...

View Full Version : Login Script



kaiiak
12-28-2005, 05:51 PM
i have managed to create a script that enables the user to register their details and then the details be submitted into a database....

but what i need now is a script that enables one to log on

how would i go about getting the system to validate the user/password combination by comparing it to the combinations in the database....

i have a list of usernames and passwords but need a script enabling user to login...and then be re-directed to their own page...

also on registration does any1 no how i can get a page created for user, that he is directed to when he logs on... ie ..../userpage

where each userpage is individual

dm12dm
12-28-2005, 08:59 PM
Pear Auth is a good authentication mechanism. Details about it can be found here. http://pear.php.net/package/Auth

If you are unable to use PEAR Auth or you want to just make something simple, you should be able to write a quick script. Another thing to consider is the level of security you require for your site.


We might need a few more details to help you out.
like the table structure of the table that holds the registration info.

What I would do for the 'user page' is is create a default user page that draws the content specific for each user from the database. So all users go to the same page, they just get shown different content depending on their login. A an unique identifier would be assigned to each user when when he registers, and when a user logins some sort of variable is passed when sending them to user page. The vairables contains the unique identifier. This variable could be sent by sessions, POST or GET, or cookies.

Prikid
12-28-2005, 11:33 PM
Find what suites you most: http://www.zend.com/codex.php?CID=341

kaiiak
12-29-2005, 02:12 AM
<?php

$dblink = mysql_pconnect("database","myusername","mypassword");
mysql_select_db("localhost");

if ( !isset($redirect))
{
$redirect = "index.html";
}

if (isset($username) && isset($password)) {

$query = "select * from login where username= '$username' and password = '$password'";

if ( !($dbq = mysql_query($query, $dblink))) {
echo "Unable to query database. Please Contact <a href=\"mailto:email@address\">email@address</a>";
exit;
}

$lim = mysql_num_rows( $dbq );

if ($lim != 1) {
$headers=1; //HTML headers in place
echo "<HTML><HEAD><TITLE>Login Page</TITLE></HEAD><BODY>";
echo "<B>Invalid User ID or Password. Please Try again</B><BR>";

}

if ($lim == 1) {

//make unique session id and store it in Database
$timer = md5(time());
$sid = $username . "+" . $timer;
SetCookie("Cookiename",$sid,time()+2592000); //Set Cookie for 30 days
$query = "update login set sid='$timer' where username='$username'";

if( !($dbq = mysql_query( $query, $dblink))) {
echo "Unable to update database. Please contact <a href=\"mailto:email@address\">email@address</a>";
exit;
}
$headers=1;
header("Location: $redirect");
exit;
}

}

if (isset($Cookiename)) {
$headers=1; //make sure HTML headers are in place before the form
$sidarray = explode("+", '.$Cookiename.');
$query = "select * from login where username= '$sidarray[0]' and sid = '$sidarray[1]'";

if ( !($dbq = mysql_query($query, $dblink))) {
echo "Unable to find database. Please Contact <a href=\"mailto:email@address\">email@address</a>";
exit;
}

if (mysql_num_rows( $dbq ) == 1) {
echo "<HTML><HEAD><TITLE>Login Page</TITLE></HEAD><BODY>";
echo "You are already logged in as $sidarray[0].<BR>";
echo "You may logon as another user or simply begin using our services with your current session.<BR>";
echo "Click <A Href=\"index.html\">Here</A> to return to our homepage.";
}
}
if ($headers == 0) {
echo "<HTML><HEAD><TITLE>Login Page</TITLE></HEAD><BODY>";
}
echo "<Form Action=\"newlogin.php\" METHOD=\"POST\">";
echo "<H2>User Name</H2>";
echo "<Input TYPE=\"text\" Name=\"username\" Value='$username'>";
echo "<BR>";
echo "<H2>Password</H2>";
echo "<Input TYPE=\"password\" Name=\"password\">";
echo "<BR>";
echo "<Input Type=\"submit\" Value=\"Submit\">";
echo "<Input Type=\"hidden\" Name=\"redirect\" Value='.$redirect.'>";
echo "</FORM>";
?>


with this php script i have tried adjusting to my website, but i keep getting INVALID password message, even when i am typing the correct password into fields.. can any1 help me

table of registration holds

id
first
last
username
password
sid

Prikid
12-29-2005, 09:52 PM
Are your passwords encrypted when they are inserted into the database?
Here's one I like to use (all passwords in database are using MD5 type encryption)



<?php
$status = authenticate($u_name, $p_word);

// if user/pass combination is correct
if ($status == 1) {
// initiate a session
session_start();

$sql = "SELECT * FROM `users` WHERE `username`='$u_name'";
$result = mysql_query($sql);
$data = mysql_fetch_assoc($result);


$pass = md5($p_word);

$_SESSION['blahlablaha'] = array(
'id'=> $data[id],
'username'=> $data[username],
'password'=> $data[password]);


// redirect to protected page

if ($ret){
print" <script> window.location = \"index.php\"; </script>";;
}

exit();
}

else {
// user/pass check failed
// redirect to error page
session_start();

print" <script> window.location = \"error.php\"; </script>";

exit();
}

// authenticate username/password against a database
// returns: 0 if username and password is incorrect
// 1 if username and password are correct
function authenticate($u_name, $p_word){

$query = "SELECT * FROM `users` WHERE `username` = '$u_name' AND `password` = MD5('$p_word')";
$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
$data = mysql_fetch_assoc($result);

// if row exists -> user/pass combination is correct
if (mysql_num_rows($result) == 1) {
return 1;
}
// user/pass combination is wrong
else {
return 0;
}
}
?>

kaiiak
12-30-2005, 01:12 AM
still get same problem with that one, redirects me to eror page even when i type in the right combinations...

in my database, it doesnt allow me to see the password, which is right, right....

but even using ur code, i can not get it to login, it just always rejects login even when ive done the right login/password...
.
:s

Prikid
12-30-2005, 02:43 AM
still get same problem with that one, redirects me to eror page even when i type in the right combinations...

in my database, it doesnt allow me to see the password, which is right, right....

but even using ur code, i can not get it to login, it just always rejects login even when ive done the right login/password...
.
:s

there are different encryption types that are used.
MD5 type would look like this in the table field: 5d41402abc4b2a76b9719d911017c592

kaiiak
12-30-2005, 04:48 PM
k using as suggested:-



<?php

$username = '****';
$password = '';
$database = '****';
$connect = mysql_connect('localhost', $username, $password) or die(mysql_error());
mysql_select_db($database,$connect);

$uname=".$_POST[uname].";
$pword=".$_POST[pword].";
$status = authenticate($uname, $pword);
if ($status == 1) {

session_start();

$sql = "SELECT * FROM `users` WHERE `uname`='$uname'";
$result = mysql_query($sql);
$data = mysql_fetch_assoc($result);

$pword = md5($pword);

$_SESSION['blahlablaha'] = array(
'id'=> $data[id],
'uname'=> $data[uname],
'pword'=> $data[pword]);


if ($ret){
print" <script> window.location = \"index.html\"; </script>";
exit();
}

else {

session_start();
print" <script> window.location = \"update.php\"; </script>";
exit();
}

function authenticate($uname, $pword){

$query = "SELECT * FROM `users` WHERE `uname` = '$uname' AND `pword` = md5('$pword')";
$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
$data = mysql_fetch_assoc($result);

if (mysql_num_rows($result) == 1) {
return 1;
}

else {
return 0;
}

?>


it keeps telling me error at line 54. which is the end "?>" bit

JamieR
12-30-2005, 04:58 PM
Something I noticed quickly...




function authenticate($uname, $pword){

$query = "SELECT * FROM `users` WHERE `uname` = '$uname' AND `pword` = md5('$pword')";
$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
$data = mysql_fetch_assoc($result);

if (mysql_num_rows($result) == 1) {
return 1;
}

else {
return 0;
}


should be




function authenticate($uname, $pword){

$query = "SELECT * FROM `users` WHERE `uname` = '$uname' AND `pword` = md5('$pword')";
$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
$data = mysql_fetch_assoc($result);

if (mysql_num_rows($result) == 1) {
return 1;
}

else {
return 0;
}
}


you didn't close the function off.

Also:


if ($status == 1) {

session_start();

$sql = "SELECT * FROM `users` WHERE `uname`='$uname'";
$result = mysql_query($sql);
$data = mysql_fetch_assoc($result);

$pword = md5($pword);

$_SESSION['blahlablaha'] = array(
'id'=> $data[id],
'uname'=> $data[uname],
'pword'=> $data[pword]);


if ($ret){
print" <script> window.location = \"index.html\"; </script>";
exit();
}

else {

session_start();
print" <script> window.location = \"update.php\"; </script>";
exit();
}


is wrong - you've put another if statement inside the condition that if $status == 1 is true.

Another thing: on line 30, you're using $ret before it's defined - gawd I like ZDE :p

kaiiak
12-30-2005, 05:10 PM
thank you

i fixed that

but what is if ($ret)

i assume its the return of the authentication function..... then i need it to if(return=1) or summit dont i?

for it to work.... how do write it ?

kaiiak
12-31-2005, 01:53 PM
<?
session_start();
$username = '*****';
$password = '***';
$database = '***';
$connect = mysql_connect('localhost', $username, $password) or die(mysql_error());
mysql_select_db($database,$connect);

$uname = $_POST['uname'];
$pword = $_POST['pword'];
if((!$uname) || (!$pword)){
echo "Please enter ALL of the information! <br />";
include 'login.html';
exit();
}

$pword = md5($pword);
// check if the user info validates the db
$sql = mysql_query( "SELECT * FROM login WHERE uname='$uname' AND pword='$pword'");
$login_check = mysql_num_rows($sql);
if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$$key = stripslashes( $val );
}
// Register some session variables!
session_register('first');
$_SESSION['first'] = $first;
session_register('last');
$_SESSION['last'] = $last;
session_register('email');
$_SESSION['email'] = $email;

print" <script> window.location = \"index.html\"; </script>";

}
} else {
echo "You could not be logged in! Either the username and password do not match or you have not validated your membership!<br />
Please try again!<br />";
echo " .$result.' ";
echo"'$login_check'";
echo" '$sql";
include 'login.html';
}
?>

$login_)check is returning 0
even when the right combination is matched.... login table has- id, uname, pword in it.... pwrd is md5 encrypted....

any 1 help?



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum