phpagent Posted August 14, 2011 Share Posted August 14, 2011 Hi all, I have made so far a login and action what to do... Maybe i'm to tired to see what i have to do.. I have stuck on 3th script where it have to say "Welcome, $Username" Login_Screen.php <html> <head> <style type="text/css"> body { margin: 0; padding: 0; padding-top: 10px; text-align: center; } #centered1 { width: 800px; /* set to desired width in px or percent */ text-align: Center; /* optionally you could use "justified" */ border: 0px; /* Changing this value will add lines around the centered area */ padding-top: 90px; margin: 0 auto; } #centered2 { width: 800px; /* set to desired width in px or percent */ text-align: Center; /* optionally you could use "justified" */ border: 0px; /* Changing this value will add lines around the centered area */ padding-top: 0px; margin: 0 auto; } </style> <title><?php echo "Prijava_Korisnika";?></title> <div id="Centered1"> <?php Setlocale(LC_ALL, 'hr_HR'); $Datum = strftime("%d %B, %Y"); echo "Danas je ",$Datum, " <br> Ulogirajte se kako bi započeli sa radom"; $loc_cro = setlocale(LC_ALL, 'cro_Cro@euro', 'cro_Cro', 'hr', 'cro'); ?> </div> </head> <body> <div id="Centered2"> <h1>Login</h1> <FORM NAME ="LoginPanel" METHOD ="pOST" ACTION = "checklogin.php"> <p><INPUT TYPE = "Text" VALUE ="Korisničko Ime" NAME = "Korisnik"><p> <p><INPUT TYPE = "Password" VALUE ="Lozinka" NAME = "Lozinka"><p> <INPUT TYPE = "Submit" Name = "Submit1" VALUE = "Ulaz"> </FORM> <div> </body> </html> checklogin.php <?php // Podaci za login i spajanje na tablicu koja me zanuma ob_start(); $host="localhost"; // Host name $username=""; // Mysql username $password=""; // Mysql password $Baza="test"; // Database name $tablica="members"; // Table name // Spajanje na server koristeći gornje verijable i odabir baze i tablice mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$Baza")or die("cannot select DB"); // Definiramo Korisnika i njegovu lozinku $Korisnik=$_POST['Korisnik']; $Lozinka=$_POST['Lozinka']; // Zaštita MySQL injection $myusername = stripslashes($Korisnik); $mypassword = stripslashes($Lozinka); $myusername = mysql_real_escape_string($Korisnik); $mypassword = mysql_real_escape_string($Lozinka); // Spajanje na tablicu i potraga za korisničkim imenom i lozonkom $sql="SELECT * FROM $tablica WHERE username='$Korisnik' and password='$Lozinka'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); //Ako pronađe barem jedan rezultat koji odgovara opisu if($count==1){ // registriraj ga i preusmjeri na "login_success.php" session_register("$Korisnik"); session_register("$Lozinka"); header("location:login_success.php"); } else { echo "Krivo Korisničko ime ili lozinka, pokušajte ponovo"; } ob_end_flush(); ?> login_success.php Here i have to add Username of pearson that has logged in.. anbody <html> <body> Dobrodošao, <?php ?> </body> </html> Tnx in advance, Quote Link to comment Share on other sites More sharing options...
MasterACE14 Posted August 14, 2011 Share Posted August 14, 2011 missing session_start(); at the top of checklogin.php. Will also need it at the top of login_success.php, Then you can... if(isset($_SESSION['username'])) { echo "welcome ".$_SESSION['username']; } also with checklogin.php you want to assign the username from the database into a session variable called 'username', instead of assigning the same name for the key and the value. You won't know what to check then! Also don't assign the password to a session variable. That's a big security issue. Quote Link to comment Share on other sites More sharing options...
ZulfadlyAshBurn Posted August 15, 2011 Share Posted August 15, 2011 session_register is deprecated. use $_SESSION[]; instead Quote Link to comment Share on other sites More sharing options...
voip03 Posted August 15, 2011 Share Posted August 15, 2011 Creating a session for password is not advice able. session_register(USER_NAME); $_SESSION['USER_NAME']=$Korisnik; Quote Link to comment Share on other sites More sharing options...
ZulfadlyAshBurn Posted August 15, 2011 Share Posted August 15, 2011 Creating a session for password is not advice able. agreed. why would someone wants to store the password in the session? Whats the use? then can instead create a token. Quote Link to comment Share on other sites More sharing options...
phpagent Posted August 15, 2011 Author Share Posted August 15, 2011 Tnx, MasterACE14, it works. Also I have removed password from session... I was trying also to place crypt() function to encrypt password but no luck with that syntax http://www.php.net/manual/en/function.crypt.php. Anyways tnx, Quote Link to comment Share on other sites More sharing options...
voip03 Posted August 15, 2011 Share Posted August 15, 2011 <?php $encrypt = crypt('password'); print " encrypted version ".$encrypt ; ?> http://www.w3schools.com/php/func_string_crypt.asp Quote Link to comment Share on other sites More sharing options...
phpagent Posted August 15, 2011 Author Share Posted August 15, 2011 Yeah i try this in checkLogin.php If Ihave understand well. I have to encrypt password from inputbox and then in sql query i tell him to compare encrypted password from password box with password in database... That didn't work. Should i even bother with pass encryption?? $encrypt = crypt('$Lozinka'); // Spajanje na tablicu i potraga za korisničkim imenom i lozonkom $sql="SELECT * FROM $tablica WHERE username='$Korisnik' and password='$encrypt'"; $result=mysql_query($sql); Quote Link to comment Share on other sites More sharing options...
ZulfadlyAshBurn Posted August 15, 2011 Share Posted August 15, 2011 you are making your user's password venerable to yourself. this way, the user using your site wont trust you in keeping their information safe. Quote Link to comment Share on other sites More sharing options...
Genesis730 Posted August 15, 2011 Share Posted August 15, 2011 Don't EVER store passwords unencrypted.. Consider using MD5 or SHA1 to encrypt the password when they register and when they login, use the same encryption method to check if it matches the database encrypted pass. It's also good to use a dynamic (something different for each user) string (maybe random string or possibly a timestamp??) and add that to their password to make it more secure. SHA1 Example // here you would query the database to get the users encrypted pass from database and store it in $encryptedPassFromDatabase $pass = $encryptedPassFromDatabase; $ecnryptedPass = sha1($pass); SHA1 Example WITH SALT (random string added to pass for more security) // here you would query the database to get the users encrypted pass AND random string from database and store it in $encryptedPassFromDatabase and $SALT $pass = $encryptedPassFromDatabase.$SALT; $ecnryptedPass = sha1($pass); again just remember to use the same method of encryption when registering the user and when checking their login info so if you add a SALT to the end of the pass when registering, remember to also put the SALT at the end when checking login, if you added the SALT before their password during registration, again when checking login remember to add the same SALT before their pass when checking login. Best of luck Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.