simple user checking in php

[darklexus2k9]

Hi i have a simple script that functions perfect and easy but i am looking for a way to secure it a little

 

is there any way for me to create a simple user checking system ?

 

i have a mysql db with both usernames and passwords

 

is there any way to get the username and password from a get comand in the url and check the db to see if they exist and if they do run the rest of my code and if not throw access denied ?

 

i know this is not 100% secure but i its how i want it to be done

 

could anyone help me with this ?

[Ch0cu3r]

 

is there any way to get the username and password from a get comand in the url and check the db to see if they exist and if they do run the rest of my code and if not throw access denied ?

 

i know this is not 100% secure but i its how i want it to be done

There should not be any reason why you would do this. POST exists for a reason. 

 

Have you google'd for "php login tutorial", that will yield tons of results. You should then be able to get idea or how to process user logins.

 

 

The very basics to restricting content to authenticated users is to check the username and password against the users in your database when the login credentials are sent from your login form. When the query returns a match you set a login token in your session. For any page you want to protect you check that the login token exists in the session. If it does not exist you either redirect the user to the login page or display a warning/error message.

[darklexus2k9]

There should not be any reason why you would do this. POST exists for a reason.

 

Have you google'd for "php login tutorial", that will yield tons of results. You should then be able to get idea or how to process user logins.

 

 

The very basics to restricting content to authenticated users is to check the username and password against the users in your database when the login credentials are sent from your login form. When the query returns a match you set a login token in your session. For any page you want to protect you check that the login token exists in the session. If it does not exist you either redirect the user to the login page or display a warning/error message.

my site dosent have user login or sessions this is why I asked for this I need a spesific thing and I know why I need it

 

wen a user visits a url on my site there own unique key is in the url

 

I want to use get to take the key from the url and simple check that keys in the data base

 

post is simply no good

 

I just need help doing the following

 

if(empty ($ key)

 

error

 

else

 

check key

[Jacques1]

So what's the concrete problem? What's your current code (only the relevant parts, please), and what do you not understand?

[CroNiX]

Do we need to guess what the url looks like that you are trying to capture something out of? You're not giving us all of the pieces needed for someone to help you.

[darklexus2k9]

ok my urls look like so

 

http://mysite.com/index.php?key=key&page=game

 

I can get the key fine using $_GET and I can check if its empty or not and I can throw my desired error

 

what I dont know or have is the code and how I would connect to my db wen they key feild is not empty

 

how can I connect to my msql database using php and check if the key from $_GET is in the database ?

 

I have never used a php to connect to a db so have no real experience of it

 

I just need code that will connect to a db and check if a key exists if so then do desired thing not throw my error again

Edited August 7, 2014 by darklexus2k9

[CroNiX]

What kind of database server is it? MySQL or something else? You said "msql" and I'm not sure what that is.

 

If you are going to be accessing the database, and want a way to secure your app a bit more, a user login system will provide more security than what you are wanting to do. Like checking to see if a username/email + password are correct is way more secure than a single "key" in the url, which is visible to anybody near the browser.

Edited August 7, 2014 by CroNiX

[darklexus2k9]

my db is mysql auto correct on my mobile messed it up

 

the reason I only need the key checked is because nothing of upmost security is shows on the page

 

the pages content is eather shown to the user in browser or shown in my own application

 

the reason I only want keys is because the keys change every time my app is opened so it is more than enough security than I need

 

do you know how to connect to a mysql db using php and check for a specific key in the db and if the key is found run some code ?

[Jacques1]

do you know how to connect to a mysql db using php and check for a specific key in the db and if the key is found run some code ?

 

C'mon, there are literally thousands of tutorials, books, videos and whatnot about how to access a MySQL database with PHP. This is one of the most basic features of the language. So sit down, Google for it and learn. We can't do that for you.

 

We're not gonna spend the rest of the day giving you private PHP lessons when the learning material is readily available for everybody.

[CroNiX]

yes, but I would start with the php documentation and start experimenting. You will learn more than someone just telling you. If you get stuck post the code and someone will surely help, but not many will unless they see that you've at least tried. The 2 choices I would use are the PDO/MySQL driver, or MySQLi driver (with an i). The original MySQL driver (with no i) is deprecated and will do you no good to learn it. There are also tons of tutorials showing how to do this.

Manual for PDO: http://php.net/manual/en/book.pdo.php

Manual for MySQLi: http://us1.php.net/manual/en/book.mysqli.php

 

Google "pdo tutorial" or "mysqli tutorial" to get some examples. Or even this forum as this topic has been discussed many, many times over the years.