Jump to content

php login


harjpanesar

Recommended Posts

Hi

 

I am having problem with my php mysql login.

 

I have created a login system which works fine but the problem that I am facing is that I currently have one user in my database and that one user can login to multiple pages within different directories i.e

 

User can login into the following:

www.software.com/clients/john/john.php

 

but using the same username and password he can also log into

www.software.com/clients/bob/bob.php

 

How can i prevent this so each user can only log into their own clients directory.

 

 

HELP Here is the code

 

<?php

 

define('INCLUDE_CHECK',true);

 

require 'connect.php';

require 'functions.php';

// Those two files can be included only if INCLUDE_CHECK is defined

 

 

session_name('tzLogin');

// Starting the session

 

session_set_cookie_params(2*7*24*60*60);

// Making the cookie live for 2 weeks

 

session_start();

 

if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe'])

{

// If you are logged in, but you don't have the tzRemember cookie (browser restart)

// and you have not checked the rememberMe checkbox:

 

$_SESSION = array();

session_destroy();

 

// Destroy the session

}

 

 

if(isset($_GET['logoff']))

{

$_SESSION = array();

session_destroy();

 

header("Location: demo.php");

exit;

}

 

if($_POST['submit']=='Login')

{

// Checking whether the Login form has been submitted

 

$err = array();

// Will hold our errors

 

 

if(!$_POST['username'] || !$_POST['password'])

$err[] = 'All the fields must be filled in!';

 

if(!count($err))

{

$_POST['username'] = mysql_real_escape_string($_POST['username']);

$_POST['password'] = mysql_real_escape_string($_POST['password']);

$_POST['rememberMe'] = (int)$_POST['rememberMe'];

 

// Escaping all input data

 

$row = mysql_fetch_assoc(mysql_query("SELECT id,usr FROM tz_members WHERE usr='{$_POST['username']}' AND pass='".md5($_POST['password'])."'"));

 

if($row['usr'])

{

// If everything is OK login

 

$_SESSION['usr']=$row['usr'];

$_SESSION['id'] = $row['id'];

$_SESSION['rememberMe'] = $_POST['rememberMe'];

 

// Store some data in the session

 

setcookie('tzRemember',$_POST['rememberMe']);

}

else $err[]='Wrong username and/or password!';

}

 

if($err)

$_SESSION['msg']['login-err'] = implode('<br />',$err);

// Save the error messages in the session

 

header("Location: demo.php");

exit;

}

else if($_POST['submit']=='Register')

{

// If the Register form has been submitted

 

$err = array();

 

if(strlen($_POST['username'])<4 || strlen($_POST['username'])>32)

{

$err[]='Your username must be between 3 and 32 characters!';

}

 

if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['username']))

{

$err[]='Your username contains invalid characters!';

}

 

if(!checkEmail($_POST['email']))

{

$err[]='Your email is not valid!';

}

 

if(!count($err))

{

// If there are no errors

 

$pass = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6);

// Generate a random password

 

$_POST['email'] = mysql_real_escape_string($_POST['email']);

$_POST['username'] = mysql_real_escape_string($_POST['username']);

// Escape the input data

 

 

mysql_query(" INSERT INTO tz_members(usr,pass,email,regIP,dt)

VALUES(

 

'".$_POST['username']."',

'".md5($pass)."',

'".$_POST['email']."',

'".$_SERVER['REMOTE_ADDR']."',

NOW()

 

)");

 

if(mysql_affected_rows($link)==1)

{

send_mail( '[email protected]',

$_POST['email'],

'Registration System Demo - Your New Password',

'Your password is: '.$pass);

 

$_SESSION['msg']['reg-success']='We sent you an email with your new password!';

}

else $err[]='This username is already taken!';

}

 

if(count($err))

{

$_SESSION['msg']['reg-err'] = implode('<br />',$err);

}

 

header("Location: demo.php");

exit;

}

 

$script = '';

 

if($_SESSION['msg'])

{

// The script below shows the sliding panel on page load

 

$script = '

<script type="text/javascript">

 

$(function(){

 

$("div#panel").show();

$("#toggle a").toggle();

});

 

</script>';

 

}

?>

 

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

 

