PHP authentiction

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
uniquneo
Forum Newbie
Posts: 10
Joined: Thu Aug 22, 2002 2:10 pm
Location: Portsmouth
Contact:

PHP authentiction

Post by uniquneo »

Can someone help me with this code, its driving me insane for about 4 weeks its obviously that im new to PHP so help would be much appecitated as its what make PHP what it is today.

My problem is with my code for an login script using sessions, mysql and php. Could someone look over this code and possibably get back to me as soon as possible stating whats the errors with it. heres the code in order it used in:-

THIS IS THE LOGIN SCRIPT - NOT THAT I NEED TO TELL YOU


<html>
<head><title>Login to members area</title></head>

<body bgcolor="white">

<h2>Please Login</h2>

<form action="protected.php" method="post">
Username: <input type="text" name="user"><br>
Password: <input type="password" name="pass"><br>
<input type="submit" value="Log In">

</form>
</body>
</html>

PROTECTED PAGE

<?php
include('auth.php');
?>
<html>
<head><title>This is protected</title></head>
<body>
This is protected
</body>
</html>

AUTH PAGE THIS IS WHAT DOES ALL THE WORK MOST PROBABLY THIS IS WHERE THE ERROR IS

<?php
// Start Sessions
session_start();

// Variables for mysql connection
$host="cant give you this";
$user="this";
$pass="and this";
$db="and this";

if (empty($HTTP_SESSION_VARS['user']))
{
// Connect to database

$connection=mysql_connect("cant give u this sorry", "or this", "and this")
or die("Could not connect to the database");

// Select database

$dbselect=mysql_select_db("this to", $connection)
or die("Could not select the database please try again later");

// Query the database

$result=mysql_query("SELECT COUNT(*) AS numfound FROM users WHERE
user='{$HTTP_POST_VARS['user']}' AND pass='{$HTTP_POST_VARS['pass']}'");

// Say what is going to be accepted as a correct login

$result_ar=mysql_fetch_array($result);
if ($result_ar['numfound'] < 1) // Login has failed
{
include('errorlog.html'); // Include file thats tell user he has not logged in correctly
exit;
}
// This user has logged in and set 'user' in session vars
$user = $HTTP_POST_VARS['user'];
session_register('user');
}

?>

THANKYOU CAN YOU HELP :)
dusty
Forum Contributor
Posts: 122
Joined: Sun Apr 28, 2002 9:52 pm
Location: Portsmouth, VA

Post by dusty »

Code: Select all

if(!isset($_SESSION&#1111;user])) {
  $query = mysql_query("SELECT * FROM users WHERE user = '$_POST&#1111;user]' AND pass = '$_POST&#1111;pass]'");

  if(mysql_num_rows($query) == 0) {
    header("location: errorpage.html");
  } else {
    $user = $_POST&#1111;user];
    session_register("user");
  }
}
it's would be easier to help with your problem if you would explain what it actually is rather than just posting the code and saying there is a problem in it somewhere.
Last edited by dusty on Fri Sep 13, 2002 4:45 pm, edited 2 times in total.
uniquneo
Forum Newbie
Posts: 10
Joined: Thu Aug 22, 2002 2:10 pm
Location: Portsmouth
Contact:

help with the above piece i added in

Post by uniquneo »

// Select database

$dbselect=mysql_select_db("tipsdb", $connection)
or die("Could not select the database please try again later");

if(!isset($_SESSION[user])) {
$query = mysql_query("SELECT * FROM users WHERE user = '$_POST[user] AND pass = '$_POST[pass]'");

if(mysql_num_rows($query) == 0) {
echo "Error with your user and/or pass";
} else {
$user = $_POST[user];
$pass = $_POST[pass];
session_register("user");
}
}
-------------------------------------------------------------------
this is what i added sample of the code above the last

and this is the parse error

Warning: Supplied argument is not a valid MySQL result resource in C:\apache\htdocs\myownloginscript\auth.php on line 24

now line 24 is this line
if(mysql_num_rows($query) == 0) {

Any more help would be gr8
User avatar
Takuma
Forum Regular
Posts: 931
Joined: Sun Aug 04, 2002 10:24 am
Location: UK
Contact:

Post by Takuma »

Code: Select all

&lt;?php
  // Select database 

  $dbselect=mysql_select_db("tipsdb", $connection) 
  or die("Could not select the database please try again later"); 

  if(!isset($_SESSION&#1111;user])) { 
    $query = mysql_query("SELECT * FROM users WHERE user = {$_POST&#1111;'usr']} AND pass = {$_POST&#1111;7pass']}"); 

  if(mysql_num_rows($query) == 0) { 
    echo "Error with your user and/or pass"; 
  } else { 
    $user = $_POST&#1111;user]; 
    $pass = $_POST&#1111;pass]; 
    session_register("user"); 
  } 
} 
?&gt;
That should do the trick...

