.

this is the two pages where the sessions are involved:

[u][b]login.php:[/b][/u]

[code]<?php

include ("dbinfo.inc.php");

$username=$_POST['username'];
$password=$_POST['password'];

$query_1="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result_1=mysql_query($query_1) or die(mysql_error());
$num=mysql_num_rows($result_1); // returns numbers of matches found.

if ($num===0) {
    echo "Your Password And/Or Username Are Not Correct-Please Try Again <a href=\"index.php\">Here</a>";
}else {
$query_2 = "SELECT id FROM users WHERE username = '$username' AND password = '$password';";
$result_2 = mysql_query($query_2);
$id = mysql_fetch_array($result_2); // returns the data found-hopefully.
$_SESSION[$id['id']] = '$username';
echo 'You Are Now Logged In, Click <a href="logged_in.php">Here</a> to Gain Access To Your Account';
};
?>[/code]


[u][b]logged_in.php:[/b][/u]

[code]<?php
session_start();
$_SESSION[$id['id']] = '$username';
echo 'You Are Now Logged In';
?>[/code]

i think ive got things muddles up.


basically-login.php handles the login data inputted by the user to find the data in the database and to make sure they have registered and logged_in.php is my test page which should only be viewable by logged in users.

as it is at the moment-logged_in.php is viewable to everyone.

cheers for reading.

Pudgemeister
Link to comment
Share on other sites

I dont quite understand what you are trying to do with the sessions, so im going to modify your code a little but. Ill comment it.

login.php
[code]
<?php
session_start();
include ("dbinfo.inc.php");

$username=$_POST['username'];
$password=$_POST['password'];

$query_1="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result_1=mysql_query($query_1) or die(mysql_error());
$num=mysql_num_rows($result_1); // returns numbers of matches found.

if ($num===0) {
    echo "Your Password And/Or Username Are Not Correct-Please Try Again <a href=\"index.php\">Here</a>";
}else {
$query_2 = "SELECT id FROM users WHERE username = '$username' AND password = '$password';";
$result_2 = mysql_query($query_2);
$num = mysql_num_rows($result_2);//the number of rows the search returns
if($num > 1){//This is to check the user exists. If there are less than 1 rows, the query found no matches
echo 'Incorrect login information';
exit;
}
$row = mysql_fetch_array($result_2); // returns the data found-hopefully. Renamed to $row to avoid confusion
$_SESSION['username'] = $row['username'];//this prevents and issues of capitilisation. MySQL is case insenstive whereas php is not. This will put the username from the database into the session.
echo 'You Are Now Logged In, Click <a href="logged_in.php">Here</a> to Gain Access To Your Account';
};
?>
[/code]

logged_in.php:
[code]
<?php
session_start();
if(empty($_SESSION['username'])){//if there is nothing in the session
echo 'you are not logged in';
exit;//quit the page so they cant view anything else
}else{
echo 'You Are Now Logged In';
}
?>
[/code]
Link to comment
Share on other sites

what the hell???

it worked once for me and when my mate tried, once for him.

now whenever we try it again even with the right details-it first sais "you are logged in-click here to continue" on login.php and then on logged_in.php it sais "you are not logged in".

this is the code in the two files:

login.php

[code]<?php
session_start();
include ("dbinfo.inc.php");

$username=$_POST['username'];
$password=$_POST['password'];

$query_1="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result_1=mysql_query($query_1) or die(mysql_error());
$num=mysql_num_rows($result_1); // returns numbers of matches found.

if ($num===0) {
    echo "Your Password And/Or Username Are Not Correct-Please Try Again <a href=\"index.php\">Here</a>";
}else {
$query_2 = "SELECT id FROM users WHERE username = '$username' AND password = '$password';";
$result_2 = mysql_query($query_2);
$num = mysql_num_rows($result_2);//the number of rows the search returns
if($num > 1){//This is to check the user exists. If there are less than 1 rows, the query found no matches
echo 'Incorrect login information';
exit;
}
$row = mysql_fetch_array($result_2); // returns the data found-hopefully. Renamed to $row to avoid confusion
$_SESSION['username'] = $num['username'];//this prevents and issues of capitilisation. MySQL is case insenstive whereas php is not. This will put the username from the database into the session.
echo 'You Are Now Logged In, Click <a href="logged_in.php">Here</a> to Gain Access To Your Account';
};
?>[/code]

logged_in.php

[code]<?php
session_start();
if(empty($_SESSION['username'])){//if there is nothing in the session
echo 'you are not logged in';
exit;//quit the page so they cant view anything else
}else{
echo 'You Are Now Logged In';
}
?>[/code]


whats up?
Link to comment
Share on other sites

I believe this:
[code]$_SESSION['username'] = $num['username'];[/code]
is supposed to be:
[code]$_SESSION['username'] = $row['username'];[/code]
$num was created from mysql_num_rows. mysql_num_rows doesnt return an array of the rows. Where as $row was created from mysql_fetch_array which returns an array. So it a case of using the wrong variable.

