Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11

Thread: Login Script

  1. #1
    New Coder
    Join Date
    Dec 2005
    Posts
    70
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Login Script

    i have managed to create a script that enables the user to register their details and then the details be submitted into a database....

    but what i need now is a script that enables one to log on

    how would i go about getting the system to validate the user/password combination by comparing it to the combinations in the database....

    i have a list of usernames and passwords but need a script enabling user to login...and then be re-directed to their own page...

    also on registration does any1 no how i can get a page created for user, that he is directed to when he logs on... ie ..../userpage

    where each userpage is individual

  • #2
    New to the CF scene
    Join Date
    Oct 2005
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Pear Auth is a good authentication mechanism. Details about it can be found here. http://pear.php.net/package/Auth

    If you are unable to use PEAR Auth or you want to just make something simple, you should be able to write a quick script. Another thing to consider is the level of security you require for your site.


    We might need a few more details to help you out.
    like the table structure of the table that holds the registration info.

    What I would do for the 'user page' is is create a default user page that draws the content specific for each user from the database. So all users go to the same page, they just get shown different content depending on their login. A an unique identifier would be assigned to each user when when he registers, and when a user logins some sort of variable is passed when sending them to user page. The vairables contains the unique identifier. This variable could be sent by sessions, POST or GET, or cookies.

  • #3
    New Coder
    Join Date
    Dec 2005
    Posts
    36
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Find what suites you most: http://www.zend.com/codex.php?CID=341

  • #4
    New Coder
    Join Date
    Dec 2005
    Posts
    70
    Thanks
    0
    Thanked 0 Times in 0 Posts
    PHP Code:
    <?php 

    $dblink 
    mysql_pconnect("database","myusername","mypassword"); 
    mysql_select_db("localhost"); 

    if ( !isset(
    $redirect)) 
       { 
         
    $redirect "index.html"
       } 

    if (isset(
    $username) && isset($password)) { 

      
    $query "select * from login where username= '$username' and password = '$password'"

      if ( !(
    $dbq mysql_query($query$dblink))) { 
        echo 
    "Unable to query database.  Please Contact <a href=\"mailto:email@address\">email@address</a>"
        exit; 
      }  

      
    $lim mysql_num_rows$dbq ); 

      if (
    $lim != 1) { 
      
    $headers=1//HTML headers in place 
      
    echo "<HTML><HEAD><TITLE>Login Page</TITLE></HEAD><BODY>"
      echo 
    "<B>Invalid User ID or Password. Please Try again</B><BR>"

      } 

      if (
    $lim == 1) { 

    //make unique session id and store it in Database 
      
    $timer md5(time()); 
      
    $sid $username "+" $timer
      
    SetCookie("Cookiename",$sid,time()+2592000); //Set Cookie for 30 days 
      
    $query "update login set sid='$timer' where username='$username'"

      if( !(
    $dbq mysql_query$query$dblink))) { 
        echo 
    "Unable to update database.  Please contact <a href=\"mailto:email@address\">email@address</a>"
      exit; 
      } 
       
    $headers=1
      
    header("Location: $redirect"); 
      exit; 
      } 



    if (isset(
    $Cookiename)) { 
      
    $headers=1//make sure HTML headers are in place before the form 
      
    $sidarray explode("+"'.$Cookiename.'); 
      
    $query "select * from login where username= '$sidarray[0]' and sid = '$sidarray[1]'"

      if ( !(
    $dbq mysql_query($query$dblink))) { 
        echo 
    "Unable to find database.  Please Contact <a href=\"mailto:email@address\">email@address</a>"
        exit; 
      } 

      if (
    mysql_num_rows$dbq ) == 1) { 
        echo 
    "<HTML><HEAD><TITLE>Login Page</TITLE></HEAD><BODY>"
        echo 
    "You are already logged in as $sidarray[0].<BR>"
        echo 
    "You may logon as another user or simply begin using our services with your current session.<BR>"
        echo 
    "Click <A Href=\"index.html\">Here</A> to return to our homepage."
      } 

    if (
    $headers == 0) { 
    echo 
    "<HTML><HEAD><TITLE>Login Page</TITLE></HEAD><BODY>"

    echo 
    "<Form Action=\"newlogin.php\" METHOD=\"POST\">"
    echo 
    "<H2>User Name</H2>"
    echo 
    "<Input TYPE=\"text\" Name=\"username\" Value='$username'>"
    echo 
    "<BR>"
    echo 
    "<H2>Password</H2>"
    echo 
    "<Input TYPE=\"password\" Name=\"password\">"
    echo 
    "<BR>"
    echo 
    "<Input Type=\"submit\" Value=\"Submit\">"
    echo 
    "<Input Type=\"hidden\" Name=\"redirect\" Value='.$redirect.'>"
    echo 
    "</FORM>"
    ?>
    with this php script i have tried adjusting to my website, but i keep getting INVALID password message, even when i am typing the correct password into fields.. can any1 help me

    table of registration holds

    id
    first
    last
    username
    password
    sid

  • #5
    New Coder
    Join Date
    Dec 2005
    Posts
    36
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Are your passwords encrypted when they are inserted into the database?
    Here's one I like to use (all passwords in database are using MD5 type encryption)

