Jump to content

Archived

This topic is now archived and is closed to further replies.

Pudgemeister

Noobie Stuff: Very Basics Explained Easily

Recommended Posts

Right, I didn't mean to say that MySQL doesn't have ANY comparison operators, just not the two which were in the script.  AND and OR must be used.

Share this post


Link to post
Share on other sites
ok-thank you.

il try to understand the technical stuff as well in that case.

thanx for info people

Share this post


Link to post
Share on other sites
ok.

if ne1 is getting annoyed with me getting this wrong-please give up.

but i have done what you have said and now it just shows a blank page.

the code is now this and i am confident it is right according to what u said.

[code]<?php

include ("dbinfo.inc.php");

$username=$_POST['username'];
$password=$_POST['password'];

$query_1="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result_1=mysql_query($query_1) or die(mysql_error());
$num=mysql_num_rows($result_1); // returns numbers of matches found.

if ($num===0) {
    echo 'Your Password And/Or Username Are Not Correct-Please Try Again <a href="index.php">Here</a>';
    } else {
$query_2="SELECT id FROM users WHERE username = '$username' AND password = '$password'";
$result_2=mysql_query($query_2) or die(mysql_error());
$id=mysql_fetch_array($result_2); // returns the data found-hopefully.
echo $row['id'];
};
?>[/code]

blank page-no id from id field.

i know i know its my fault.

i am still working on it and reading your posts after i send this

Share this post


Link to post
Share on other sites
That should be $id['id'] instead of $row['id'];  There is no $row array in your script.

Share this post


Link to post
Share on other sites
try echoing $query2 inside your else statement so we can see exactly what is being queried to the database, that way we can also see if the else statement is being executed.

Share this post


Link to post
Share on other sites
all working fine!!!!!

thank u all so much-uve taught me alot today.

thanx for all your help-if you come across any info that peeps might wana know please post it in here still so everyone can find it.

cheers all

Pudgemeister

Share this post


Link to post
Share on other sites
Hi All Again.

im having a prob with the sessions now.

im confused about it all.

i know i have to have session_start() at the top of every page right under <?php and not have any echos or prints near it.

but its the variable set and everything i dont understand.

this is the two pages where the sessions are involved:

[u][b]login.php:[/b][/u]

[code]<?php

include ("dbinfo.inc.php");

$username=$_POST['username'];
$password=$_POST['password'];

$query_1="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result_1=mysql_query($query_1) or die(mysql_error());
$num=mysql_num_rows($result_1); // returns numbers of matches found.

if ($num===0) {
    echo "Your Password And/Or Username Are Not Correct-Please Try Again <a href=\"index.php\">Here</a>";
}else {
$query_2 = "SELECT id FROM users WHERE username = '$username' AND password = '$password';";
$result_2 = mysql_query($query_2);
$id = mysql_fetch_array($result_2); // returns the data found-hopefully.
$_SESSION[$id['id']] = '$username';
echo 'You Are Now Logged In, Click <a href="logged_in.php">Here</a> to Gain Access To Your Account';
};
?>[/code]


[u][b]logged_in.php:[/b][/u]

[code]<?php
session_start();
$_SESSION[$id['id']] = '$username';
echo 'You Are Now Logged In';
?>[/code]

i think ive got things muddles up.


basically-login.php handles the login data inputted by the user to find the data in the database and to make sure they have registered and logged_in.php is my test page which should only be viewable by logged in users.

as it is at the moment-logged_in.php is viewable to everyone.

cheers for reading.

Pudgemeister

Share this post


Link to post
Share on other sites
I dont quite understand what you are trying to do with the sessions, so im going to modify your code a little but. Ill comment it.

login.php
[code]
<?php
session_start();
include ("dbinfo.inc.php");

$username=$_POST['username'];
$password=$_POST['password'];

$query_1="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result_1=mysql_query($query_1) or die(mysql_error());
$num=mysql_num_rows($result_1); // returns numbers of matches found.

