php authentication

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Josephine
Forum Newbie
Posts: 3
Joined: Thu Jul 25, 2002 2:38 pm

php authentication

Post by Josephine »

:cry: :!:

somebody please help me, i beg of you.
i am not very versed in php. i'm trying so hard and want to learn.
i have spent weeks on trying to just do a password protection.
i went to a tutorial for user authentication at the following:
http://www.phpdeveloper.org/view_tut.php?id=41

i have a database and successfully created a table and populated it with a name and password.

i cannot get the page to work. what am i doing wrong?

this is the code i wrote:

opening with the php tag (leaving out of this post), then

print "
//now the html and body tags (leaving out of this post) and then

<form method=post action=$PHP_SELF>
<table cellpadding=2 cellspacing=0 border=0>
<td>Username:</td><td><input type=\"text\" name=\"username\" size=10></td><tr>
<td>Password:</td><td><input type=\"password\" name="password" size=10></td><tr>
<td>&nbsp;</td><td><input type=\"submit\" name=\"submit\" value=\"Log In\"></td>
</table></form>

//closing body and html tags (leaving out of this post)

";


if ($submit) {
// Include config file contains database info
include("common.php");

// Connect to database
$link = dbConnect() or die ("can't connect");

mysql_select_db($dbName) or die ("cant change");
$result=mysql_query("select * from User where name='$username'",$link) or die ("cant do it");
while ($row=mysql_fetch_array($result)) {
if ($row["password"]==$password) {
printf("Successfully Logged In!<a href=\\"default.php?\\"'>Click Here</a>");
}
}
}
//closing php tag (leaving out of this post)

if anyone can help, it would be so appreciated.
thanks in advance for any assistance.

josephine
EricS
Forum Contributor
Posts: 183
Joined: Thu Jul 11, 2002 12:02 am
Location: Atlanta, Ga

No error

Post by EricS »

Please list the error your receiving so we can narrow down your problem.
Josephine
Forum Newbie
Posts: 3
Joined: Thu Jul 25, 2002 2:38 pm

Post by Josephine »

it's a small miracle, but i actually got it to work.
somehow there were extra backward slashes in the tut and a single
quote that shouldn't have been in there.
the next question i have is anyone out there who can give me an
idea how to log out of a password protected site? i have to
admit i'm bad for not checking tuts on this, so i guess i should do
that first, but if anyone knows off the top, save my searching for
it.
thanks
User avatar
llimllib
Moderator
Posts: 466
Joined: Mon Jul 01, 2002 2:19 pm
Location: Baltimore, MD

Post by llimllib »

Well, as your script stands, nobody would need to log out; as soon as they left the page the would be 'logged out' and if they came back, they would need to log in again. What you need to do is start a session (with session_start()) at the top of the page, and then add the user's name to a session variable once they're validated. Your script, updated:

Code: Select all

<?php
session_start();

//"print" statement here

if (isset($_POST&#1111;'username'])) &#123;
    include("common.php");

    // Connect to database
    $link = dbConnect() or die ("can't connect");

    mysql_select_db($dbName) or die ("cant change");
    $result=mysql_query("select * from User where name='$_POST&#1111;'username']'",$link) or die ("cant do it");
    while ($row=mysql_fetch_array($result)) &#123;
        if ($row&#1111;"password"]==$_POST&#1111;'password']) &#123;
            printf("Successfully Logged In!<a href=&quote;default.php?&quote;'>Click Here</a>");
            $_SESSION&#1111;'username'] = $_POST&#1111;'username'];
        &#125;
    &#125;
&#125;
?>
Notice that I've done a couple of things here: I assume that you're using PHP 4.1.0 or above, because I removed your assumptions that register_globals = on. In other words, I don't assume that the variables username and password will be automatically assigned by PHP.
Also, you shouldn't ever rely on $submit to see if a form was submitted - some browsers don't send it.
When you want them to log out now, all you do is:

Code: Select all

unset($_SESSION&#1111;'username']);
Josephine
Forum Newbie
Posts: 3
Joined: Thu Jul 25, 2002 2:38 pm

Post by Josephine »

thank you so much ! :D
psn
Forum Newbie
Posts: 13
Joined: Wed Jul 17, 2002 10:22 pm

Post by psn »

this should become a sticky post
for people like me.
That was great
User avatar
llimllib
Moderator
Posts: 466
Joined: Mon Jul 01, 2002 2:19 pm
Location: Baltimore, MD

Post by llimllib »

psn: I wrote an article on authentication for that reason, It should be up today or Monday...check out phpcomplete.com if you want to read it.
Post Reply