Jump to content

Members Pages / Login Question

Jaguar83

By Jaguar83
in PHP Coding Help

Recommended Posts

Jaguar83 Newbie

Jaguar83

Posted
Posted

Hi all-

 

First of all, this is my first post. Thanks for the great service everyone provides each other here. I'm a bit of a novice with php but I think I have the general idea down, etc. Anyways, onto my question...

 

I am trying to create a members side of my website in which you register a username / password and use this to access members pages. If you do not enter the correct password, you are redirected to the login page, etc. I am attempting to accomplish this (without worrying about encryption just yet) using cookies that I create and checking the login / password against a MySQL database. I'm setting up the DB correctly. Bare in mind that I'm leaving out a lot of code with the conditional statements such as 'no blank username allowed' and so on and I left almost all of the HTML out as well.

 

Onto the code...

 

Login Page:

<?php
	if (isset($_COOKIE['tm'])) {
		setcookie('tm', NULL, time()-3600);
	}

	echo '<p>Please enter your login information:</p>
		<p>Note: Cookies must be enabled.</p>';
	if (isset($_COOKIE['tmloginfail'])) {
		echo '<p><font color="Red">Incorrect email / password. Please re-enter.</font></p>';
	}
	echo '<form method="post" action="members.php">
		<table>		
			<tr><td>Email</td>
			<td><input type="text" id="email" name="email" /></td></tr>
			<tr><td>Password</td>
			<td><input type="password" id="pass" name="pass" /></td></tr>
			<tr><td><input type="submit" value="Submit" name="submit" /></td></tr>
		</table>
		</form>
		<p>First time user? Please <a href="register.php">register here</a>.</p>';
?>

 

Initial Members Page:

 

<?php
//Login/Pass Authenticator/Redirector
session_start();
$email = $_POST['email'];
$pass = $_POST['pass'];

$hostname = "localhost";
$username = "root";
$password = "";
$database = "truck_db";

$dbc = mysqli_connect ($hostname, $username, $password, $database)
	or die ('Error connecting to MySQL Server.');

$query_email_check = "SELECT user_email  
	FROM account";

$result = mysqli_query($dbc, $query_email_check)
	or die('Error querying database.');

$i = 0; //Email counter
$j = 0; //Password counter
while ($row = mysqli_fetch_array($result)) {
	if ($row[0] == $email) {
			$i++;
	}
}

$query_pass_check = 'SELECT user_pass  
	FROM account
	WHERE user_email = "' . $email .'"';

$result = mysqli_query($dbc, $query_pass_check)
	or die('Error querying database.');

while ($row = mysqli_fetch_array($result)) {
	if ($row[0] == $pass) {
		$j++;
	}
}

$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'login.php';

if ($i == 0  || $j == 0) {
	$passfail = 1;
	header("Status: 200"); 
	header("Cache-Control: no-cache, must-revalidate");
	header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
	header("Location: http://$host$uri/$extra");
	setcookie('tmloginfail', $passfail, time()+10);
}
?>
***HTML HEADER***
<?php
	$email = $_POST['email'];
	$pass = $_POST['pass'];

	$dbc = mysqli_connect ($hostname, $username, $password, $database)
		or die ('Error connecting to MySQL Server.');

	$query_email_check = "SELECT user_email  
		FROM account";

	$result = mysqli_query($dbc, $query_email_check)
		or die('Error querying database.');

	$i = 0; //Email counter
	$j = 0; //Password counter
	while ($row = mysqli_fetch_array($result)) {
		if ($row[0] == $email) {
			$i++;
		}
	}

	$query_pass_check = 'SELECT user_pass  
		FROM account
		WHERE user_email = "' . $email .'"';

	$result = mysqli_query($dbc, $query_pass_check)
		or die('Error querying database.');

	while ($row = mysqli_fetch_array($result)) {
		if ($row[0] == $pass) {
			$j++;
		}
	}

	if ($i == 0  || $j == 0) {
		echo '<p>Incorrect login / password entered. Please <a href="login.php">re-enter</a>.</p>';
	}

	else {
		$query_success = 'SELECT *  
			FROM account
			WHERE user_email = "' . $email .'"';

		$result = mysqli_query($dbc, $query_success)
			or die('Error querying database.');

		$row = mysqli_fetch_array($result);

		$user_id = $row[0];
		$user_email = $row[1];
		$user_pass = $row[2];
		$user_fname = $row[3];
		$user_lname = $row[4];

		$code =  '' . $user_id . '=' . $user_pass . '';

		setcookie('truckermath', $code, time()+3600);

		echo '<h1>Login Success</h1>
			<p>Welcome, ' . $user_fname . '. Please select from the following options:</p>
			<p><a href="build.php">Build components</a></p>
			<p><a href="select_comp.php">Load components</a></p>
			<p><a href="login.php">Log out</a></p>';
	}

	mysqli_close($dbc);
?>

 

The error I receive from the webserver is:

 

Warning: Cannot modify header information - headers already sent by (output started at /home/content/d/r/a/d165/html/jake/members.php:10) in /home/content/d/r/a/d165/html/jake/members.php on line 66

 

The cookie does not seem to be sent as well; clicking on another link in the members page does not work correctly.

 

Thanks for taking the time to read my post. Does anyone have any ideas? (In advance...Sorry if I screwed anything up in my posting)

 

Jake

Link to comment
https://forums.phpfreaks.com/topic/164951-members-pages-login-question/
Share on other sites
Jaguar83 Newbie

Jaguar83

Posted
  • Author
Posted

Ok, I just attempted to consolidate it. I'm not sure how you guys feel about the include function and such. I'll just copy and paste the entire page. My bad...a poor attempt to limit the amount of stuff you have to read on this...

 

members.php:

 

<?php require 'passcheck.php'; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset-ISO-8859-1" />
<title>Login : Tmath.com</title>
<link type="text/css" rel="stylesheet" href="index.css" />
</head>
<body>
<?php
	$email = $_POST['email'];
	$pass = $_POST['pass'];

	$dbc = mysqli_connect ($hostname, $username, $password, $database)
		or die ('Error connecting to MySQL Server.');

	$query_email_check = "SELECT user_email  
		FROM account";

	$result = mysqli_query($dbc, $query_email_check)
		or die('Error querying database.');

	$i = 0; //Email counter
	$j = 0; //Password counter
	while ($row = mysqli_fetch_array($result)) {
		if ($row[0] == $email) {
			$i++;
		}
	}

	$query_pass_check = 'SELECT user_pass  
		FROM account
		WHERE user_email = "' . $email .'"';

	$result = mysqli_query($dbc, $query_pass_check)
		or die('Error querying database.');

	while ($row = mysqli_fetch_array($result)) {
		if ($row[0] == $pass) {
			$j++;
		}
	}

	if ($i == 0  || $j == 0) {
		echo '<p>Incorrect login / password entered. Please <a href="login.php">re-enter</a>.</p>';
	}

	else {
		$query_success = 'SELECT *  
			FROM account
			WHERE user_email = "' . $email .'"';

		$result = mysqli_query($dbc, $query_success)
			or die('Error querying database.');

		$row = mysqli_fetch_array($result);

		$user_id = $row[0];
		$user_email = $row[1];
		$user_pass = $row[2];
		$user_fname = $row[3];
		$user_lname = $row[4];

		$code =  '' . $user_id . '=' . $user_pass . '';

		setcookie('truckermath', $code, time()+3600);

		echo '<h1>Login Success</h1>
			<p>Welcome, ' . $user_fname . '. Please select from the following options:</p>
			<p><a href="build.php">Build components</a></p>
			<p><a href="select_comp.php">Load components</a></p>
			<p><a href="login.php">Log out</a></p>';
	}

	mysqli_close($dbc);
?>
</body>
</html>

 

And passcheck.php:

 

<?php
//Login/Pass Authenticator/Redirector
session_start();
$email = $_POST['email'];
$pass = $_POST['pass'];

$hostname = "localhost";
$username = "root";
$password = "";
$database = "truck_db";

$dbc = mysqli_connect ($hostname, $username, $password, $database)
	or die ('Error connecting to MySQL Server.');

$query_email_check = "SELECT user_email  
	FROM account";

$result = mysqli_query($dbc, $query_email_check)
	or die('Error querying database.');

$i = 0; //Email counter
$j = 0; //Password counter
while ($row = mysqli_fetch_array($result)) {
	if ($row[0] == $email) {
			$i++;
	}
}

$query_pass_check = 'SELECT user_pass  
	FROM account
	WHERE user_email = "' . $email .'"';

$result = mysqli_query($dbc, $query_pass_check)
	or die('Error querying database.');

while ($row = mysqli_fetch_array($result)) {
	if ($row[0] == $pass) {
		$j++;
	}
}

$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'login.php';

if ($i == 0  || $j == 0) {
	$passfail = 1;
	header("Status: 200"); 
	header("Cache-Control: no-cache, must-revalidate");
	header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
	header("Location: http://$host$uri/$extra");
	setcookie('tmloginfail', $passfail, time()+10);
}
?>

 

Thanks!

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.