...

View Full Version : Resolved Building password protection, help needed



RomanTaylor
03-27-2009, 07:57 AM
I am pretty new in php, so this is my first experience using headers to secure my pages. I need some help in this.

Here is some errors I've got:


Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in /home1/yougotba/public_html/client/include/login.php on line 21

Warning: Cannot modify header information - headers already sent by (output started at /home1/yougotba/public_html/client/include/login.php:21) in /home1/yougotba/public_html/client/include/login.php on line 28

Warning: Cannot modify header information - headers already sent by (output started at /home1/yougotba/public_html/client/include/login.php:21) in /home1/yougotba/public_html/client/include/login.php on line 29

Sorry, you must enter a valid username and password to log in and access clien page


And here is my php code:


<?php

if (!isset($_POST['login']) || !isset($_POST['password'])) {
//Username or password weren't entered so send the authentication header
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Basic realm="Client_area"');
exit('Sorry, you must enter your username and passowrd to log in and access client area');
}

require_once('main_db.php');

//Grab the user-entered log-in data
$client_username = mysqli_real_escape_string($dbc, trim($_POST['login']));
$client_password = mysqli_real_escape_string($dbc, trim($_POST['password']));

//Look up the username and password in the database
$query = "SELECT client_id, name FROM main_data WHERE login = '$client_username' AND " .
"pas = SHA('$client_password')";
$data = mysqli_query($dbc, $query);

if (mysqli_num_rows($data) == 1) {
// The log-in is OK so set the user ID and username variables
$user_id = $row['user_id'];
$client_name = $row['name'];
}
else {
// The username/password are incorrect so send authentication headers
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Basic realm="Client_area"');
exit('Sorry, you must enter a valid username and password to log in and access clien page');
}

//Confirm the successful log-in
echo 'You are logged in as ' . $user_id . '.';

?>


Thanks in advance.

RomanTaylor
03-27-2009, 08:53 AM
I added die function to query and figured out my mistakes. Its working now, but the result is not what I want. It uses HTTP browser windows, and I was trying to use forms to take user input. Is there way to use forms to take user input instead of .htaccess pop up window?

RESOLVED:
Bugs are fixed. I don't like the result though, so I am going to rebuild my password protection application using cookies and forms.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum