Page 1 of 1

PHP authentiction

Posted: Fri Sep 13, 2002 12:38 pm
by uniquneo
Can someone help me with this code, its driving me insane for about 4 weeks its obviously that im new to PHP so help would be much appecitated as its what make PHP what it is today.

My problem is with my code for an login script using sessions, mysql and php. Could someone look over this code and possibably get back to me as soon as possible stating whats the errors with it. heres the code in order it used in:-

THIS IS THE LOGIN SCRIPT - NOT THAT I NEED TO TELL YOU


<html>
<head><title>Login to members area</title></head>

<body bgcolor="white">

<h2>Please Login</h2>

<form action="protected.php" method="post">
Username: <input type="text" name="user"><br>
Password: <input type="password" name="pass"><br>
<input type="submit" value="Log In">

</form>
</body>
</html>

PROTECTED PAGE

<?php
include('auth.php');
?>
<html>
<head><title>This is protected</title></head>
<body>
This is protected
</body>
</html>

AUTH PAGE THIS IS WHAT DOES ALL THE WORK MOST PROBABLY THIS IS WHERE THE ERROR IS

<?php
// Start Sessions
session_start();

// Variables for mysql connection
$host="cant give you this";
$user="this";
$pass="and this";
$db="and this";

if (empty($HTTP_SESSION_VARS['user']))
{
// Connect to database

$connection=mysql_connect("cant give u this sorry", "or this", "and this")
or die("Could not connect to the database");

// Select database

$dbselect=mysql_select_db("this to", $connection)
or die("Could not select the database please try again later");

// Query the database

$result=mysql_query("SELECT COUNT(*) AS numfound FROM users WHERE
user='{$HTTP_POST_VARS['user']}' AND pass='{$HTTP_POST_VARS['pass']}'");

// Say what is going to be accepted as a correct login

$result_ar=mysql_fetch_array($result);
if ($result_ar['numfound'] < 1) // Login has failed
{
include('errorlog.html'); // Include file thats tell user he has not logged in correctly
exit;
}
// This user has logged in and set 'user' in session vars
$user = $HTTP_POST_VARS['user'];
session_register('user');
}

?>

THANKYOU CAN YOU HELP :)

Posted: Fri Sep 13, 2002 2:25 pm
by dusty

Code: Select all

if(!isset($_SESSION&#1111;user])) {
  $query = mysql_query("SELECT * FROM users WHERE user = '$_POST&#1111;user]' AND pass = '$_POST&#1111;pass]'");

  if(mysql_num_rows($query) == 0) {
    header("location: errorpage.html");
  } else {
    $user = $_POST&#1111;user];
    session_register("user");
  }
}
it's would be easier to help with your problem if you would explain what it actually is rather than just posting the code and saying there is a problem in it somewhere.

help with the above piece i added in

Posted: Fri Sep 13, 2002 3:53 pm
by uniquneo
// Select database

$dbselect=mysql_select_db("tipsdb", $connection)
or die("Could not select the database please try again later");

if(!isset($_SESSION[user])) {
$query = mysql_query("SELECT * FROM users WHERE user = '$_POST[user] AND pass = '$_POST[pass]'");

if(mysql_num_rows($query) == 0) {
echo "Error with your user and/or pass";
} else {
$user = $_POST[user];
$pass = $_POST[pass];
session_register("user");
}
}
-------------------------------------------------------------------
this is what i added sample of the code above the last

and this is the parse error

Warning: Supplied argument is not a valid MySQL result resource in C:\apache\htdocs\myownloginscript\auth.php on line 24

now line 24 is this line
if(mysql_num_rows($query) == 0) {

Any more help would be gr8

Posted: Fri Sep 13, 2002 4:02 pm
by Takuma

Code: Select all

&lt;?php
  // Select database 

  $dbselect=mysql_select_db("tipsdb", $connection) 
  or die("Could not select the database please try again later"); 

  if(!isset($_SESSION&#1111;user])) { 
    $query = mysql_query("SELECT * FROM users WHERE user = {$_POST&#1111;'usr']} AND pass = {$_POST&#1111;7pass']}"); 

  if(mysql_num_rows($query) == 0) { 
    echo "Error with your user and/or pass"; 
  } else { 
    $user = $_POST&#1111;user]; 
    $pass = $_POST&#1111;pass]; 
    session_register("user"); 
  } 
} 
?&gt;
That should do the trick...

