...

View Full Version : login questions



gilgalbiblewhee
03-28-2010, 11:57 PM
For some reason, the page doesn't load as I wrote intentionally the wrong password (to bring up the sentence refusing to log in.) I'm going to upload this as a txt file for privacy.

tomws
03-29-2010, 04:51 AM
For privacy? Search engines can index text files just the same as html.

Your problem description isn't clear. What's happening?

Where is the form tag in your code?

gilgalbiblewhee
03-31-2010, 06:35 PM
Ok I tested by changing the method from post to get and I got a result. There are two usernames and 2 passwords which one of them is the correct answer while the other one is blank. The reason for that is that I have one login for the average user and the other one is for the administrator.

What do you recommend in this occasion? Should I combine the login somehow or leave it as 2 logins or what?

tomws
03-31-2010, 07:53 PM
Again, where is the form tag in your code?


This is not an OR operation:

if(!$_POST['username'] | !$_POST['pass']){
This is an OR operation:

if(!$_POST['username'] || !$_POST['pass']){

gilgalbiblewhee
03-31-2010, 09:20 PM
Again, where is the form tag in your code?


This is not an OR operation:

if(!$_POST['username'] | !$_POST['pass']){
This is an OR operation:

if(!$_POST['username'] || !$_POST['pass']){
Oh the form tag... sorry I missed that part. The txt file is actually an include file. The form tag is in the index:

<?php // action=" echo $_SERVER['PHP_SELF']; "?>
<form name="login" method="get" onSubmit="adminLogin(); userLogin();" target="_self">
The 2 functions are empty but I left it there for now. (At first I was thinking of using AJAX for the login but couldn't figure it out because I didn't understand how the post method would work with AJAX). I doubted that I needed an action attribute so I left it out.

As for the | and || I know the 2nd is OR but I got this code from this tutorial:
http://php.about.com/od/finishedphp1/ss/php_login_code_2.htm

The code worked until now. I see the problem now. It's because I put 2 usernames:

<div style="float: left; width: 100%; margin: 0px 0px 0px 0px; background-color: #7C7C7C; border: 1px solid #A5A498; border-width: 1px 1px 0px 1px;">
<span style="float: left; padding: 2px 10px 0px 12px; color: #FFFFFF; font-family: arial; font-weight:bold; font-size: 13px">Login</span>

</div>
<div style="float: left; width: 100%; height: 120px; background: #B4B3A9; border: 1px solid #A5A498; margin: 0px 0px 0px 0px; overflow-x: hidden; overflow-y: auto;">
<h1 style="float: left; color: red; margin: 5px 5px 0px 5px; height: 30px; font: 12px verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; padding: 0px 0px 0px 10px; height: 20px; width: 100%; text-align: left;">User Login</h1>
<table id="user_login_table" style="float: left; margin: 5px 5px 0px 5px; padding: 0px 0px 0px 0px; width: 100%; overflow: hidden; display: block;">
<tr>
<td style="float: left; text-align: left; width: 80px; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif;">
<label for="navbar_username">User Name:</label>
</td>
<td style="float: left; width: 50px; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif;">
<input type="text" name="username" id="username" style="float: left; border: 1px solid #7C7C7C; font: 9px verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px;" value="User Name" onBlur="if (this.value == '') this.value = 'User Name';" onFocus="if (this.value == 'User Name') this.value = '';" />

</td>
</tr>
<tr>
<td style="float: left; text-align: left; width: 80px; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif;">
<label for="navbar_password">Password:</label>
</td>
<td style="float: left; width: 50px;">
<input type="password" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px;" name="pass" id="pass" />

</td>
</tr>
<tr>
<td style="float: left; text-align: left; width: 80px; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif;">
<a id="a_wgad" href="wheelofgodUsers/registration.php?user=register" style="text-decoration: none;" onMouseOver="document.getElementById('a_wgad').style.textDecoration='underline';" onMouseOut="document.getElementById('a_wgad').style.textDecoration='none';">Register</a>
</td>
<td style="float: left; width: 50px;">
<input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold;" name="submit" value="Login" />

</td>
</tr>
</table>
<h1 style="float: left; color: red; margin: 5px 5px 0px 5px; height: 30px; font: 12px verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; padding: 0px 0px 0px 10px; height: 20px; width: 100%; text-align: left;">Admin Login</h1>
<table id="admin_login_table" style="float: left; margin: 5px 5px 0px 5px; padding: 0px 0px 0px 0px; width: 100%; overflow: hidden; display: block;">
<tr>
<td style="float: left; text-align: left; width: 80px; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif;">
<label for="navbar_username">
User Name:
</label>

</td>
<td style="float: left; width: 50px; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif;">
<input type="text" name="username" id="username" style="float: left; border: 1px solid #7C7C7C; font: 9px verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px;" value="User Name" onBlur="if (this.value == '') this.value = 'User Name';" onFocus="if (this.value == 'User Name') this.value = '';" />
</td>
</tr>
<tr>
<td style="float: left; text-align: left; width: 80px; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif;">
<label for="navbar_password">Password:</label>

</td>
<td style="float: left; width: 50px;">
<input type="password" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px;" name="pass" id="pass" />
</td>
</tr>
<tr>
<td style="float: left; text-align: left; width: 80px; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif;">
<a id="a_wgad" href="wheelofgodAdmin/registration.php?admin=register" style="text-decoration: none;" onMouseOver="document.getElementById('a_wgad').style.textDecoration='underline';" onMouseOut="document.getElementById('a_wgad').style.textDecoration='none';">Register</a>

</td>
<td style="float: left; width: 50px;">
<input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold;" name="submit" value="Login" />
</td>
</tr>
</table>

The string shows:
username=******&pass=**********&submit=Login&username=User+Name&pass=

gilgalbiblewhee
04-01-2010, 12:39 AM
To make things simpler I took the tutorial:
http://php.about.com/od/finishedphp1/ss/php_login_code_2.htm

again.

The same error is occurring. After the die in the login page the hello doesn't appear(when I type in the wrong username. This means whatever code is underneath it will not print):

if ($check2 == 0) {
login();
die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
echo "hello!!!!";
}
login page: index.php

<?php
ob_start();
include("dbconnection.php");
function login(){
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td><input type="text" name="username" maxlength="40"></td></tr>
<tr><td>Password:</td><td><input type="password" name="pass" maxlength="50"></td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="submit" value="Login"></td></tr>
</table>
</form>
<?php
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
</head>
<body>
<?php
// Connects to your Database
//mysql_connect("your.hostaddress.com", "username", "password") or die(mysql_error());
//mysql_select_db("Database_Name") or die(mysql_error());

//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM ".$dbTable." WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: members.php");

}
}
}

//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted

// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database

if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM ".$dbTable." WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
login();
die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
echo "hello!!!!";
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}
else
{

// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);

//then redirect them to the members area
header("Location: members.php");
}
}
}
else
{

// if they are not logged in
login();
}

?>
</body>
</html>
logout.php

<?php
ob_start();
include("dbconnection.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Logout</title>
</head>

<body>
<?php
$past = time() - 100;
//this makes the time in the past to destroy the cookie
setcookie(ID_my_site, gone, $past);
setcookie(Key_my_site, gone, $past);
header("Location: index.php");
?>
</body>
</html>
members.php

<?php
include("dbconnection.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Members Page</title>
</head>

<body>
<?php
// Connects to your Database
//mysql_connect("your.hostaddress.com", "username", "password") or die(mysql_error());
//mysql_select_db("Database_Name") or die(mysql_error());

//checks cookies to make sure they are logged in
if(isset($_COOKIE['ID_my_site']))
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM ".$dbTable." WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{

//if the cookie has the wrong password, they are taken to the login page
if ($pass != $info['password'])
{ header("Location: login.php");
}

//otherwise they are shown the admin area
else
{
echo "Admin Area<p>";
echo "Your Content<p>";
echo "<a href=logout.php>Logout</a>";
}
}
}
else

//if the cookie does not exist, they are taken to the login screen
{
header("Location: login.php");
}
?>
</body>
</html>
register.php

<?php
include("dbconnection.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Register</title>
</head>

<body>
<?php
// Connects to your Database
//mysql_connect("your.hostaddress.com", "username", "password") or die(mysql_error());
//mysql_select_db("Database_Name") or die(mysql_error());

//This code runs if the form has been submitted
if (isset($_POST['submit'])) {

//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) {
die('You did not complete all of the required fields');
}

// checks if the username is in use
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM ".$dbTable." WHERE username = '$usercheck'")
or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
if ($check2 != 0) {
die('Sorry, the username '.$_POST['username'].' is already in use.');
}

// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
die('Your passwords did not match. ');
}

// here we encrypt the password and add slashes if needed
$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
}

// now we insert it into the database
$insert = "INSERT INTO ".$dbTable." (username, password)
VALUES ('".$_POST['username']."', '".$_POST['pass']."')";
$add_member = mysql_query($insert);
?>


<h1>Registered</h1>
<p>Thank you, you have registered - you may now login</a>.</p>
<?php
}
else
{
?>


<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0">
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="10">
</td></tr>
<tr><td>Confirm Password:</td><td>
<input type="password" name="pass2" maxlength="10">
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table>
</form>

<?php
}
?>
</body>
</html>

gilgalbiblewhee
04-01-2010, 02:10 AM
Ok I was wondering why if I typed in the wrong username or password the die(""); would cause the code to stop printing whatever was left.

So instead I used print(""); and the problem is solved.

Now I wonder if I really need two (one for the administrator and the other for the average user) to login or just one because in the string, since it's in one <form> it's showing 2 usernames and 2 passwords and it's giving an error.

tomws
04-01-2010, 03:24 AM
I don't know what you mean by "2 usernames and 2 passwords". A well-designed system will most likely have a single login section. Once the user is authenticated, then permission settings or access control lists handle what he/she is allowed to do.

gilgalbiblewhee
04-01-2010, 03:57 AM
I don't know what you mean by "2 usernames and 2 passwords". A well-designed system will most likely have a single login section. Once the user is authenticated, then permission settings or access control lists handle what he/she is allowed to do.
Ok I put a checkbox to determine whether it's a user or the admin. But I don't understand how the members page is going to pick up the checked or unchecked?

gilgalbiblewhee
04-04-2010, 03:56 AM
Ok I put a checkbox to determine whether it's a user or the admin. But I don't understand how the members page is going to pick up the checked or unchecked?
The problem above is dealt with by adding a checkbox of whether the one who logs in is the user or administrator. But I'm still have logging problems. It keeps logging out when I click on the url and entering.

login page: index.php

<?php
ob_start();
include("dbconnection.php");
?>
<div style="float: left; width: 100%; margin: 0px 0px 0px 0px; background-color: #7C7C7C; border: 1px solid #A5A498; border-width: 1px 1px 0px 1px;">
<span style="float: left; padding: 2px 10px 0px 12px; color: #FFFFFF; font-family: arial; font-weight:bold; font-size: 13px;">Login</span>
</div>
<div style="float: left; width: 100%; height: 120px; background-color: #B4B3A9; border: 1px solid #A5A498; margin: 0px 0px 0px 0px; overflow-x: hidden; overflow-y: auto;">
<?php
function login(){
?>
<table border="0">
<tr>
<td>Administrator:</td><td><input type="checkbox" id="adminid" name="admin" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C;" value="no" onClick="if(this.value=='no'){this.value='yes'; document.getElementById('register').style.display = 'none';} else{this.value='no';document.getElementById('register').style.display = 'block';};" /></td>
</tr>
<tr>
<td>Username:</td>
<td><input type="text" name="<?php //vb_login_username?>username" id="username" style="float: left; border: 1px solid #7C7C7C; font: 9px verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" value="User Name" onBlur="if (this.value == '') this.value = 'User Name';" onFocus="if (this.value == 'User Name') this.value = '';" /></td>
</tr>
<tr>
<td>Password:</td><td><input type="password" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" <?php //name="pass"?> name="<?php //vb_login_username?>pass" id="pass" /></td></tr>
<tr>
<td><a id="register" href="login/register.php" style="float: left; display: block; background-color: #7C7C7C; text-align: left; padding: 0px 0px 0px 5px; width: 80px; height: 20px; text-decoration: none; color: #ffffff; border: 1px solid #7C7C7C; font-weight: bold;" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'">Register</a></td><td align="right"><input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Login" /></td>
</tr>
</table>
<?php
}

//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site'])){ //if there is, it logs you in and directs you to the members page
$myusername = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$admin = $_COOKIE['Admin_my_site'];
$user = $_COOKIE['User_my_site'];
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".mysql_real_escape_string($myusername)."'";
$check = mysql_query($sql)or die(mysql_error());
while($info = mysql_fetch_array( $check )){
if ($pass != $info['password']){
}else{
//print("Welcome ".$myusername."! <br />Visit your <a href=\"login/member.php\">member's stat</a> <br /><a href=\"login/logout.php\">Logout</a>");
//header("Location: login/member.php");
//header("Location: ");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])){ // if form has been submitted
if(!$_POST['username'] | !$_POST['pass']) {// makes sure they filled it in
//die('You did not fill in a required field.');
print('You did not fill in a required field.');
}// checks it against the database
if (!get_magic_quotes_gpc()){
$_POST['email'] = addslashes($_POST['email']);
}
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".$_POST['username']."'";
$check = mysql_query($sql)or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
//die('That user does not exist in our database. <a href=login/register.php>Click Here to Register</a>');
print('That user does not exist in our database.');
login();
}
while($info = mysql_fetch_array( $check )){
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong
if ($_POST['pass'] != $info['password']){
//die('Incorrect password, please try again.');
print('Incorrect password, please try again.');
login();
}else{
// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
if($_POST["admin"]=="yes"){
setcookie(Admin_my_site, $_POST['admin'], $hour);
print("<span style=\"float: left; text-align: left; padding: 5px 5px 5px 5px;\">Welcome ".$myusername."! <br />Visit your <a style=\"text-decoration: none;\" onmouseover=\"this.style.textDecoration='underline';\" onmouseout=\"this.style.textDecoration='none';\" href=\"login/member.php\">member's stat</a> <br /><a style=\"text-decoration: none;\" href=\"login/logout.php\" onmouseover=\"this.style.textDecoration='underline';\" onmouseout=\"this.style.textDecoration='none';\" >Logout</a></span>");
}else{
setcookie(User_my_site, $_POST['admin'], $hour);
print("<span style=\"float: left; text-align: left; padding: 5px 5px 5px 5px;\">Welcome <span id=\"myusername\">".$myusername."</span>! <br />Visit your <a style=\"text-decoration: none;\" href=\"login/member.php\" onmouseover=\"this.style.textDecoration='underline';\" onmouseout=\"this.style.textDecoration='none';\" >member's stat</a> <br /><a style=\"text-decoration: none;\" href=\"login/logout.php\" onmouseover=\"this.style.textDecoration='underline';\" onmouseout=\"this.style.textDecoration='none';\" >Logout</a></span>");
}
//then redirect them to the members area
//header("Location: login/member.php");
//print("Welcome".$username);
//header("Location: login/member.php");
//header("Location: ");

}
}
}else{
// if they are not logged in
login();
}
?>
</div>
logout.php

<?php
ob_start();
include("dbconnection.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Logout</title>
</head>

<body>
<?php
$past = time() - 100;
//this makes the time in the past to destroy the cookie
setcookie(ID_my_site, gone, $past);
setcookie(Key_my_site, gone, $past);
setcookie(Admin_my_site, gone, $past);
header("Location: ../index.php");
?>
</body>
</html>
member.php

<?php
ob_start();
include("dbconnection.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Members Page</title>
</head>

<body bgcolor="#505050" text="#000000" link="#363636" vlink="#363636" alink="#d5ae83">
<div id="master" style="width: 1240px; height: 780px; margin: 0px auto; overflow: hidden; text-align: center;">
<div id="logo" style="float: left; margin: 0px; border: none; background-color: #ECECEC; width: 100%; height: 120px; padding: 0px 5px 0px 0px;">
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="655" height="120" id="wheelofgod2" align="middle">
<param name="allowScriptAccess" value="sameDomain" />
<param name="movie" value="flashclips/wheelofgod2.swf" />
<param name="quality" value="high" />
<param name="bgcolor" value="#ECECEC" />
<embed src="../../flashclips/wheelofgod2.swf" quality="high" bgcolor="#ECECEC" width="655" height="120" name="wheelofgod" align="middle" allowScriptAccess="sameDomain" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" />
</object>
</div>
<div id="leftbar" style="float: left; width: 200px; height: 1200px; margin: 5px 0px 0px 0px; background-color: #505050;">
<?php //$Colors = Array("FF0000", "0000FF", "009900", "FF9900", "660099", "00FFFF");
include("../../getFiles/links.php"); ?>
</div>
<div id="main" style="float: left; margin: 5px 5px 5px 5px; background-color: #D2C5A0; border: 1px solid #B5A26F; width: 810px; height: 640px; padding: 5px 5px 5px 5px; overflow-y: auto;">
<?php
//checks cookies to make sure they are logged in
if(isset($_COOKIE['ID_my_site'])){
$myusername = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$admin = $_COOKIE['Admin_my_site'];
$user = $_COOKIE['User_my_site'];
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".mysql_real_escape_string($myusername)."'";
//echo $sql;

$check = mysql_query($sql)or die(mysql_error());
while($info = mysql_fetch_array( $check )){//if the cookie has the wrong password, they are taken to the login page
if ($pass != $info['password']){
header("Location: ../index.php");
}else{//otherwise they are shown the admin area
?>
<div style="float: left; width: 100%; margin: 5px 0px 0px 0px; background: #7C7C7C; border: 1px solid #A5A498; border-width: 1px 1px 0px 1px;">
<span style="float: left; padding: 2px 10px 0px 12px; color: #FFFFFF; font-family: arial; font-weight:bold; font-style: italic; font-size: 13px"><?php echo mysql_real_escape_string(strtoupper($myusername)); ?>'s Member Stat.</span>
</div>
<?php
include("memberStat.php");
echo "<a href=\"logout.php\">Logout</a>";
}
}
}else{//if the cookie does not exist, they are taken to the login screen
header("Location: ../index.php");
}
?>
</div>
<div id="rightbar" style="float: left; width: 200px; height: 1200px; margin: 5px 0px 0px 5px; background-color: #505050;">
<?php
include("index.php");
//include("../../getFiles/whattodo.php");
include("../../getFiles/updates.php");
include("../../getFiles/posts.php");
?>
</div>
</div>
</body>
</html>

register.php

<?php
include("dbconnection.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Register</title>
</head>

<body bgcolor="#505050" text="#000000" link="#363636" vlink="#363636" alink="#d5ae83">
<div id="master" style="width: 1240px; height: 780px; margin: 0px auto; overflow: hidden; text-align: center;">
<div id="logo" style="float: left; margin: 0px; border: none; background-color: #ECECEC; width: 100%; height: 120px; padding: 0px 5px 0px 0px;">
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="655" height="120" id="wheelofgod2" align="middle">
<param name="allowScriptAccess" value="sameDomain" />
<param name="movie" value="flashclips/wheelofgod2.swf" />
<param name="quality" value="high" />
<param name="bgcolor" value="#ECECEC" />
<embed src="../../flashclips/wheelofgod2.swf" quality="high" bgcolor="#ECECEC" width="655" height="120" name="wheelofgod" align="middle" allowScriptAccess="sameDomain" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" />
</object>
</div>
<div id="leftbar" style="float: left; width: 200px; height: 1200px; margin: 5px 0px 0px 0px; background-color: #505050;">
<?php //$Colors = Array("FF0000", "0000FF", "009900", "FF9900", "660099", "00FFFF");
include("../../getFiles/links.php");
include("../../getFiles/updates.php");?>
</div>
<div id="main" style="float: left; margin: 5px 5px 5px 5px; background-color: #D2C5A0; border: 1px solid #B5A26F; width: 810px; height: 640px; padding: 5px 5px 5px 5px; overflow-y: auto;">
<?php
//This code runs if the form has been submitted
if (isset($_POST['submit'])){//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2']){
//die('You did not complete all of the required fields');
print('You did not complete all of the required fields');
}
// checks if the username is in use
if (!get_magic_quotes_gpc()){
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM ".$dbTable." WHERE username = '$usercheck'") or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
if ($check2 != 0) {
//die('Sorry, the username '.$_POST['username'].' is already in use.');
print('Sorry, the username '.$_POST['username'].' is already in use.');
}

// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
//die('Your passwords did not match. ');
print('Your passwords did not match. ');
}

// here we encrypt the password and add slashes if needed
$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
}

// now we insert it into the database
$insert = "INSERT INTO ".$dbTable." (
...// ...
)";
//echo $insert;
//$add_member = mysql_query($insert);
?>
<div style="float: left; width: 100%; margin: 5px 0px 0px 0px; background: #7C7C7C; border: 1px solid #A5A498; border-width: 1px 1px 0px 1px;">
<span style="float: left; padding: 2px 10px 0px 12px; color: #FFFFFF; font-family: arial; font-weight:bold; font-size: 13px">Registered</span>
</div>

<p>Thank you <?php echo "<span style=\"font-weight: bold; font-style: italic;\">".$_POST['username']."</span>"; ?>, you have registered - you may now <a href="../index.php">login</a>.</p>
<?php
}else{
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<table border="0">
<tr><td>*Username:</td><td><input type="text" name="username" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 200px; height: 15px;" maxlength="60" /></td></tr>
<tr><td>*Password (10 characters):</td><td><input type="password" name="pass" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 200px; height: 15px;" maxlength="10" /></td></tr>
<tr><td>*Confirm Password (10 characters):</td><td><input type="password" name="pass2" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 200px; height: 15px;" maxlength="10" /></td></tr>
<tr>
<td>*First Name:</td>
<td><input name="fname" size="29" maxlength="30" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 200px; height: 15px;" /></td>
</tr>
<tr>
<td>*Last Name:</td>
<td><input name="lname" size="29" maxlength="40" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 200px; height: 15px;" /></td>
</tr>
<tr>
<td>*Your e-mail:</td>
<td><input name="email" size="29" maxlength="40" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 200px; height: 15px;" /></td>
</tr>
<tr>
<td>Your URL:</td>
<td><input name="url" size="29" maxlength="100" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 200px; height: 15px;" /></td>
</tr>
<tr>
<td>Additional URL:</td>
<td><input name="addnlurl" size="29" maxlength="100" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 200px; height: 15px;" /></td>
</tr>
<tr>
<td>
<input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 200px; height: 20px; margin: 5px 5px 5px 5px;" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" name="submit" value="Register" />
</td>
<td>
<input type="reset" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 200px; height: 20px; margin: 5px 5px 5px 5px;" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Reset" name="reset" />
</td>
</tr>
</table>
</form>
<?php
}
?>
</div>
<div id="rightbar" style="float: left; width: 200px; height: 1200px; margin: 5px 0px 0px 5px; background-color: #505050;">
<?php
include("index.php");
//include("../../getFiles/whattodo.php");
include("../../getFiles/posts.php");
?>
</div>
</div>
</div>
</body>
</html>

gilgalbiblewhee
04-04-2010, 05:49 AM
Again, where is the form tag in your code?


This is not an OR operation:

if(!$_POST['username'] | !$_POST['pass']){
This is an OR operation:

if(!$_POST['username'] || !$_POST['pass']){
Ok I changed them.
login/index.php

if(!$_POST['username'] || !$_POST['pass']) {// makes sure they filled it in
register.php repeated twice

if (!$_POST['username'] || !$_POST['pass'] || !$_POST['pass2']){

But it's still giving the same problem. That is on the first attempt to log in it doesn't show the $myusername next to "welcome".

if(isset($_COOKIE['ID_my_site'])){ //if there is, it logs you in and directs you to the members page
$myusername = $_COOKIE['ID_my_site'];
But on the 2nd attempt $myusername shows.
And the 2nd problem is when I click on the url address bar and enter it logs out.

gilgalbiblewhee
04-25-2010, 12:54 AM
I used 3 php files: login.php, logout.php and index.php.

I think the checking the $_POST[] should be in the login.php. But then I'm guessing that the index.php page needs to read cookies which the login.php has set right?

<?php
# index.php
session_start();
$logged_in = isset($_SESSION['logged_in']);
include("../dbconnection.php");
//say goodbye to magic_quotes_gpc! no false security.

$errors = array();

if($_SERVER['REQUEST_METHOD'] == "POST"){
if(empty($_POST['username'])){
$errors[] = "username was empty";
}
if(empty($_POST['password'])){
$errors[] = "password was empty";
}
if(empty($_POST['email'])){
$errors[] = "e-mail was empty";
}
if(count($errors) == 0){
//fix magic_quotes_gpc() being on
if(get_magic_quotes_gpc()){
foreach($_GET as $k => $v){
$_GET[$k] = stripslashes($v);
}
foreach($_POST as $k => $v){
$_POST[$k] = stripslashes($v);
}
foreach($_COOKIE as $k => $v){
$_COOKIE[$k] = stripslashes($v);
}
}
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site'])){ //if there is, it logs you in and directs you to the members page
$myusername = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$admin = $_COOKIE['Admin_my_site'];
$user = $_COOKIE['User_my_site'];
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".mysql_real_escape_string($myusername)."'";
$check = mysql_query($sql)or die(mysql_error());
while($info = mysql_fetch_array( $check )){
if($pass == $info['password']){
$writeusername = "Welcome ".$myusername."! <br />Visit your <a href=\"member.php\">member's stat</a> <br /><a href=\"login/logout.php\">Logout</a>";
}
}
}
//variable to keep track of whether to show the user the login form or not
$showlogin = true; //we show the form by default, -unless- we know they have logged in

//if the login form is submitted
if (isset($_POST['submit'])){ // if form has been submitted
if(!$_POST['username'] || !$_POST['pass']) {// makes sure they filled it in
$writeemptyfield = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">You did not fill in a required field.</td></tr>";
}// checks it against the database
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$db['username'] = mysql_real_escape_string($_POST['username']);
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".$db['username']."'";
$check = mysql_query($sql) or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
$writeusernoexist = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">That user does not exist in our database.</td></tr>";
}
while($info = mysql_fetch_array( $check )){
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']){
$writewrongpassword = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">Incorrect password, please try again.</td></tr>";
}else{
// if login is ok then we add a cookie
$hour = time() + 3600;
setcookie("ID_my_site", $_POST['username'], $hour);
setcookie("Key_my_site", $_POST['pass'], $hour);

//they are logged in. no need to show the login form
$showlogin = false;
if($_POST["admin"]=="yes"){
setcookie("Admin_my_site", $_POST['admin'], $hour);
}else{
setcookie("User_my_site", $_POST['admin'], $hour);
}
header("Location: login.php");
}
}
}
}
}

//$_SESSION['logged_in'] = 1;
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
</head>

<body>
<?php if ($logged_in): ?>
<form action="<?php echo "logout.php";//$_SERVER['PHP_SELF'];?>" method="POST">
<span style="float: left; text-align: left; padding: 5px 5px 5px 5px;">
Welcome <span id="myusername"><?php echo $myusername; ?> </span>!<br />
Visit your <a style="text-decoration: none;" href="member.php" onmouseover="this.style.textDecoration='underline';" onmouseout="this.style.textDecoration='none';" >member's stat</a><br />
<input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Logout" />
</span>
</form>

<?php else: ?>

<form action="<?php echo "login.php";//$_SERVER['PHP_SELF'];?>" method="POST">
<table border="0">
<tr>
<td>Administrator:</td><td><input type="checkbox" id="adminid" name="admin" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C;" value="no" onClick="if(this.value=='no'){this.value='yes'; document.getElementById('register').style.display = 'none';} else{this.value='no';document.getElementById('register').style.display = 'block';};" /></td>
</tr>
<?php echo $writeemptyfield; ?>
<?php echo $writeusernoexist; ?>
<tr>
<td>Username:</td>
<td><input type="text" name="username" id="username" style="float: left; border: 1px solid #7C7C7C; font: 9px verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" value="User Name" onBlur="if (this.value == '') this.value = 'User Name';" onFocus="if (this.value == 'User Name') this.value = '';" /></td>
</tr>
<?php echo $writewrongpassword; ?>
<tr>
<td>Password:</td><td><input type="password" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" name="pass" id="pass" /></td></tr>
<tr>
<td><a id="register" href="login/register.php" style="float: left; display: block; background-color: #7C7C7C; text-align: left; padding: 0px 0px 0px 5px; width: 80px; height: 20px; text-decoration: none; color: #ffffff; border: 1px solid #7C7C7C; font-weight: bold;" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'">Register</a></td><td align="right"><input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Login" /></td>
</tr>
</table>
</form>
<?php endif; ?>
</body>
</html>


<?php
# login.php

if ($_SERVER['REQUEST_METHOD'] == 'POST'){
session_start();
$_SESSION['logged_in'] = true;
header('HTTP/1.1 303 See Other');
}
header('Location: index.php');
?>

<?php
# logout.php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
session_start();
session_destroy();
header('HTTP/1.1 303 See Other');
}
header('Location: index.php');
?>



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum