Regarding the sessions for a login page..it's urgent.!! [Archive]

View Full Version : Regarding the sessions for a login page..it's urgent.!!

nani_s23

05-03-2007, 01:06 PM

Hello friends,

I have created a login page with username i,e mail Id n Password and a sign in Button......that mail id n password were already created in Database.....!!!

The main problem is....when we enter the URL containing that login page ex http://localhost/vamsi/login.php....with valid email id n password...it enters...........the same thing simultaneosly when opened in other browser.....entering same URL ......with the same Id n password......it loginss......this shouldnt happen....the same user logins twice at the same time..!!

rafiki

05-03-2007, 01:09 PM

add field to table online and change to yes when they are logged in? and no when logged out? then check to see if they are online before validating there log in
maybe this isnt the best answer but should work

nani_s23

05-03-2007, 01:11 PM

here i am providing u the code.....for login page i have created..!!! provide the same code with using sessions...so that multiple logins with same user shouldnt happen...!!

1st is Login.php
<html>
<head>
<script language="JavaScript">

function echeck(str) {

var at="@"
var dot="."
var lat=str.indexOf(at)
var lstr=str.length
var ldot=str.indexOf(dot)
if (str.indexOf(at)==-1){
alert("Invalid ID")
return (false);
}

if (str.indexOf(at)==-1 || str.indexOf(at)==0 || str.indexOf(at)==lstr){
alert("Invalid ID")
return (false);
}

if (str.indexOf(dot)==-1 || str.indexOf(dot)==0 || str.indexOf(dot)==lstr){
alert("Invalid ID")
return (false);
}

if (str.indexOf(at,(lat+1))!=-1){
alert("Invalid ID")
return (false);
}

if (str.substring(lat-1,lat)==dot || str.substring(lat+1,lat+2)==dot){
alert("Invalid ID")
return (false);
}

if (str.indexOf(dot,(lat+2))==-1){
alert("Invalid ID")
return (false);
}

if (str.indexOf(" ")!=-1){
alert("Invalid ID")
return (false);
}

return (true);
}

function validation(){

if ((form.emailid.value == null)||(form.emailid.value == "")){
alert("Please Enter your Email ID (eg. name@abc.com)")
form.emailid.focus()
return (false);
}
if (echeck(form.emailid.value) == false){
form.emailid.value=""
form.emailid.focus()
return (false);
}
if (form.password.value == "")
{
alert ("please enter the password");
form.password.focus();
return (false);
}
return (true);
}
</script>
</head>
<body>
<form name="form" action="enter1.php" method="post" >
Email Id:      <input type="text" name="emailid" tabindex="1" > <br><br>
Password:    <input type="password" name="password" tabindex="2" ><br><br>
<input type="submit" value="Sign-In" name="submit" tabindex="3" onClick="return validation(this);">
</form>
<form action="password.php" method="post" name="pwd" >                      

<a href="http://localhost/vamsi/password.php" >Forget your Password? </a>
</form>
</body>
</html>

2nd page isss....checking whether valid id or not....n passing the message

<html>

<body>
<?php
$username=$_POST["emailid"];
$password=$_POST["password"];

$MYSQLCon=mysql_connect("localhost:3307","root","123");

if (!$MYSQLCon)
{
echo ("Connection not connected:".mysql_error())."<br>";
}
/*else
{
echo ("MYSQL Connection Connected"."<br>");
}
*/
if (!mysql_select_db("db_login", $MYSQLCon))
echo "Database not connected"."<br>";
/*
else
{
echo "Database connected"."<br>";
}
*/

/*
$sql="SELECT * FROM $tbl_name";
$result=mysql_query($sql);

$count=mysql_num_rows($result);
*/
//$result = $MYSQLCon->mysql_query("Select * from usernames where UserName = '$username' and Password = '$password' ");
//if(!$result)
$sql="Select * from sign where emailid = '$emailid' and password = '$password' ";
$result=mysql_query($sql);
if(!$result)
{
echo (" The query couldn\'t be run"."<br>");
exit;
}
/*else
{
echo "Query executed"."<br>";
}
*/
if(mysql_affected_rows()==0){

print "Email Id/password pair is invalid. Please try again."."<br>";

}
/*if($result->num_rows() >= 0)
{
//Everything went ok!
echo ("You can now see the secret message!");
echo ("You are the chosen one :D");
}
*/
else
{
//The password or/and username was not correct!
echo ("Congrats u really rocked the mailbox!"."<br>");
// echo ("You are not the chosen one ");
}

//$result = $MYSQLCon->query
/*if (!mysql_query($sqlquery,$MYSQLCon))
{
die('Error: ' . mysql_error());
}
else
{
echo "Successfully logged in!";
}
*/
mysql_close(MYSQLCon);

?>

</body>
</html>
.....

so please use the sessions n provide me the code...so that i will check with in time n submit it to my team leader:(

rafiki

05-03-2007, 01:22 PM

ill do you one better ill provide you with a log in code that may meet your needs

<?php
session_start();
$_SESSION['loggedin'] = false;
if (isset($_POST['username;'])) {
$username = $_POST['username'];
$password = sha1($_POST['password']);
include("mysqlconnect.php");
include("sqlprotect.php");
$logged = "SELECT 1 FROM `users` WHERE `username` = '$username' AND `online` = 'YES'";
$query = mysql_query($logged) or die(mysql_error());
if (mysql_num_rows($query)>0){
die('You Are Already Logged In');
}
$sql = "SELECT 1 FROM `users` WHERE `username` = '$username' AND `password` = '$password'";
$query = mysql_query($sql) or die(mysql_error());
if (mysql_num_rows($query)>0){
$_SESSION['loggedin'] = 'yessir';
$_SESSION['username'] = '$username';
header("Location: http://www.loggedin.com");
} else {
unset($_SESSION['loggedin']);
echo "sorry username and/or password incorrect click <a href=\"#\" onClick=history.go(-1) > here</a> to go back and try again";
}
} else { include("prelog.php");}
?>

obviously the includes may not be the same and you would want to change loggedin.com to you URL when they are logged in

nani_s23

05-03-2007, 01:56 PM

Thank u friend for the code.......but i dont know how it works...like....wat is include("mysqlconnect.php") include("sqlprotect.php").........header:.......

these thingssss.......or should i include this php file........in loogin page aa..???

please provide me clear view of the code provided by you...!!I am just a beginner of this scritping language....!!

rafiki

05-03-2007, 02:21 PM

include('mysqlconnect.php');
includes a page called mysqlconnect.php a lot of people use this to include setting for connecting to a mysql server
and header is a php function you can find out about it here
http://www.php.net/header
and this page should be the log in page

nani_s23

05-07-2007, 05:12 AM

hi.

thank u....i have few doubts....

sqlprotect.php includes wat..???? in the sense wat we have to write in sql protect.php...?? i have sql connect.php..!!

then header: it's given that location: http://www.loggedin.com..??? we should write as it is or any location chnages should be made ..???

atlast include(prelog.php).....wat is it..??? is it to include login page againn...???

rafiki

05-07-2007, 05:13 PM

thats just how i break my coding down. like inside sqlprotect.php is mysql_real_escape() functions etc..
the header location should direct to your website more specifically the page they were wanting to see before logging in
and inside prelog.php is the form on which they use to log in, its so i dont have to scale 100's of lines to edit one bit of information i can just go and scan threw 30 or so lines instead