trq Posted November 3, 2006 Share Posted November 3, 2006 Sorry, but can you please post the entire current script. Your code is making less and less sense each time. You talk about certain functionality that simply does not exist in your code. Link to comment https://forums.phpfreaks.com/topic/25979-resolved-need-help-on-username-validation/page/2/#findComment-118809 Share on other sites More sharing options...
pixeltrace Posted November 3, 2006 Author Share Posted November 3, 2006 [code]<?session_start();$username = $_POST['username'];$password = $_POST['password'];if((!$username) || (!$password)){ echo '<script language=javascript> alert("Please enter ALL of the information!");</script>'; echo '<script language=javascript> top.location = "index.php";</script>'; exit();}include '../db_connect.php';$password = md5($password);if($login_check == 0) { //NOT LOGGED IN } $_SESSION['userid'] = $userid; $_SESSION['username'] = $username; $_SESSION['user_level'] = $user_level; mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'"); header("Location: homepage.php"); }elseif($login_check == 1) { //NOT LOGGED IN } $_SESSION['userid'] = $userid; $_SESSION['username'] = $username; $_SESSION['user_level'] = $user_level; mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'"); header("Location: homepage2.php");} else { echo '<script language=javascript> alert("You could not be logged in! Either the username and password do not match! Please try again!");</script>'; echo '<script language=javascript> top.location = "index.php";</script>';}?>[/code] Link to comment https://forums.phpfreaks.com/topic/25979-resolved-need-help-on-username-validation/page/2/#findComment-118813 Share on other sites More sharing options...
trq Posted November 3, 2006 Share Posted November 3, 2006 Can you explain to me how this [i]logs[/i] a user in? A simple example of a login script would be something like....[code]<?php session_start(); // connect to database. if (isset($_POST['username']) && isset($_POST['passwrod'])) { // query to see if the user exists. $result = mysql_query("SELECT user_level FROM users WHERE username = '{$_POST['username']}' AND password = '{$_POST['password']}'"); if ($result) { // did we get a valid user? if (mysql_num_rows($result) > 0) { $row = mysql_fetch_assoc($result); // Log the user in using sessions. $_SESSION['username'] = $_POST['username']; $_SESSION['user_level'] = $row['user_level']; // determin what user_level the user belongs to and redirect accordingly. if ($row['user_level'] == 'admin') { header("Location: admin.php"); elseif ($row['user_level'] == 'staff') { header("Location: staff.php"); } else { header("Location: home.php"); } } else { echo "User not found"; } } }?>[/code]This is just an example and lacks some error handling but as you can see, im afraid your missing complete sections of logic. Link to comment https://forums.phpfreaks.com/topic/25979-resolved-need-help-on-username-validation/page/2/#findComment-118817 Share on other sites More sharing options...
pixeltrace Posted November 3, 2006 Author Share Posted November 3, 2006 hi,i have an index page wherein you input the username and password there. the form method="post" and the action""checkUser.php"checkUser.php is the one that will verify the userid and points it to either homepage.php or homepage2.phphope this one helps Link to comment https://forums.phpfreaks.com/topic/25979-resolved-need-help-on-username-validation/page/2/#findComment-118818 Share on other sites More sharing options...
JustinK101 Posted November 3, 2006 Share Posted November 3, 2006 Ok there are some problems here, this is what I would do:[code]<?session_start();$username = $_POST['username'];$password = $_POST['password'];if(empty($username) || empty($password)){ echo '<script language=javascript> alert("Please enter ALL of the information!");</script>'; echo '<script language=javascript> top.location = "index.php";</script>'; exit();}include '../db_connect.php';$result = mysql_query("SELECT user_id, user_level FROM users WHERE username = '{$username}' AND password = '{$password}'");$numb_rows = mysql_num_rows($result);if($numb_rows == 0){ //NOT A VALID LOGIN/PASSWORD echo '<script language=javascript> alert("You could not be logged in! Either the username and password do not match! Please try again!");</script>'; echo '<script language=javascript> top.location = "index.php";</script>'; die();}$row = mysql_fetch_assoc($result);$password = md5($password); //WHATS THE POINT OF THIS LINE?$_SESSION['userid'] = $row['userid'];$_SESSION['username'] = $username;$_SESSION['user_level'] = $row['user_level']; mysql_query("UPDATE users SET last_login=now() WHERE userid=" . $row['userid'] . ""); if($row['user_level'] == "Regular"){ header("Location: homepage.php");}else if($row['user_level'] == "Admin"){ header("Location: homepage2.php");}?>[/code] Link to comment https://forums.phpfreaks.com/topic/25979-resolved-need-help-on-username-validation/page/2/#findComment-118821 Share on other sites More sharing options...
pixeltrace Posted November 3, 2006 Author Share Posted November 3, 2006 this is what i did base from your codes [code]<?session_start();$username = $_POST['username'];$password = $_POST['password'];if(empty($username) || empty($password)){ echo '<script language=javascript> alert("Please enter ALL of the information!");</script>'; echo '<script language=javascript> top.location = "index.php";</script>'; exit();}include '../db_connect.php';$result = mysql_query("SELECT userid, user_level FROM users WHERE username = '{$username}' AND password = '{$password}'");$numb_rows = mysql_num_rows($result);if($numb_rows == 0){ //NOT A VALID LOGIN/PASSWORD echo '<script language=javascript> alert("You could not be logged in! Either the username and password do not match! Please try again!");</script>'; echo '<script language=javascript> top.location = "index.php";</script>'; die();}$row = mysql_fetch_assoc($result);$_SESSION['userid'] = $row['userid'];$_SESSION['username'] = $username;$_SESSION['user_level'] = $row['user_level']; mysql_query("UPDATE users SET last_login=now() WHERE userid=" . $row['userid'] . ""); if($row['user_level'] == 0){ header("Location: homepage.php");}else if($row['user_level'] == 1){ header("Location: homepage2.php");}?>[/code]i tried logging in but it always keeps on popping up the error message "You could not be logged in! Either the username and password do not match! Please try again!" Link to comment https://forums.phpfreaks.com/topic/25979-resolved-need-help-on-username-validation/page/2/#findComment-118825 Share on other sites More sharing options...
JustinK101 Posted November 3, 2006 Share Posted November 3, 2006 How is the password stored in the db? Do you have it encrypted? Link to comment https://forums.phpfreaks.com/topic/25979-resolved-need-help-on-username-validation/page/2/#findComment-118826 Share on other sites More sharing options...
trq Posted November 3, 2006 Share Posted November 3, 2006 Maybe youve your password md5'd. You should.Try...[code=php:0]$password = md5($_POST['password']);[/code] Link to comment https://forums.phpfreaks.com/topic/25979-resolved-need-help-on-username-validation/page/2/#findComment-118827 Share on other sites More sharing options...
pixeltrace Posted November 3, 2006 Author Share Posted November 3, 2006 yesit is encrypted Link to comment https://forums.phpfreaks.com/topic/25979-resolved-need-help-on-username-validation/page/2/#findComment-118830 Share on other sites More sharing options...
JustinK101 Posted November 3, 2006 Share Posted November 3, 2006 Bingo, thorpe! Link to comment https://forums.phpfreaks.com/topic/25979-resolved-need-help-on-username-validation/page/2/#findComment-118832 Share on other sites More sharing options...
pixeltrace Posted November 3, 2006 Author Share Posted November 3, 2006 i tried this one but its still popping out the error message "You could not be logged in! Either the username and password do not match! Please try again!"[code]<?session_start();$username = $_POST['username'];$password = $_POST['password'];if(empty($username) || empty($password)){ echo '<script language=javascript> alert("Please enter ALL of the information!");</script>'; echo '<script language=javascript> top.location = "index.php";</script>'; exit();}include '../db_connect.php';$result = mysql_query("SELECT userid, user_level FROM users WHERE username = '{$username}' AND password = '{$password}'");$numb_rows = mysql_num_rows($result);if($numb_rows == 0){ //NOT A VALID LOGIN/PASSWORD echo '<script language=javascript> alert("You could not be logged in! Either the username and password do not match! Please try again!");</script>'; echo '<script language=javascript> top.location = "index.php";</script>'; die();}$row = mysql_fetch_assoc($result);$password = md5($_POST['password']); $_SESSION['userid'] = $row['userid'];$_SESSION['username'] = $username;$_SESSION['user_level'] = $row['user_level']; mysql_query("UPDATE users SET last_login=now() WHERE userid=" . $row['userid'] . ""); if($row['user_level'] == 0){ header("Location: homepage.php");}else if($row['user_level'] == 1){ header("Location: homepage2.php");}?>[/code] Link to comment https://forums.phpfreaks.com/topic/25979-resolved-need-help-on-username-validation/page/2/#findComment-118834 Share on other sites More sharing options...