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>A Cool Login System With PHP MySQL &amp jQuery | Tutorialzine demo</title>

   

    <link rel="stylesheet" type="text/css" href="demo.css" media="screen" />

    <link rel="stylesheet" type="text/css" href="login_panel/css/slide.css" media="screen" />

   

    <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>

   

    <!-- PNG FIX for IE6 -->

    <!-- http://24ways.org/2007/supersleight-transparent-png-in-ie6 -->

    <!--[if lte IE 6]>

        <script type="text/javascript" src="login_panel/js/pngfix/supersleight-min.js"></script>

    <![endif]-->

   

    <script src="login_panel/js/slide.js" type="text/javascript"></script>

   

    <?php echo $script; ?>

</head>

 

<body>

 

<!-- Panel -->

<div id="toppanel">

<div id="panel">

<div class="content clearfix">

<div class="left">

Insert logo here

</div>

           

           

            <?php

 

if(!$_SESSION['id']):

 

?>

           

<div class="left">

<!-- Login Form -->

<form class="clearfix" action="" method="post">

<h1>Member Login</h1>

                   

                    <?php

 

if($_SESSION['msg']['login-err'])

{

echo '<div class="err">'.$_SESSION['msg']['login-err'].'</div>';

unset($_SESSION['msg']['login-err']);

}

?>

 

<label class="grey" for="username">Username:</label>

<input class="field" type="text" name="username" id="username" value="" size="23" />

<label class="grey" for="password">Password:</label>

<input class="field" type="password" name="password" id="password" size="23" />

            <label><input name="rememberMe" id="rememberMe" type="checkbox" checked="checked" value="1" />  Remember me</label>

        <div class="clear"></div>

<input type="submit" name="submit" value="Login" class="bt_login" />

</form>

</div>

<div class="left right">

 

</div>

           

            <?php

 

else:

 

?>

           

            <div class="left">

           

            <h1>Members panel</h1>

           

            <p>You can put member-only data here</p>

            <a href="registered.php">View a special member page</a>

            <p>- or -</p>

            <a href="?logoff">Log off</a>

           

            </div>

           

            <div class="left right">

            </div>

           

            <?php

endif;

?>

</div>

</div> <!-- /login -->

 

    <!-- The tab on top -->

<div class="tab">

<ul class="login">

    <li class="left"> </li>

        <li>Hello <?php echo $_SESSION['usr'] ? $_SESSION['usr'] : 'Guest';?>!</li>

<li class="sep">|</li>

<li id="toggle">

<a id="open" class="open" href="#"><?php echo $_SESSION['id']?'Open Panel':'Client Log In';?></a>

<a id="close" style="display: none;" class="close" href="#">Close Panel</a>

</li>

    <li class="right"> </li>

</ul>

</div> <!-- / top -->

 

</div> <!--panel -->

 

<div class="pageContent">

    <div id="main">

      <div class="container">

        <h1>A Cool Login System</h1>

        <h2>Easy registration management with PHP & jQuery</h2>

        </div>

       

        <div class="container">

       

          <p>This is a simple example site demonstrating the <a href="http://tutorialzine.com/2009/10/cool-login-system-php-jquery/">Cool Login System tutorial</a> on <strong>Tutorialzine</strong>. You can start by clicking the <strong>Client Log In</strong> button above.  After registration, an email will be sent to you with your new password.</p>

          <p><a href="registered.php" target="_blank">View a test page</a>, only accessible by <strong>registered users</strong>.</p>

          <p>The sliding jQuery panel, used in this example, was developed by  <a href="http://web-kreation.com/index.php/tutorials/nice-clean-sliding-login-panel-built-with-jquery" title="Go to site">Web-Kreation</a>.</p>

          <p>You are free to build upon this code and use it in your own sites.</p>

          <div class="clear"></div>

        </div>

       

      <div class="container tutorial-info">

      This is a tutorialzine demo. View the <a href="http://tutorialzine.com/2009/10/cool-login-system-php-jquery/" target="_blank">original tutorial</a>, or download the <a href="demo.zip">source files</a>.    </div>

    </div>

</div>

 

</body>

</html>

 

Link to comment
https://forums.phpfreaks.com/topic/195359-php-login/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.