login script

[trevor]

does anyone have a login script that I can take a look at? mine isn't working quite right, i just want to make sure that I am doing it right.

thanks,

Trevor

Well just something like:

Code:

$name=$_GET['name'];
$pass=$_GET['pass'];

if ($name=="trevor" && $pass=="f00") {
  print "Security confirmed";
}
else {
  print "evil cracker! NEVER! HAHAHAHA";
}

Or are you working with MySQL/other DB?

[trevor]

I am using MySQL

thanks

[trevor]

does anyone see anything wrong with this code:

<?php

$Array["username"] = trim($Array["username"]);
$Array["password"] = trim($Array["password"]);

// Database
$host = "darkstar";
$user = "root";
$dpassword = "123";
$dbname = "ao_db2003";
$link = mysql_connect($host, $user, $dpassword)
or die("Could not connect");
mysql_select_db("ao_db2003")
or exit("Could not select database");

$query = "Select password from users where(username = '$Array[username]')";
$result = mysql_query ($query, $link)
or die("error2");

while ($row = mysql_fetch_array ($result)) {

if ($row["password"] == $Array["password"]) {

$cpass = $Array["password"];

$cuser = $Array["username"];

setcookie("cuser", $cuser);
setcookie("cpass", $cpass);
$logtime = time();
$logtime2 = $logtime - 600;
$request = mysql_query ("DELETE FROM online WHERE (logtime < $logtime2)")
or die("error1");
$request = mysql_query ("DELETE FROM online WHERE (cuser='$cuser')")
or die("error");

$sql = "INSERT INTO online VALUES ('$cuser','$logtime')";
if (!$result = mysql_query($sql)){echo mysql_error();}

mysql_close($link);
header("location: main.php");

exit;

} else {

mysql_close($link);
header("location: failed.php");
exit;
};

};

mysql_close($link);

?>

[sde]

de ja vu? =)

i won't go over how to connect to your database again, but lets assume you have your connection script in a php file named connect.php

here's how i would do it.

PHP Code:

<?
include("connect.php");

// query db for a row that matches the user/pass entered
$result=mysql_query("select * from users where user='$user' and pass='$pass'");

// find the number of results found with that query
$num=mysql_numrows($result);

// send to failed.php if 0 results have been found
if($num < 1){
  header("location: failed.php");
} else {
  header("location: main.php");
}?>

now this is where sessions would come in handy. what would prevent someone from going directly to main.php ?

so what you can do is just start a session so the user and pass are remembered.

then at the top of each page.. just use code similar to above.

PHP Code:

<?

session_start();
session_register(user,pass);

include("connect.php");

// query db for a row that matches the user/pass entered
$result=mysql_query("select * from users where user='$user' and pass='$pass'");

// find the number of results found with that query
$num=mysql_numrows($result);

// send to failed.php if 0 results have been found
if($num < 1){
  header("location: failed.php");
}

// the difference is that there is no else statement .. you can safeily put the authorized only content below here because if the authentication fails, the user will be sent to failed.php
?>

[trevor]

thanks again SDE

I'm gunna send you a fruit basket or something sometime

-Trevor

[sde]

mm .. ilike apples.

[trevor]

ok its not quit working. It takes me to failed.php EVERYTIME. I thought it was working fine last night because I had no users in the database, so it was suppost to take me to FAILED.PHP

in my index page i have the username and password going to Array[username] and Array[password]

PHP Code:

<?
include("connect.php");

$password=$Array[password];
$username=$Array[username];

// query db for a row that matches the user/pass entered
$result=mysql_query("select * from users where username='$username' and password='$password'");

// find the number of results found with that query
$num=mysql_numrows($result);

// send to failed.php if 0 results have been found
if($num < 1){
  header("location: failed.php");
} else {
  header("location: main.php");
}?>

thanks,

Trevor

[Ilya020]

my gosh...You must have the mummy's curse. :p


sorry, cant help...I am learning PHP


BTW. Do you know if Sams PHP is a good PHP book? Its the e-book I have.

Thanks

Ilya

Are you sure the contents of the MySQL are correct (ie you enterted in the correct stuff?)? Have you tried multiple times?

[trevor]

"Sams teach yourself PHP4 in 24 hours" is a great book,, i bought it at zellers for $19cdn from one of those big bins

...I should probably read it If you already have it installed you can save 4 hours

=--------------------------------------------=

Anyways.....

yes i do seem to be cursed. none of this stuff is working. I have tried everything I can think of before posting here. I am absolutly sure that the username and password I am entering is corect.

Trying putting in like 2 or 3 just to make sure . Also try using phpMyAdmin (I believe it does this stuff, entering crap into MySQL, check it out at sourceforge)

[trevor]

here is my code for the login page:

PHP Code:

<?
include("connect.php");
?> 

<html>
<head>
<title>login page</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="#ffffff" text="#686464">
<center>
<br>
<br>
<br><br><br>
 
<img src="assets/ao.jpg">
</center>
<STYLE type=text/css>
a:link { color:#0a527f; text-decoration:none;}
a:visited { color:#0a527f; text-decorations:none;}
a:hover { text-decoration:none; color:#000000;}
</STYLE>

<form name="login" method="post" action="login.php">
<center>
<table width="18%" border="0">
<tr>
<td>
Login:
</td>
<td>
<input type="text" name="Array[username]">
</td></tr>
<td>
Password:
</td>
<td>
<input type="password" name="Array[password]">
</td></td></table><br><br>
<input type="submit" name="Submit" value="Login">

<br><br><br>
- [ <a href="register.php">r e g i s t e r</a> | <a href="lostpass.htm">l o s t  p a s s w o r d</a> | <a href="terms.htm">t o a</a> ] -<br>
<br>- v e r s i o n [ 0.01 ] -
</form>
<br><br>
<br><br>
<a href="main.php">- b y p a s s - l o g i n -</a>
</center>
</body>
</html>

[Ilya020]

what about connect.php?


Ilya

[Ilya020]

Quote:

Originally posted by trevor


...I should probably read it If you already have it installed you can save 4 hours

Say What?

Yes, I am starting Chapter 7.

Ilya