AmieSexyFeetAndToes Posted January 27, 2010 Share Posted January 27, 2010 Hello everyone! I'm Amie, and I'm a little new to PHP and MySQL. That being said, I am attempting to create a Login form with a username and password field. I pretty much have it down with the structure I think. I set up the MySQL database with GoDaddy. I started to set up everything in Dreamweaver CS4, I connected to the MySQL on my GoDaddy hosting, and started to make my PHP page. Here is my code so far: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Log In</title> </head> <body> <form action="index.php?login=yes" method="post"> Username: <input type="text" name="user" /><br /> Password: <input type="text" name="pass" /><br /> <input type="submit" value="Log In" /><p> </form> <?php $user=$_POST['user']; $pass=$_POST['past']; $login=$_GET['login']; if($login=='yes'){ $con=mysql_connect('p80mysql90.secureserver.net','AmieAmie88','SexyAmieTits88'); mysql_select_db('amiedata'); $user=mysql_real_escape_string($user); $pass=mysql_real_escape_string($pass); $get=mysql_query('SELECT count(id) FROM login WHERE user='$user' and pass='$pass'); $result=mysql=result($get, 0); mysql_close($con); if ($result!=1) echo= "Invalid Login!"; else{ echo"Login Success!" $_SESSION['user']=$user; }; }; ?> </body> </html> Here is my MySQL Database Info: Connection Name: AmieCutieToes MySQL Server: p80mysql90.secureserver.net Username: AmieAmie88 Password: SexyAmieTits88 Database: amiedata I. Did I properly create a simple login form and put in my MySQL Database Info into the PHP code correctly? II. How do I go about creating multiple usernames and passwords so that this form can be logged in with more than one username and password. The one I put into the PHP code is the main username and password I created for my database on GoDaddy. I'm thinking you make a table with the multiple usernames and passwords that I want? If so, how do you do that, because I have no clue where to start? III. Can the PHP login form be customized with some CSS? I want it to eventually look pretty IV. When the user puts in their correct username and password and hits the "Log In" button, I want them to be sent to a page I will create next called "navigation.php". How do I do this instead of having an echo saying "Login Success!" ? On this new page I will have a search feature to search data in tables. I will have to learn and figure out this part next. One question though for now, can I use the same MySQL Database info on the navigation.php and it's search feature? Thanks a bunch!! Quote Link to comment Share on other sites More sharing options...
schilly Posted January 27, 2010 Share Posted January 27, 2010 First off, don't post your mysql user/password info. There is a few errors in your code: <?php $user=$_POST['user']; $pass=$_POST['past']; $login=$_GET['login']; if($login=='yes'){ $con=mysql_connect('p80mysql90.secureserver.net','AmieAmie88','SexyAmieTits88'); mysql_select_db('amiedata'); $user=mysql_real_escape_string($user); $pass=mysql_real_escape_string($pass); $get=mysql_query("SELECT count(id) FROM login WHERE user='$user' and pass='$pass'"); $result=mysql_result($get, 0); mysql_close($con); if ($result!=1) echo= "Invalid Login!"; else{ echo"Login Success!"; $_SESSION['user']=$user; } } ?> Now to your questions: 1. It looks like you have the just on it down with your form. You don't need the login $_GET variable though. You can just post the form back to index.php and check for the name of your submit button in your $_POST vars (your submit button needs a name first) 2. You will need a page to create accounts. Similar to what you have now but you just want to enter the form data into your user table. 3. You can do any CSS you want =) 4. look up the header() function and you can redirect people to where ever you want. Make sure you don't echo anything before you redirect them or it won't work. ie. header("Location: navigation.php"); A couple things I suggest you read up on: - how to properly set up a secure login form - how to properly filter form submissions - how to prevent mysql injections from forms Other than that. Good start. Quote Link to comment Share on other sites More sharing options...
Vince889 Posted January 27, 2010 Share Posted January 27, 2010 Schilly couldn't have said it better. Also remove that information and change your database info IMMEDIATELY. While we are a friendly community and we strive to help others, there may be some guys lurking around here with malicious intent. Quote Link to comment Share on other sites More sharing options...
