Jump to content


Photo

Log In System Problems


  • Please log in to reply
5 replies to this topic

#1 Beck3

Beck3
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 21 April 2017 - 05:04 PM

Hello, I'm trying to build a student management information system.

 

It has to have two login modes, admin and user. I have some code, but the database is not working.

 

When I try to login, I'm just send the message that the login failed. How do I compare the user credentials to what is in the database already so that the user logs in based on user role? I have creared a users table with the following attributes: user_id (PK), first_name, last_name, username, and pwd(FK). And another table called role with the attribute of role. Role is the primary key.  

 

Any help would be appreciated! 

 

config.php

https://pastebin.com/PUqhMdsY

 

SQLFunctions.php

https://pastebin.com/X7LvBC5M

 

login.php 

https://pastebin.com/36fTGzgh

 

loginsubmit.php

https://pastebin.com/1RpRkmTj

 

sessions.php

https://pastebin.com/6XWVZF9K

 



#2 benanamen

benanamen
  • Members
  • PipPipPip
  • Master Coder
  • 1,355 posts

Posted 21 April 2017 - 05:09 PM

You have many, many problems with this code. It will pretty much require a complete rewrite. I would suggest you use PDO when you do that. https://phpdelusions.net/pdo


Edited by benanamen, 21 April 2017 - 05:10 PM.

To save time, let's just assume I am never wrong.

The XY Problem
The XY problem is asking about your attempted solution (X) rather than your actual problem (Y). This leads to enormous amounts of wasted time and energy, both on the part of people asking for help, and on the part of those providing help.


Make A Donation https://www.paypal.me/KevinRubio

 

"This text has been encoded with ROT26. If you can read this you must have found a backdoor. Congratulations!"


#3 ginerjm

ginerjm
  • Members
  • PipPipPip
  • Handball player
  • 3,636 posts
  • LocationVoorheesville NY

Posted 21 April 2017 - 05:19 PM

Let's start with the login. Why a user id and a username? Wouldn't one work?

Why two "login modes"? Aren't these just multiple user ids with assigned roles? I'd put role in the user table and dump the roles table. Let your other pages check the role that you return with a valid login. If you need to have multiple roles, return an array of roles instead of a single one and store the roles in your role table, linked by userid. In either case add a std. function to each of your pages to check the returned role variable and return a true/false answer when checking if a user is allowed access to that page. That way you can change the roles around should you have to with very little work.

And if you are not using PDO, I'll jump on the bandwagon to tell you to switch to that NOW. And use prepared queries too - life will be much simpler.

Let's get the login working. Be sure to wrap any code you post here properly.
And when next you post - post your question along with the PERTINENT code that you think is the root of your problem. Many of us don't look at links to other sites and having a slew of them posted just discourages interest. IMHO.
JG
PS - If you're posting here you should be using:
        error_reporting(E_ALL);
        ini_set('display_errors', '1');

at the top of ALL php code while you develop it!

#4 Beck3

Beck3
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 22 April 2017 - 12:25 AM

Let's start with the login. Why a user id and a username? Wouldn't one work?

Why two "login modes"? Aren't these just multiple user ids with assigned roles? I'd put role in the user table and dump the roles table. Let your other pages check the role that you return with a valid login. If you need to have multiple roles, return an array of roles instead of a single one and store the roles in your role table, linked by userid. In either case add a std. function to each of your pages to check the returned role variable and return a true/false answer when checking if a user is allowed access to that page. That way you can change the roles around should you have to with very little work.

And if you are not using PDO, I'll jump on the bandwagon to tell you to switch to that NOW. And use prepared queries too - life will be much simpler.

Let's get the login working. Be sure to wrap any code you post here properly.
And when next you post - post your question along with the PERTINENT code that you think is the root of your problem. Many of us don't look at links to other sites and having a slew of them posted just discourages interest. IMHO.

 

To be honest, I'm new to PHP. I don't really know much about it. I have to create two log in modes because the project needs an admin to log in and have that person be in charged of the whole database to edit, delete, insert, etc information. The other mode is just user aka the student. The student should only be able to view courses, grades,and tests. 

 

Why is PDO better? I did found a tutorial with PDO log in system and it works, but I find the queries hard to understand. I made a registration page in the admin page, but it didn't work. It will not connect to my database. I understand some of the logic behind the code, but not all. 

