Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 14 of 14
  1. #1
    Regular Coder
    Join Date
    Jul 2002
    Location
    Earth
    Posts
    113
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Editing a login code that can be both login and log out

    PHP Code:
    <? 
        
    // Login Routine and Logout Routine 
        // 
        // VARS: 
        // $user 
        // $password 
        // zcommon.php for std set of vars and message text 

        // Include common variables and message text 
        
    require 'zcommon.php'
        
        switch (
    $action) { 
            case 
    login
                
    process_login(); 
                die(); 
            case 
    logout
                
    //null out cookies at start of login routine 
                // note on using cookies. 
                // MUST BE SET before ANY http output. 
                // They TRAVEL in the http HEADER so have to go first. 
                
    setcookie ("ck_username"""); 
                
    setcookie("ck_password"""); 
                
    setcookie("ck_user_id"""); 
                die(); 
        } 

        function 
    process_login() { 
            global 
    $dbhost
            global 
    $dbuser
            global 
    $dbpassword
            global 
    $db

            
    // define homepage and text variables 
            
    global $homepage
            global 
    $homedir
            global 
    $sysadminemail
            global 
    $userstable

            
    //form vars 
            
    global $username
            global 
    $password

            
    // Connecting, selecting database 
            
    $link mysql_connect("$dbhost""$dbuser""$dbpassword"
                or die(
    "Could not connect"); 

            
    mysql_select_db("$db"
                or die(
    "Could not select database"); 

            
    //Check that the user exists in the db and if not, create an 
            // error page 
            
    $query "SELECT username FROM users WHERE " 
            
    "username='$username'"
            
    $result mysql_query($query
                or die(
    "Query failed at userid retrieval stage."); 

            
    //Logic concept: if the user_id doesn't exist, an empty string 
            // or "" will be returned with the $user_id call below. 
            // We can test this to see if the user has entered the username 
            // correctly 
            
    $num_rows mysql_num_rows($result); 
            
    $row mysql_fetch_array($result); 
            
    $user_id $row[0]; 

            
    //very important for user friendliness -- tell them 
            // what the login error was -- incorrect 
            // username or incorrect password 
            // first test -- did the username exist 
            
    if ($user_id == "") { 
                print 
    "<HTML>"
                print 
    "<HEAD>"
                print 
    "<TITLE>"
                print 
    "Incorrect username"
                print 
    "</TITLE>"
                print 
    "<BODY>"
                print 
    "<CENTER>"
                print 
    "<B><CENTER>We're sorry but the username that you"
                print 
    "entered doesn't seem to exist in our database.<BR>"
                print 
    "Perhaps you entered it in error. Press the back button "
                print 
    "to try again."
            } 
            else { 
                
    //this means that there was 1 result from the query so that 
                // username exists in the database 

                //now have to verify password. Basically same code. 

                
    $query "SELECT password " 
                
    " FROM users " 
                
    " WHERE username='$username'"

                
    $result mysql_query($query
                    or die(
    "Query failed at userid retrieval stage."); 

                
    //Encrypt the password the user entered since our 
                // database stores it in encrypted fashion and we need to 
                // compare it this way 
                 
    $encryptedpassword md5($password); 

                 
    $row mysql_fetch_array($result); 

                
    //grab the password from the row array, 0th element 
                // since only 1 column selected 
                // have to use a variable $passwordfromdb so we don't 
                // overwrite our $password variable from the form var 
                
    $passwordfromdb $row[0]; 

                if (
    $encryptedpassword == $passwordfromdb) { 
                    
    //set our cookies for our future security checks 
                     
    setcookie ("ck_username"$username); 
                     
    setcookie("ck_password"$password); 
                     
    setcookie("ck_user_id"$user_id); 

                    
    // Create our results page showing them they are logged in 
                     
    print "<HTML>"
                     print 
    "<HEAD>"
                     print 
    "<TITLE>"
                     print 
    "You're Logged In!"
                     print 
    "</TITLE>"
                     print 
    "<BODY>"
                     print 
    "You're Logged In"
                    
    //This needs to have a link added of course 
                    //If you wanted to automatically take them to the main screen 
                    // then use the header function to redirect them 
                     
    print "Click Here to Continue"
                     print 
    "</BODY>"
                     print 
    "</HTML>"

