Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    New Coder
    Join Date
    Oct 2002
    Posts
    53
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question Integrating Login Script into Website.

    Hey,

    Ok, I'm using the user registration and login script "LoginPHP Pro" from here: http://russcom.net/scripts/

    I have it set up and it's working excellent, but the thing is I want to integrate the login, forgotpass, profile and main pages into my current site design. I've tried adding the PHP code from those files into my site design, but it gives me session errors and won't login. Is there an easy way to do this, or isn't this script designed for that? and if not, can anyone else recommend and simple and straight forward members area script with user registration and admin page.


    -Mike

  • #2
    Senior Coder whizard's Avatar
    Join Date
    Jan 2005
    Location
    Philadelphia, PA, USA
    Posts
    1,662
    Thanks
    14
    Thanked 76 Times in 76 Posts
    I haven't looked at the code, but if you're getting session errors, make sure that the absolute first line in your document (after <?php) is this:

    session_start();

    Otherwise sessions won't work.

    HTH
    Dan
    PHP Tip: If you want to use short tags (<? or <?=$var) then make sure short_open_tag is set to "1". It really helps.

    Don't forget to save everyone time and mark your thread as Resolved :)

    "Also note that it is your responsibility to die() if necessary."

    DON'T USE THE MYSQL_ EXTENSION

  • #3
    New Coder
    Join Date
    Dec 2006
    Posts
    38
    Thanks
    0
    Thanked 0 Times in 0 Posts
    hey,

    session_start() does not need to be the first line in your php script however it needs to happen before any output is happening.

    okay:

    Code:
    <? session_start(); ?>
    wrong (spaces and linebreaks are output too):

    Code:
    <html><title>
    Hi!
    </title>
    <? session_start(); ?>
    okay:

    Code:
    <? 
    $a = 1;
    session_start(); 
    ?>
    wrong:

    Code:
    <? 
    print "test";
    session_start(); 
    ?>
    So make sure nothing is being outputted by either your php scripts or the page itself before the session_start() function is called by your login script.

    That is all assuming the error you are getting is the headers already sent error
    http://demo.vegui.org - vegUI AJAX framework
    http://www.landsofkazram.com - browser based graphical MMORPG

  • #4
    New Coder
    Join Date
    Oct 2002
    Posts
    53
    Thanks
    0
    Thanked 0 Times in 0 Posts
    okay, thats where I'm having trouble. this is the login script:

    PHP Code:
    <?php
    include("config.php");
    echo 
    "<br>";
    echo 
    "<form method='post' action='?do=check'><table>";
    echo 
    "<center><b>LoginPHP Pro</b></center>";
    echo 
    "<tr><td>Username:</td><td><input type='text' class='input_login' name='username'></td></tr>";
    echo 
    "<tr><td>Password:</td><td><input type='password' class='input_login' name='password'> <a href='forgotpass.php'>Forgot Password?</a></td> </tr>";
    echo 
    "<tr><td><a href='signup.php'>Register</a></td><td> <input type='submit' class='input_login' value='Login'></td></tr>";
    echo 
    "</table></form><br>";

    if(
    $_GET['do'] == 'check')
    {
    $_user_name $_POST['username'];
    $_password $_POST['password'];
    //check the login
    mysql_connect($host$user_name$password)
       or die(
    'Could not connect: ' mysql_error());

    //select database
    mysql_select_db($database_name) or die('Could not select database');
    $result mysql_query("SELECT * FROM site_users WHERE username='$_user_name'") or die(mysql_error()); 
    $row mysql_fetch_array$result );

    if(
    $row['username'] == '')
    {
    echo 
    "<b><font color='red'>Incorrect Login!</font></b><br>";
    }
    else
    {
    if(
    $row['password'] == $_password)
    {
    $_SESSION['logged'] = "agk8gjf38834j2";
    $_SESSION['user'] = $_user_name;
    $h "3"
    $hm $h 60
    $ms $hm 60;
    $date gmdate("m/d/Y"time()-($ms)); 
    $result mysql_query("UPDATE site_users SET last_login='$date' WHERE username='$_user_name'"
    or die(
    mysql_error());  
    header("location:" $redirect_url);
    }
    else
    {
    echo 
    "<b><font color='red'>Incorrect Login!</font></b><br>";
    }
    }

    }
    if(
    $_GET['do'] == 'logout')
    {
    echo 
    "You have logged out";
    }
    ?>
    In the config.php file is where the session starts:

    PHP Code:
    <?php
    //READ 'README.TXT' FIRST
    //config file
    ob_start();
    session_start();
    //mysql info
    echo "<head><title>LoginPHP Pro</title></head>";
    $host "localhost";         //mysql host
    $user_name "";             //mysql username
    $password "";              //mysql password
    $database_name "";         //mysql database name
    $admin_mail "malchikk@gmail.com"//admin mail
    //redirect page after login
    $redirect_url "main.php";  //main page;where it is redirected after login
    //it will be good if u dont touch this!!
    $_login_file "login.php";  //login page, dont change that!!
    ?>
    so if i copy and paste the above login code and put it in my HTML page where i want to login from to be, thats where I get the error. I've tried to "disassemble" the code from the login page and add it into my html page by adding

    PHP Code:
    <?php
    include("config.php");
    at the very top of the html and the rest starting with "echo "<br>";" where I want the form to be, but that doesn't work either. I'm not sure what else to do? I've never really gone this in-depth with PHP.

    Thanks

  • #5
    Senior Coder whizard's Avatar
    Join Date
    Jan 2005
    Location
    Philadelphia, PA, USA
    Posts
    1,662
    Thanks
    14
    Thanked 76 Times in 76 Posts
    Sorry on the bad info about session_start needing to be first.. I was taught incorrectly..



    What does the function ob_start(); do?

    Dan
    PHP Tip: If you want to use short tags (<? or <?=$var) then make sure short_open_tag is set to "1". It really helps.

    Don't forget to save everyone time and mark your thread as Resolved :)

    "Also note that it is your responsibility to die() if necessary."

    DON'T USE THE MYSQL_ EXTENSION

  • #6
    New to the CF scene
    Join Date
    Dec 2006
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    If you want to run PHP code inside a page with a HTML extension you have to explicitly state that.

    Heres an idea:
    Copy and Paste the HTML code from login.php into your login.html file

    Of course if you're getting headers already sent errors, then it's a problem with outputting stuff before you activate the session_start() function like Vegu said.


    Oliver

  • #7
    Regular Coder meth's Avatar
    Join Date
    Jan 2003
    Posts
    262
    Thanks
    0
    Thanked 9 Times in 9 Posts
    Firstly, this is an extremely weak logon script. I wouldn't use it as is. There's also no data validation, so you're completely open to sql injection if magic quotes is off on the server.

    If the logon form is an on-page include (as you've indicated), the form should have 2 states, one as the form, the other as a welcome message. If the logon form is a separate webpage, then the site links to the logon page should have 2 states, one as 'Login' and the other as 'Logout'.

    Here's your script tweaked to make it a little more robust. You just need to put all the files in root and include_once the form_logon.php file into your webpages.

    config.php

    PHP Code:
    <?php
    //connect to db
    $host "localhost";         //mysql host
    $db_user "";             //mysql username
    $db_pass "";              //mysql password
    $db_name "";         //mysql database name
    $admin_mail "malchikk@gmail.com"//admin mail
    $login_table 'site_users';
    $login_user_column 'username';
    $login_pass_column 'password';
    $login_last_logon_column 'last_login';

    //start session if required
    if( !headers_sent() && !isset($_SESSION) ) session_start();

    //validation functions
    function is_basicchars ($text)
    {
        
    $text str_replace(' '''$text);
        
    $Bad1 $this->strip_letters($text);
        
    $Bad2 $this->strip_numbers($Bad1);
        
    $text $Bad2;
        
        if(empty(
    $text))
        {
            return 
    true;
        }
        return 
    false;
    }
    function 
    is_allnumbers ($text)
    {
        if( (
    gettype($text)) == "integer")    { return true; }

        
    $Bad $this->strip_numbers($text);

        if(empty(
    $Bad))
        {
            return 
    true;
        }
        return 
    false;
    }

    function 
    strip_numbers ($text)
    {
        
    $Stripped eregi_replace("([0-9]+)","",$text);
        return (
    $Stripped);
    }

    function 
    is_allletters ($text)
    {
        
    $Bad $this->strip_letters($text);
        if(empty(
    $Bad))
        {
            return 
    true;
        }

        return 
    false;
    }

    function 
    strip_letters ($text)
    {
        
    $Stripped eregi_replace("([a-zA-Z]+)","",$text);
        return 
    $Stripped;
    }

    ?>
    user_auth.php
    PHP Code:
    <?php
    include_once('config.php');

    //error messages
    $errors '';
    $logged = (isset($_SESSION['logged'])) ? true false;

    //process logon request
    if( !empty($_POST['logon']) && !$logged ) {

        
    //long to short to null if required
        
    $user_name = (!empty($_POST['username'])) ? $_POST['username'] : NULL;
        
    $user_pass = (!empty($_POST['password'])) ? $_POST['password'] : NULL;
        
        
    //check empoty fields
        
    if ($user_name == NULL$errors .= 'Username is required.<br />';
        if (
    $user_pass == NULL$errors .= 'Password is required.<br />';
        
        
    //allowed chars a-z A-Z 0-9 and spaces
        
    if (!is_basicchars($user_name)) $errors .= 'Username contains invalid characters.<br />';
        if (!
    is_basicchars($user_pass)) $errors .= 'Password contains invalid characters.<br />';
        
        
    //proceed to process logon if error free
        
    if ( $errors == '' ) {
        
            
    //check the login
            
    mysql_connect($host$db_user$db_pass) or die('Could not connect: ' mysql_error());
            
    mysql_select_db($db_name) or die('Could not select database');
            
    $db_username mysql_real_escape_string($user_name);
            
    $db_password mysql_real_escape_string($user_pass);
            
    $qry_user mysql_query("SELECT $login_user_column FROM $login_table 
                                    WHERE $login_user_column = '$db_username' 
                                    AND $login_pass_column = '$db_password'"
    ) or die(mysql_error()); 
            
    $row_user mysql_fetch_assoc($qry_user);
            
            if( 
    $row_user ){
            
                
    $_SESSION['logged'] = true;
                
    $_SESSION['user'] = $user_name;
            
                
    //update last_login
                
    $h "3"
                
    $hm $h 60
                
    $ms $hm 60;
                
    $date gmdate("m/d/Y"time()-($ms)); 
                
    $result mysql_query("UPDATE $login_table SET $login_last_logon_column = '$date' WHERE $login_user_column = '$db_username'"
                or die(
    mysql_error());
                 
            } else {
            
                
    $errors .= 'Invalid Username/Password combination, try again.<br />';
            
            }
            
        }
    //end error free processing
        
    //end logon request

    //logout
    $logout = ( isset($_GET['logout']) ) ? true false;

    if (
    $logout){

        
    $_SESSION['user'] = NULL;
        
    $_SESSION['logged'] = NULL;
        unset(
    $_SESSION['user']);
        unset(
    $_SESSION['logged']);
        
    session_destroy();
        
    $logged false;
        
    }

    ?>
    form_logon.php
    PHP Code:
    <?php
    include_once('user_auth.php');
    $url_frm_action $_SERVER['PHP_SELF'];
    $url_logout $url_frm_action.'?logout=true';

    if ( 
    $logged ) { 
    $username $_SESSION['user']; ?>
    <br />
    <table>
        <tr>
            <td>Welcome Back <?php echo $username?>!</td>
        </tr>
        <tr>
            <td><a href="<?php echo $url_logout?>">Click Here to log out</a></td>
        </tr>
    </table>
    <br />
    <?php } else { ?>
    <br />
    <form method='post' action=''>
    <table>
        <tr>
            <td>Username:</td>
            <td><input type='text' class='input_login' name='username'></td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><input type='password' class='input_login' name='password'> <a href='forgotpass.php'>Forgot Password?</a></td>
        </tr>
        <tr>
            <td><a href='signup.php'>Register</a></td>
            <td> <input name="logon" type='submit' class='input_login' id="logon" value='Login'></td>
        </tr>
    <?php if ($errors != '') { ?>
        <tr>
          <td>ERROR</td>
          <td><?php echo $errors?></td>
        </tr>
    <?php //end error display ?>
    </table>
    </form>
    <br/>
      <?php }//end $logged if else ?>
    These scripts are untested but the logic, syntax and security are sound.
    I do Web Design, Brisbane based.
    More time spent in PHP/MySQL Web Development.
    And Search Engine Optimisation takes up the rest of it.

  • #8
    New Coder
    Join Date
    Oct 2002
    Posts
    53
    Thanks
    0
    Thanked 0 Times in 0 Posts
    thanks meth, i'll give them a shot!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •