portabletelly Posted May 19, 2007 Share Posted May 19, 2007 Hi Im not sure if this is a php issue or a mysql issue. Im running php5 and mysql5. I have a basic login page which has a form that sends test name and password to process_password.php. Basically only this bit of code runs on the first page. I havent tidyied the first page up yet if(!isset($name)&&!isset($password)) { echo test; //Visitor needs to enter a name and password echo '<h1>Please Log In</h1>'; echo 'his page is secret.'; echo '<form method = post action = "process_password.php">'; echo '<table border = 1>'; echo '<tr>'; echo '<th> Username </th>'; echo '<td> <input type = text name = name> </td>'; echo '</tr>'; echo '<tr>'; echo '<th> Password </th>'; echo '<td> <input type = password name = password> </td>'; echo '</tr>'; echo '<tr>'; echo '<td colspan =2 align = center>'; echo '<input type = submit value = "Log In">'; echo '</td>'; echo '</tr>'; echo '</form>'; } My issues which I think maybe either syntax or the way im storeing data into the auth table. When subbmiting to the second page the page work fine except when a password is stored into the mysql auth table as a 'password'. Pass has been defined as char 41. If i add a password to a user in clear text the user can log in however if its stored as insert into auth values ('testuser', password('test123')); The user will not be able to login. <?php include("connect.php"); include("selectdb.php"); // $name = htmlspecialchars($_POST['name']); //$password = htmlspecialchars($_POST['password']); if(!isset($name)&&!isset($password)) { echo test; //Visitor needs to enter a name and password echo '<h1>Please Log In</h1>'; echo 'his page is secret.'; echo '<form method = post action = "process_password.php">'; echo '<table border = 1>'; echo '<tr>'; echo '<th> Username </th>'; echo '<td> <input type = text name = name> </td>'; echo '</tr>'; echo '<tr>'; echo '<th> Password </th>'; echo '<td> <input type = password name = password> </td>'; echo '</tr>'; echo '<tr>'; echo '<td colspan =2 align = center>'; echo '<input type = submit value = "Log In">'; echo '</td>'; echo '</tr>'; echo '</form>'; } else { echo "in the else statement"; // connect to mysql // $mysql = mysql_connect( 'localhost', 'root', '*****' ); // if(!$mysql) // { // echo 'Cannot connect to database.'; // exit; // } // select the appropriate database //$mysql = mysql_select_db( 'auth' ); //if(!$mysql) //{ // echo 'Cannot select database.'; // exit; //} // query the database to see if there is a record which matches $query = "select count(*) from auth where name ='$name' and pass ='$password'"; echo $name; echo $pass; $result = mysql_query($query, $link); if(!$result) { echo 'Cannot run query.'; exit; } $count = mysql_result( $result, 0, 0 ); if ( $count > 0 ) { // visitor's name and password combination are correct echo "<h1>Here it is!</h1>"; echo "I bet you are glad you you can see this secret page."; } else { // visitor's name and password combination are not correct echo "<h1>Go Away!</h1>"; echo "You are not authorized to view this resource."; } } ?> ****************process_password.php******************** <?php include("connect.php"); include("selectdb.php"); $name = htmlspecialchars($_POST['name']); $password = htmlspecialchars($_POST['password']); echo $name; echo $password; $query = "select count(*) from auth where name ='$name' and pass ='$password'"; $result = mysql_query($query, $link); if(!$result) { echo 'Cannot run query.'; exit; } $count = mysql_result( $result, 0, 0 ); if ( $count > 0 ) { // visitor's name and password combination are correct echo "<h1>Here it is!</h1>"; echo "I bet you are glad you you can see this secret page."; } else { // visitor's name and password combination are not correct echo "<h1>Go Away!</h1>"; echo "You are not authorized to view this resource."; } ?> Hope this makes sense as its getting pretty late and im out of coffea Quote Link to comment https://forums.phpfreaks.com/topic/52114-user-authentication-page/ Share on other sites More sharing options...