 

index:

<div class="col-md-6 col-md-offset-3">
                    <h4></span>Log in with your credentials<span class="glyphicon glyphicon-user"></h4><br/>
                            <div class="block-margin-top">
                              <?php 

                                $errors = array(
                                    1=>"Invalid user name or password, Try again",
                                    2=>"Please login to access this area"
                                  );

                                $error_id = isset($_GET['err']) ? (int)$_GET['err'] : 0;

                                if ($error_id == 1) {
                                        echo '<p class="text-danger">'.$errors[$error_id].'</p>';
                                    }elseif ($error_id == 2) {
                                        echo '<p class="text-danger">'.$errors[$error_id].'</p>';
                                    }
                               ?>  

                              <form action="authenticate.php" method="POST" class="form-signin col-md-8 col-md-offset-2" role="form">  
                                  <input type="text" name="username" class="form-control" placeholder="Username" required autofocus><br/>
                                  <input type="password" name="password" class="form-control" placeholder="Password" required><br/>
                                  <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
                             </form>
                           </div>
            </div>
            
        

authenticate:

<?php 
 require 'database-config.php';

 session_start();

 $username = "";
 $password = "";
 
 if(isset($_POST['username'])){
  $username = $_POST['username'];
 }
 if (isset($_POST['password'])) {
  $password = $_POST['password'];

 }
 

 $q = 'SELECT * FROM users WHERE username=:username AND password=:password';

 $query = $dbh->prepare($q);

 $query->execute(array(':username' => $username, ':password' => $password));


 if($query->rowCount() == 0){
  header('Location: index.php?err=1');
 }else{

  $row = $query->fetch(PDO::FETCH_ASSOC);

  session_regenerate_id();
  $_SESSION['sess_user_id'] = $row['id'];
  $_SESSION['sess_username'] = $row['username'];
        $_SESSION['sess_userrole'] = $row['role'];

        echo $_SESSION['sess_userrole'];
  session_write_close();

  if( $_SESSION['sess_userrole'] == "admin"){
   header('Location: adminhome.php');
  }else{
   header('Location: userhome.php');
  }
  
  
 }


?>

data-base config:

<?php
   // define database related variables
   $database = 'c9';
   $host = '127.0.0.1';
   $user = 'kittykat77';
   $pass = '';

   // try to conncet to database
   $dbh = new PDO("mysql:dbname={$database};host={$host};port={3306}", $user, $pass);

   if(!$dbh){

      echo "unable to connect to database";
   }
   
?>

adminhome:

<?php 
    session_start();
    $role = $_SESSION['sess_userrole'];
    if(!isset($_SESSION['sess_username']) || $role!="admin"){
      header('Location: index.php?err=2');
    }
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Bootstrap 101 Template</title>

    <!-- Bootstrap -->
    <link href="css/bootstrap.min.css" rel="stylesheet">
    <link href="css/style.css" rel="stylesheet">

    <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
    <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
    <!--[if lt IE 9]>
      <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
      <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
  </head>
  <body>
    
    <div class="navbar navbar-default navbar-fixed-top" role="navigation">
      <div class="container">
        <div class="navbar-header">
          <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target=".navbar-collapse">
            <span class="sr-only">Toggle navigation</span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
          </button>
          <a class="navbar-brand" href="http://techyari.in">Techyari.in</a>
        </div>

        <div class="navbar-collapse collapse">
          <ul class="nav navbar-nav navbar-right">
            
            
            <li><a href="#"><?php echo $_SESSION['sess_username'];?></a></li>
            <li><a href="logout.php">Logout</a></li>
            <li><a href="registration.php">Register User</a></li>
          </ul>
        </div>
      </div>
    </div>

    <div class="container homepage">
      <div class="row">
         <div class="col-md-3"></div>
            <div class="col-md-6 welcome-page">
              <h2>This is Admin area.</h2>
            </div>
          <div class="col-md-3"></div>
        </div>
    </div>    

    <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
    <!-- Include all compiled plugins (below), or include individual files as needed -->
    <script src="js/bootstrap.min.js"></script>
    </body>
</html>

userhome:

<?php 
    session_start();
    
   
    
    $role = $_SESSION['sess_userrole'];
    if(!isset($_SESSION['sess_username']) || $role!="user"){
      header('Location: index.php?err=2');
      
      
    $stmt = $c9->prepare("SELECT id FROM users WHERE id=:id");
    $stmt->execute(array(':id' => $id));
    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
    
    }
    
  ?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Bootstrap 101 Template</title>

    <!-- Bootstrap -->
    <link href="css/bootstrap.min.css" rel="stylesheet">
    <link href="css/style.css" rel="stylesheet">

    <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
    <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
    <!--[if lt IE 9]>
      <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
      <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
  </head>
  <body>
    
    <div class="navbar navbar-default navbar-fixed-top" role="navigation">
      <div class="container">
        <div class="navbar-header">
          <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target=".navbar-collapse">
            <span class="sr-only">Toggle navigation</span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
          </button>
          <a class="navbar-brand" href="http://techyari.in">Techyari.in</a>
        </div>

        <div class="navbar-collapse collapse">
          <ul class="nav navbar-nav navbar-right">
          
          
            <li><a href="#"><?php echo $_SESSION['sess_username'];?></a></li>
            <li><a href="logout.php">Logout</a></li>
            
          </ul>
        </div>
      </div>
    </div>

    <div class="container homepage">
      <div class="row">
         <div class="col-md-3"></div>
            <div class="col-md-6 welcome-page">
              <h2>This is User area.</h2>
              





            </div>
          <div class="col-md-3"></div>
        </div>
    </div>    

    <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
    <!-- Include all compiled plugins (below), or include individual files as needed -->
    <script src="js/bootstrap.min.js"></script>
    </body>
</html>




<?php 
 session_start();
 session_destroy();
 header('Location: index.php');
?>

registration:

<?php includes("database-config.php"); ?> 

<html>
  <head>
    <tile>Create Account-Admin Panel</tile>
    <link rel="stylesheet" type="text/css" href= "style.css">
  </head>
  <body>
    
    <h3>Create a New User</h3>
    
    <form method="POST">
      
    <?php
    
    
      if($_SERVER['REQUEST_METHOD'] == "POST" ) {
        
        /*echo "<p>Submit button is working.</p>"; */ 
        
        
        $username = $_POST["username"];
        $password = $_POST["password"]; 
        $confirm_password = $_POST["confirm_password"]; 
        
        if(empty($username) || empty($password) || empty($confirm_password)){
          
          $error="Fields were empty."; 
          
        } else {
          
      
    
       $sql = "INSERT INTO users VALUES ('', '$username', '$password', 'User')";
                
                
              
                $result = $conn->query($sql);

                if( $result == TRUE) { 
               
               $error = "User created"; 
                } 
                
                else {
                  
                $error = "Error in creating account."; 
                
                } 
                
        }
      
        echo "<p>$error</p>"; 
        
      }
    
    
    ?>
    
    
    <form>
      
      Username: <br/>
      <input type="text" name="username" /> 
      <br/><br/>
      
      Password: <br/> 
      <input type="password" name="password" /> 
      <br/><br/>
      
      Confirm password: <br/>
      <input type="password" name="confirm password" />
      <br/><br/>
      
      <input type="submit" value="Create Account" />
      
    </form>
    
    
  </body>
  
</html>


#5 benanamen

benanamen
  • Members
  • PipPipPip
  • Master Coder
  • 1,355 posts

Posted 22 April 2017 - 12:54 AM

I suggest you learn what is at the link I provided instead of just copy/paste code you don't understand.


To save time, let's just assume I am never wrong.

The XY Problem
The XY problem is asking about your attempted solution (X) rather than your actual problem (Y). This leads to enormous amounts of wasted time and energy, both on the part of people asking for help, and on the part of those providing help.


Make A Donation https://www.paypal.me/KevinRubio

 

"This text has been encoded with ROT26. If you can read this you must have found a backdoor. Congratulations!"


#6 ginerjm

ginerjm
  • Members
  • PipPipPip
  • Handball player
  • 3,636 posts
  • LocationVoorheesville NY

Posted 22 April 2017 - 01:30 PM

For a person to say they are new to php and yet have all this code.... Something's not right. If you are son new how did you get this?

As for your use of the term "login mode", what do you mean by that?

Your login process will be the same for anyone, any type, any role that your system needs. You don't really believe that you will create two login modes, do you?

Concentrate on getting a solid secure login process using a user id, a password and a table that stores those values properly (using a secured password column). Then add the role column to that table so that when one logs in successfully you can return that role to the app for use down the road.

Work on just this one thing for now.
JG
PS - If you're posting here you should be using:
        error_reporting(E_ALL);
        ini_set('display_errors', '1');

at the top of ALL php code while you develop it!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users