Need some mo' help :P
Moderator: General Moderators
Need some mo' help :P
Hola again.
This is the deal:
I'm trying to create a script that, if certain values are met will show one thing, and if not will show another.
I'm doing it in that login script I was talking about earlier.
So this is what I have:
I've created two cookies, one for username and one for password.
What I'd like to do is somehow verify this against the database to
see if the user is logged in.
If he is, I want him to see something besides a login form.
If not, I want him to see the login form.
Do you have any ideas?
Here's what I have so far, and it's probably wrong so feel free to correct me:
http://www.maxxxtorque.com/prodigy/login.txt
This is the deal:
I'm trying to create a script that, if certain values are met will show one thing, and if not will show another.
I'm doing it in that login script I was talking about earlier.
So this is what I have:
I've created two cookies, one for username and one for password.
What I'd like to do is somehow verify this against the database to
see if the user is logged in.
If he is, I want him to see something besides a login form.
If not, I want him to see the login form.
Do you have any ideas?
Here's what I have so far, and it's probably wrong so feel free to correct me:
http://www.maxxxtorque.com/prodigy/login.txt
you could use a if statment.
i think you need more then that. but this is what i would try first.
Code: Select all
$if(IsSet($username))
{
do this
}
else
{
does this
}try this:
Code: Select all
<HTML>
<HEAD>
<TITLE>Prodigy Login Script</TITLE>
</HEAD>
<BODY>
<?
// Get Cookies
$username = $HTTP_COOKIE_VARSї"prod_username"];
$password = $HTTP_COOKIE_VARSї"prod_passwd"];
// DB Connect
include("/home/maxxxtor/public_html/prodigy/php/login/connect.php");
$findname = "SELECT id FROM pro_members WHERE name='$rname'";
$name = mysql_query($findname) or die ("This ain't workin...");
$num2 = mysql_num_rows($name) or die ("Your Username and/or Password are incorrect. If you feel you have recieved this message in error, please contact the <a href="mailto:website@hot.rr.com">webmaster</a>");
if($num2 > 0)
{
print("
<FORM METHOD=POST ACTION="login2.php">
Name: <input type=text name=rname><BR>
Pass: <input type=text name=rpass><BR><BR>
<input type=submit value=Submit> <input type=reset>");
} else
{
print("
You are logged in :)");
}
?>Bleh, I hadn't even thought of that... Using variables would make it pretty damn simple to do...
Well, another question. How can I make sure information is never repeated on a database? For instance, phpBB won't allow 2 Jim's on the DB. How does it do that?
Ah, and another thing... When I ask people for their email addresses, I want them to at LEAST put it in the name@domain.ext format. How can I do that, and what is it called?
Gracias amigos!
*edit*
Ooh, and a possible security problem...
If I use the isset statement you showed me earlier in this post, is it possible that someone could create a cookie with someone's username in it and automatically log in to the page?
Thanks bro
Well, another question. How can I make sure information is never repeated on a database? For instance, phpBB won't allow 2 Jim's on the DB. How does it do that?
Ah, and another thing... When I ask people for their email addresses, I want them to at LEAST put it in the name@domain.ext format. How can I do that, and what is it called?
Gracias amigos!
*edit*
Ooh, and a possible security problem...
If I use the isset statement you showed me earlier in this post, is it possible that someone could create a cookie with someone's username in it and automatically log in to the page?
Thanks bro
question1: i had that same problem. so i did this:
$user_check = mysql_query("SELECT username FROM user WHERE username = '$username'");
$user_check1 = mysql_num_rows($user_check) or die("Query Error");
if($user_check1 > 0)
{
print("Username '<i>$username</i>' already exits in the database, please try a Diffrenet username.<br><a href='javascript:window.history.back()'>Back</a>");
}
else
{
do this.
question2: you need email vaildation, check in evilwalrus.com's scripts, there are some there which might be abl to help you.
question3: you will always have that problem, unless you encrypt the cookie information, you will also will have decrypt it when you need it.
i am not really sure what you have to do get encrpyt.
$user_check = mysql_query("SELECT username FROM user WHERE username = '$username'");
$user_check1 = mysql_num_rows($user_check) or die("Query Error");
if($user_check1 > 0)
{
print("Username '<i>$username</i>' already exits in the database, please try a Diffrenet username.<br><a href='javascript:window.history.back()'>Back</a>");
}
else
{
do this.
question2: you need email vaildation, check in evilwalrus.com's scripts, there are some there which might be abl to help you.
question3: you will always have that problem, unless you encrypt the cookie information, you will also will have decrypt it when you need it.
i am not really sure what you have to do get encrpyt.
Code: Select all
<?php
$user_check = "SELECT username FROM user WHERE username = '$username'";
$re = mysql_query($user_check) or die ("error here");
$check = mysql_num_rows($re);
if($check > 0)
{
print("Username '<i>$username</i>' already exits in the database, please try a Diffrenet username.<br><a href='javascript:window.history.back()'>Back</a>");
}
else
{
print("No user was found with that name.");
}
?>- mydimension
- Moderator
- Posts: 531
- Joined: Tue Apr 23, 2002 6:00 pm
- Location: Lowell, MA USA
- Contact:
i posted a function to do this and it works pretty well for me
link :: http://www.devnetwork.net/forums/viewtopic.php?t=75
link :: http://www.devnetwork.net/forums/viewtopic.php?t=75