Page 1 of 1

php authentication

Posted: Thu Jul 25, 2002 2:38 pm
by Josephine
:cry: :!:

somebody please help me, i beg of you.
i am not very versed in php. i'm trying so hard and want to learn.
i have spent weeks on trying to just do a password protection.
i went to a tutorial for user authentication at the following:
http://www.phpdeveloper.org/view_tut.php?id=41

i have a database and successfully created a table and populated it with a name and password.

i cannot get the page to work. what am i doing wrong?

this is the code i wrote:

opening with the php tag (leaving out of this post), then

print "
//now the html and body tags (leaving out of this post) and then

<form method=post action=$PHP_SELF>
<table cellpadding=2 cellspacing=0 border=0>
<td>Username:</td><td><input type=\"text\" name=\"username\" size=10></td><tr>
<td>Password:</td><td><input type=\"password\" name="password" size=10></td><tr>
<td>&nbsp;</td><td><input type=\"submit\" name=\"submit\" value=\"Log In\"></td>
</table></form>

//closing body and html tags (leaving out of this post)

";


if ($submit) {
// Include config file contains database info
include("common.php");

// Connect to database
$link = dbConnect() or die ("can't connect");

mysql_select_db($dbName) or die ("cant change");
$result=mysql_query("select * from User where name='$username'",$link) or die ("cant do it");
while ($row=mysql_fetch_array($result)) {
if ($row["password"]==$password) {
printf("Successfully Logged In!<a href=\\"default.php?\\"'>Click Here</a>");
}
}
}
//closing php tag (leaving out of this post)

if anyone can help, it would be so appreciated.
thanks in advance for any assistance.

josephine

No error

Posted: Thu Jul 25, 2002 3:00 pm
by EricS
Please list the error your receiving so we can narrow down your problem.

Posted: Thu Jul 25, 2002 3:17 pm
by Josephine
it's a small miracle, but i actually got it to work.
somehow there were extra backward slashes in the tut and a single
quote that shouldn't have been in there.
the next question i have is anyone out there who can give me an
idea how to log out of a password protected site? i have to
admit i'm bad for not checking tuts on this, so i guess i should do
that first, but if anyone knows off the top, save my searching for
it.
thanks

Posted: Thu Jul 25, 2002 3:44 pm
by llimllib
Well, as your script stands, nobody would need to log out; as soon as they left the page the would be 'logged out' and if they came back, they would need to log in again. What you need to do is start a session (with session_start()) at the top of the page, and then add the user's name to a session variable once they're validated. Your script, updated:

Code: Select all

<?php
session_start();

//"print" statement here

if (isset($_POST&#1111;'username'])) &#123;
    include("common.php");

    // Connect to database
    $link = dbConnect() or die ("can't connect");

    mysql_select_db($dbName) or die ("cant change");
    $result=mysql_query("select * from User where name='$_POST&#1111;'username']'",$link) or die ("cant do it");
    while ($row=mysql_fetch_array($result)) &#123;
        if ($row&#1111;"password"]==$_POST&#1111;'password']) &#123;
            printf("Successfully Logged In!<a href=&quote;default.php?&quote;'>Click Here</a>");
            $_SESSION&#1111;'username'] = $_POST&#1111;'username'];
        &#125;
    &#125;
&#125;
?>
Notice that I've done a couple of things here: I assume that you're using PHP 4.1.0 or above, because I removed your assumptions that register_globals = on. In other words, I don't assume that the variables username and password will be automatically assigned by PHP.
Also, you shouldn't ever rely on $submit to see if a form was submitted - some browsers don't send it.
When you want them to log out now, all you do is:

Code: Select all

unset($_SESSION&#1111;'username']);

Posted: Thu Jul 25, 2002 4:09 pm
by Josephine
thank you so much ! :D

Posted: Fri Jul 26, 2002 5:13 am
by psn
this should become a sticky post
for people like me.
That was great

Posted: Fri Jul 26, 2002 7:32 am
by llimllib
psn: I wrote an article on authentication for that reason, It should be up today or Monday...check out phpcomplete.com if you want to read it.