Also whoever wrote this:
[code]//this prevents and issues of capitilisation. MySQL is case insenstive whereas php is not. This will put the username from the database into the session.[/code]
What do you mean?
Link to comment
Share on other sites

ok i see whats going on now (what you said was correct yes)

but after i have logged in, if i close the page, and try to login again, it wil take me to login.php saying i am loged in, but then take me to logged_in.php saying im not.

how can i fix this??

i need the pages to remember im logged in, including the form page.
Link to comment
Share on other sites

Looking at your login.php code, its a bit bloated. Try this:
[code]<?php

// check username and password POST vars exists first, before continuing
if(isset($_POST['username']) && isset($_POST['password']))
{
    session_start();

    include ("dbinfo.inc.php");

    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);

    $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
    $result = mysql_query($sql) or die(mysql_error());

    // returns numbers of matches found.
    $users = mysql_num_rows($result);

    // if there was 1 result returned, user has successfully logged in
    if ($users == 1)
    {
        $row = mysql_fetch_assoc($result);

        $_SESSION['userid'] = $row['id'];
        $_SESSION['username'] = $row['username'];

        header("Redirect=5; URL=logged_in.php");

        echo "You are logged in! You\'ll be automatically redirected in 5 secounds. ";
        echo 'Or click <a href="logged_in.php">here</a> if you are impatient';
    }
    // user was not logged in, username/password combo incorrect
    else
    {
        echo 'Your Password and/or Username are incorrect<br />Please try agin<br /><br /><a href="index.php">Here</a>';
    }
}
else
{
    die("You have either come to this page in error or you did not fill in the login form!");
}

?>[/code]
Link to comment
Share on other sites

Hi Again All.

I Need To Know How To Send Data Through The Links And Addresses In My Site And Have The Information Envrypted But Be Able To Decrypt It On The Pages I Need To Use It.

on this page i want to send the username and password through variables in the address while keeping them encrypted.

login.php:

[code]
<?php

// check username and password POST vars exists first, before continuing
if(isset($_POST['username']) && isset($_POST['password']))
{
    session_start();

    include ("dbinfo.inc.php");

    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);
$encrypted_un = crypt($username);
$encrypted_pw = crypt($password);

    $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
    $result = mysql_query($sql) or die(mysql_error());

    // returns numbers of matches found.
    $users = mysql_num_rows($result);

    // if there was 1 result returned, user has successfully logged in
    if ($users == 1)
    {
        $row = mysql_fetch_assoc($result);

        $_SESSION['userid'] = $row['id'];
        $_SESSION['username'] = $row['username'];

        header("Redirect=5; URL=logged_in.php");

        echo "You are logged in! You'll be automatically redirected in 5 secounds. ";
        echo 'Or click <a href="island_home.php?un=$encrypted_un&pw=$encrypted_pw">here</a> if you are impatient';
    }
    // user was not logged in, username/password combo incorrect
    else
    {
        echo 'Your Password and/or Username are incorrect<br />Please try agin<br /><br /><a href="index.php">Here</a>';
    }
}
else
{
    die("You have either come to this page in error or you did not fill in the login form!");
}

?>
[/code]


and in this file i want to be able to pull the encrypted username and password from the address, decrypt them, and make them into variables again in this file for more simple use throughout the file.

island_home.php:

[code]
<?php
session_start();
if(empty($_SESSION['username'])){//if there is nothing in the session
echo 'You are not logged in.';
exit;//quit the page so they cant view anything else
}else{
echo 'Welcome To Island Home Base';
}
?>
[/code]

i have had a bash at doign it but not had any success.
the code for everything else works but i dont understand what the mysql_real_escape_string, and mysql_fetch_assoc functions are-if they could be explained it would be helpful also.

cheers

Pudgemeister
Link to comment
Share on other sites

This is an example of a way to get you started to encode and decode ok.

I do not say that the code i have provided is safe but can be used in considration that all users are not php programmers as the code is esay to decode as you can see but a normall internet user would not no what to do to unencode this code  ok.

good luck.

[code]

<?php

echo "<br>work encoded<br>";

$message="this is a way to encode your php work";

$message_encoded=base64_encode($message);

echo "<br>$message_encoded<br>";


echo "<br>work decoded<br>";


echo base64_decode($message_encoded);

?>
[/code]
Link to comment
Share on other sites

test.php

[code]

<?php session_start();


$message="this is a way to encode your php work";


$message_encoded=base64_encode($message);

echo "<br>this has been encodded via php<br>";

echo $message_encoded;

echo "<br>";

$mess=$_SESSION['mess']=$message_encoded;

echo" <br> lets see it decoded via the link using a session.<br>";

echo"<a href='test_result.php'>get the decoded message</a>";

?>
[/code]

test_result.php
[code]
<?php session_start();

echo"this message has been decoded via php <br>";

echo base64_decode($mess);

?>

[/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.