                    
    //close the database 
                    // Closing connection 
                    
    mysql_close($link); 
                } 
                else { 
                    
    //passwords didn't match so make an error page 
                    
    print "<HTML>"
                    print 
    "<HEAD>"
                    print 
    "<TITLE>"
                    print 
    "Incorrect password"
                    print 
    "</TITLE>"
                    print 
    "<BODY>"
                    print 
    "<CENTER>"
                    print 
    "<B><CENTER>We're sorry but the password that you entered"
                    print 
    "doesn't match with the one in our database.<BR>"
                    print 
    "Press the back button to try again."
                    print 
    "</CENTER>"
                    print 
    "</BODY>"
                    print 
    "</HTML>"

                    
    // Closing connection 
                     
    mysql_close($link); 
                } 
            } 
        } 

    ?><html>

    <head>
    <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
    <meta name="ProgId" content="FrontPage.Editor.Document">
    <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
    <title>Username</title>
    </head>

    <body>
    <form name=login action="logme.php" method="get">
        Username:
        <input name="user" type="text" width="10" size="20"><BR>
        Password:
        <input name="password" type="password" width="10" size="20"><BR>
        <INPUT TYPE=SUBMIT VALUE="Log In">
        </form>
    </body>

    </html>
    this is the code. as you can see, here
    PHP Code:
    switch ($action) { 
            case 
    login
                
    process_login(); 
                die(); 
            case 
    logout
    i believe is where my problem lies. it keeps giving me a blank page, as if it's not executing. therefore, i want to force it to execute. if i go up to the address bar and type logme.php?action=login and press enter, then it exectues. but not any other way.

    please help me.
    Life is funny, especially when you're poor.

  • #2
    Regular Coder
    Join Date
    Jul 2002
    Location
    U.S. (Wish Japan though)
    Posts
    141
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Ok, in your form, you need this:

    <input type="hidden" name="action" value="login">
    And it will log you in then.

    So, your form should end up:
    Code:
    <html>
    
    <head>
    <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
    <meta name="ProgId" content="FrontPage.Editor.Document">
    <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
    <title>Username</title>
    </head>
    
    <body>
    <form name=login action="logme.php" method="get">
        <input type="hidden" name="action" value="login">
        Username:
        <input name="user" type="text" width="10" size="20"><BR>
        Password:
        <input name="password" type="password" width="10" size="20"><BR>
        <INPUT TYPE=SUBMIT VALUE="Log In">
        </form>
    </body>
    
    </html>
    Without the input, it was taking $action as an empty string.

    For logout, you should probably have a link to logme.php?action=logout , since you don't normally use a form.

    Hope I helped

  • #3
    Senior Coder
    Join Date
    Jun 2002
    Location
    frankfurt, german banana republic
    Posts
    1,848
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Where shall the variable $action come from? The form or the included file. If it shall be set by using the form, you'll have to include another input field or to set it via the action attribute.

    If you want a default action at the end of your switch statement, use the "default:" case, like

    PHP Code:
    switch ($action) {
        case 
    "login":
            
    //  etc.
        
    case "logout":
            
    //  etc.
        
    default: 
            
    //  default action etc.


    http://www.php.net/manual/en/control...res.switch.php

  • #4
    Regular Coder
    Join Date
    Jul 2002
    Location
    Earth
    Posts
    113
    Thanks
    0
    Thanked 0 Times in 0 Posts
    GREAT! it worked.



    but, the author also failed to leave me with an accesscontrol file. you know, one that will check all 'member' pages to make sure you're logged in.


    even though i didn't use this original script or any of these tables with it, could i possible use this script along with what i have, it seems really effective. it's called accesscontrol.

    sec. here goes:

    PHP Code:
    <?php // accesscontrol.php

    include("common.php");
    include(
    "db.php");

    session_start();
    if(!isset(
    $uid)) {
      
    ?>
      <html>
      <head>
      <title> Please Log In for Access </title>
      </head>
      <body>
      <h1> Login Required </h1>
      <p>You must log in to access this area of the site. If you are     not a registered user, <a href="signup.php">click here</a>
         to sign up for instant access!</p>
      <p><form method="post" action="<?=$PHP_SELF?>">
        User ID: <input type="text" name="uid" size="8"><br>    Password: <input type="password" name="pwd" SIZE="8"><br>
        <input type="submit" value="Log in">
      </form></p>
      </body>
      </html>
      <?php  exit;
    }

    session_register("uid");
    session_register("pwd");

    dbConnect("sessions");$sql "SELECT * FROM user WHERE
            userid = '$uid' AND password = PASSWORD('$pwd')"
    ;
    $result mysql_query($sql);
    if (!
    $result) {
      
    error("A database error occurred while checking your "
           
    "login details.\\nIf this error persists, please "
           
    "contact [email]something@sitepoint.com[/email].");

    if (
    mysql_num_rows($result) == 0) {
      
    session_unregister("uid");
      
    session_unregister("pwd");
      
    ?>  <html>
      <head>
      <title> Access Denied </title>
      </head>
      <body>
      <h1> Access Denied </h1>
      <p>Your user ID or password is incorrect, or you are not a     registered user on this site. To try logging in again, click 
        <a href="<?=$PHP_SELF?>">here</a>. To register for instant
         access, click <a href="signup.php">here</a>.</p>
      </body>
      </html>
      <?php  exit;
    }

    $username mysql_result($result,0,"fullname");
    ?>
    it seems to use sessions. i'm REALLY new at this so i'm not sure the dif between sessions and cookies. I want to use whichever one will require a logged in user to login only ONCE during a site visit, maybe even remember them for future visit.

    the problem with this code is that i get an error message stating

    Fatal error: Call to undefined function: dbconnect() in

    i've traced the error, and it's always back to this same spot;
    PHP Code:
    dbConnect("sessions");$sql "SELECT * FROM user WHERE 
    that's the reason why i didn't originally use the 'signup' script from this same author. it was saying the same error.

    i like this one because it actually masks the page itself.

    thanks for your help in advance.

    btw, db.php is my user info and stuff, and i've changed the dbConnect("sessions") to my own table and still no luck. i've never seen that dbConnect thing before.
    Life is funny, especially when you're poor.

  • #5
    Senior Coder
    Join Date
    Jun 2002
    Location
    frankfurt, german banana republic
    Posts
    1,848
    Thanks
    0
    Thanked 0 Times in 0 Posts
    dbConnect() is just a user-defined function. The error message is very precise indeed this function seems to miss in your script. You have to include the definition for this function or provide your script with an alternative way to connect to your database.
    You can always check the PHP online manual if you are unsure if it's a built-in or user-defined function.


    BTW, these are essential basics of PHP programming. PHP is in fact not that hard to learn, but it's not so easy that you can take every script from the web and hope that it works for you. Please consider reading some tutorials and the manual to get a basic understanding what your scripts do and what they don't. My apologies if that sounds harsh, but you'll feel much more comfortable with code after you had a little practice programming and will sooner or later be able to do your own adjustments.

    And yes, sessions are the right thing you'll look for.

  • #6
    Regular Coder
    Join Date
    Jul 2002
    Location
    Earth
    Posts
    113
    Thanks
    0
    Thanked 0 Times in 0 Posts
    it's not harsh, it's narrow minded. why do you assume that i have not read a lot of tutorials, or that i have not looked at the manaul? i'm sorry if i'm not moving fast enough for you but after reading that HUGE book, after awhile, all that's computing is 'blah blah blah, blah blah blah, blah blah, blah blah blah'.

    i'm asking for help because i'm about to scream right now. and as you can see, these tutorials are made by PEOPLE, who happen to leave out VERY important information from the script.

    the whole two days i've been trying to get JUST the login to work, all that was missing was

    value='login'.

    but would anyone just look at my script to see why? NO. they kept telling me, 'read more', read more, read more. and i was in damn tears trying to figure this thing out, and all that was missing was one little line.

    so please stop assuming that i am not trying. this php makes me fed up already, the last thing i need is someone else giving me a harder time. the manual is hunderds of pages long, i'm sorry if i'm not as dedicated as you. i was on the computer from 7am till 3 am yesterday trying to even 'login', and in the end, it was someone on here who was able to help me.

    i'm sorry if that's just too pathetic for you. i'll make sure and shut the hell up now.

    thanks.
    Life is funny, especially when you're poor.

  • #7
    Senior Coder
    Join Date
    Jun 2002
    Location
    frankfurt, german banana republic
    Posts
    1,848
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The last thing I wanted was to demotivate you - unfortunetely I seem to have achieved exactly that.

    Just to defend myself a little bit: My last post contained the answers to the questions you previously raised and explained the error message and pointed to the fact that a function definition was missing.

    I can relate to your frustration being a newbie. Everyone starts walking before he runs, and I don't think of myself to be a guru. It's usually the mistakes from which I try to eventually learn from.

    But when I answer a post like yours and have the impression that the original poster is unsure of the concept of functions, wouldn't you have noticed exactly that if you were at my place? What if I started talking about PHPs error messages and function definition requirements not knowing if I could be understood at all? Would that have been a better help for you - unintelligible coders jargon?
    Please remind yourself that the only sources I could judge your coding abilities are the posts you've made. How should I've known that you've read a book already? And again, if my remarks were to narrow-minded as you put it, my sincere apologies.

    So feel free to ask again. And if you have somewhere the code for dbConnect(), that would help a lot seeing it for bugfixing. If this function is completely amiss from the script you've got, you have to roll up your own.

  • #8
    Senior Coder
    Join Date
    Jun 2002
    Location
    frankfurt, german banana republic
    Posts
    1,848
    Thanks
    0
    Thanked 0 Times in 0 Posts
    After skimming through your other posts, I think you could narrow your problem more tightly if you refrain from including the dbConnect() function in the included file. Maybe your provider has set the include_path to some weird value or the file is corrupted.

    Try to include the function directly in your script by replacing the starting lines with this:

    [snip]
    ...
    PHP Code:
    include("common.php");
    //include("db.php");

    session_start();
    if(!isset(
    $uid)) {

    function 
    dbConnect($db="") {    global $dbhost$dbuser$dbpass;

            
    $dbcnx = @mysql_connect($dbhost$dbuser$dbpass)
                    or die(
    "The site database appears to be down.");
                    
        if (
    $db!="" and !@mysql_select_db($db))
                die(
    "The site database is unavailable.");
                        return 
    $dbcnx;

    ...
    [/snip]

    Note that I commented out the inclusion of db.php, just to make sure the function gets only defined once in the script. Try to ran the modified code and tell us what error messages, if at all, you ran into. Or maybe it even works.

  • #9
    Regular Coder
    Join Date
    Jul 2002
    Location
    Earth
    Posts
    113
    Thanks
    0
    Thanked 0 Times in 0 Posts
    mordred, i'm sorry. but i mean it when i say i'm about to cry. so i guess it was just a bad time for you to try to step in. i guess i was narrow-minded for not realizing that you didn't realize that i've been trying. regardless.


    this is the problem,

    1. i want to connect to the database
    2. i want to get info from the correct table
    3. it's not working.


    so how do i connect? using this file called 'db'.

    PHP Code:
    <?php // db.php

    $dbhost "localhost";
    $dbuser "user";
    $dbpass "password";

    function 
    dbConnect($db="") {
        global 
    $dbhost$dbuser$dbpass;
        
        
    $dbcnx = @mysql_connect($dbhost$dbuser$dbpass)
            or die(
    "The site database appears to be down.");

        if (
    $db!="" and !@mysql_select_db($db))
            die(
    "The site database is unavailable.");
        
        return 
    $dbcnx;
    }
    ?>

    right, i see where i put my user name, my password to connect to my database. but where do i put my database name, which happens to be meme_net (that's the name of my database). where would i define my database?

    also, in the code for sign up (let's go to sign up and see where that leads)

    wait, let's put the access code instead,

    PHP Code:
    <?php // accesscontrol.php

    include("common.php");
    include(
    "db.php");

    session_start();

    if(!isset(
    $uid)) {
      
    ?>
      <html>
      <head>
      <title> Please Log In for Access </title>
      </head>
      <body>
      <h1> Login Required </h1>
      <p>You must log in to access this area of the site. If you are
         not a registered user, <a href="signup.php">click here</a>
         to sign up for instant access!</p>
      <p><form method="post" action="<?=$PHP_SELF?>">
        User ID: <input type="text" name="uid" size="8"><br>
        Password: <input type="password" name="pwd" SIZE="8"><br>
        <input type="submit" value="Log in">
      </form></p>
      </body>
      </html>
      <?php
      
    exit;
    }

    session_register("uid");
    session_register("pwd");

    dbConnect("sessions");
    $sql "SELECT * FROM user WHERE
            userid = '$uid' AND password = PASSWORD('$pwd')"
    ;
    $result mysql_query($sql);
    if (!
    $result) {
      
    error("A database error occurred while checking your ".
            
    "login details.\\nIf this error persists, please ".
            
