Page 1 of 2

User LogIn

Posted: Tue Jul 30, 2002 12:35 pm
by Russ
for some reason my code seems to be checking the username when nothing has been submitted. heres my code

Code: Select all

<?php

if('$submit')&#123;

    switch ($action) &#123; 
        case login: 
            process_login(); 
            die(); 
        case logout:
&#125;

        global $username; 
        global $password;

$db = @mysql_connect("$dbhost", "$dbuname", "$dbpage");
if (!$db) &#123;
  echo( "<p>Unable to connect to the " .
        "database server at this time.</p>" );

  exit();
&#125;
mysql_select_db("$dbname", $db);
if (! @mysql_select_db("$dbname") ) &#123;
  echo( "<p>Unable to locate the members " .
        "database at this time.</p>" );

  exit();
&#125; 


        $query3 = "SELECT id FROM membersdb WHERE " 
        . "username='$username'"; 
        $result3 = mysql_query($query3) 
            or die("Query failed at userid retrieval stage.");

        $num_rows = mysql_num_rows($result3); 
        $myrow = mysql_fetch_array($result3); 
        $user_id = $myrow&#1111;0];

        if ($id == "") &#123;

print ("<font color=red> Sorry, but the username you submitted was wrong. Sort it out.</font>");
print "<form method=post action="$PHP_SELF">";  
print " <b>User Name</b>:<input type=text name=username size=15 maxlength=10 class=textbox>"; 
print " <b>Password</b>:<input type=password size=15 maxlength=10 name=password class=textbox>";
print " <input type=submit value=Login class=button>";
print "</form>";

print ("<p>");

print ("<font class=rm>Not a member? <a href=join.php class=rm>Click Here</a></font>");

&#125; elseif ($password == "") &#123;




            $query3 = "SELECT password " 
            . " FROM membersdb " 
            . " WHERE username='$username'"; 

            $result3 = mysql_query($query3) 
                or die("Query failed at userid retrieval stage.");

             $encryptedpassword = md5($password); 

             $myrow = mysql_fetch_array($result3);

            $password = $myrow&#1111;0]; 

            if ($encryptedpassword == $password) &#123;

                 setcookie ("ck_username", $username); 
                 setcookie("ck_password", $password); 
                 setcookie("ck_id", $id); 

print ("Welcome $username: &#1111;<a href=members?action=edit&id=".$myrow&#1111;'id'].">Settings</a>|Logout]");

&#125; else &#123;

print ("<font color=red> Sorry, but the password you submitted was wrong. Sort it out.</font>");
print ("<form method=post action="$PHP_SELF">");  
print (" <b>User Name</b>:<input type=text name=username size=15 maxlength=10 class=textbox>"); 
print (" <b>Password</b>:<input type=password size=15 maxlength=10 name=password class=textbox>");
print (" <input type=submit value=Login class=button>");
print ("</form>");

print ("<p>");

print ("<font class=rm>Not a member? <a href=join.php class=rm>Click Here</a></font>");

&#125;
&#125;

&#125; else &#123;


print ("<form method=post action="$PHP_SELF">");  
print (" <b>User Name</b>:<input type=text name=username size=15 maxlength=10 class=textbox>"); 
print (" <b>Password</b>:<input type=password size=15 maxlength=10 name=password class=textbox>");
print (" <input type=submit value=Login class=button>");
print ("</form>");

print ("<p>");

print ("<font class=rm>Not a member? <a href=join.php class=rm>Click Here</a></font>");

&#125;

?>

yesah

Posted: Tue Jul 30, 2002 1:07 pm
by gotDNS
i dont have time to read that all, so i'll just paste what I use...

Main portion of the page you login from:

Code: Select all

<?php
session_start();

mysql_connect("localhost:3306", "techy") && mysql_select_db("forum")
or $failed = "Could not connect to database.";

$loginform = "<form method="post" action="login.php">
<img src="forumtop.gif" /><br />&nbsp;<b><u>Login</u></b><br />
&nbsp;Username: <input type="text" size="16" maxlength="16" name="username" />
 Password: <input type="password" size="16" maxlength="16" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="Login" />
</form>";

echo "<html><head>
<title>Techy Board</title>
<link rel="stylesheet" type="text/css" href="forum.css" />
</head>
<body marginheight="0" marginwith="0" topmargin="0" leftmargin="0">";

if(session_is_registered("loggedin"))
&#123;
        echo "<img src="forumtop.gif" /><br />&nbsp;<b>You are logged in as $loggedin</b> : <a href="logout.php" class="NLINK">Logout</a><br /><br />";
&#125;
else
&#123;
        echo $loginform;
&#125;
?>

<br />
<table cellpadding="0" cellspacing="0" width="92%" border="0" align="center">
<tr>
<td colspan="2"><a href="index.php" class="NLINK">Techy Home</a></td>
</tr>
<tr>
<td width="20"></td>
<td>
<?php
if(session_is_registered("loggedin"))
&#123;
	echo "<a href="editup.php" class="NLINK">Edit User Profile</a><br />";
&#125;
else
&#123;
	echo "<a href="signup.php" class="NLINK">Sign-Up to post</a> (free)<br />";
&#125;
?>
<br /><b>NOTE: Remember, keep the language clean. Please no spamming. The cleaner the forum, the less the restrictions. Thanks. -Admin</b>
</td>
</tr>
</table>

The page that does the loggin in:

Code: Select all

<?php
session_start();

mysql_connect("localhost:3306", "techy") && mysql_select_db("forum")
or $failed = "Could not connect to database.";

$result = mysql_query("select * from usrinfo where username="$username"");

$loginform = "<form method="post" action="login.php">
<img src="forumtop.gif" /><br />&nbsp;<b><u>Login</u></b><br />
&nbsp;Username: <input type="text" size="16" maxlength="16" name="username" />
 Password: <input type="password" size="16" maxlength="16" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="submit" />
</form>";

$loginform2 = "<form method="post" action="login.php">
<img src="forumtop.gif" /><br />&nbsp;<b>ERROR: Username or password incorrect.</b><br /><br />&nbsp;<b><u>Login</u></b><br />
&nbsp;Username: <input type="text" size="16" maxlength="16" name="username" />
 Password: <input type="password" size="16" maxlength="16" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="submit" />
</form>";

echo "<html><head>
<title>Techy Board</title>
<link rel="stylesheet" type="text/css" href="forum.css" />
</head>
<body marginheight="0" marginwith="0" topmargin="0" leftmargin="0">";

$row = mysql_fetch_assoc($result);

if($row&#1111;"password"]==md5($password))
&#123;
        $loggedin=$username;
        session_register("loggedin");
        if($params&#1111;"prevurl"])
                header("Location: $prevurl");
        else
                echo "<img src="forumtop.gif" /><br />&nbsp;<b>You are logged in as $loggedin</b> : <a href="logout.php" class="NLINK">Logout</a><br /><br />";
&#125;
else
&#123;
        echo $loginform2;
&#125;
?>
<br />
<table cellpadding="0" cellspacing="0" width="92%" border="0" align="center">
<tr>
<td colspan="2"><a href="index.php" class="NLINK">Techy Home</a></td>
</tr>
<tr>
<td width="20"></td>
<td>
<?php
if(session_is_registered("loggedin"))
&#123;
	echo "<a href="editup.php" class="NLINK">Edit User Profile</a><br />";
&#125;
?>
<br /><b>NOTE: Remember, keep the language clean. Please no spamming. The cleaner the forum, the less the restrictions. Thanks. -Admin</b>
</td>
</tr>
</table>
Hope i helped...

Re: User LogIn

Posted: Tue Jul 30, 2002 1:12 pm
by cheatboy00
Russ wrote:

Code: Select all

$query3 = "SELECT id FROM membersdb WHERE " 
        . "username='$username'";
I believe is wrong.. though i might be.... it should be

Code: Select all

$query3 = "SELECT id FROM membersdb WHERE username = '$username'";

Posted: Tue Jul 30, 2002 1:13 pm
by llimllib
The . concatenates the two lines, cheat. That line should work fine, looks like to me

Posted: Tue Jul 30, 2002 1:15 pm
by cheatboy00
oh... well i didn't know that thanks...

Posted: Tue Jul 30, 2002 1:20 pm
by Russ
it just seems abit wierd that it submits without me submitting, and when I do try and submit, it still acts as if the username is wrong or there is no username :cry:

Posted: Tue Jul 30, 2002 1:34 pm
by Russ
this is just crazy now, when I take the ' off the if('$submit'), it looks fine, but doesn't submit when I click submit, and when I add the ' to the if('$submit'), it submits without submitting, and when I do submit, it acts as if nothing was submitted

Posted: Tue Jul 30, 2002 1:45 pm
by llimllib
alright russ, chill out. Breathe, 1, 2, easy, there we go.
First off, if('$submit') is flawed in a couple of ways. If you wanted to check for the existence of a $submit variable, your should do it like if(isset($_POST['submit'])). However, you shouldn't do that. instead, you should do something like if(isset($_POST['username'])) because sometimes broswers don't submit the submit button (funny as that sounds).
I haven't looked over the rest of your script, but that's a good start. Let me know what happens once you do that.

Posted: Tue Jul 30, 2002 2:51 pm
by Russ
okay, thank you, that actually works, but now when I check the username in the database it doesn't seem to work

Posted: Tue Jul 30, 2002 2:58 pm
by Russ
opps, sorry, common spelling error didn't make that work :oops: , but when I submit, it doesn't show the welcome message.

Posted: Tue Jul 30, 2002 2:59 pm
by llimllib
why are you declaring username and password as global? in other programming languages, global makes something available to all functions, but in PHP, global accesses a variable out of local scope that *already* exists, so it doesn't seem that your variables need to be global, and that may in fact handicap you. Also, you should use the $_POST array:

Code: Select all

$username = $_POST&#1111;'username'];
$password = $_POST&#1111;'password'];
Then, if you want to access those variables from inside a function, you could declare "global $username" and you would be set.

Posted: Tue Jul 30, 2002 3:03 pm
by Russ
arrggghh, and also my cookies don't work, this site will be the death of me, taken me 6 months to make, I'll be glad when its done

Posted: Tue Jul 30, 2002 3:06 pm
by cheatboy00
cookies suck....

my opinion is to use sessions.... damn eaiser ...

Posted: Tue Jul 30, 2002 3:10 pm
by Russ
cheatboy00 wrote:cookies suck....

my opinion is to use sessions.... damn eaiser ...
I dunno which is better to be honest, I just read a tutorial on how to make a login script, and they said they will use cookies. Basicly my site will be like a big forum, where ppl can login and comment on reviews/news/atricles etc

Posted: Tue Jul 30, 2002 3:20 pm
by cheatboy00
yeah sessions would be eaiser....

becasue if oyu use cookies your going to have to keep calling them.. $_COOKIE['suff'], or however you do it.

note: this is asuming global varibals is on.

but sessions all you have to do is session_start() at the top of every page...

when they login just do this:

$info_you_want_stored ="stuff";
session_register('info_ou_want_stored');

so when you want to call upon the variable for use just do it like you would for any other variable (so.. $info....)

well that is kinda the basics of it... go check out php.net search for session... they give you more info on it...