JustinK101 Posted November 3, 2006 Share Posted November 3, 2006 No, No.... Why are you doing the md5 on the password variable when you have already done the verification in the database. You need to md5 the password before you check against the database. :) LOL Do this:[code]<?session_start();$username = $_POST['username'];$password = md5($_POST['password']);if(empty($username) || empty($password)){ echo '<script language=javascript> alert("Please enter ALL of the information!");</script>'; echo '<script language=javascript> top.location = "index.php";</script>'; exit();}include '../db_connect.php';$result = mysql_query("SELECT userid, user_level FROM users WHERE username = '{$username}' AND password = '{$password}'");$numb_rows = mysql_num_rows($result);if($numb_rows == 0){ //NOT A VALID LOGIN/PASSWORD echo '<script language=javascript> alert("You could not be logged in! Either the username and password do not match! Please try again!");</script>'; echo '<script language=javascript> top.location = "index.php";</script>'; die();}$row = mysql_fetch_assoc($result);$_SESSION['userid'] = $row['userid'];$_SESSION['username'] = $username;$_SESSION['user_level'] = $row['user_level']; mysql_query("UPDATE users SET last_login=now() WHERE userid=" . $row['userid'] . ""); if($row['user_level'] == 0){ header("Location: homepage.php");}else if($row['user_level'] == 1){ header("Location: homepage2.php");}?>[/code] Link to comment https://forums.phpfreaks.com/topic/25979-resolved-need-help-on-username-validation/page/2/#findComment-118835 Share on other sites More sharing options...
pixeltrace Posted November 3, 2006 Author Share Posted November 3, 2006 ohhhhh!!!i got it.hehehehe..sorry dudes!!!and thanks a lot!!!i owe you justin and thorpe this onei hope i could be as good as you someday.hehehe Link to comment https://forums.phpfreaks.com/topic/25979-resolved-need-help-on-username-validation/page/2/#findComment-118838 Share on other sites More sharing options...
JustinK101 Posted November 3, 2006 Share Posted November 3, 2006 [b]Also, md5 inst encryption. It just returns sort of like a decoded version of the orginal text. I use the following functions to do my encryption to store values in databases.[/b]BE AWARE OF THE FOLLOWING:$key = "sjhfs89we48DSGhgwe7t";$encrypted_value_1 = encrypt("mytext", $key);$encrypted_value_2 = encrypt("mytext", $key);$encrypted_value_1 and $encrypted_value_2 are NOT NECCESSARY equal, in fact, they are most likely NOT. NEVER compare encrypted values to each other, you must ALWAYS decrypt and then check.[code]function encrypt($s, $key){ for($i=0;$i<=strlen($s);$i++) $r.=substr(str_shuffle(md5($key)),($i % strlen(md5($key))),1).$s[$i]; for($i=1;$i<=strlen($r);$i++) $s[$i-1]=chr(ord($r[$i-1])+ord(substr(md5($key),($i % strlen(md5($key)))-1,1))); return urlencode(base64_encode($s));}function decrypt($s, $key){ $s=base64_decode(urldecode($s)); for($i=1;$i<=strlen($s);$i++) $s[$i-1]=chr(ord($s[$i-1])-ord(substr(md5($key),($i % strlen(md5($key)))-1,1))); for($i=1;$i<=strlen($s)-2;$i=$i+2) $r.=$s[$i]; return $r;}[/code] Link to comment https://forums.phpfreaks.com/topic/25979-resolved-need-help-on-username-validation/page/2/#findComment-118844 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.