portabletelly Posted May 19, 2007 Author Share Posted May 19, 2007 bump Quote Link to comment https://forums.phpfreaks.com/topic/52114-user-authentication-page/#findComment-257000 Share on other sites More sharing options...
portabletelly Posted May 19, 2007 Author Share Posted May 19, 2007 bump Quote Link to comment https://forums.phpfreaks.com/topic/52114-user-authentication-page/#findComment-257226 Share on other sites More sharing options...
lewis987 Posted May 19, 2007 Share Posted May 19, 2007 ok, well i dont understand ya very well, but it looks like you want to make alogin page that goes to another page? why not comple it into one page with if, elseif, else statements? here is my login/register page: <? // Use session variable on this page. This function must put on the top of page. session_start(); ////// Logout Section. Delete all session variable. session_destroy(); $message=""; ////// Login Section. $Login=$_POST['Login']; if($Login){ // if clicked on Login button. $username=$_POST['username']; $md5_password=md5($_POST['password']); // Encrypt password with md5() function. // Connect database. $host="localhost"; // Host name. $db_user="root"; // MySQL username. $db_password="lancer"; // MySQL password. $database="login"; // Database name. mysql_connect($host,$db_user,$db_password); mysql_select_db($database); // Check matching of username and password. $result=mysql_query("select * from users where username='$username' and password='$md5_password'"); if(mysql_num_rows($result)!='0'){ // if match. session_register("username"); // Craete session username. header("location:main.php"); // Re-direct to main.php exit; }else{ // if not match. $message="--- Incorrect Username or Password ---"; } } // End Login authorize check. ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> <style type="text/css"> <!-- body { font: 100% Verdana, Arial, Helvetica, sans-serif; background: #000000; margin: 0; /* it's good practice to zero the margin and padding of the body element to account for differing browser defaults */ padding: 0; text-align: center; /* this centers the container in IE 5* browsers. The text is then set to the left aligned default in the #container selector */ color: #000000; } .twoColFixLtHdr #container { width: 780px; /* using 20px less than a full 800px width allows for browser chrome and avoids a horizontal scroll bar */ background: #FFFFFF; margin: 0 auto; /* the auto margins (in conjunction with a width) center the page */ border: 1px solid #000000; text-align: left; /* this overrides the text-align: center on the body element. */ } .twoColFixLtHdr #header { background: #000000; padding: 0 10px 0 20px; /* this padding matches the left alignment of the elements in the divs that appear beneath it. If an image is used in the #header instead of text, you may want to remove the padding. */ } .twoColFixLtHdr #header h1 { margin: 0; /* zeroing the margin of the last element in the #header div will avoid margin collapse - an unexplainable space between divs. If the div has a border around it, this is not necessary as that also avoids the margin collapse */ padding: 10px 0; /* using padding instead of margin will allow you to keep the element away from the edges of the div */ } .twoColFixLtHdr #sidebar1 { float: left; /* since this element is floated, a width must be given */ width: 200px; /* the actual width of this div, in standards-compliant browsers, or standards mode in Internet Explorer will include the padding and border in addition to the width */ background: #EBEBEB; /* the background color will be displayed for the length of the content in the column, but no further */ padding: 15px 10px 15px 20px; } .twoColFixLtHdr #mainContent { margin: 0 0 0 250px; /* the left margin on this div element creates the column down the left side of the page - no matter how much content the sidebar1 div contains, the column space will remain. You can remove this margin if you want the #mainContent div's text to fill the #sidebar1 space when the content in #sidebar1 ends. */ padding: 0 20px; /* remember that padding is the space inside the div box and margin is the space outside the div box */ } .twoColFixLtHdr #footer { padding: 0 10px 0 20px; /* this padding matches the left alignment of the elements in the divs that appear above it. */ background:#000000; } .twoColFixLtHdr #footer p { margin: 0; /* zeroing the margins of the first element in the footer will avoid the possibility of margin collapse - a space between divs */ padding: 10px 0; /* padding on this element will create space, just as the the margin would have, without the margin collapse issue */ } .fltrt { /* this class can be used to float an element right in your page. The floated element must precede the element it should be next to on the page. */ float: right; margin-left: 8px; } .fltlft { /* this class can be used to float an element left in your page */ float: left; margin-right: 8px; } .clearfloat { /* this class should be placed on a div or break element and should be the final element before the close of a container that should fully contain a float */ clear:both; height:0; font-size: 1px; line-height: 0px; } --> </style><!--[if IE 5]> <style type="text/css"> /* place css box model fixes for IE 5* in this conditional comment */ .twoColFixLtHdr #sidebar1 { width: 230px; } </style> <![endif]--><!--[if IE]> <style type="text/css"> /* place css fixes for all versions of IE in this conditional comment */ .twoColFixLtHdr #sidebar1 { padding-top: 30px; } .twoColFixLtHdr #mainContent { zoom: 1; } /* the above proprietary zoom property gives IE the hasLayout it needs to avoid several bugs */ </style> <![endif]--></head> <body class="twoColFixLtHdr"> <div id="container"> <div id="header"> <h1 align="center"><img src="header.jpg" width="640" height="160" /></h1> <!-- end #header --></div> <div id="sidebar1"> <?php if(isset($_GET['done'])){ echo ">Start Registration<br /> <b>>Finish Registration</b>"; echo "<h3>Thanks, you can now login</h3>"; echo $message; echo "<form id=\"form1\" name=\"form1\" method=\"post\" action=\"$PHP_SELF\">"; echo "<table>"; echo "<tr>"; echo "<td>Username : </td>"; echo "</tr>"; echo "<tr>"; echo "<td><input name=\"username\" type=\"text\" id=\"username\" /></td>"; echo "</tr>"; echo "<tr>"; echo "<td>Password : </td>"; echo "</tr>"; echo "<tr>"; echo "<td><input name=\"password\" type=\"password\" id=\"password\" /></td>"; echo "</tr>"; echo "</table>"; echo "<input name=\"Login\" type=\"submit\" id=\"Login\" value=\"Login\" />"; echo "</form>"; }elseif(isset($_GET['reg'])){ echo "<h3>.:.:Registration:.:.</h3><br> <b>>Start Registration</b><br /> >Finish Registration<br><br> Accidentally click the registration link?<br> <a href=\"?\">click here to go back</a>"; }else{ echo "<h3>Please Login</h3> <p>When loged in you can find many great features!</p> <p>Havent got a login yet?<br /> <a href=\"?reg\">Register Now!</a>"; } ?> <!-- end #sidebar1 --></div> <div id="mainContent"> <p><?php // Replace the variable values below // with your specific database information. $host = "localhost"; $user = "xxxxxxxx"; $pass = "xxxxxxxxxx"; $db = "xxxx"; $ID = ''; $USR = $_POST["usr"]; $PWD = md5($_POST["pwd"]); // This part sets up the connection to the // database (so you don't need to reopen the connection // again on the same page). $ms = mysql_connect($host, $user, $pass); if ( !