Username Password

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
eoinmick
Forum Newbie
Posts: 22
Joined: Fri Mar 26, 2004 12:30 pm

Username Password

Post by eoinmick »

Wondering can anyone tell me what i could do with the code below...i have a login page programmed in HTML;where the user enters their username and password, then i have an adminlogin page which checks the iput..the problem is that by the time the user presses the sumbit button it goes right to the adminlogin page regardless of what they entered...could i put all the code in one form; if what they summit is correct,goes to another page: if incorrect stays on that form...hope this makes sense!!!
Code!
LOGIN.PHP
<html>
<head><title>Admin Login</title></head>

<body>

<body text="blue" BGCOLOR="FFFFCC">

<center><img src="http://www.webcom.com/graphics/formt.gif"
width=150 height=100</center>

<center>
<font size="3"><p align=center>
<h1>Admin Login</h1>
</center>
<p>

<form action="adminlogin.php" method="post">
Enter user name: <input type="text" name="username"><p>
Enter password: <input type="password" name="password"><p>
<input type='submit' value='submit'>
</form>

</body>

</html>

ADMINLOGIN
<html>

<head><title>Admin Login</title></head>

<body>

<h1><center>Admin Login</center></h1>

<body text="blue" BGCOLOR="FFFFCC">

<center>

Code: Select all

<?php


        $user="";
	$host="";
	$password="";
	$database="";
	$connection = mysql_connect($host,$user,$password) 
        or die ("connection to server failed.");

$connection = mysql_connect($host,$user,$password)
or die ("couldn't connect to server");
  
$db = mysql_select_db($database,$connection)
or die ("Couldn't select database");

$password= $HTTP_POST_VARS['password'];
$username=$HTTP_POST_VARS['username'];
$query ="SELECT password FROM users WHERE username= '$username'";
$result = mysql_query($query)
	or die("couldn't excute query.");
$row = mysql_fetch_array($result,MYSQL_ASSOC);

if ($username == $row['password'])
{

	/*  this only outputs the password as it is the only thing called in the query*/

	echo "<h1>$username:</h1>";
	echo "<h1>valid password!</h1>";
        
	
	$query1 = "SELECT * FROM users WHERE username= '$username'";
	$result1 = mysql_query($query1) 
		or die("couldn't excute query.");
		
	while ($row1 = mysql_fetch_array($result1))
	

		
	       
        {
		extract($row1);
                echo " <table border = 2 width=70%>";
                
		
	}
	
	echo "</table>";
}

else

	{
             echo "<h1>invalid User name or password</h1>";
             echo "<h2>Please retype!!<h2>";   
       }

?>

</center>
<p>

<center><img src="http://www.webcom.com/graphics/formt.gif"
width=150 height=100</center>

<br>
<align="center"><font size="3"><a href="http://~u2ell/flightsinput.php"><FONT COLOR="red">Enter Flight Details</a></font>
<br>
<align="center"><font size="3"><a href="http://~u2ell/flightpricesinput.php"><FONT COLOR="red">Enter Flight Prices</a></font>

</body>

</html>

Thanks.
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

if ($username == $row['password'])

The password is the same as the username ?
eoinmick
Forum Newbie
Posts: 22
Joined: Fri Mar 26, 2004 12:30 pm

Post by eoinmick »

just changed that thanks
magicrobotmonkey
Forum Regular
Posts: 888
Joined: Sun Mar 21, 2004 1:09 pm
Location: Cambridge, MA

Post by magicrobotmonkey »

You could combine your pages or build one control php like this psuedo code
if(nothing posted or incorrect username or password)
include(login form)
else if(correct username password)
include(admin page)
eoinmick
Forum Newbie
Posts: 22
Joined: Fri Mar 26, 2004 12:30 pm

Post by eoinmick »

when you say combine do you mean like this??
_________
<html>
<head><title>Admin Login</title></head>

<body>

<body text="blue" BGCOLOR="FFFFCC">

<center><img src="http://www.webcom.com/graphics/formt.gif"
width=150 height=100</center>

<center>
<font size="3"><p align=center>
<h1>Admin Login</h1>
</center>
<p>

<form method="post"action="<?php echo $PHP_SELF?>">
Enter user name: <input type="text" name="username"><p>
Enter password: <input type="password" name="password"><p>
<input type='submit' value='submit'>
</form>

Code: Select all

<?php 


   $user="u2ell"; 
   $host="mysql"; 
   $password=""; 
   $database="u2ell"; 
   $connection = mysql_connect($host,$user,$password) 
        or die ("connection to server failed."); 

$connection = mysql_connect($host,$user,$password) 
or die ("couldn't connect to server"); 
  
$db = mysql_select_db($database,$connection) 
or die ("Couldn't select database"); 

$password= $HTTP_POST_VARS['password']; 
$username=$HTTP_POST_VARS['username']; 
$query ="SELECT password FROM users WHERE username= '$username'"; 
$result = mysql_query($query) 
   or die("couldn't excute query."); 
$row = mysql_fetch_array($result,MYSQL_ASSOC); 

if ($password == $row['password']) 
{ 

   /*  this only outputs the password as it is the only thing called in the query*/ 

   echo "<h1>$username:</h1>"; 
   echo "<h1>valid password!</h1>"; 
        
    
   $query1 = "SELECT * FROM users WHERE username= '$username'"; 
   $result1 = mysql_query($query1) 
      or die("couldn't excute query."); 
       
   while ($row1 = mysql_fetch_array($result1))
} 
    
        
        { 
      extract($row1); 
                echo " <table border = 2 width=70%>"; 
                
       
   } 
    
   echo "</table>"; 
} 

else 

   { 
             echo "<h1>invalid User name or password</h1>"; 
             echo "<h2>Please retype!!<h2>";    
       } 

?>





</center>
<p>

<center><img src="http://www.webcom.com/graphics/formt.gif"
width=150 height=100</center>

<br>
<align="center"><font size="3"><a href="http://~u2ell/flightsinput.php"><FONT COLOR="red">Enter Flight Details</a></font>
<br>
<align="center"><font size="3"><a href="http://~u2ell/flightpricesinput.php"><FONT COLOR="red">Enter Flight Prices</a></font>

</body>

</html>
magicrobotmonkey
Forum Regular
Posts: 888
Joined: Sun Mar 21, 2004 1:09 pm
Location: Cambridge, MA

Post by magicrobotmonkey »

Yes, with a kind of.

The way you have it right now you are going to see the login screen every time. You know that you can use PHP to output html, right? So do that. Or just include different files depending on what comes through in the $_POST vars. like

Code: Select all

<?php
  if(!isset($_POST['username']) || $_POST['password']!=$password)
        include "login.inc";
  else
       include "dostuff.inc";
?>
or you may want to check to see if isset $_POST first, before you hit the dbase to avoid extraneous hits. but do you see what I mean? You can even put this code in the middle of a "template" page with headers and footers and the inc files will only contain the forms you want. Note that this is only psuedo code and you will have to check for a lot of other stuff before deciding what to do - like make sure the username is in the dbase and such

Then, within login.inc you can discover what the problem was and let the user know what they did wrong to help them do it right.
eoinmick
Forum Newbie
Posts: 22
Joined: Fri Mar 26, 2004 12:30 pm

Post by eoinmick »

Really only new to PHP and do not completly understand..sorry.
Pozor
Forum Commoner
Posts: 74
Joined: Tue Mar 30, 2004 11:11 pm
Location: Switzerland

Post by Pozor »

hello,

only two things:

dont do the unsafe way, and name your files .inc -> they could be read by everyone if you have it in the web folder!
solution: name they .inc.php is way better


you save a password clear in the DB -> dangerous solution
you should design every system,so that an evil admin hasn't the chance to figure out passwords -> this is a good programm style
save it as md5 hash.
forgot the password -> create a new one.

Code: Select all

<?php
//function: 
$md5hash =  md5($string);
?>

Code: Select all

<?php
  if((!isset($_POST['username']) or (md5($_POST['password'])!=$password))
  { 
     include_once('login.inc.php'); 
   }else
  {
     include_once('dostuff.inc.php'); 
  } 
  ?>

greez Pozor
magicrobotmonkey
Forum Regular
Posts: 888
Joined: Sun Mar 21, 2004 1:09 pm
Location: Cambridge, MA

Post by magicrobotmonkey »

Oh, yea true about the file endings I'm so used to hosting my own where I can customize apache so i dont allow anything but my driver file to be accessed so everything else i can just name whatever
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Re: Username Password

Post by malcolmboston »

just a quick note, you should update your syntax, as some of the syntax you are using is old and wont be guaranteed to work in the future

Code: Select all

// old posted data $HTTP_POST_VARS['data']
// new posted data $_POST['data']
// GET is exactly the same and should be $_GET['data']
Post Reply