...
PDA

login script

animyst
03-23-2003, 07:28 PM
Ive created a login page that looks like so


login.php
<?php
session_start();
session_register('auth');
session_register('logname');
include("dbinfo.inc");
switch (@$do)
{
case "login";
$connection = mysql_connect($host, $user, $password)
or die ("Couldn't connect to the server.");
$db = mysql_select_db($database, $connection)
or die ("Couldn't select database");

$sql = "SELECT loginName from Member
WHERE loginName='$fusername'";
$result = mysql_query($sql)
or die ("Couldn't execute query.");
$num = mysql_num_rows($result);
if ($num == 1) /* loginName was found */
{
$sql = "SELECT loginName FROM Member
WHERE loginName='$fusername'
AND password=password('$fpassword')";
$num2 = mysql_num_rows($result2);
if ($num2 > 0) /* the password submitted was correct */
{
$auth="yes";
$logname=$fusername;
$today = date("Y-m-d h:m:s");
$sql = "INSERT INTO Login (loginName,loginTime)
VALUES ('$logname','$today')";
mysql_query($sql)
or die("Can't execute query.");
header("Location: login2.php");
}
else
{
unset($do);
$message="You entered an incorrect password, please try again!";
include("login_form.inc");
}
}
elseif ($num == 0)
{
unset($do);
$message = "The login name you entered does not exist, please try again!";
include("login_form.inc");
}
break;
default:
include("login_form.inc");

?>

it includes this page

login_form.inc
<?php

?>




<html>

<form action="Login.php?do=login" method="post">
<table border="0">
<?php
if (isset($message))
echo "<tr><td colspan='2'>$message </td></tr>";
?>
<tr><td align="right"><b>Username</b></td>
<td><input type="text" name ="fusername" size="20" maxsize="20">
</td></tr>
<tr><td width="120" align="right"><b>Password</b></td>
<td><input type="password" name ="fpassword" size="20" maxsize="20">
</td></tr>
<tr><td align="center" colspan="2">
<br><input type="submit" name="log" value="Enter"></td></tr>
</table>
</form>
</td>

</html>

and you dont need to see dbinfo.inc


go to http://www.cubedclub.34sp.com/login.php to see the error
stoodder
03-23-2003, 09:54 PM
lol i know i had the same problem im pretty sure that masn you missed a "}" somewhere atleast while i was making my news script it was
animyst
03-23-2003, 10:13 PM
ahar!
a single } after everything did the trick!
stoodder
03-23-2003, 10:16 PM
lol yep i had that problem soooooo many times it got annoying also i had unexpected '}' im like ARG and i had to use my fingers to count them lol
relyt
03-23-2003, 10:44 PM
hey if you dont mind could i use this script for my website? if i can....can you explain to me how to?
stoodder
03-24-2003, 04:00 AM
hmm well i have a script for my site to that is lets say spread out more i guess it uses 4 pages instead of 2 but it makes it extremly simple i could lend you mine.. ive also branched off of it to make like user stuff: http://www.shadowgelert.com

i could explain over aim my AIM name is stoodder
animyst
03-24-2003, 03:49 PM
no sorry, but its still in progress anyways
animyst
03-24-2003, 04:23 PM
<?php
session_start();
session_register('auth');
session_register('logname');
include("dbinfo.inc");
switch (@$do)
{
case "login";
$connection = mysql_connect($host, $user, $password)
or die ("Couldn't connect to the server.");
$db = mysql_select_db($database, $connection)
or die ("Couldn't select database");

$sql = "SELECT loginName from Member
WHERE loginName='$fusername'";
$result = mysql_query($sql)
or die ("Couldn't execute query.");
$num = mysql_num_rows($result);
if ($num == 1) /* loginName was found */
{
$sql = "SELECT loginName FROM Member
WHERE loginName='$fusername'
AND password=password('$fpassword')";
$num2 = mysql_num_rows($result2);
if ($num2 > 0) /* the password submitted was correct */
{
$auth="yes";
$logname=$fusername;
$today = date("Y-m-d h:m:s");
$sql = "INSERT INTO Login (loginName,loginTime)
VALUES ('$logname','$today')";
mysql_query($sql)
or die("Can't execute query.");
header("Location: login2.php");
}
else
{
unset($do);
echo "You entered an incorrect password, please try again!";
include("login_form.inc");
}
}
elseif ($num == 0)
{
unset($do);
echo "The login name you entered does not exist, please try again!";
include("login_form.inc");
}
break;
default:
include("login_form.inc");


}
?>

now go to http://www.cubedclubclub.34sp.com and look at the results you can get. i have created a test user called test, with a password of test
Galdo
03-24-2003, 04:48 PM
You need to change this bit:


$sql = "SELECT loginName FROM Member
WHERE loginName='$fusername'
AND password=password('$fpassword')";
$num2 = mysql_num_rows($result2);


You are asking for the number of rows from the $result2 query but you have no query called $result2, its called $sql instead.

:D
Galdo
03-24-2003, 04:51 PM
On another note, I just noticed that you don't actually execute that query using mysql_query().

You'll need to put that in there too.

AND

You really need to change the extension of your db connection file to .php. At the moment it poses a major security threat as anyone can access it and view your database details.
animyst
03-24-2003, 05:32 PM
if ($num == 1) /* loginName was found */
{
$sql = "SELECT loginName FROM Member
WHERE loginName='$fusername'
AND password=password('$fpassword')";
$result2 = mysql_query($sql)
or die ("Couldn't execute query.");
$num2 = mysql_num_rows($result2);
if ($num2 > 0) /* the password submitted was correct */

should work then?
animyst
03-24-2003, 05:34 PM
the page seems to work now, but using the username test and password test, comes up saying mive submitted an incorrect username? maybe its somthing to do with what happens next?
Nightfire
03-24-2003, 05:42 PM
You seem to be making more queries to the db than is necessary...

Is there any logic in making a query for the username, then if the username's found, make another query for the username where the username and password match? Be much better to do the second query first and skip the first query all together.


$sql = "SELECT loginName,password FROM Member
WHERE loginName='$fusername'
AND password=password('$fpassword')";


that should help with your problem
animyst
03-24-2003, 06:36 PM
taht wasnt really the problem, but i might alter this later on to help with filesize e.t.c
by the way, heres login2.php
<?php

session_start();
if (@$auth !="yes")
{
header("Location: login.php");
exit();
}
include("phpinfo.php");
$connection = mysql_connect($host, $user, $password)
or die ("Couldn't connect to the server.");
$db = mysql_select_db($database, $connection)
or die ("Couldn't select database");
$sql = "SELECT firstName, lastName FROM Member
WHERE loginName='$logname'";
$result = mysql_query($sql)
or die("Couldn't execute query.");
$row = mysql_fetch_array($result,MYSQL_ASSOC);
extract($row);
echo "<html><p>Welcome $realName .</p>";

?>

anyone got any idea to why the login wont go to the second page?


and how would i log a user out? e.g. break the session
animyst
03-25-2003, 06:51 PM
help!
whitty
03-25-2003, 10:02 PM
I don't have time to go through your whole code to find out why it's not working but to log somebody out you'll need to make a seperate logout.php page and have the user go there from a link. In the page you'll need to use session_unregister

Read more about it here.

http://www.php.net/session_unregister

EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum