elviapw Posted December 7, 2009 Share Posted December 7, 2009 I'm trying to write a script that will allow a user to sign in with a password I've given them. The password can only be used to access the page once, and then it will be automatically disabled. I'm having trouble conceptualizing how to do this. Does anyone have any suggestions for the simplest way to do this? Thanks so much! Quote Link to comment https://forums.phpfreaks.com/topic/184210-setting-a-password-that-will-expire-after-one-use/ Share on other sites More sharing options...
elviapw Posted December 7, 2009 Author Share Posted December 7, 2009 Here the code so far. I've limited the ambition to having only a username and no password. Here is the form where users can enter their usernames: <html xmlns="http://www.w3.org/1999/xhtml"> <head><title>login</title> </head> <body> <form action="LOGINONCE.php" method="post"> <font color="#66FF99" style="font-style:italic" face="Times"> please enter username</font><br/><br /><input type="text" name="human" /><br /><br/> <input type="submit" name="Submit" value="lawgg in!"/><br /> </form> </body> </html> And her is the PHP I am working on. To reiterate, I'm trying to admit users to the webpage ONLY if they have not visited before. If they have visited before, they will be denied. I'm starting out with two users for simplification's sake. <html> <head> <title></title> </head> <body> <?php $human = $_REQUEST["human"]; if (($human == "elvia" ) || ($human = "tom")) { $dbh = mysqli_connect("--", "--", "--", "--"); //search for username in database to see if person has already entered $query = mysqli_query("SELECT * FROM artnet WHERE username = '.$human.' "); //If person is not in database, then their name is entered into the database and they are admitted to the site //If they are already in the database, they are denied access to the site } ?> </body> </html> As you can see I do not know how to admit the user ONLY if their name does not already appear in the database. Can anyone help with the coding on this? Thank you! Quote Link to comment https://forums.phpfreaks.com/topic/184210-setting-a-password-that-will-expire-after-one-use/#findComment-972597 Share on other sites More sharing options...
elviapw Posted December 7, 2009 Author Share Posted December 7, 2009 more progress on php, but it always returns the "YOU ALREADY SAW IT" message. Can't get it to admit me if I'm a new user. <html> <head> <title></title> </head> <body> <?php $human = $_REQUEST["human"]; if (($human == "elvia" ) || ($human == "roger" ) || ($human == "tally" ) ) { $dbh = mysqli_connect("--"); //search for name in database $sql = ("SELECT * FROM artnet WHERE username = '.$human.' "); $query = mysqli_query($dbh,$sql); if (!$query) { echo"YOU GET IN"; // ENTER NAME IN DATABASE $sql2 = ("INSERT into artnet (username) VALUES ($human)"); $query2 = mysqli_query($dbh,$sql2); //NOW YOU GET IN } else { echo"YOU ALREADY SAWIT"; } } ?> </body> </html> Quote Link to comment https://forums.phpfreaks.com/topic/184210-setting-a-password-that-will-expire-after-one-use/#findComment-972613 Share on other sites More sharing options...
Riparian Posted December 7, 2009 Share Posted December 7, 2009 you could always put a flag in the database so that once they see the item your message echo"YOU ALREADY SAWIT"; shows Quote Link to comment https://forums.phpfreaks.com/topic/184210-setting-a-password-that-will-expire-after-one-use/#findComment-972670 Share on other sites More sharing options...
xXREDXIIIXx Posted December 7, 2009 Share Posted December 7, 2009 something simple like on pageload mysql_query("UPDATE table SET viewed = 1 WHERE username = '$username'"); and an if statement on the login page $var = mysql_query("SELECT viewed FROM table WHERE username = '$username'"); if($var){echo "seen it";} else {echo "welcome";} Quote Link to comment https://forums.phpfreaks.com/topic/184210-setting-a-password-that-will-expire-after-one-use/#findComment-972722 Share on other sites More sharing options...
elviapw Posted December 7, 2009 Author Share Posted December 7, 2009 Getting closer... it still admits anyone whose name is on the list every time. In my table I only have one field called "username" and if anyone logs in, their name is added as a row.. so, I'm not sure I understand the last suggestion. Could you tell me what the table would look like for your suggestion? would it have a field called "viewed" ? Here's what I have now: <html> <head> <title></title> </head> <body> <?php $human = $_REQUEST["human"]; if (($human == "elvia" ) || ($human == "roger" ) || ($human == "dano1" )) { $dbh = mysqli_connect("--"); //search for name in database $sql = ("SELECT * FROM artnet WHERE username = '.$human.' "); $query = mysqli_query($dbh, $sql); if ($query) { echo"YOU GET IN"; $sql2 = ("INSERT into artnet (username) VALUES ('$human')"); //or, YOU ALREADY GOT IN ONCE } else { echo"NAMES ALREADY HERE"; } } //else, YOUR NAME IS NOT IN THE PARTY else { echo"DENIED"; } ?> </body> </html> Quote Link to comment https://forums.phpfreaks.com/topic/184210-setting-a-password-that-will-expire-after-one-use/#findComment-973049 Share on other sites More sharing options...