    "contact [email]someone@sitepoint.com[/email].");
    }

    if (
    mysql_num_rows($result) == 0) {
      
    session_unregister("uid");
      
    session_unregister("pwd");
      
    ?>
      <html>
      <head>
      <title> Access Denied </title>
      </head>
      <body>
      <h1> Access Denied </h1>
      <p>Your user ID or password is incorrect, or you are not a
         registered user on this site. To try logging in again, click
         <a href="<?=$PHP_SELF?>">here</a>. To register for instant
         access, click <a href="signup.php">here</a>.</p>
      </body>
      </html>
      <?php
      
    exit;
    }

    $username mysql_result($result,0,"fullname");
    ?>
    where do i defeine my table??

    that's what i don't understand.

    honestly, my problem is that it is not talking to the database, so how do i get it to communicate. please tell me what each thing that you change does, that way i can piece it together myself.
    Life is funny, especially when you're poor.

  • #10
    Regular Coder
    Join Date
    Jul 2002
    Location
    U.S. (Wish Japan though)
    Posts
    141
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Trusten,

    I do not have any help to your current coding problem, but I can help with your learning process. Some things to remember is to not read everything at once. Take your time and read small sections, and work in small time spans. It helps your brain take everything in to take your time with stuff. So, try taking a break every once in a while, and soon you will be reading and underdstanding Now, I am not telling you to take forever in a year and re-read the whole manual, just re-read some of the areas you might think will help you a bit slower.

    Remember this quote:

    "Haste makes waste." By, whoever made it...

  • #11
    Regular Coder
    Join Date
    Jul 2002
    Location
    Earth
    Posts
    113
    Thanks
    0
    Thanked 0 Times in 0 Posts
    lol. thanks for the advice but i think my biggest set back is that the tutorials i've read myself, are in some way sloppy or incomplete. or does not spell things out small enough.

    for example, there was one at phpbeginner, i had to try to find the zcommon include, i finally do and in the form, it says 'get' instead of 'post', so the password and username was displayed and i didn't know why.

    also, then there comes the part of the 'login', it wouldn't work. and all that was missing was a one liner. know what i mean?

    then he doesn't even tell you how to make sure that the member's page is protected.

    the manual is harder, i thought that the tutorials would take you step by step and be considerate to the fact that you're not a pro. i was wrong. now with this new code, they don't even spell it out for you.

    the tutorials have failed me somewhat.

    but thanks for the advice. slow and steady. i started this thing 3 months ago, and i just now mustered enough nerve to try and finish it.

    so far, i have:

    sign up (check)
    login (check)
    accesscontrol (erm, unchecked)

    so i'm almost there. right? *fat grin* and hey, i did the sign up all by my lonesome (and trust me, it wasn't a walk in the park). basic human errors are our downfalls i guess.

    but thanks again. especially to those who are trying to help.
    Life is funny, especially when you're poor.

  • #12
    Senior Coder
    Join Date
    Jun 2002
    Location
    frankfurt, german banana republic
    Posts
    1,848
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Okay trusten, let's have a look at your code again by tackling each problem step by step. Once you are at a stage where an error occurs you stop and focus on that particular error.

    I feel somewhat unsure if my previous comments did help you in any way with your script since you don't tell if the original error ("Call to undefined function") still persists or not. I will now assume that this error has vanished and so we look closely at the internals of dbConnect().

    PHP Code:
    function dbConnect($db="") {
        global 
    $dbhost$dbuser$dbpass
    The variables $dbhost, $dbuser, $dbpass are imported to the function by use of the keyword global. That should work sofar.

    PHP Code:
        $dbcnx = @mysql_connect($dbhost$dbuser$dbpass)
            or die(
    "The site database appears to be down."); 
    mysql_connect() tries to establish a connection to your MySQL database. The variables previously imported are used as arguments for this function. If the function fails, the script should stop and print the string in die(). Because you didn't said this error message was appearing, I'm assuming it works.

    PHP Code:
        if ($db!="" and !@mysql_select_db($db))
            die(
    "The site database is unavailable.");
        
        return 
    $dbcnx;

    Now a database is selected. As you can see from http://www.php.net/manual/en/functio...select-db.php, it takes one necessary argument - the database name. In the code above this argument is '$db'. Which is defined when you call the function because it gets passed as a parameter.
    You say:

    but where do i put my database name, which happens to be meme_net (that's the name of my database). where would i define my database?
    but in your code it looks like

    PHP Code:
    dbConnect("sessions"); 
    Imagine that "sessions" takes the place of $db after a call to the function dbConnect has been made. So it would look like

    if ($db!="" and !@mysql_select_db('sessions'))

    when the code gets processed. If you haven't got a database named 'sessions' available, it should've returned an error message.

    Conclusion 1: If you want to connect to your database 'meme_net', then you have to pass this string as a parameter of dbConnect, like

    dbConnect("meme_net");

    See if that works and a connection to this particular database can be established.

    Now for your second question:

    where do i defeine my table??
    What do you mean with "define"? If you mean "where shall I put the name of my table so that the query nows where to look" you have to look at the SQL query itself:

    SELECT * FROM user WHERE userid = '$uid' AND password = PASSWORD('$pwd')";

    Conclusion 2: The bolded part defines on which table the SELECT query shall be executed.

    Enough sofar. If you still experience errors, tell us precisely which errors they are. If mysql functions fail within PHP, they usually return an error code. You can get more information on SQL query errors by using http://www.php.net/manual/en/function.mysql-error.php . I would recommend to incorparate this function into your code to always get a fast clue about what's wrong with a SQL query.

    Note: If I refer via links to the PHP manual, that's not implicitly meaning that you're dumb because you haven't read the manual completely. I do that because all important information about specific functions is available there, and it's the only authority that makes sure that things are as written there (well, usually).

    Good luck.
    Last edited by mordred; 07-16-2002 at 03:41 PM.

  • #13
    Regular Coder
    Join Date
    Jul 2002
    Location
    Earth
    Posts
    113
    Thanks
    0
    Thanked 0 Times in 0 Posts
    thank you. i can now contact the database. for some reason i can't sign up however. so i skipped over it and tried to at least access it. because the original script i got to work, didn't have an access code along with it. so far, no go.

    i think it's because it cannot compare the pwd since the pwd is encrypted with md5.

    i know i've been a real pain but, any help?

    this is the access control script

    PHP Code:
    <?php // accesscontrol.php

    include("common.php");
    include(
    "db.php");

    session_start();

    if(!isset(
    $uid)) {
      
    ?>
      <html>
      <head>
      <title> Please Log In for Access </title>
      </head>
      <body>
      <h1> Login Required </h1>
      <p>You must log in to access this area of the site. If you are
         not a registered user, <a href="signup.php">click here</a>
         to sign up for instant access!</p>
      <p><form method="post" action="<?=$PHP_SELF?>">
        User ID: <input type="text" name="uid" size="8"><br>
        Password: <input type="password" name="pwd" SIZE="8"><br>
        <input type="submit" value="Log in">
      </form></p>
      </body>
      </html>
      <?php
      
    exit;
    }

    session_register("uid");
    session_register("pwd");

    dbConnect("meme_com");
    $sql "SELECT * FROM user WHERE
            userid = '$uid' AND password = PASSWORD('$pwd')"
    ;
    $result mysql_query($sql);
    if (!
    $result) {
      
    error("A database error occurred while checking your ".
            
    "login details.\\nIf this error persists, please ".
            
    "contact [email]someone@sitepoint.com[/email].");
    }

    if (
    mysql_num_rows($result) == 0) {
      
    session_unregister("uid");
      
    session_unregister("pwd");
      
    ?>
      <html>
      <head>
      <title> Access Denied </title>
      </head>
      <body>
      <h1> Access Denied </h1>
      <p>Your user ID or password is incorrect, or you are not a
         registered user on this site. To try logging in again, click
         <a href="<?=$PHP_SELF?>">here</a>. To register for instant
         access, click <a href="signup.php">here</a>.</p>
      </body>
      </html>
      <?php
      
    exit;
    }

    $username mysql_result($result,0,"fullname");
    ?>
    after this, i'll leave you guys alone. i wanted to maybe combine it with the other login code but oh well.
    Life is funny, especially when you're poor.

  • #14
    Senior Coder
    Join Date
    Jun 2002
    Location
    frankfurt, german banana republic
    Posts
    1,848
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Originally posted by Trusten
    i think it's because it cannot compare the pwd since the pwd is encrypted with md5.
    Hm. Glad to know that the previous problems are eradicated, but I'm not too sure with this one, since your problem description does not give me a good starting point.
    Nevetheless, you can make use of MySQLs md5() function and see if that works for you, if the passwords are really stored as md5 codes.

    Code:
    $sql = "SELECT * FROM user WHERE
            userid = '$uid' AND password = MD5('$pwd')";
    Also, make sure that the password column leaves room for at least 32 digits.
    If you want to know how a md5()'d string looks like, there is exactly the same functionality in PHP:

    md5("password");

    Gives you the encoded string of "password". You can use that too determine beforehand if your password has been set as a md5 string in the databse or you look that up in the sign up code.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •