...
PDA

Login Script

Temper
12-30-2003, 06:34 PM
I want to create a login script for my webpage, but I'm having no luck at all. I'll give you what I have and I hope you can help me out.

The code on the Main index.php page:

<? session_start();
include("func_lst.php");
db_connect();
if(!isset($username) | !isset($password)) {

$member = 1; }
else if(isset($username) | isset($password)) { logged_in_chk(); }
?>

Further down the page where I want the form of the login looks like this:

<? if ($member = "1") { not_logged_in(); }
elseif ($member = "2") { logged_in_err(); }
elseif ($member = "3") { logged_in(); }?>




This is func_lst.php:

<? function not_logged_in()
{ ?>
<form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST">
<p align="center">Members only. Please login to access this document.</p>
<table align="center" border="0">
<tr>
<th>
Username:
</th>
<th>
<input type="text" name="username">
</th>
</tr>
<tr>
<th>
Password:
</th>
<th>
<input type="password" name="password">
</th>
</tr>
<tr>
<th colspan="2" align="right">
<input type="submit" value="Login">
</form>
<? }

function logged_in_chk() {
session_register("username");
session_register("password"); // register username and password as session variables.

$sql = mysql_query("SELECT pword FROM lad_user WHERE uname = '$username'");
$fetch_em = mysql_fetch_array($sql);
$numrows = mysql_num_rows($sql);

if($numrows != "0" & $password == $fetch_em["pword"]) {
$valid_user = 1;
$member = 3;

}
else {
$valid_user = 0;
$member = 2

}
if (!($valid_user))
{
session_unset(); // Unset session variables.
session_destroy(); // End Session we created earlier.
// escape from php mode.
} }

function logged_in_err() {
?>
<form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST">
<p align="center">Incorrect login information, please try again. You must login to access this document.</p>
<table align="center" border="0">
<tr>
<th>
Username:
</th>
<th>
<input type="text" name="username">
</th>
</tr>
<tr>
<th>
Password:
</th>
<th>
<input type="password" name="password">
</th>
</tr>
<tr>
<th colspan="2" align="right">
<input type="submit" value="Login">
</form>
<?
}

function logged_in() {
echo " You Are Logged in as: <Br>";
echo $username;
}
?>

The error I keep getting is it keeps displaying the "not_logged_in()" function, no matter what.


If you can, Please help me out.
Thank you
-Mike
Nightfire
12-30-2003, 06:51 PM
You do know it's || for OR, not |

You should also try to work with the super globals, the way your code is now it's not secure at all.

if(!isset($username) || !isset($password)) {
Temper
12-30-2003, 06:55 PM
:) You can probably tell I'm not exactly a master coder. What would you suggest I do to fix it/make it more secure?
Nightfire
12-30-2003, 07:03 PM
http://uk2.php.net/manual/en/language.variables.predefined.php

http://uk2.php.net/manual/en/reserved.variables.php is a list of what you can use.

Example:

Instead of

if(!isset($username) || !isset($password)) {

You'd use

$username = $_POST['username'];
$password = $_POST['password'];

if(!isset($username) || !isset($password)) {

This'll only compare the username and password from a form that's been POSTed, so noone can use GET (the url) to change the username or password now.
Temper
12-30-2003, 10:13 PM
Altered it a bit, but now the problem is that it won't stay logged in. (It'll log in, but the session ends as soon as I go to a new page, or type in the adress again.)

index.php file
<? session_start();
include("func_lst.php");
db_connect();


?>

(Farther down the page I have to include the login function)

func_lst.php

function display_login_form()
{
$username = $_POST['username'];
$password = $_POST['password'];

if(!isset($username) || !isset($password)) {
?>

<a href="register_form.php">Not a member?</a>
<form method=post action=<? $PHP_SELF ?>>
<table bgcolor=#cccccc>
<tr>
<td colspan=2>Members log in here:</td>
<tr>
<td>Username:</td>
<td><input type=text name=username></td></tr>
<tr>
<td>Password:</td>
<td><input type=password name=password></td></tr>
<tr>
<td colspan=2 align=center>
<input type=submit value="Log in"></td></tr>
<tr>
<td colspan=2><a href="forgot_form.php">Forgot your password?</a></td>
</tr>
</table></form>
<?
}
else {

session_register("username");
session_register("password");




$sql = mysql_query("SELECT pword FROM lad_user WHERE uname = '$username'");
$fetch_em = mysql_fetch_array($sql);
$numrows = mysql_num_rows($sql);

if($numrows != "0" & $password == $fetch_em["pword"]) {
$valid_user = 1;
echo "logged in as:<br>";
echo $username;
}
else {
$valid_user = 0;
}

// If the username exists and pass is correct, don't pop up the login code again.
// If info can't be found or verified....

if (!($valid_user))
{
session_unset(); // Unset session variables.
session_destroy(); // End Session we created earlier.
?>
<form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST">
<p align="center">Incorrect login information, please try again. You must login to access this document.</p>
<table align="center" border="0">
<tr>
<th>
Username:
</th>
<th>
<input type="text" name="username">
</th>
</tr>
<tr>
<th>
Password:
</th>
<th>
<input type="password" name="password">
</th>
</tr>
<tr>
<th colspan="2" align="right">
<input type="submit" value="Login">
</form>
</th>
</tr>
</table>
</body>
</html>
<?
}
}
}
?>


It works, but I don't stay logged in. Could you help me out again?
Thank you
-Mike

EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum