Page 1 of 1

please, i want your help...

Posted: Sun Dec 04, 2011 3:43 pm
by empe7or
helloevery body

I'm new in this site and i want your help to create registration form.
i have finished all the codes except one.
* if statment that check whenthe adminestrator login, desplay all users details and he can block any user he want.

this is the codes....

Code: Select all

<?php
session_start(); 
if(isset($_SESSION["user"])){
     print_secure_content();
}else{

    if(isset($_POST["submit"]))
    {  

    
    if((checkpass()==1){
	if(admin()==1){
	$colname_userDets = "-1";
if (isset($_SESSION['user'])) {
  $colname_userDets = $_SESSION['user'];
}
mysql_select_db("test", $conn);
$query_userDets = sprintf("SELECT * FROM users 
                          WHERE username = %s",
  GetSQLValueString($colname_userDets, "text"));
$userDets = mysql_query("localhost", $conn) or
die(mysql_error());
$row_userDets = mysql_fetch_assoc($userDets);
$totalRows_userDets = mysql_num_rows($userDets);

	}
	else{	
	 $_SESSION['user']=$_POST['userlogin'];
	 print"<h1>you have loged in successfully</h1>";
	 print_secure_content();}
    }else{
     print "wrong pawssword or username, please try again";	
     loginform();
    }

    }
    else{
    loginform();
    }
 }      
     
function loginform()
{
print "<h2>Please, enter your login information:</h2>";
print ("<table border='3'><tr><td>username</td><td><input type='text' name='userlogin' size'20'></td></tr><tr><td>password</td><td><input type='password' name='password' size'20'></td></tr></table>");
print "<input name= 'submit' type='submit' >";	
print "<h3><a href='registerform.php'>register now!</a></h3>";	
}

function checkpass()
{
$password = md5($_POST['password']);
$servername="localhost";
$username="root";
$conn=  mysql_connect($servername,$username)or die(mysql_error());
mysql_select_db("test",$conn);
$sql="select * from users where name='$_POST[userlogin]' and password='$password'";
$result=mysql_query($sql,$conn) or die(mysql_error());
return  mysql_num_rows($result);
}

function print_secure_content()
{
	print("<b><h1>Hello $_SESSION[user]</h1>");
	print "<br><h2>You can change your details from here</h2><a href='update.php'>Click here</a><br>";	
    print "<br><h2>You are login now. You can logout from this link...</h2><a href='logout.php'>Logout</a><br>";	
	
}
?>
[/b]

Re: please, i want your help...

Posted: Sun Dec 04, 2011 4:24 pm
by twinedev
I'm not getting what you are needing help with? Is it not working? are you getting errors? or just looking for advice on the code you have?

For advice on your code, it could defiantly use some restructuring and be cleaned up (main thing, database connection should be in a separate file, and just do require_once() everywhere you will do sql (think about if you change you password, how many places do you have to update (and worse, you have that many places to accidentally forget to change it and break your site).

Also needs code to fix the issue that a login can be faked. Big security rule: NEVER trust data that comes from end user, things such as $_POST/$_GET/$_COOKIE/$_SERVER['PHP_SELF']/$_SERVER['HTTP_USER_AGENT'] check out http://php.net/mysql_real_escape_string

-Greg

Re: please, i want your help...

Posted: Fri Dec 09, 2011 3:47 am
by phphelpme
you could always have a column in your database which would be with your usernames and it would be for admin or not. So admin=1 is true, admin=0 is false etc. Your code when connecting to the database could pull this value and then you could code an if statement that checks the value of say $admin and if $admin == "1" then display other options, if $admin =="0" then do not display options.

I think that is what your getting at. I would personally set account access privilages like this so you could potentially have more than one type of access and more than one admin if required. Plus you set standard users to the value of $admin="0" etc in the database.

I think this is what your trying to get at but not too sure. :)

Re: please, i want your help...

Posted: Fri Dec 09, 2011 4:22 am
by social_experiment
empe7or wrote:i want your help to create registration form.
A register option will have to do a few things;
1. Check if the username is available
2. If username is taken, ask for a new one
3. Check password strength (this is commonly defined as a longer password)
4. If all conditions are met; write user info to the database

There is also the issue of account activation; how will this be done? A good option is to have a url that is only valid for x amount of time

Re: please, i want your help...

Posted: Fri Dec 09, 2011 6:15 am
by phphelpme
empe7or wrote: i have finished all the codes except one.
* if statment that check whenthe adminestrator login, desplay all users details and he can block any user he want.
It's kind of confusing as to what is actually required here as this states that you have done everything apart from the if statement which check if admin is logged in or not etc. But you mention a user registration form etc like 'social_experiment' has stated.

I think it would be better to clarify what your exact needs are and exactly what you have coded so far so we know what is missing. :)