Page 1 of 1
Need some mo' help :P
Posted: Sat Apr 27, 2002 5:58 pm
by Jim
Hola again.
This is the deal:
I'm trying to create a script that, if certain values are met will show one thing, and if not will show another.
I'm doing it in that login script I was talking about earlier.
So this is what I have:
I've created two cookies, one for username and one for password.
What I'd like to do is somehow verify this against the database to
see if the user is logged in.
If he is, I want him to see something besides a login form.
If not, I want him to see the login form.
Do you have any ideas?
Here's what I have so far, and it's probably wrong so feel free to correct me:
http://www.maxxxtorque.com/prodigy/login.txt
Posted: Sat Apr 27, 2002 6:16 pm
by qads
you could use a if statment.
Code: Select all
$if(IsSet($username))
{
do this
}
else
{
does this
}
i think you need more then that. but this is what i would try first.
Posted: Sat Apr 27, 2002 6:23 pm
by Jim
You're right...
I guess I don't have to worry about verifying the password because if they hadn't gotten the password right they wouldn't have gotten the cookie on their computer anyway.
Right?
Posted: Sat Apr 27, 2002 6:31 pm
by qads
try this:
Code: Select all
<HTML>
<HEAD>
<TITLE>Prodigy Login Script</TITLE>
</HEAD>
<BODY>
<?
// Get Cookies
$username = $HTTP_COOKIE_VARSї"prod_username"];
$password = $HTTP_COOKIE_VARSї"prod_passwd"];
// DB Connect
include("/home/maxxxtor/public_html/prodigy/php/login/connect.php");
$findname = "SELECT id FROM pro_members WHERE name='$rname'";
$name = mysql_query($findname) or die ("This ain't workin...");
$num2 = mysql_num_rows($name) or die ("Your Username and/or Password are incorrect. If you feel you have recieved this message in error, please contact the <a href="mailto:website@hot.rr.com">webmaster</a>");
if($num2 > 0)
{
print("
<FORM METHOD=POST ACTION="login2.php">
Name: <input type=text name=rname><BR>
Pass: <input type=text name=rpass><BR><BR>
<input type=submit value=Submit> <input type=reset>");
} else
{
print("
You are logged in :)");
}
?>
Posted: Sat Apr 27, 2002 6:32 pm
by Jim
The first method you offered works just fine and is much easier to implement. Thanks amigo!
Now another question...
Is it possible to enter information into two different tables at one time?
If so, how?
Posted: Sat Apr 27, 2002 6:43 pm
by qads
yes, just make 2 INSERT querys in the same page.
Posted: Sat Apr 27, 2002 8:40 pm
by Jim
Bleh, I hadn't even thought of that... Using variables would make it pretty damn simple to do...
Well, another question. How can I make sure information is never repeated on a database? For instance, phpBB won't allow 2 Jim's on the DB. How does it do that?
Ah, and another thing... When I ask people for their email addresses, I want them to at LEAST put it in the
name@domain.ext format. How can I do that, and what is it called?
Gracias amigos!
*edit*
Ooh, and a possible security problem...
If I use the isset statement you showed me earlier in this post, is it possible that someone could create a cookie with someone's username in it and automatically log in to the page?
Thanks bro

Posted: Sun Apr 28, 2002 6:51 am
by qads
question1: i had that same problem. so i did this:
$user_check = mysql_query("SELECT username FROM user WHERE username = '$username'");
$user_check1 = mysql_num_rows($user_check) or die("Query Error");
if($user_check1 > 0)
{
print("Username '<i>$username</i>' already exits in the database, please try a Diffrenet username.<br><a href='javascript:window.history.back()'>Back</a>");
}
else
{
do this.
question2: you need email vaildation, check in evilwalrus.com's scripts, there are some there which might be abl to help you.
question3: you will always have that problem, unless you encrypt the cookie information, you will also will have decrypt it when you need it.
i am not really sure what you have to do get encrpyt.
Posted: Sun Apr 28, 2002 8:49 am
by Jim
I'm trying to use your method for making sure no username is used twice, but I can't seem to get it to work.
I got the email auth thing of php.net thanks to mydimension (eregi() seems to do the trick).
As for encrypting cookies... Dammit!

I'll find something later on.
Posted: Sun Apr 28, 2002 9:19 am
by qads
Code: Select all
<?php
$user_check = "SELECT username FROM user WHERE username = '$username'";
$re = mysql_query($user_check) or die ("error here");
$check = mysql_num_rows($re);
if($check > 0)
{
print("Username '<i>$username</i>' already exits in the database, please try a Diffrenet username.<br><a href='javascript:window.history.back()'>Back</a>");
}
else
{
print("No user was found with that name.");
}
?>
this does work

, i tested it.
Posted: Sun Apr 28, 2002 11:22 am
by mydimension
i posted a function to do this and it works pretty well for me
link ::
http://www.devnetwork.net/forums/viewtopic.php?t=75