$ms ) { echo "Error connecting to database.\n<br><br>"; } // Then you need to make sure the database you want // is selected. mysql_select_db($db,$ms); $result = mysql_query("SELECT username FROM users WHERE username = '$USR'"); if(mysql_num_rows($result) !== 0){?> <h1> .:.:.ERROR.:.:. </h1><br><? die("Sorry! The user exists already <br><a href=\"?reg\">Back to register page</a>"); } //Input vaildation and the dbase code if ( isset($_GET["registration"]) ) { $bInputFlag = false; foreach ( $_POST as $field ) { if ($field == "") { $bInputFlag = false; } else { $bInputFlag = true; } } // If we had problems with the input, exit with error if ($bInputFlag == false) { die( "Problem with your registration info. " ."Please go back and try again."); } // Run query $r = mysql_query("INSERT INTO xxx( id, username, password ) VALUES ('', '$USR', '$PWD')"); // Make sure query inserted user successfully if ( !mysql_insert_id() ) { die("<h1>.:.:Error:.:.</h1><br>User not added to database.<br><a href=\"index.php?reg\">Back to registration form</a>"); } else { // Create User folder and add user to the database $FTP_con = ftp_connect("xxx.xxx.xxx.xxx",); ftp_login($FTP_con,"xxx","xxxxx"); ftp_mkdir($FTP_con,"$USR"); ftp_mkdir($FTP_con, "$USR/Pic"); ftp_mkdir(FTP_con, "$USR/Music"); ftp_close($FTP_con); mysql_query("CREATE TABLE ".$USR." ( `Name` VARCHAR( 50 ) NOT NULL , `Size` INT NOT NULL , `Type` VARCHAR( 5 ) NOT NULL , PRIMARY KEY ( `Name` ) ) ENGINE = MYISAM ;"); echo "<a href=\"?done\">Complete Registration</a>"; } } // end if elseif(isset($_GET['done'])){ echo "<h1>.:.:Well Done:.:.</h1><br /> <p>Registration Complete!<br />Login with your details in the form on the left!</p>"; } elseif(isset($_GET['reg'])){ echo "<h1> Registration:</h1>"; echo "<form action=\"?registration\" method=\"POST\">\n"; echo "<table>"; echo "<TR>"; echo "<td><b>Username: </b></td>"; echo "<td><input name=\"usr\" MAXLENGTH=\"16\"></td>\n"; echo "</tr>"; echo "<tr>"; echo "<td>"; echo "<b>Password: </b></td>"; echo "<td><input type=\"password\" name=\"pwd\" MAXLENGTH=\"16\"><td>\n"; echo "</tr>"; echo "<tr>"; echo "<td><input type=\"submit\"></td>\n"; echo "</table>"; echo "</form>\n"; } // EOF else { echo "<h1> Login:</h1>"; echo $message; echo "<form id=\"form1\" name=\"form1\" method=\"post\" action=\"$PHP_SELF\">"; echo "<table>"; echo "<tr>"; echo "<td>User : </td>"; echo "<td><input name=\"username\" type=\"text\" id=\"username\" /></td>"; echo "</tr>"; echo "<tr>"; echo "<td>Password : </td>"; echo "<td><input name=\"password\" type=\"password\" id=\"password\" /></td>"; echo "</tr>"; echo "</table>"; echo "<input name=\"Login\" type=\"submit\" id=\"Login\" value=\"Login\" />"; echo "</form>"; } ?> <!-- end #mainContent --></div> <!-- This clearing element should immediately follow the #mainContent div in order to force the #container div to contain all child floats --><br class="clearfloat" /> <div id="footer"> <p>Footer</p> <!-- end #footer --></div> <!-- end #container --></div> </body> </html> Basiclly it shows the login box then once the correct details are entered it shows "main.php" unless the register link is pressed, then it shows the registration box, once details entered it adds the user to the database and creates a folder in the root of the server named after the user. once created and all its done then you can login. simple huh? tell me if you learned anything Quote Link to comment https://forums.phpfreaks.com/topic/52114-user-authentication-page/#findComment-257230 Share on other sites More sharing options...
portabletelly Posted May 19, 2007 Author Share Posted May 19, 2007 Thanks for you post lewis. It was kinda late last night and I dont think I explained the problem very well so I will repost. mysql5 and php 5 are being used. I have a login page called seceretdb.php this page has form which submits 'name' and 'password' to process_password.php I have a database call auth. The auth database has a table called auth. The table has two colums name and pass. The crux of the problem is that users can login fine against the table. When the value of their pass in mysql auth table is stored as a char value. However if a users password has been definend in the mysql auth table with the function of 'password' the value becomes encrypted in the mysql table eg. *E6CC90B878B948C35E92B003C792C46C58C4AF40 and the user cannot authenticate. *********************secretdb.PHP************************************** <?php include("connect.php"); include("selectdb.php"); // $name = htmlspecialchars($_POST['name']); //$password = htmlspecialchars($_POST['password']); if(!isset($name)&&!isset($password)) { echo test; //Visitor needs to enter a name and password echo '<h1>Please Log In</h1>'; echo 'his page is secret.'; echo '<form method = post action = "process_password.php">'; echo '<table border = 1>'; echo '<tr>'; echo '<th> Username </th>'; echo '<td> <input type = text name = name> </td>'; echo '</tr>'; echo '<tr>'; echo '<th> Password </th>'; echo '<td> <input type = password name = password> </td>'; echo '</tr>'; echo '<tr>'; echo '<td colspan =2 align = center>'; echo '<input type = submit value = "Log In">'; echo '</td>'; echo '</tr>'; echo '</form>'; } ?> ******************process_password.php******************************* <?php include("connect.php"); include("selectdb.php"); $name = htmlspecialchars($_POST['name']); $password = htmlspecialchars($_POST['password']); echo $name; echo $password; $query = "select count(*) from auth where name ='$name' and pass ='$password'"; $result = mysql_query($query, $link); if(!$result) { echo 'Cannot run query.'; exit; } $count = mysql_result( $result, 0, 0 ); if ( $count > 0 ) { // visitor's name and password combination are correct echo "<h1>Here it is!</h1>"; echo "I bet you are glad you you can see this secret page."; //if you get in this if statment the user has logged in } else { // visitor's name and password combination are not correct echo "<h1>Go Away!</h1>"; echo "You are not authorized to view this resource."; //if you do not get in the user has not logged in successfully. } ?> Lewis looking at your post I may need to incorporate this $md5_password=md5($_POST['password']); I hope this explains the problem a bit better. Quote Link to comment https://forums.phpfreaks.com/topic/52114-user-authentication-page/#findComment-257244 Share on other sites More sharing options...
lewis987 Posted May 19, 2007 Share Posted May 19, 2007 ahh now i get it, youve encrpted the password as MD5 in your database but your login form doesnt encrypt the password at all meaning it doesnt compare with the one in the database. You need to use something like $pass = md5($_POST['password']); try this then: $password = md5($_POST['password']); instead of: $password = htmlspecialchars($_POST['password']); Quote Link to comment https://forums.phpfreaks.com/topic/52114-user-authentication-page/#findComment-257247 Share on other sites More sharing options...
portabletelly Posted May 19, 2007 Author Share Posted May 19, 2007 That works a treat had to store data in database as md5 and not password though. I take md5 is stronger? Well the next thing is to establish a session. Will see how that goes. Quote Link to comment https://forums.phpfreaks.com/topic/52114-user-authentication-page/#findComment-257252 Share on other sites More sharing options...
lewis987 Posted May 19, 2007 Share Posted May 19, 2007 yea MD5 is pretty strong and for sessions, use this on the login page: session_start(); // USE AT VERY TOP OF YOUR PAGE! session_register(" *YOUR VARIABLE FOR USERNAME* "); // Sets Session and use when user = logged in //Do not use $username, instead use username and use this on the index: session_start(); // Use session variable on this page. This function must put on the top of page. if(!session_is_registered(" * YOUR VARIABLE FOR USERNAME * ")){ // if session variable "" does not exist. header("location:login.php"); // Re-direct to login.php } Quote Link to comment https://forums.phpfreaks.com/topic/52114-user-authentication-page/#findComment-257255 Share on other sites More sharing options...
portabletelly Posted May 19, 2007 Author Share Posted May 19, 2007 if index.php is in the root of htdocs and login.php is located in htdocs/login/login.php what would the syntax be for header("location:login.php"); // Re-direct to login.php from the index.php page Quote Link to comment https://forums.phpfreaks.com/topic/52114-user-authentication-page/#findComment-257263 Share on other sites More sharing options...
portabletelly Posted May 19, 2007 Author Share Posted May 19, 2007 worked it out was header("location:\login\login.php"); // Re-direct to login.php Quote Link to comment https://forums.phpfreaks.com/topic/52114-user-authentication-page/#findComment-257266 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.