if ($num===0) {
    echo "Your Password And/Or Username Are Not Correct-Please Try Again <a href=\"index.php\">Here</a>";
}else {
$query_2 = "SELECT id FROM users WHERE username = '$username' AND password = '$password';";
$result_2 = mysql_query($query_2);
$num = mysql_num_rows($result_2);//the number of rows the search returns
if($num > 1){//This is to check the user exists. If there are less than 1 rows, the query found no matches
echo 'Incorrect login information';
exit;
}
$row = mysql_fetch_array($result_2); // returns the data found-hopefully. Renamed to $row to avoid confusion
$_SESSION['username'] = $row['username'];//this prevents and issues of capitilisation. MySQL is case insenstive whereas php is not. This will put the username from the database into the session.
echo 'You Are Now Logged In, Click <a href="logged_in.php">Here</a> to Gain Access To Your Account';
};
?>
[/code]

logged_in.php:
[code]
<?php
session_start();
if(empty($_SESSION['username'])){//if there is nothing in the session
echo 'you are not logged in';
exit;//quit the page so they cant view anything else
}else{
echo 'You Are Now Logged In';
}
?>
[/code]

Share this post


Link to post
Share on other sites
HORAY! YES! THANK U THANK U THANK U!

i can now start my project!!!!!

YEHAA!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Share this post


Link to post
Share on other sites
what the hell???

it worked once for me and when my mate tried, once for him.

now whenever we try it again even with the right details-it first sais "you are logged in-click here to continue" on login.php and then on logged_in.php it sais "you are not logged in".

this is the code in the two files:

login.php

[code]<?php
session_start();
include ("dbinfo.inc.php");

$username=$_POST['username'];
$password=$_POST['password'];

$query_1="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result_1=mysql_query($query_1) or die(mysql_error());
$num=mysql_num_rows($result_1); // returns numbers of matches found.

if ($num===0) {
    echo "Your Password And/Or Username Are Not Correct-Please Try Again <a href=\"index.php\">Here</a>";
}else {
$query_2 = "SELECT id FROM users WHERE username = '$username' AND password = '$password';";
$result_2 = mysql_query($query_2);
$num = mysql_num_rows($result_2);//the number of rows the search returns
if($num > 1){//This is to check the user exists. If there are less than 1 rows, the query found no matches
echo 'Incorrect login information';
exit;
}
$row = mysql_fetch_array($result_2); // returns the data found-hopefully. Renamed to $row to avoid confusion
$_SESSION['username'] = $num['username'];//this prevents and issues of capitilisation. MySQL is case insenstive whereas php is not. This will put the username from the database into the session.
echo 'You Are Now Logged In, Click <a href="logged_in.php">Here</a> to Gain Access To Your Account';
};
?>[/code]

logged_in.php

[code]<?php
session_start();
if(empty($_SESSION['username'])){//if there is nothing in the session
echo 'you are not logged in';
exit;//quit the page so they cant view anything else
}else{
echo 'You Are Now Logged In';
}
?>[/code]


whats up?

Share this post


Link to post
Share on other sites
I believe this:
[code]$_SESSION['username'] = $num['username'];[/code]
is supposed to be:
[code]$_SESSION['username'] = $row['username'];[/code]
$num was created from mysql_num_rows. mysql_num_rows doesnt return an array of the rows. Where as $row was created from mysql_fetch_array which returns an array. So it a case of using the wrong variable.

Also whoever wrote this:
[code]//this prevents and issues of capitilisation. MySQL is case insenstive whereas php is not. This will put the username from the database into the session.[/code]
What do you mean?

Share this post


Link to post
Share on other sites
ok i see whats going on now (what you said was correct yes)

but after i have logged in, if i close the page, and try to login again, it wil take me to login.php saying i am loged in, but then take me to logged_in.php saying im not.

how can i fix this??

i need the pages to remember im logged in, including the form page.

Share this post


Link to post
Share on other sites
Looking at your login.php code, its a bit bloated. Try this:
[code]<?php

// check username and password POST vars exists first, before continuing
if(isset($_POST['username']) && isset($_POST['password']))
{
    session_start();

    include ("dbinfo.inc.php");

    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);

    $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
    $result = mysql_query($sql) or die(mysql_error());

    // returns numbers of matches found.
    $users = mysql_num_rows($result);

    // if there was 1 result returned, user has successfully logged in
    if ($users == 1)
    {
        $row = mysql_fetch_assoc($result);

        $_SESSION['userid'] = $row['id'];
        $_SESSION['username'] = $row['username'];

        header("Redirect=5; URL=logged_in.php");

        echo "You are logged in! You\'ll be automatically redirected in 5 secounds. ";
        echo 'Or click <a href="logged_in.php">here</a> if you are impatient';
    }
    // user was not logged in, username/password combo incorrect
    else
    {
        echo 'Your Password and/or Username are incorrect<br />Please try agin<br /><br /><a href="index.php">Here</a>';
    }
}
else
{
    die("You have either come to this page in error or you did not fill in the login form!");
}

?>[/code]

Share this post


Link to post
Share on other sites
WOW WTF!?

ok im a noob and i dont understand whats happened but it seems like ive been logged into the entire folder now! which...IS SOOO GD!!!! FURTHER THAN I EVER EXPECTED TO GET BY NOW!!

