trq Posted November 3, 2006 Share Posted November 3, 2006 Sorry, but can you please post the entire current script. Your code is making less and less sense each time. You talk about certain functionality that simply does not exist in your code. Quote Link to comment Share on other sites More sharing options...
pixeltrace Posted November 3, 2006 Author Share Posted November 3, 2006 [code]<?session_start();$username = $_POST['username'];$password = $_POST['password'];if((!$username) || (!$password)){ echo '<script language=javascript> alert("Please enter ALL of the information!");</script>'; echo '<script language=javascript> top.location = "index.php";</script>'; exit();}include '../db_connect.php';$password = md5($password);if($login_check == 0) { //NOT LOGGED IN } $_SESSION['userid'] = $userid; $_SESSION['username'] = $username; $_SESSION['user_level'] = $user_level; mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'"); header("Location: homepage.php"); }elseif($login_check == 1) { //NOT LOGGED IN } $_SESSION['userid'] = $userid; $_SESSION['username'] = $username; $_SESSION['user_level'] = $user_level; mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'"); header("Location: homepage2.php");} else { echo '<script language=javascript> alert("You could not be logged in! Either the username and password do not match! Please try again!");</script>'; echo '<script language=javascript> top.location = "index.php";</script>';}?>[/code] Quote Link to comment Share on other sites More sharing options...
trq Posted November 3, 2006 Share Posted November 3, 2006 Can you explain to me how this [i]logs[/i] a user in? A simple example of a login script would be something like....[code]<?php session_start(); // connect to database. if (isset($_POST['username']) && isset($_POST['passwrod'])) { // query to see if the user exists. $result = mysql_query("SELECT user_level FROM users WHERE username = '{$_POST['username']}' AND password = '{$_POST['password']}'"); if ($result) { // did we get a valid user? if (mysql_num_rows($result) > 0) { $row = mysql_fetch_assoc($result); // Log the user in using sessions. $_SESSION['username'] = $_POST['username']; $_SESSION['user_level'] = $row['user_level']; // determin what user_level the user belongs to and redirect accordingly. if ($row['user_level'] == 'admin') { header("Location: admin.php"); elseif ($row['user_level'] == 'staff') { header("Location: staff.php"); } else { header("Location: home.php"); } } else { echo "User not found"; } } }?>[/code]This is just an example and lacks some error handling but as you can see, im afraid your missing complete sections of logic. Quote Link to comment Share on other sites More sharing options...
pixeltrace Posted November 3, 2006 Author Share Posted November 3, 2006 hi,i have an index page wherein you input the username and password there. the form method="post" and the action""checkUser.php"checkUser.php is the one that will verify the userid and points it to either homepage.php or homepage2.phphope this one helps Quote Link to comment Share on other sites More sharing options...
JustinK101 Posted November 3, 2006 Share Posted November 3, 2006 Ok there are some problems here, this is what I would do:[code]<?session_start();$username = $_POST['username'];$password = $_POST['password'];if(empty($username) || empty($password)){ echo '<script language=javascript> alert("Please enter ALL of the information!");</script>'; echo '<script language=javascript> top.location = "index.php";</script>'; exit();}include '../db_connect.php';$result = mysql_query("SELECT user_id, user_level FROM users WHERE username = '{$username}' AND password = '{$password}'");$numb_rows = mysql_num_rows($result);if($numb_rows == 0){ //NOT A VALID LOGIN/PASSWORD echo '<script language=javascript> alert("You could not be logged in! Either the username and password do not match! Please try again!");</script>'; echo '<script language=javascript> top.location = "index.php";</script>'; die();}$row = mysql_fetch_assoc($result);$password = md5($password); //WHATS THE POINT OF THIS LINE?$_SESSION['userid'] = $row['userid'];$_SESSION['username'] = $username;$_SESSION['user_level'] = $row['user_level']; mysql_query("UPDATE users SET last_login=now() WHERE userid=" . $row['userid'] . ""); if($row['user_level'] == "Regular"){ header("Location: homepage.php");}else if($row['user_level'] == "Admin"){ header("Location: homepage2.php");}?>[/code] Quote Link to comment Share on other sites More sharing options...
pixeltrace Posted November 3, 2006 Author Share Posted November 3, 2006 this is what i did base from your codes [code]<?session_start();$username = $_POST['username'];$password = $_POST['password'];if(empty($username) || empty($password)){ echo '<script language=javascript> alert("Please enter ALL of the information!");</script>'; echo '<script language=javascript> top.location = "index.php";</script>'; exit();}include '../db_connect.php';$result = mysql_query("SELECT userid, user_level FROM users WHERE username = '{$username}' AND password = '{$password}'");$numb_rows = mysql_num_rows($result);if($numb_rows == 0){ //NOT A VALID LOGIN/PASSWORD echo '<script language=javascript> alert("You could not be logged in! Either the username and password do not match! Please try again!");</script>'; echo '<script language=javascript> top.location = "index.php";</script>'; die();}$row = mysql_fetch_assoc($result);$_SESSION['userid'] = $row['userid'];$_SESSION['username'] = $username;$_SESSION['user_level'] = $row['user_level']; mysql_query("UPDATE users SET last_login=now() WHERE userid=" . $row['userid'] . ""); if($row['user_level'] == 0){ header("Location: homepage.php");}else if($row['user_level'] == 1){ header("Location: homepage2.php");}?>[/code]i tried logging in but it always keeps on popping up the error message "You could not be logged in! Either the username and password do not match! Please try again!" Quote Link to comment Share on other sites More sharing options...
JustinK101 Posted November 3, 2006 Share Posted November 3, 2006 How is the password stored in the db? Do you have it encrypted? Quote Link to comment Share on other sites More sharing options...
trq Posted November 3, 2006 Share Posted November 3, 2006 Maybe youve your password md5'd. You should.Try...[code=php:0]$password = md5($_POST['password']);[/code] Quote Link to comment Share on other sites More sharing options...
pixeltrace Posted November 3, 2006 Author Share Posted November 3, 2006 yesit is encrypted Quote Link to comment Share on other sites More sharing options...
JustinK101 Posted November 3, 2006 Share Posted November 3, 2006 Bingo, thorpe! Quote Link to comment Share on other sites More sharing options...
pixeltrace Posted November 3, 2006 Author Share Posted November 3, 2006 i tried this one but its still popping out the error message "You could not be logged in! Either the username and password do not match! Please try again!"[code]<?session_start();$username = $_POST['username'];$password = $_POST['password'];if(empty($username) || empty($password)){ echo '<script language=javascript> alert("Please enter ALL of the information!");</script>'; echo '<script language=javascript> top.location = "index.php";</script>'; exit();}include '../db_connect.php';$result = mysql_query("SELECT userid, user_level FROM users WHERE username = '{$username}' AND password = '{$password}'");$numb_rows = mysql_num_rows($result);if($numb_rows == 0){ //NOT A VALID LOGIN/PASSWORD echo '<script language=javascript> alert("You could not be logged in! Either the username and password do not match! Please try again!");</script>'; echo '<script language=javascript> top.location = "index.php";</script>'; die();}$row = mysql_fetch_assoc($result);$password = md5($_POST['password']); $_SESSION['userid'] = $row['userid'];$_SESSION['username'] = $username;$_SESSION['user_level'] = $row['user_level']; mysql_query("UPDATE users SET last_login=now() WHERE userid=" . $row['userid'] . ""); if($row['user_level'] == 0){ header("Location: homepage.php");}else if($row['user_level'] == 1){ header("Location: homepage2.php");}?>[/code] Quote Link to comment Share on other sites More sharing options...
JustinK101 Posted November 3, 2006 Share Posted November 3, 2006 No, No.... Why are you doing the md5 on the password variable when you have already done the verification in the database. You need to md5 the password before you check against the database. :) LOL Do this:[code]<?session_start();$username = $_POST['username'];$password = md5($_POST['password']);if(empty($username) || empty($password)){ echo '<script language=javascript> alert("Please enter ALL of the information!");</script>'; echo '<script language=javascript> top.location = "index.php";</script>'; exit();}include '../db_connect.php';$result = mysql_query("SELECT userid, user_level FROM users WHERE username = '{$username}' AND password = '{$password}'");$numb_rows = mysql_num_rows($result);if($numb_rows == 0){ //NOT A VALID LOGIN/PASSWORD echo '<script language=javascript> alert("You could not be logged in! Either the username and password do not match! Please try again!");</script>'; echo '<script language=javascript> top.location = "index.php";</script>'; die();}$row = mysql_fetch_assoc($result);$_SESSION['userid'] = $row['userid'];$_SESSION['username'] = $username;$_SESSION['user_level'] = $row['user_level']; mysql_query("UPDATE users SET last_login=now() WHERE userid=" . $row['userid'] . ""); if($row['user_level'] == 0){ header("Location: homepage.php");}else if($row['user_level'] == 1){ header("Location: homepage2.php");}?>[/code] Quote Link to comment Share on other sites More sharing options...
pixeltrace Posted November 3, 2006 Author Share Posted November 3, 2006 ohhhhh!!!i got it.hehehehe..sorry dudes!!!and thanks a lot!!!i owe you justin and thorpe this onei hope i could be as good as you someday.hehehe Quote Link to comment Share on other sites More sharing options...
JustinK101 Posted November 3, 2006 Share Posted November 3, 2006 [b]Also, md5 inst encryption. It just returns sort of like a decoded version of the orginal text. I use the following functions to do my encryption to store values in databases.[/b]BE AWARE OF THE FOLLOWING:$key = "sjhfs89we48DSGhgwe7t";$encrypted_value_1 = encrypt("mytext", $key);$encrypted_value_2 = encrypt("mytext", $key);$encrypted_value_1 and $encrypted_value_2 are NOT NECCESSARY equal, in fact, they are most likely NOT. NEVER compare encrypted values to each other, you must ALWAYS decrypt and then check.[code]function encrypt($s, $key){ for($i=0;$i<=strlen($s);$i++) $r.=substr(str_shuffle(md5($key)),($i % strlen(md5($key))),1).$s[$i]; for($i=1;$i<=strlen($r);$i++) $s[$i-1]=chr(ord($r[$i-1])+ord(substr(md5($key),($i % strlen(md5($key)))-1,1))); return urlencode(base64_encode($s));}function decrypt($s, $key){ $s=base64_decode(urldecode($s)); for($i=1;$i<=strlen($s);$i++) $s[$i-1]=chr(ord($s[$i-1])-ord(substr(md5($key),($i % strlen(md5($key)))-1,1))); for($i=1;$i<=strlen($s)-2;$i=$i+2) $r.=$s[$i]; return $r;}[/code] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.