Get username

[phpagent]

Hi all,

 

I have made so far a login and action what to do... Maybe i'm to tired to see what i have to do.. I have stuck on 3th script where it have to say "Welcome, $Username"

 

Login_Screen.php

<html>

<head>
<style type="text/css"> 
body 
{ 
margin: 0; 
padding: 0; 
padding-top: 10px;
text-align: center; 
} 
#centered1
{ 
width: 800px; /* set to desired width in px or percent */
text-align: Center; /* optionally you could use "justified" */
border: 0px; /* Changing this value will add lines around the centered area */
padding-top: 90px;  
margin: 0 auto; 
} 
#centered2
{ 
width: 800px; /* set to desired width in px or percent */
text-align: Center; /* optionally you could use "justified" */
border: 0px; /* Changing this value will add lines around the centered area */
padding-top: 0px;  
margin: 0 auto; 
} 
</style>


<title><?php echo "Prijava_Korisnika";?></title>

<div id="Centered1">
<?php
Setlocale(LC_ALL, 'hr_HR');
$Datum = strftime("%d %B, %Y");
echo "Danas je ",$Datum, " 
<br> Ulogirajte se kako bi započeli sa radom";
$loc_cro = setlocale(LC_ALL, 'cro_Cro@euro', 'cro_Cro', 'hr', 'cro');
?>
</div>
</head>

   <body>
   <div id="Centered2">
  <h1>Login</h1> 
<FORM NAME ="LoginPanel" METHOD ="pOST" ACTION = "checklogin.php">
<p><INPUT TYPE = "Text" VALUE ="Korisničko Ime" NAME = "Korisnik"><p>
<p><INPUT TYPE = "Password" VALUE ="Lozinka" NAME = "Lozinka"><p>
<INPUT TYPE = "Submit" Name = "Submit1" VALUE = "Ulaz">
</FORM>	
<div>
    </body>
    
</html>

 

checklogin.php

<?php
// Podaci za login i spajanje na tablicu koja me zanuma
ob_start();
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$Baza="test"; // Database name
$tablica="members"; // Table name


// Spajanje na server koristeći gornje verijable i odabir baze i tablice
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$Baza")or die("cannot select DB");

// Definiramo Korisnika i njegovu lozinku
$Korisnik=$_POST['Korisnik'];
$Lozinka=$_POST['Lozinka'];

// Zaštita MySQL injection
$myusername = stripslashes($Korisnik);
$mypassword = stripslashes($Lozinka);
$myusername = mysql_real_escape_string($Korisnik);
$mypassword = mysql_real_escape_string($Lozinka);

// Spajanje na tablicu i potraga za korisničkim imenom i lozonkom  
$sql="SELECT * FROM $tablica WHERE username='$Korisnik' and password='$Lozinka'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);


//Ako pronađe barem jedan rezultat koji odgovara opisu 
if($count==1){

// registriraj ga i preusmjeri na "login_success.php"
session_register("$Korisnik");
session_register("$Lozinka");
header("location:login_success.php");
}
else {
echo "Krivo Korisničko ime ili lozinka, pokušajte ponovo";
}

ob_end_flush();
?>

 

 

login_success.php

Here i have to add Username of pearson that has logged in.. anbody

<html>
<body>

Dobrodošao, <?php
?>
</body>
</html>

 

Tnx in advance,

[MasterACE14]

missing session_start(); at the top of checklogin.php.

 

Will also need it at the top of login_success.php, Then you can...

if(isset($_SESSION['username'])) { echo "welcome ".$_SESSION['username']; }

 

also with checklogin.php you want to assign the username from the database into a session variable called 'username', instead of assigning the same name for the key and the value. You won't know what to check then! Also don't assign the password to a session variable. That's a big security issue.

[ZulfadlyAshBurn]

session_register is deprecated. use $_SESSION[]; instead

[voip03]

Creating a session for password is not advice able.

session_register(USER_NAME);
$_SESSION['USER_NAME']=$Korisnik;

[ZulfadlyAshBurn]

Creating a session for password is not advice able.

agreed. why would someone wants to store the password in the session? Whats the use? then can instead create a token.

[phpagent]

Tnx,

MasterACE14, it works.

Also I have removed password from session...

I was trying also to place crypt() function to encrypt password but no luck with that syntax

http://www.php.net/manual/en/function.crypt.php.

 

Anyways tnx,

[voip03]

<?php 
$encrypt = crypt('password');
print " encrypted version ".$encrypt ;
?>

 

http://www.w3schools.com/php/func_string_crypt.asp

[phpagent]

Yeah i try this in checkLogin.php

 

If Ihave understand well. I have to encrypt password from inputbox and then in sql query i tell him to compare encrypted password from password box with password in database... That didn't work.

 

Should i even bother with pass encryption??

 

$encrypt = crypt('$Lozinka');

// Spajanje na tablicu i potraga za korisničkim imenom i lozonkom  
$sql="SELECT * FROM $tablica WHERE username='$Korisnik' and password='$encrypt'";
$result=mysql_query($sql);

[ZulfadlyAshBurn]

you are making your user's password venerable to yourself. this way, the user using your site wont trust you in keeping their information safe.

[Genesis730]

Don't EVER store passwords unencrypted.. Consider using MD5 or SHA1 to encrypt the password when they register and when they login, use the same encryption method to check if it matches the database encrypted pass. It's also good to use a dynamic (something different for each user) string (maybe random string or possibly a timestamp??) and add that to their password to make it more secure.

 

SHA1 Example

// here you would query the database to get the users encrypted pass from database and store it in $encryptedPassFromDatabase
$pass = $encryptedPassFromDatabase;
$ecnryptedPass = sha1($pass);

 

SHA1 Example WITH SALT (random string added to pass for more security)

// here you would query the database to get the users encrypted pass AND random string from database and store it in $encryptedPassFromDatabase and $SALT
$pass = $encryptedPassFromDatabase.$SALT;
$ecnryptedPass = sha1($pass);

 

 

again just remember to use the same method of encryption when registering the user and when checking their login info

so if you add a SALT to the end of the pass when registering, remember to also put the SALT at the end when checking login, if you added the SALT before their password during registration, again when checking login remember to add the same SALT before their pass when checking login.

 

Best of luck