knsito Posted December 7, 2009 Share Posted December 7, 2009 I think you want to change if ($query) { to if (mysqli_num_rows($query) === 0) { ------ By the way, just wondering why you dont just scramble the password to access the page after the user views it... Quote Link to comment https://forums.phpfreaks.com/topic/184210-setting-a-password-that-will-expire-after-one-use/#findComment-973057 Share on other sites More sharing options...
Philip Posted December 7, 2009 Share Posted December 7, 2009 Read the comments in the code... first one was your code, second is mine with updates. <?php // Grabs your request var $human = $_REQUEST["human"]; // Check to see if it is correct if (($human == "elvia" ) || ($human == "roger" ) || ($human == "dano1" )) { // Do a mysqli login $dbh = mysqli_connect("--"); //search for name in database // select the username $sql = ("SELECT * FROM artnet WHERE username = '.$human.' "); // run the query $query = mysqli_query($dbh, $sql); // if the query was successful (note: this does NOT check to see if the data returned was what you wanted) if ($query) { // echo a hello echo"YOU GET IN"; // insert into DB $sql2 = ("INSERT into artnet (username) VALUES ('$human')"); //or, YOU ALREADY GOT IN ONCE } else { // echo a deny echo"NAMES ALREADY HERE"; } } else { // Did not put the correct human. echo"DENIED"; } ?> <?php $human = $_GET['human']; // or $_POST if(in_array($human, array('elvia','roger','dano1'))) { // connect to mysqli $dbh = mysqli_connect('--'); // select the username // note the limit 1 will only allow 1 row to be returned (since thats all you need... will make it faster with large DBs) $sql = "SELECT * FROM artnet WHERE username = '".$human."' LIMIT 1"; // run the query: $query = mysqli_query($dbh, $sql); // you should run some error reporting here, but I won't put that in for you. // if we had a result if(mysqli_num_rows($query) > 0) { // that means the name was already in the DB echo "Name already here!"; } else { // name was not in the DB yet echo 'You get access!'; // Add to DB $query = "INSERT INTO artnet (username) VALUES ('".$human."')"; mysqli_query($dbh, $sql); } } else { // not in the allowed array, show error echo 'Invalid human'; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/184210-setting-a-password-that-will-expire-after-one-use/#findComment-973058 Share on other sites More sharing options...
elviapw Posted December 8, 2009 Author Share Posted December 8, 2009 I finally figured it out with the following code. Thank you so much for your help! The explanations of the code are much, much better on the version King Philip helped me with -- my notes are pretty bad. To answer your question knsito, I want each person to have a distinct password that I give them and that de-activates after its first use, not a universal password that changes, and not something I have to manually change, if either of those options are what you were suggesting. <html> <head> <title></title> </head> <body> <?php $human = $_REQUEST['human']; if (($human == "elvia" ) || ($human == "roger" ) || ($human == "dano1" )) { $dbh = mysqli_connect("97.74.218.137", "artnet", "Ladybugs1", "artnet"); //search for name in database $sql = "SELECT * FROM artnet WHERE username = '".$human."' LIMIT 1"; $query = mysqli_query($dbh, $sql); // if we had a result if(mysqli_num_rows($query) > 0) { // that means the name was already in the DB echo"NAMES ALREADY HERE!!!!"; } else { echo"YOUGITINNN YES"; // Add to DB $query2 = "INSERT INTO artnet (username) VALUES ('".$human."')"; if (mysqli_query($dbh, $query2)) { echo "NAME IN DATABASE"; } else { echo "NAME NOT IN DB"; } } } else { //else, YOUR NAME IS NOT IN THE PARTY echo"DENIED USERNAME"; } ?> </body> </html> Still adding some error reporting, etc, as suggested by KingPhillip, but in the meantime, I'm wondering now if anyone can suggest the best way to make it impossible to access the page again, after being admitted once, by using the forward and back buttons on the browser. How can you make the page completely inaccessible except by password? THANK YOU! Quote Link to comment https://forums.phpfreaks.com/topic/184210-setting-a-password-that-will-expire-after-one-use/#findComment-973178 Share on other sites More sharing options...
elviapw Posted December 8, 2009 Author Share Posted December 8, 2009 x Quote Link to comment https://forums.phpfreaks.com/topic/184210-setting-a-password-that-will-expire-after-one-use/#findComment-973185 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.