THANK U VERY MUCH :D:D:D:D:D:D:D:D:D

Share this post


Link to post
Share on other sites
Hi Again All.

I Need To Know How To Send Data Through The Links And Addresses In My Site And Have The Information Envrypted But Be Able To Decrypt It On The Pages I Need To Use It.

on this page i want to send the username and password through variables in the address while keeping them encrypted.

login.php:

[code]
<?php

// check username and password POST vars exists first, before continuing
if(isset($_POST['username']) && isset($_POST['password']))
{
    session_start();

    include ("dbinfo.inc.php");

    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);
$encrypted_un = crypt($username);
$encrypted_pw = crypt($password);

    $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
    $result = mysql_query($sql) or die(mysql_error());

    // returns numbers of matches found.
    $users = mysql_num_rows($result);

    // if there was 1 result returned, user has successfully logged in
    if ($users == 1)
    {
        $row = mysql_fetch_assoc($result);

        $_SESSION['userid'] = $row['id'];
        $_SESSION['username'] = $row['username'];

        header("Redirect=5; URL=logged_in.php");

        echo "You are logged in! You'll be automatically redirected in 5 secounds. ";
        echo 'Or click <a href="island_home.php?un=$encrypted_un&pw=$encrypted_pw">here</a> if you are impatient';
    }
    // user was not logged in, username/password combo incorrect
    else
    {
        echo 'Your Password and/or Username are incorrect<br />Please try agin<br /><br /><a href="index.php">Here</a>';
    }
}
else
{
    die("You have either come to this page in error or you did not fill in the login form!");
}

?>
[/code]


and in this file i want to be able to pull the encrypted username and password from the address, decrypt them, and make them into variables again in this file for more simple use throughout the file.

island_home.php:

[code]
<?php
session_start();
if(empty($_SESSION['username'])){//if there is nothing in the session
echo 'You are not logged in.';
exit;//quit the page so they cant view anything else
}else{
echo 'Welcome To Island Home Base';
}
?>
[/code]

i have had a bash at doign it but not had any success.
the code for everything else works but i dont understand what the mysql_real_escape_string, and mysql_fetch_assoc functions are-if they could be explained it would be helpful also.

cheers

Pudgemeister

Share this post


Link to post
Share on other sites
well-put it this way.

I need the username and password encrypted in the adress so they can bepulled from it and used.

how can i do that?

Share this post


Link to post
Share on other sites
This is an example of a way to get you started to encode and decode ok.

I do not say that the code i have provided is safe but can be used in considration that all users are not php programmers as the code is esay to decode as you can see but a normall internet user would not no what to do to unencode this code  ok.

good luck.

[code]

<?php

echo "<br>work encoded<br>";

$message="this is a way to encode your php work";

$message_encoded=base64_encode($message);

echo "<br>$message_encoded<br>";


echo "<br>work decoded<br>";


echo base64_decode($message_encoded);

?>
[/code]

Share this post


Link to post
Share on other sites
thanx for that-i now need to know how to use variables (while encoded) to send them through the address so i can get them to the next page

Share this post


Link to post
Share on other sites
test.php

[code]

<?php session_start();


$message="this is a way to encode your php work";


$message_encoded=base64_encode($message);

echo "<br>this has been encodded via php<br>";

echo $message_encoded;

echo "<br>";

$mess=$_SESSION['mess']=$message_encoded;

echo" <br> lets see it decoded via the link using a session.<br>";

echo"<a href='test_result.php'>get the decoded message</a>";

?>
[/code]

test_result.php
[code]
<?php session_start();

echo"this message has been decoded via php <br>";

echo base64_decode($mess);

?>

[/code]

Share this post


Link to post
Share on other sites
umm ok not the way of taking the data through i was looking for but what the hell it does the same job lol.

cheers wil now try

Share this post


Link to post
Share on other sites
hmmmmm i dont know-id still rather have it go through the address

anyone know how to?

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.