Jump to content

user authentication/ login help

HartMan

By HartMan
in PHP Coding Help

 Share

Recommended Posts

HartMan Newbie

HartMan

Posted
Posted (edited)

hello all, first post here.

 

im fairly new to php and am still trying to really get a hold of what im doing. right now im just trying to build a simple login function for my site and am completely stuck.

here is what i have so far.

 

in function authuser im trying to create a query, return the result, compare it with those that were posted on index.php and if it matches the database i would like the login function. to start the session.

i hope that makes sense.

 

and if there is a better way to do this or something im missing please let me know

 

index.php

if($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = $_POST['username'];
$password = md5($_POST['password']);

if(empty($username) || empty($password)){
$data['status'] = 'Please fill out both inputs';
} else {
// login
authuser($username,$password);
}
}

functions.php

function login($username,$password)
{
session_start();
}

function authuser($username,$password)
{
$sql = "SELECT * FROM users WHERE username='$username' and password='$password'";
$results = mysql_query($sql);
$rows = mysql_num_rows($results);

if($rows==1)
{
session_register("admin");
} else {
echo "Wrong Username or Password";
}
}

Edited by HartMan
Link to comment
https://forums.phpfreaks.com/topic/274505-user-authentication-login-help/
Share on other sites
worldcom Newbie

worldcom

Posted
Posted

This is my preference for forms. I don't check the method. I want to check that the login form has been submitted.

Also, be sure to escape your data from bad people ;)

 

if( isset($_POST['your_form_submit_button_value']) ){
$password = mysql_real_escape_string($_POST['password']);
$username = mysql_real_escape_string($_POST['username']);
....
// the rest of your code

andrew_biggart Regular Member

andrew_biggart

Posted
Posted

Hi worldcom,

 

I have recently been working on a login script for my applications. I have created a login / account application using phpass for password hashing to help keep it secure. It's by no means water tight or completed, but you might find it useful.

 

I have started to move this application to github, but haven't had time to create the instructions yet so apologies for that. But everything should be there that you need.

 

Have a look as it might be useful for you.

 

https://github.com/andrewbiggart/phppass

 

Andrew

PaulRyan Member

PaulRyan

Posted
Posted

@worldcom: You shouldn't rely on the submit button name to be sent along with the form. Some browsers don't send the submit button along with the form, so you could miss out on some form submissions.

Checking the request method is probably the most reliable, but don't quote me on that.

worldcom Newbie

worldcom

Posted
Posted

Hi worldcom,

 

I have recently been working on a login script for my applications. I have created a login / account application using phpass for password hashing to help keep it secure. It's by no means water tight or completed, but you might find it useful.

 

I have started to move this application to github, but haven't had time to create the instructions yet so apologies for that. But everything should be there that you need.

 

Have a look as it might be useful for you.

 

https://github.com/a...biggart/phppass

 

Andrew

 

I'll have a good look.

Just an FYI, I just was pointing out to the OP that you should be checking any input.

Also, I'm not sure if we should't be relying on $_SERVER['REQUEST_METHOD'], you should know the method of what you expect either $_GET or $_POST.

PaulRyan Member

PaulRyan

Posted
Posted

@Jazzman: I believe they are browsers that run on other Operating Systems other than PC. Such as MAC, Linux, Unix etc.

 

@Worldcom: I myself use a hidden input for forms, it works great if you have multiple forms on a page as some of my applications do.

  • 2 weeks later...
HartMan Newbie

HartMan

Posted
  • Author
Posted (edited)

sorry it took so long to respond

ive changed my code a bit but now when i pass the username and password i get back this error

"Trying to get property of non-object in C:\wamp\www\whatscookincatering\lib\functions.php on line 23"

here is what my code looks like now

index.php

<?php  

require '../blog.php';
$data = array();

session_start();

# check required fields
if( empty( $_POST['username'] ) || empty( $_POST['password'] ) ){
    $data['msg'] = 'Please fill out both fields to log in.';
}else{
    $DB = new mysqli( 'localhost', $config['dbusername'], $config['dbpassword'], $config['database'] );

    # check if login is correct:
    $success = check_login( $_POST['username'],$_POST['password'],$DB );

    # assign appropriate message:
    $data['msg'] = $success?
        'Thank you for logging in':     // success
        'Wrong username or password.';  // failure

}

view('../admin/login', $data);
?>

 

functions.php

<?php  
function view($path, $data = null)
{
    if ( $data ){
        extract($data);
    }

    $path = 'views/' . $path . '.tmpl.php';

    include "../views/layout.php";
}

function check_login( $username,$password,mysqli $DB )
{
    $query = $DB->prepare( "SELECT 1 FROM users WHERE username=? AND password=?" );
    $password = md5( $password );

    # bind the submitted username/password to the statement
    $query->bind_param( 'ss',$username,$password );

    # query the DB and check number of rows returned to determine success
    $result = $query->execute();
    return ($result->num_rows === 1)?
        true:  
        false;  
}
?>

 

this is line 23

"return ($result->num_rows === 1)?"

Edited by HartMan
Christian F. Member

Christian F.

Posted
Posted (edited)

Timothy: I recommend reading the posts before you reply, as the author is clearly using MySQLI already.

 

Sanjib Sinha: Unfortunately, your reply is just as helpful as Timothy's.

 

While I do applaud your willingness to help and educate others, please take the time to properly read and understand the thread. That you can actually offer accurate and relevant help to the topic at hand, and not just waste time or (even worse) be a part of the problem.

Thank you.

 

HartMan: If you look at the PHP manual for mysqli_statement::execute () you should notice something quite important. Especially if you look at its return type.

Edited by Christian F.
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.