log in system

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Trevor_needs_help
Forum Newbie
Posts: 20
Joined: Thu Jan 29, 2004 8:13 am

log in system

Post by Trevor_needs_help »

i am try to create a page where a user name and password has to be typed in so the user has to log in. i have a script but i dont know why it keeps on coming up with an error message. it keeps on saying that the users is not on record when they are. can anyone help im going mad.

<?php

if (isset($_POST['submit'])) { // Handle the form.

require_once ('../mysql_connect.php'); // Connect to the db.

$message = NULL; // Create an empty new variable.

// Check for a username.
if (empty($_POST['username'])) {
$u = FALSE;
$message .= '<p>You forgot to enter your username!</p>';
} else {
$u = escape_data($_POST['username']);
}

// Check for a password.
if (empty($_POST['password'])) {
$p = FALSE;
$message .= '<p>You forgot to enter your password!</p>';
} else {
$p = escape_data($_POST['password']);
}

if ($u && $p) { // If everything's OK.

// Retrieve the user_id and first_name for that username/
$query = "SELECT user_id,first_name FROM users WHERE (username='$u' AND password=PASSWORD('$p'))";


$result = @mysql_query ($query); // Run the query.
$row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable.

if ($row) { // A record was pulled from the database.

// Set the cookies & redirect.
//setcookie ('first_name', $row[1]);
//setcookie ('user_id', $row[0]);
header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/loggedin.php");
exit(); // Quit the script.

} else { // No record matched the query.
$message = '<p>The username and password entered do not match those on file.</p>';
}

mysql_close(); // Close the database connection.

} else {
$message .= '<p>Please try again.</p>';
}

} // End of the main Submit conditional.

// Set the page title and include the HTML header.


// Print the error message if there is one.
if (isset($message)) {
echo '<font color="red">', $message, '</font>';
}
?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset><legend>Enter your information in the form below:</legend>

<p><b>User Name:</b> <input type="text" name="username" size="10" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /></p>

<p><b>Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>

<div align="center"><input type="submit" name="submit" value="Login" /></div>

</form><!-- End of Form -->

</fieldset><?php
// Include the HTML footer.
?>
User avatar
partiallynothing
Forum Commoner
Posts: 61
Joined: Fri Nov 21, 2003 5:02 pm
Location: connecticut, usa

Use the Built in PHP Syntax Highlighter!

Post by partiallynothing »

Now that it is easier to read, I'll take a look at it...

Code: Select all

<?php

if (isset($_POST['submit'])) { // Handle the form.

require_once ('../mysql_connect.php'); // Connect to the db.

$message = NULL; // Create an empty new variable.

// Check for a username.
if (empty($_POST['username'])) {
$u = FALSE;
$message .= '<p>You forgot to enter your username!</p>';
} else {
$u = escape_data($_POST['username']);
}

// Check for a password.
if (empty($_POST['password'])) {
$p = FALSE;
$message .= '<p>You forgot to enter your password!</p>';
} else {
$p = escape_data($_POST['password']);
}

if ($u && $p) { // If everything's OK.

// Retrieve the user_id and first_name for that username/
$query = "SELECT user_id,first_name FROM users WHERE (username='$u' AND password=PASSWORD('$p'))";
$result = @mysql_query ($query); // Run the query.
$row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable.

if ($row) { // A record was pulled from the database.

// Set the cookies & redirect.
//setcookie ('first_name', $row[1]);
//setcookie ('user_id', $row[0]);
header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/loggedin.php");
exit(); // Quit the script.

} else { // No record matched the query.
$message = '<p>The username and password entered do not match those on file.</p>';
}

mysql_close(); // Close the database connection.

} else {
$message .= '<p>Please try again.</p>';
}

} // End of the main Submit conditional.

// Set the page title and include the HTML header.


// Print the error message if there is one.
if (isset($message)) {
echo '<font color="red">', $message, '</font>';
}
?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset><legend>Enter your information in the form below:</legend>

<p><b>User Name:</b> <input type="text" name="username" size="10" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /></p>

<p><b>Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>

<div align="center"><input type="submit" name="submit" value="Login" /></div>

</form><!-- End of Form -->

</fieldset><?php
// Include the HTML footer. 
?>
User avatar
partiallynothing
Forum Commoner
Posts: 61
Joined: Fri Nov 21, 2003 5:02 pm
Location: connecticut, usa

Post by partiallynothing »

First of all, I have no clue what the function escape_data() does. I could not find it at php.net... Can anyone explain what that does?
User avatar
DuFF
Forum Contributor
Posts: 495
Joined: Tue Jun 24, 2003 7:49 pm
Location: USA

Post by DuFF »

The MySQL query is probably whats causing the problem. I would suggest using an alternate method of encryption rather than PASSWORD().
MySQL.COM wrote:Note: The PASSWORD() function is used by the authentication system in MySQL Server, you should NOT use it in your own applications. For that purpose, use MD5() or SHA1() instead. Also see RFC-2195 for more information about handling passwords and authentication securely in your application.
I would suggest using MD5 personally.
Post Reply