    PHP Code:
    <?php
    $status 
    authenticate($u_name$p_word);

    // if  user/pass combination is correct
    if ($status == 1) {
        
    // initiate a session
        
    session_start();

        
    $sql "SELECT * FROM `users` WHERE `username`='$u_name'";
        
    $result mysql_query($sql);
        
    $data mysql_fetch_assoc($result);
        

        
    $pass md5($p_word);

        
    $_SESSION['blahlablaha'] = array(
        
    'id'=> $data[id],
        
    'username'=> $data[username],
        
    'password'=> $data[password]);


        
    // redirect to protected page

        
    if ($ret){
            print
    " <script> window.location = \"index.php\"; </script>";;
        }

        exit();
    }

    else {
        
    // user/pass check failed
        // redirect to error page
        
    session_start();

        print
    " <script> window.location = \"error.php\"; </script>";

        exit();
    }

    // authenticate username/password against a database
    // returns: 0 if username and password is incorrect
    //          1 if username and password are correct
    function authenticate($u_name$p_word){

        
    $query "SELECT * FROM `users` WHERE `username` = '$u_name' AND `password` = MD5('$p_word')";
        
    $result mysql_query($query) or die ("Error in query: $query. " mysql_error());
        
    $data mysql_fetch_assoc($result);

        
    // if row exists -> user/pass combination is correct
        
    if (mysql_num_rows($result) == 1) {
            return 
    1;
        }
        
    // user/pass combination is wrong
        
    else {
            return 
    0;
        }
    }
    ?>

  • #6
    New Coder
    Join Date
    Dec 2005
    Posts
    70
    Thanks
    0
    Thanked 0 Times in 0 Posts
    still get same problem with that one, redirects me to eror page even when i type in the right combinations...

    in my database, it doesnt allow me to see the password, which is right, right....

    but even using ur code, i can not get it to login, it just always rejects login even when ive done the right login/password...
    .
    :s

  • #7
    New Coder
    Join Date
    Dec 2005
    Posts
    36
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by kaiiak
    still get same problem with that one, redirects me to eror page even when i type in the right combinations...

    in my database, it doesnt allow me to see the password, which is right, right....

    but even using ur code, i can not get it to login, it just always rejects login even when ive done the right login/password...
    .
    :s
    there are different encryption types that are used.
    MD5 type would look like this in the table field: 5d41402abc4b2a76b9719d911017c592

  • #8
    New Coder
    Join Date
    Dec 2005
    Posts
    70
    Thanks
    0
    Thanked 0 Times in 0 Posts
    k using as suggested:-

    PHP Code:
    <?php

    $username 
    '****';   
    $password '';   
    $database '****';   
    $connect mysql_connect('localhost'$username$password) or die(mysql_error()); 
    mysql_select_db($database,$connect);  

    $uname=".$_POST[uname].";
    $pword=".$_POST[pword].";
    $status authenticate($uname$pword); 
    if (
    $status == 1) { 

        
    session_start(); 

        
    $sql "SELECT * FROM `users` WHERE `uname`='$uname'"
        
    $result mysql_query($sql); 
        
    $data mysql_fetch_assoc($result); 
        
        
    $pword md5($pword); 

        
    $_SESSION['blahlablaha'] = array( 
        
    'id'=> $data[id], 
        
    'uname'=> $data[uname], 
        
    'pword'=> $data[pword]); 


        if (
    $ret){
            print
    " <script> window.location = \"index.html\"; </script>";
        exit(); 


    else { 

        
    session_start(); 
        print
    " <script> window.location = \"update.php\"; </script>"
        exit(); 


    function 
    authenticate($uname$pword){ 

        
    $query "SELECT * FROM `users` WHERE  `uname` = '$uname' AND `pword` = md5('$pword')"
        
    $result mysql_query($query) or die ("Error in query: $query. " mysql_error()); 
        
    $data mysql_fetch_assoc($result); 

        if (
    mysql_num_rows($result) == 1) { 
            return 
    1
        } 
      
        else { 
            return 
    0
        } 

    ?>
    it keeps telling me error at line 54. which is the end "?>" bit
    Last edited by kaiiak; 12-31-2005 at 01:02 PM.

  • #9
    Senior Coder JamieR's Avatar
    Join Date
    Oct 2004
    Location
    United Kingdom
    Posts
    3,161
    Thanks
    0
    Thanked 5 Times in 5 Posts
    Something I noticed quickly...

    PHP Code:

    function authenticate($uname$pword){ 

        
    $query "SELECT * FROM `users` WHERE  `uname` = '$uname' AND `pword` = md5('$pword')"
        
    $result mysql_query($query) or die ("Error in query: $query. " mysql_error()); 
        
    $data mysql_fetch_assoc($result); 

        if (
    mysql_num_rows($result) == 1) { 
            return 
    1
        } 
      
        else { 
            return 
    0
        } 
    should be

    PHP Code:

    function authenticate($uname$pword){ 

        
    $query "SELECT * FROM `users` WHERE  `uname` = '$uname' AND `pword` = md5('$pword')"
        
    $result mysql_query($query) or die ("Error in query: $query. " mysql_error()); 
        
    $data mysql_fetch_assoc($result); 

        if (
    mysql_num_rows($result) == 1) { 
            return 
    1
        } 
      
        else { 
            return 
    0
        } 

    you didn't close the function off.

    Also:
    PHP Code:
    if ($status == 1) { 

        
    session_start(); 

        
    $sql "SELECT * FROM `users` WHERE `uname`='$uname'"
        
    $result mysql_query($sql); 
        
    $data mysql_fetch_assoc($result); 
        
        
    $pword md5($pword); 

        
    $_SESSION['blahlablaha'] = array( 
        
    'id'=> $data[id], 
        
    'uname'=> $data[uname], 
        
    'pword'=> $data[pword]); 


        if (
    $ret){
            print
    " <script> window.location = \"index.html\"; </script>";
        exit(); 


    else { 

        
    session_start(); 
        print
    " <script> window.location = \"update.php\"; </script>"
        exit(); 

    is wrong - you've put another if statement inside the condition that if $status == 1 is true.

    Another thing: on line 30, you're using $ret before it's defined - gawd I like ZDE
    Last edited by JamieR; 12-30-2005 at 05:03 PM.

  • #10
    New Coder
    Join Date
    Dec 2005
    Posts
    70
    Thanks
    0
    Thanked 0 Times in 0 Posts
    thank you

    i fixed that

    but what is if ($ret)

    i assume its the return of the authentication function..... then i need it to if(return=1) or summit dont i?

    for it to work.... how do write it ?

  • #11
    New Coder
    Join Date
    Dec 2005
    Posts
    70
    Thanks
    0
    Thanked 0 Times in 0 Posts
    PHP Code:
    <?  
    session_start
    ();   
    $username '*****';   
    $password '***';   
    $database '***';   
    $connect mysql_connect('localhost'$username$password) or die(mysql_error()); 
    mysql_select_db($database,$connect);  
     
    $uname $_POST['uname'];  
    $pword $_POST['pword']; 
    if((!
    $uname) || (!$pword)){  
        echo 
    "Please enter ALL of the information! <br />";  
        include 
    'login.html';  
        exit(); 

      
    $pword md5($pword); 
    // check if the user info validates the db  
    $sql mysql_query"SELECT * FROM login WHERE uname='$uname' AND pword='$pword'");  
    $login_check mysql_num_rows($sql); 
    if(
    $login_check 0){  
        while(
    $row mysql_fetch_array($sql)){  
        foreach( 
    $row AS $key => $val ){  
            $
    $key stripslashes$val );  
        }  
            
    // Register some session variables!  
            
    session_register('first');  
            
    $_SESSION['first'] = $first;  
            
    session_register('last');  
            
    $_SESSION['last'] = $last;  
            
    session_register('email');  
            
    $_SESSION['email'] = $email;  
      
         print
    " <script> window.location = \"index.html\"; </script>";

        }  
    } else {  
        echo 
    "You could not be logged in! Either the username and password do not match or you have not validated your membership!<br />  
        Please try again!<br />"
    ;  
    echo 
    " .$result.' ";
    echo
    "'$login_check'";
    echo
    " '$sql";
        include 
    'login.html';  
    }  
    ?>
    $login_)check is returning 0
    even when the right combination is matched.... login table has- id, uname, pword in it.... pwrd is md5 encrypted....

    any 1 help?


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •