treilad

Admin cookie

treilad replied to treilad's topic in PHP Coding Help

=/ Yeah. It would seem so. Nvm. I've got another way around it. :)

Admin cookie

treilad posted a topic in PHP Coding Help

I'm trying to get my login script to install an additional cookie if the person logging in is an administrator. Here is my login code: [code]<?php include ('db.php'); if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: index.php"); } } } if (isset($_POST['submit'])) { if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=registration.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 2592000; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); header("Location: admincheck.php"); } } } else { ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?>[/code] Admincheck.php would be the code that checked to see if the ID_my_site cookie contained the name 'Treilad'. If it did, it would install the Admin_my_site cookie. If not, it would header to index.php. How can I get it to check if the cookie contains 'Treilad'? I also tried this under the setcookies in the login code: if($_POST['username'] = 'Treilad' && $_POST['pass'] = 'letmein'){ setcookie(Admin_my_site, $_POST['username'], $hour); } but it sets the cookie no matter who logs in, ignoring the conditional.

Who's logged in?

treilad replied to treilad's topic in PHP Coding Help

Ugh. I've been trying. I can't get it. =/

Who's logged in?

treilad replied to treilad's topic in PHP Coding Help

Wait, is a session even necessary if I already have a cookie set with the username? I think I could do it if I knew how to echo something from the cookie: <?php if(isset($_COOKIE['ID_my_site'])) { echo 'the username'; } ?>

Who's logged in?

treilad replied to treilad's topic in PHP Coding Help

I added this to the login code: $_SESSION['username'] = '$_POST['username']'; -right after the setcookie() function. Could I do that and just session_start(); at the beginning of my index page, and then maybe echo the username? (That last part I don't know how to do.)

Who's logged in?

treilad replied to treilad's topic in PHP Coding Help

That sounds like the better idea, I'm just not sure how to do that. :-[ But I'll get to work on trying. Here's my login script, if it helps. [code]<?php include ('db.php'); if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: index.php"); } } } if (isset($_POST['submit'])) { // if form has been submitted if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=registration.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 2592000; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); header("Location: index.php"); } } } else { ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?>[/code]

Who's logged in?

treilad posted a topic in PHP Coding Help

I'm trying to create a simple code to display who's logged in. Ex: Welcome, [b]Treilad[/b]. But I don't know where to start. :-\

Registration page/PHPBB help

treilad posted a topic in Third Party Scripts

I had just gotten my login system working and downloaded PHPBB, when I realized that when people register, I don't want them to have to register again on my forum. I'd like to have a registration code that puts the info into both tables, but I don't want them to have to register with PHPBB first. I don't know how to do that since PHPBB's register script is a lot more complicated than the one I'm running. After that, I also decided to update my registration code, which I haven't gotten working yet. So here is my new code that I copied from somewhere and edited a little bit, (hence the third-party forum): [code]<?php ob_start(); include("db.php"); if($_POST['register']){ $username = $_POST['username']; $password = $_POST['pass']; $cpassword = $_POST['cpass']; $email = $_POST['emai1']; if($username==NULL|$password==NULL|$cpassword==NULL|$email==NULL){ echo "A Field was left blank."; }else{ if($password != $cpassword){ echo "Passwords do not match"; }else{ $password = md5($password)); $checkname = mysql_query("SELECT username FROM users WHERE username='$username'"); $checkname = mysql_num_rows($checkname); $checkemail = mysql_query("SELECT email from users WHERE email='$email'"); $checkemail = mysql_num_rows($checkemail); if($checkemail>0){ echo "We already have a registered user with that email address. Please only register one account."; } if($checkname>0){ echo "This username is already in use. Please try another or <a href="./index.php">login</a>. } else { $username = htmlspecialchars($username); $password = htmlspecialchars($password); $email = htmlspecialchars($email); $valnum[1]="789542433888764"; $valnum[2]="876954214834687"; $valnum[3]="138732418699423"; $valnum[4]="546311421867355"; $valnum[5]="875632177863879"; $valnum[6]="789876546489646"; $valnum[7]="847515815845181"; $valnum[8]="848584185618485"; $valnum[9]="946181458518515"; $valnum[10]="321312515813485"; $random = rand(1, count($valnum)); $userval = "$valnum[$random]"; $query = mysql_query("INSERT INTO users (username, password, email, val_num) VALUES('$username','$password','$email', '$userval')"); mail("$email", "Please validate your account.", "Thank you for registering at YOURSITE. Please use the link below to validate your account. Username: $username Validation Code: $userval To validate your account, visit: http://localhost/validate.php?username={$_POST['username']} If your username has spaces in it, you must replace them with %20"); echo "You have successfully registered! Please check your email for your validation link!"; } } } }else{ echo (" <center> <form method=\"POST\"> Username: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\"><br /> Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"pass\"><br /> Confirm Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"cpass\"><br /> Email: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"emai1\"> (Requires Validation)<br /> <input name=\"register\" type=\"submit\" value=\"Register\"> </form> </center> "); } ?>[/code] Here is my login script: [code]<?php ob_start(); include("db.php"); if($_POST['register']){ $username = $_POST['username']; $password = $_POST['pass']; $cpassword = $_POST['cpass']; $email = $_POST['emai1']; if($username==NULL|$password==NULL|$cpassword==NULL|$email==NULL){ echo "A Field was left blank."; }else{ if($password != $cpassword){ echo "Passwords do not match"; }else{ $password = md5($password)); $checkname = mysql_query("SELECT username FROM users WHERE username='$username'"); $checkname = mysql_num_rows($checkname); $checkemail = mysql_query("SELECT email from users WHERE email='$email'"); $checkemail = mysql_num_rows($checkemail); if($checkemail>0){ echo "We already have a registered user with that email address. Please only register one account."; } if($checkname>0){ echo "This username is already in use. Please try another or <a href="./index.php">login</a>. } else { $username = htmlspecialchars($username); $password = htmlspecialchars($password); $email = htmlspecialchars($email); $valnum[1]="789542433888764"; $valnum[2]="876954214834687"; $valnum[3]="138732418699423"; $valnum[4]="546311421867355"; $valnum[5]="875632177863879"; $valnum[6]="789876546489646"; $valnum[7]="847515815845181"; $valnum[8]="848584185618485"; $valnum[9]="946181458518515"; $valnum[10]="321312515813485"; $random = rand(1, count($valnum)); $userval = "$valnum[$random]"; $query = mysql_query("INSERT INTO users (username, password, email, val_num) VALUES('$username','$password','$email', '$userval')"); mail("$email", "Please validate your account.", "Thank you for registering at YOURSITE. Please use the link below to validate your account. Username: $username Validation Code: $userval To validate your account, visit: http://localhost/validate.php?username={$_POST['username']} If your username has spaces in it, you must replace them with %20"); echo "You have successfully registered! Please check your email for your validation link!"; } } } }else{ echo (" <center> <form method=\"POST\"> Username: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\"><br /> Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"pass\"><br /> Confirm Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"cpass\"><br /> Email: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"emai1\"> (Requires Validation)<br /> <input name=\"register\" type=\"submit\" value=\"Register\"> </form> </center> "); } ?>[/code] Any tips on making these cooperate? I haven't done a whole lot to the registration code so I'm quite sure that it needs some/a lot of editing. If it's impossible or would be too much trouble to have registration on my website rather than registering on PHPBB, then I'll gladly just make the registration on PHPBB. Thanks in advance. :) -Matt