Why not use [ p h p] for php codes?
uniquneo
Forum Newbie
Posts: 10
Joined: Thu Aug 22, 2002 2:10 pm
Location: Portsmouth
Contact:

nope still this is the updated code

Post by uniquneo »

Code: Select all

&lt;?php
// Start Sessions
session_start();

// Variables for mysql connection
$host="www.freesql.org"; 
$user="niallhatton ";
$pass="notprinted";
$db="tipsdb";

// Connect to database 

$connection=mysql_connect("www.freesql.org", "niallhatton", "notprinted")
	or die("Could not connect to the database");

 // Select database 

  $dbselect=mysql_select_db("tipsdb", $connection)  
  or die("Could not select the database please try again later");  

  if(!isset($_SESSION&#1111;user])) {  
    $query = mysql_query("SELECT * FROM users WHERE user = {$_POST&#1111;'user']} AND pass = {$_POST&#1111;'pass']}"); 

  if(mysql_num_rows($query) == 0) { 
    echo "Error with your user and/or pass"; 
  } else { 
    $user = $_POST&#1111;user]; 
    $pass = $_POST&#1111;pass]; 
    session_register("user"); 
  } 
} 


?&gt;

also try the script see the erorrs at http://www.cheatsonline.iwebland.com/ph ... /Login.php
User:testing
Pass:testing
?&gt;
dusty
Forum Contributor
Posts: 122
Joined: Sun Apr 28, 2002 9:52 pm
Location: Portsmouth, VA

Post by dusty »

i missed the ' at the end of user = '$_POST[user]'
User avatar
Takuma
Forum Regular
Posts: 931
Joined: Sun Aug 04, 2002 10:24 am
Location: UK
Contact:

Post by Takuma »

Does this mean it worked? :?
uniquneo
Forum Newbie
Posts: 10
Joined: Thu Aug 22, 2002 2:10 pm
Location: Portsmouth
Contact:

ok so here is the script still dont work though :(

Post by uniquneo »

Code: Select all

&lt;?php
// Start Sessions
session_start();

// Variables for mysql connection
$host="www.freesql.org"; 
$user="niallhatton ";
$pass="";
$db="tipsdb";

// Connect to database 

$connection=mysql_connect("www.freesql.org", "niallhatton", "")
	or die("Could not connect to the database");

 // Select database 

  $dbselect=mysql_select_db("tipsdb", $connection)  
  or die("Could not select the database please try again later");  

 if(!isset($_SESSION&#1111;user])) { 
  $query = mysql_query("SELECT * FROM users WHERE user = '$_POST&#1111;user]' AND pass = '$_POST&#1111;pass]'"); 

  if(mysql_num_rows($query) == 0) { 
    header("errorpage.html"); 
  } else { 
    $user = $_POST&#1111;user]; 
    $pass = $_POST&#1111;pass]; 
    session_register("user"); 
  } 
}

?&gt;



AND THIS IS THE NEW ERROR ALSO IM STILL GETTING THE OUTPUT OF IT THEY ARE AUTHORISED "This is protetected" is this because its not parsing properly

Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in C:\apache\htdocs\myownloginscript\auth.php on line 22
This is protected  
?&gt;
uniquneo
Forum Newbie
Posts: 10
Joined: Thu Aug 22, 2002 2:10 pm
Location: Portsmouth
Contact:

nearly there ppl

Post by uniquneo »

parse errors are gone
now i have the problem of it not authoring properly,
User:testing
Pass:testing @ http://www.cheatsonline.iwebland.com/ph ... /Login.php

but it still is not authoring what ever i put in there, its still showing "This is protected" here is the finla code without the errors

Code: Select all

&amp;lt;?php
// Start Sessions
session_start();

// Variables for mysql connection
$host="www.freesql.org"; 
$user="niallhatton ";
$pass="pompeyfc";
$db="tipsdb";

// Connect to database 

$connection=mysql_connect("www.freesql.org", "niallhatton", "pompeyfc")
	or die("Could not connect to the database");

 // Select database 

  $dbselect=mysql_select_db("tipsdb", $connection)  
  or die("Could not select the database please try again later");  

 if(!isset($_SESSION&#1111;user])) { 
  $query = mysql_query("SELECT * FROM users WHERE user = '$_POST&#1111;user]' AND pass = '$_POST&#1111;pass]'"); 

  if(mysql_num_rows($query) == 0) { 
    header("errorpage.html"); 
  } else { 
    $user = $_POST&#1111;user]; 
    $pass = $_POST&#1111;pass]; 
    session_register("user"); 
  } 
}

?&amp;gt;

so can you tell me whats wrong try it out on the address at the top
?&amp;gt;
[/url]
User avatar
Takuma
Forum Regular
Posts: 931
Joined: Sun Aug 04, 2002 10:24 am
Location: UK
Contact:

Post by Takuma »

What's it say if you do this

Code: Select all

&amp;lt;?php
// Start Sessions 
session_start(); 

// Variables for mysql connection 
$host="www.freesql.org";  
$user="niallhatton "; 
$pass=""; 
$db="tipsdb"; 

// Connect to database 

$connection=mysql_connect("www.freesql.org", "niallhatton", "") 
   or die("Could not connect to the database"); 

 // Select database 

  $dbselect=mysql_select_db("tipsdb", $connection)   
  or die("Could not select the database please try again later");   

 if(!isset($_SESSION&#1111;user])) {  
  $query = mysql_query("SELECT * FROM users WHERE user = '$_POST&#1111;user]' AND pass = '$_POST&#1111;pass]'") or die(mysql_error());  

  if(mysql_num_rows($query) == 0) {  
    header("errorpage.html");  
  } else {  
    $user = $_POST&#1111;user];  
    $pass = $_POST&#1111;pass];  
    session_register("user");  
  }  
} 
?&amp;gt;
uniquneo
Forum Newbie
Posts: 10
Joined: Thu Aug 22, 2002 2:10 pm
Location: Portsmouth
Contact:

Post by uniquneo »

using the code above NO ERRORS but it is still accpeting ANY user and PASS
dusty
Forum Contributor
Posts: 122
Joined: Sun Apr 28, 2002 9:52 pm
Location: Portsmouth, VA

Post by dusty »

Code: Select all

&amp;lt;?
$host = "www.freesql.org";   
$login = "niallhatton ";  
$password = "";  
$db = "tipsdb";  

mysql_connect($host,$login,$password);
mysql_select_db($db);

if(!isset($_SESSION&#1111;user])) { 
  $user = $_POST&#1111;user];
  $pass = $_POST&#1111;pass]; 
  $query = mysql_query("SELECT * FROM users WHERE user = '$user' AND pass = '$pass'"); 

  if(mysql_num_rows($query) == 0) { 
    //header("location: errorpage.html"); 
    echo "User/Pass does not exist";
    die;
  } else { 
    session_register("user"); 
    echo "logged in.";
  } 
}
?&amp;gt;
should work fine if you have the data entered correctly in your table
User avatar
Takuma
Forum Regular
Posts: 931
Joined: Sun Aug 04, 2002 10:24 am
Location: UK
Contact:

Post by Takuma »

If so some reason dusty's script doesn't work

Code: Select all

&lt;?php
$host = "www.freesql.org";    
$login = "niallhatton ";   
$password = "";   
$db = "tipsdb";   

mysql_connect($host,$login,$password); 
mysql_select_db($db); 

if(!isset($_SESSION&#1111;user])) {  
  $user = $_POST&#1111;user]; 
  $pass = $_POST&#1111;pass];  
  $query = mysql_query("SELECT username FROM users WHERE user = '$user' AND pass = '$pass'");  

  if($query&#1111;"username"] == $user &amp;&amp; !empty($user)) {  
    //header("location: errorpage.html"); 
    echo "User/Pass does not exist"; 
    die; 
  } else {  
    session_register("user");  
    echo "logged in."; 
  }  
} 

?&gt;
Post Reply