Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5

Thread: Login Script

  1. #1
    New Coder
    Join Date
    Sep 2002
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Login Script

    I want to create a login script for my webpage, but I'm having no luck at all. I'll give you what I have and I hope you can help me out.

    The code on the Main index.php page:

    PHP Code:
    <? session_start();
    include(
    "func_lst.php");
    db_connect();
    if(!isset(
    $username) | !isset($password)) {

    $member 1; }
    else if(isset(
    $username) | isset($password)) { logged_in_chk();  }
    ?>
    Further down the page where I want the form of the login looks like this:
    PHP Code:
    <? if ($member "1") { not_logged_in(); } 
    elseif (
    $member "2") { logged_in_err(); }
    elseif (
    $member "3") { logged_in(); }?>



    This is func_lst.php:

    PHP Code:
    <? function not_logged_in()
    ?>
     <form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?"$QUERY_STRING;}?>" method="POST">
    <p align="center">Members only. Please login to access this document.</p>
    <table align="center" border="0">
     <tr>
      <th>
    Username:
      </th>
      <th>
    <input type="text" name="username">
      </th>
     </tr>
     <tr>
      <th>
    Password:
      </th>
      <th>
    <input type="password" name="password">
      </th>
     </tr>
     <tr>
      <th colspan="2" align="right">
    <input type="submit" value="Login">
    </form>
    <? }

    function 
    logged_in_chk() {
    session_register("username");
    session_register("password"); // register username and password as session variables.

    $sql mysql_query("SELECT pword FROM lad_user WHERE uname = '$username'");
    $fetch_em mysql_fetch_array($sql);
    $numrows mysql_num_rows($sql);

    if(
    $numrows != "0" $password == $fetch_em["pword"]) {
    $valid_user 1;
    $member 3;

    }
    else {
    $valid_user 0;
    $member 2

    }
    if (!(
    $valid_user))
    {
    session_unset();   // Unset session variables.
    session_destroy(); // End Session we created earlier.
    // escape from php mode.
    } }

    function 
    logged_in_err() {
    ?>
    <form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?"$QUERY_STRING;}?>" method="POST">
    <p align="center">Incorrect login information, please try again. You must login to access this document.</p>
    <table align="center" border="0">
     <tr>
      <th>
    Username:
      </th>
      <th>
    <input type="text" name="username">
      </th>
     </tr>
     <tr>
      <th>
    Password:
      </th>
      <th>
    <input type="password" name="password">
      </th>
     </tr>
     <tr>
      <th colspan="2" align="right">
    <input type="submit" value="Login">
    </form>
    <?
    }

    function 
    logged_in() {
    echo 
    " You Are Logged in as: <Br>";
    echo 
    $username;
    }
    ?>
    The error I keep getting is it keeps displaying the "not_logged_in()" function, no matter what.


    If you can, Please help me out.
    Thank you
    -Mike

  • #2
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    You do know it's || for OR, not |

    You should also try to work with the super globals, the way your code is now it's not secure at all.

    if(!isset($username) || !isset($password)) {

  • #3
    New Coder
    Join Date
    Sep 2002
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You can probably tell I'm not exactly a master coder. What would you suggest I do to fix it/make it more secure?

  • #4
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    http://uk2.php.net/manual/en/languag...predefined.php

    http://uk2.php.net/manual/en/reserved.variables.php is a list of what you can use.

    Example:

    Instead of
    PHP Code:
    if(!isset($username) || !isset($password)) { 
    You'd use
    PHP Code:
    $username $_POST['username'];
    $password $_POST['password'];

    if(!isset(
    $username) || !isset($password)) { 
    This'll only compare the username and password from a form that's been POSTed, so noone can use GET (the url) to change the username or password now.

  • #5
    New Coder
    Join Date
    Sep 2002
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Tried something new, still having problems

    Altered it a bit, but now the problem is that it won't stay logged in. (It'll log in, but the session ends as soon as I go to a new page, or type in the adress again.)

    index.php file
    PHP Code:
    <? session_start();
    include(
    "func_lst.php");
    db_connect();


    ?>
    (Farther down the page I have to include the login function)

    func_lst.php
    PHP Code:
    function display_login_form()
    {
    $username = $_POST['username'];
    $password = $_POST['password'];

    if(!isset($username) || !isset($password)) {
    ?>

      <a href="register_form.php">Not a member?</a>
      <form method=post action=<? $PHP_SELF ?>>
      <table bgcolor=#cccccc>
       <tr>
         <td colspan=2>Members log in here:</td>
       <tr>
         <td>Username:</td>
         <td><input type=text name=username></td></tr>
       <tr>
         <td>Password:</td>
         <td><input type=password name=password></td></tr>
       <tr>
         <td colspan=2 align=center>
         <input type=submit value="Log in"></td></tr>
       <tr>
         <td colspan=2><a href="forgot_form.php">Forgot your password?</a></td>
       </tr>
     </table></form>
    <?
    }
    else {

    session_register("username");
    session_register("password"); 




    $sql mysql_query("SELECT pword FROM lad_user WHERE uname = '$username'");
    $fetch_em mysql_fetch_array($sql);
    $numrows mysql_num_rows($sql);

    if(
    $numrows != "0" $password == $fetch_em["pword"]) {
    $valid_user 1;
    echo 
    "logged in as:<br>";
    echo 
    $username;
    }
    else {
    $valid_user 0;
    }

    // If the username exists and pass is correct, don't pop up the login code again.
    // If info can't be found or verified....

    if (!($valid_user))
    {
    session_unset();   // Unset session variables.
    session_destroy(); // End Session we created earlier.
    ?>
    <form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?"$QUERY_STRING;}?>" method="POST">
    <p align="center">Incorrect login information, please try again. You must login to access this document.</p>
    <table align="center" border="0">
     <tr>
      <th>
    Username:
      </th>
      <th>
    <input type="text" name="username">
      </th>
     </tr>
     <tr>
      <th>
    Password:
      </th>
      <th>
    <input type="password" name="password">
      </th>
     </tr>
     <tr>
      <th colspan="2" align="right">
    <input type="submit" value="Login">
    </form>
      </th>
     </tr>
    </table>
    </body>
    </html>
    <?
    }
    }
    }
    ?>
    It works, but I don't stay logged in. Could you help me out again?
    Thank you
    -Mike


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •