Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: login script

  1. #1
    New Coder
    Join Date
    Mar 2003
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts

    login script

    Ive created a login page that looks like so


    login.php
    PHP Code:
    <?php
      session_start
    ();
      
    session_register('auth');
      
    session_register('logname');
      include(
    "dbinfo.inc");
      switch (@
    $do)
      {
      case 
    "login";
        
    $connection mysql_connect($host$user$password)
                   or die (
    "Couldn't connect to the server.");
        
    $db mysql_select_db($database$connection)
           or die  (
    "Couldn't select database");

      
    $sql "SELECT loginName from Member
               WHERE loginName='$fusername'"
    ;
      
    $result mysql_query($sql)
                 or die (
    "Couldn't execute query.");
      
    $num mysql_num_rows($result);
      if (
    $num == 1/* loginName was found */
      
    {
        
    $sql "SELECT loginName FROM Member
                 WHERE loginName='$fusername'
                   AND password=password('$fpassword')"
    ;
        
    $num2 mysql_num_rows($result2);
        if (
    $num2 0/* the password submitted was correct */
        
    {
          
    $auth="yes";
          
    $logname=$fusername;
          
    $today date("Y-m-d h:m:s");
          
    $sql "INSERT INTO Login (loginName,loginTime)
                             VALUES ('$logname','$today')"
    ;
          
    mysql_query($sql)
          or die(
    "Can't execute query.");
          
    header("Location: login2.php");
        }
        else
        {
          unset(
    $do);
          
    $message="You entered an incorrect password, please try again!";
          include(
    "login_form.inc");
        }
      }
      elseif (
    $num == 0)
      {
          unset(
    $do);
          
    $message "The login name you entered does not exist, please try again!";
          include(
    "login_form.inc");
      }
      break;
      default:
          include(
    "login_form.inc");
      
      
    ?>
    it includes this page

    login_form.inc
    PHP Code:
    <?php

    ?>




    <html>

      <form action="Login.php?do=login" method="post">
      <table border="0">
       <?php
         
    if (isset($message))
             echo 
    "<tr><td colspan='2'>$message </td></tr>";
       
    ?>
       <tr><td align="right"><b>Username</b></td>
       <td><input type="text" name ="fusername" size="20" maxsize="20">
       </td></tr>
       <tr><td width="120" align="right"><b>Password</b></td>
       <td><input type="password" name ="fpassword" size="20" maxsize="20">
       </td></tr>
       <tr><td align="center" colspan="2">
       <br><input type="submit" name="log" value="Enter"></td></tr>
       </table>
       </form>
       </td>
       
    </html>
    and you dont need to see dbinfo.inc


    go to http://www.cubedclub.34sp.com/login.php to see the error

  • #2
    Regular Coder
    Join Date
    Oct 2002
    Location
    Milwaukee, Wisconsin
    Posts
    123
    Thanks
    1
    Thanked 0 Times in 0 Posts
    lol i know i had the same problem im pretty sure that masn you missed a "}" somewhere atleast while i was making my news script it was

  • #3
    New Coder
    Join Date
    Mar 2003
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts
    ahar!
    a single } after everything did the trick!

  • #4
    Regular Coder
    Join Date
    Oct 2002
    Location
    Milwaukee, Wisconsin
    Posts
    123
    Thanks
    1
    Thanked 0 Times in 0 Posts
    lol yep i had that problem soooooo many times it got annoying also i had unexpected '}' im like ARG and i had to use my fingers to count them lol

  • #5
    Registered User
    Join Date
    Jan 2003
    Location
    CT
    Posts
    91
    Thanks
    0
    Thanked 0 Times in 0 Posts
    hey if you dont mind could i use this script for my website? if i can....can you explain to me how to?

  • #6
    Regular Coder
    Join Date
    Oct 2002
    Location
    Milwaukee, Wisconsin
    Posts
    123
    Thanks
    1
    Thanked 0 Times in 0 Posts
    hmm well i have a script for my site to that is lets say spread out more i guess it uses 4 pages instead of 2 but it makes it extremly simple i could lend you mine.. ive also branched off of it to make like user stuff: http://www.shadowgelert.com

    i could explain over aim my AIM name is stoodder

  • #7
    New Coder
    Join Date
    Mar 2003
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts
    no sorry, but its still in progress anyways

  • #8
    New Coder
    Join Date
    Mar 2003
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts
    PHP Code:
    <?php
      session_start
    ();
      
    session_register('auth');
      
    session_register('logname');
      include(
    "dbinfo.inc");
      switch (@
    $do)
      {
      case 
    "login";
        
    $connection mysql_connect($host$user$password)
                   or die (
    "Couldn't connect to the server.");
        
    $db mysql_select_db($database$connection)
           or die  (
    "Couldn't select database");

      
    $sql "SELECT loginName from Member
               WHERE loginName='$fusername'"
    ;
      
    $result mysql_query($sql)
                 or die (
    "Couldn't execute query.");
      
    $num mysql_num_rows($result);
      if (
    $num == 1/* loginName was found */
      
    {
        
    $sql "SELECT loginName FROM Member
                 WHERE loginName='$fusername'
                   AND password=password('$fpassword')"
    ;
        
    $num2 mysql_num_rows($result2);
        if (
    $num2 0/* the password submitted was correct */
        
    {
          
    $auth="yes";
          
    $logname=$fusername;
          
    $today date("Y-m-d h:m:s");
          
    $sql "INSERT INTO Login (loginName,loginTime)
                             VALUES ('$logname','$today')"
    ;
          
    mysql_query($sql)
          or die(
    "Can't execute query.");
          
    header("Location: login2.php");
        }
        else
        {
          unset(
    $do);
          echo 
    "You entered an incorrect password, please try again!";
          include(
    "login_form.inc");
        }
      }
      elseif (
    $num == 0)
      {
          unset(
    $do);
          echo 
    "The login name you entered does not exist, please try again!";
          include(
    "login_form.inc");
      }
      break;
      default:
          include(
    "login_form.inc");
          
          
      }
      
    ?>
    now go to http://www.cubedclubclub.34sp.com and look at the results you can get. i have created a test user called test, with a password of test

  • #9
    New Coder
    Join Date
    Aug 2002
    Posts
    76
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You need to change this bit:

    PHP Code:
    $sql "SELECT loginName FROM Member
                 WHERE loginName='$fusername'
                   AND password=password('$fpassword')"
    ;
        
    $num2 mysql_num_rows($result2); 
    You are asking for the number of rows from the $result2 query but you have no query called $result2, its called $sql instead.


  • #10
    New Coder
    Join Date
    Aug 2002
    Posts
    76
    Thanks
    0
    Thanked 0 Times in 0 Posts
    On another note, I just noticed that you don't actually execute that query using mysql_query().

    You'll need to put that in there too.

    AND

    You really need to change the extension of your db connection file to .php. At the moment it poses a major security threat as anyone can access it and view your database details.
    Last edited by Galdo; 03-24-2003 at 04:54 PM.

  • #11
    New Coder
    Join Date
    Mar 2003
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts
    PHP Code:
    if ($num == 1/* loginName was found */
      
    {
        
    $sql "SELECT loginName FROM Member
                 WHERE loginName='$fusername'
                   AND password=password('$fpassword')"
    ;
        
    $result2 mysql_query($sql)
                      or die (
    "Couldn't execute query.");
        
    $num2 mysql_num_rows($result2);
        if (
    $num2 0/* the password submitted was correct */ 
    should work then?

  • #12
    New Coder
    Join Date
    Mar 2003
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts
    the page seems to work now, but using the username test and password test, comes up saying mive submitted an incorrect username? maybe its somthing to do with what happens next?

  • #13
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,266
    Thanks
    6
    Thanked 48 Times in 48 Posts
    You seem to be making more queries to the db than is necessary...

    Is there any logic in making a query for the username, then if the username's found, make another query for the username where the username and password match? Be much better to do the second query first and skip the first query all together.

    PHP Code:
    $sql "SELECT loginName,password FROM Member
                 WHERE loginName='$fusername'
                   AND password=password('$fpassword')"

    that should help with your problem

  • #14
    New Coder
    Join Date
    Mar 2003
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts
    taht wasnt really the problem, but i might alter this later on to help with filesize e.t.c
    by the way, heres login2.php
    PHP Code:
    <?php

      session_start
    ();
      if (@
    $auth !="yes")
      {
        
    header("Location: login.php");
        exit();
      }
      include(
    "phpinfo.php");
      
    $connection mysql_connect($host$user$password)
                   or die (
    "Couldn't connect to the server.");
      
    $db mysql_select_db($database$connection)
           or die  (
    "Couldn't select database");
      
    $sql "SELECT firstName, lastName FROM Member
               WHERE loginName='$logname'"
    ;
      
    $result mysql_query($sql)
                     or die(
    "Couldn't execute query.");
      
    $row mysql_fetch_array($result,MYSQL_ASSOC);
      
    extract($row);
      echo 
    "<html><p>Welcome $realName .</p>";

    ?>
    anyone got any idea to why the login wont go to the second page?


    and how would i log a user out? e.g. break the session

  • #15
    New Coder
    Join Date
    Mar 2003
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts
    help!


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •