Login Authentication

[mister X]

Hi,

 

Currently, im doing on a login page using PHP. It requires to match the (username and password) database i created in Mysql. Once it matches, it will bring me to the index page. So can anyone help me with the coding? thanks. Its urgent!

[timmah1]

Dong a basic search on Google for basic php login script returns NUMEROUS tutorials

http://www.google.com/search?q=basic+php+login+script&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

[kratsg]

I'm going to assume the following: the passwords in your database table are hashed (that is, you're not storing the actual passsword in plaintext).

 

<?php
if(isset($_POST) && !empty($_POST)){//check to see if they submitted the form
$username = mysql_real_escape_string($_POST['username']);//escape username
$password = md5(mysql_real_escape_string($_POST['password']));//escape and hash
$result = @mysql_fetch_array(@mysql_query("SELECT `password` FROM `users` WHERE `username` = '$username' LIMIT 1"));
if($password == $result){//the two match
echo "Access Granted";
//do stuff
} else {
echo "Access Denied";
//do other stuff
}
}
?>

Meh, if you can't get this part down, I suggest googling some tutorials for a log in system and trying to understand how it comes together.

[mister X]

Thanks guys. I will try it out first.

[mister X]

Hey, did try out but somehow, it cant seem to proceed on.. I get the page loaded up. But after I enter in my username and password. It just doesnt redirect me to index page.

 

<?php

// we must  start the session

session_start();

 

$_SESSION['flag'] = true;

 

if (isset($_POST['txtUserId']) && isset($_POST['txtPassword']))

{

// store the user's input in the variables

$userid = $_POST['txtUserId'];

$password = $_POST['txtPassword'];

 

// connect to the lcoalhost and select the appropriate database

$sql_index = mysql_connect('localhost', 'root', 'password');

$db_select = mysql_select_db('network_deployment_system', $sql_index);

 

echo $db_select;

 

// retrieve the username and password base on the user's input

$sql_query = mysql_query('select * from authorised_user where UserID=\''.$userid.'\' and Password=\''.$password.'\'');

 

// check whether there is a match

if (mysql_num_rows($sql_query) == 1)

{

// fetch data from the table

$data = mysql_fetch_row($sql_query);

// store the data into session variables

$_SESSION['UserID'] = $data[0];

$_SESSION['Password'] = $data[1];

$_SESSION['Administrator'] = $data[2];

// response and redirect to index page once login successful

header('Location: Index.php');

}

else

{

$_SESSION['flag'] = false;

}

 

}

?>

[mister X]

Adding on, whenever I enter in my password and UserID, and click on login, they will redirect to a blank page. Isit a case of wrong coding? pls advice. Thanks

[Coreye]

Adding on, whenever I enter in my password and UserID, and click on login, they will redirect to a blank page. Isit a case of wrong coding? pls advice. Thanks

 

Add error reporting to the top of the script and see what it says.

 

error_reporting(E_ALL);
ini_set("display_errors", 1);

[Bjom]

Check out my authentication class if you like - or use it. Can be found from this thread

 

it's fairly easy to integrate has quite some nice features and does the actual authentication, while you define your login page's design yourself.

[Bricktop]

hi mister x,

 

Try chaging:

$sql_query = mysql_query('select * from authorised_user where UserID=\''.$userid.'\' and Password=\''.$password.'\'');
// check whether there is a match
if (mysql_num_rows($sql_query) == 1)

 

to:

$sql = mysql_query('select UserID, Password from authorised_user where UserID='$userid' and Password='$password');
// check whether there is a match
if (mysql_num_rows($sql) == 1)

[Bricktop]

Also, I notice your line:

 

header('Location: Index.php');

 

I assume this file is stored on your server as "Index.php" and not "index.php".  A lot of servers use case sensitive URL's so make sure you use the right case for the "i" at the beginning of "Index.php".

[chriscloyd]

dreamweaver blows go notepad

[mister X]

Hmm.. I got the following error msg after i enter in my userid and password.

 

Fatal error: Call to undefined function mysql_connect() in C:\Program Files\Apache Group\Apache2\htdocs\terminalserver-soft\Login.php on line 17

 

What should I do now then?

[peter_anderson]

Hmm.. I got the following error msg after i enter in my userid and password.

 

Fatal error: Call to undefined function mysql_connect() in C:\Program Files\Apache Group\Apache2\htdocs\terminalserver-soft\Login.php on line 17

 

What should I do now then?

 

That means you cannot connect to your Database. Is your information correct?

[DarkendSoul]

No that means that php is enabled on his server but MySQL is not.

 

If you have access to php.ini uncomment the line that says

 

extension=php_mysql.dll

 

On windows. I'm not sure what the exact name is on linux based systems... but basically search through the file for "mysql" and you should find it under the extension section of the ini.

[mister X]

So how do I uncomment that line?

[gergy008]

dreamweaver blows go notepad

 

No it doesn't... Dreamweaver makes the coding easier to read when echoing HTML as it tells you if your missing any backslashes ect.

[play_]

dreamweaver blows go notepad

 

Do tell how notepad makes coding easier than DW.

[mister X]

hmm.. I uncomment that line extension=php_mysql.dll. but somehow, the error is still the there? I did a restart to my apache already..