AmieSexyFeetAndToes Posted January 27, 2010 Author Share Posted January 27, 2010 All the MySQL info I put is just dummy info, not the real stuff. I figured out GoDaddy has a thing called phpMyAdmin. There was a lot of things I was clueless about in there!! So I selected my database and made a table with 3 fields. I then inserted 2 rows and put in the content. There were drop down menus, which I didn't do anything with those. Here is what it's showing now: I also made the id field "unique". Not really sure if I'm supposed to do that. Anything else I need to do for the username and password set up? How would I go about getting my php code to use these? I'd love to see some CSS tutorials and all. That one of the next steps after I get this basic log in form to work how I want it. Thanks!! Quote Link to comment Share on other sites More sharing options...
Vince889 Posted January 27, 2010 Share Posted January 27, 2010 You basically did it in your first post. Login authentication consists of querying the database, comparing the user/pass with the designated record, registering a session variable and logging the user in. I recommend encoding your passwords in MD5 or SHA1 for more security. Quote Link to comment Share on other sites More sharing options...
AmieSexyFeetAndToes Posted January 27, 2010 Author Share Posted January 27, 2010 "I recommend encoding your passwords in MD5 or SHA1 for more security. " No idea how to do that. My table is called "login" so that's why you see "login" in my PHP code Quote Link to comment Share on other sites More sharing options...
AmieSexyFeetAndToes Posted January 27, 2010 Author Share Posted January 27, 2010 <?php // Sanitization function safeData($data) { $returnData = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars(trim($data))))); return $returnData; } // Only begin logging the user in if the form has been submitted, // and if the 'login' variable is set to 'yes'. if (isset($_POST['submit']) && $_GET['login'] == "yes")) { mysql_connect('p80mysql90.secureserver.net','AmieAmie88','SexyAmieTits88'); mysql_select_db('amiedata'); // Sanitize these variables and make sure they are safe. // Sometimes malicious users try to inject bad things into your site. $user = safeData($_POST['user']); $pass = safeData($_POST['pass']); # Authenticate the user // Check if there is a user in the database that matches the entered data. $check1 = mysql_query("SELECT * FROM login WHERE user = '$user' AND pass='$pass'"); // If no user matches the entered data, then display an error. if (mysql_num_rows($check1) != 1) { mysql_close(); die("Invalid Login"); } // Otherwise, log him/her in. else { header("location:http://www.myserver.com/navigation.php"); // Set the session session_start(); $_SESSION['user'] = $user; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Log In</title> </head> <body> <form action="index.php?login=yes" method="post"> Username: <input type="text" name="user" /><br /> Password: <input type="text" name="pass" /><br /> <input type="submit" name="submit" value="Log In" /><p> </form> </body> </html> and I get this: "Parse error: syntax error, unexpected T_FUNCTION in index.php on line 4" Quote Link to comment Share on other sites More sharing options...
schilly Posted January 27, 2010 Share Posted January 27, 2010 if (isset($_POST['submit']) && $_GET['login'] == "yes")) { has an extra bracket. Quote Link to comment Share on other sites More sharing options...
AmieSexyFeetAndToes Posted January 27, 2010 Author Share Posted January 27, 2010 What is the extra bracket? Quote Link to comment Share on other sites More sharing options...
schilly Posted January 27, 2010 Share Posted January 27, 2010 you have an extra round bracket at the end of your if statement. only need one. if (isset($_POST['submit']) && $_GET['login'] == "yes") { Quote Link to comment Share on other sites More sharing options...
AmieSexyFeetAndToes Posted January 28, 2010 Author Share Posted January 28, 2010 Ok, I tried removing the bracket like you showed. It still says there is an error on line 4. The code on line 4 is: function safeData($data) { So I tried with out it, still an error. I removed the sanitation code, then I get an error at: if (isset($_POST['submit']) && $_GET['login'] == "yes")) { Not sure what's going on. Even my original code I posted at the beginning of this thread says I get this error: "Parse error: syntax error, unexpected T_VARIABLE in index.php on line 27" This is line 27 of it: $get=mysql_query('SELECT count(id) FROM login WHERE user='$user' and pass='$pass'); Quote Link to comment Share on other sites More sharing options...
schilly Posted January 28, 2010 Share Posted January 28, 2010 there's an error here as well. no closing quote. $get=mysql_query("SELECT count(id) FROM login WHERE user='$user' and pass='$pass'"); post your file again and the errors. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.