Why not use [ p h p] for php codes?

nope still this is the updated code

Posted: Fri Sep 13, 2002 4:16 pm
by uniquneo

Code: Select all

&lt;?php
// Start Sessions
session_start();

// Variables for mysql connection
$host="www.freesql.org"; 
$user="niallhatton ";
$pass="notprinted";
$db="tipsdb";

// Connect to database 

$connection=mysql_connect("www.freesql.org", "niallhatton", "notprinted")
	or die("Could not connect to the database");

 // Select database 

  $dbselect=mysql_select_db("tipsdb", $connection)  
  or die("Could not select the database please try again later");  

  if(!isset($_SESSION&#1111;user])) {  
    $query = mysql_query("SELECT * FROM users WHERE user = {$_POST&#1111;'user']} AND pass = {$_POST&#1111;'pass']}"); 

  if(mysql_num_rows($query) == 0) { 
    echo "Error with your user and/or pass"; 
  } else { 
    $user = $_POST&#1111;user]; 
    $pass = $_POST&#1111;pass]; 
    session_register("user"); 
  } 
} 


?&gt;

also try the script see the erorrs at http://www.cheatsonline.iwebland.com/ph ... /Login.php
User:testing
Pass:testing
?&gt;

Posted: Fri Sep 13, 2002 4:17 pm
by dusty
i missed the ' at the end of user = '$_POST[user]'

Posted: Fri Sep 13, 2002 4:20 pm
by Takuma
Does this mean it worked? :?

ok so here is the script still dont work though :(

Posted: Fri Sep 13, 2002 4:28 pm
by uniquneo

Code: Select all

&lt;?php
// Start Sessions
session_start();

// Variables for mysql connection
$host="www.freesql.org"; 
$user="niallhatton ";
$pass="";
$db="tipsdb";

// Connect to database 

$connection=mysql_connect("www.freesql.org", "niallhatton", "")
	or die("Could not connect to the database");

 // Select database 

  $dbselect=mysql_select_db("tipsdb", $connection)  
  or die("Could not select the database please try again later");  

 if(!isset($_SESSION&#1111;user])) { 
  $query = mysql_query("SELECT * FROM users WHERE user = '$_POST&#1111;user]' AND pass = '$_POST&#1111;pass]'"); 

  if(mysql_num_rows($query) == 0) { 
    header("errorpage.html"); 
  } else { 
    $user = $_POST&#1111;user]; 
    $pass = $_POST&#1111;pass]; 
    session_register("user"); 
  } 
}

?&gt;



AND THIS IS THE NEW ERROR ALSO IM STILL GETTING THE OUTPUT OF IT THEY ARE AUTHORISED "This is protetected" is this because its not parsing properly

Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in C:\apache\htdocs\myownloginscript\auth.php on line 22
This is protected  
?&gt;

nearly there ppl

Posted: Fri Sep 13, 2002 4:43 pm
by uniquneo
parse errors are gone
now i have the problem of it not authoring properly,
User:testing
Pass:testing @ http://www.cheatsonline.iwebland.com/ph ... /Login.php

but it still is not authoring what ever i put in there, its still showing "This is protected" here is the finla code without the errors

Code: Select all

&amp;lt;?php
// Start Sessions
session_start();

// Variables for mysql connection
$host="www.freesql.org"; 
$user="niallhatton ";
$pass="pompeyfc";
$db="tipsdb";

// Connect to database 

$connection=mysql_connect("www.freesql.org", "niallhatton", "pompeyfc")
	or die("Could not connect to the database");

 // Select database 

  $dbselect=mysql_select_db("tipsdb", $connection)  
  or die("Could not select the database please try again later");  

 if(!isset($_SESSION&#1111;user])) { 
  $query = mysql_query("SELECT * FROM users WHERE user = '$_POST&#1111;user]' AND pass = '$_POST&#1111;pass]'"); 

  if(mysql_num_rows($query) == 0) { 
    header("errorpage.html"); 
  } else { 
    $user = $_POST&#1111;user]; 
    $pass = $_POST&#1111;pass]; 
    session_register("user"); 
  } 
}

?&amp;gt;

so can you tell me whats wrong try it out on the address at the top
?&amp;gt;
[/url]

Posted: Fri Sep 13, 2002 4:48 pm
by Takuma
What's it say if you do this

Code: Select all

&amp;lt;?php
// Start Sessions 
session_start(); 

// Variables for mysql connection 
$host="www.freesql.org";  
$user="niallhatton "; 
$pass=""; 
$db="tipsdb"; 

// Connect to database 

$connection=mysql_connect("www.freesql.org", "niallhatton", "") 
   or die("Could not connect to the database"); 

 // Select database 

  $dbselect=mysql_select_db("tipsdb", $connection)   
  or die("Could not select the database please try again later");   

 if(!isset($_SESSION&#1111;user])) {  
  $query = mysql_query("SELECT * FROM users WHERE user = '$_POST&#1111;user]' AND pass = '$_POST&#1111;pass]'") or die(mysql_error());  

  if(mysql_num_rows($query) == 0) {  
    header("errorpage.html");  
  } else {  
    $user = $_POST&#1111;user];  
    $pass = $_POST&#1111;pass];  
    session_register("user");  
  }  
} 
?&amp;gt;

Posted: Fri Sep 13, 2002 4:56 pm
by uniquneo
using the code above NO ERRORS but it is still accpeting ANY user and PASS

Posted: Fri Sep 13, 2002 5:05 pm
by dusty

Code: Select all

&amp;lt;?
$host = "www.freesql.org";   
$login = "niallhatton ";  
$password = "";  
$db = "tipsdb";  

mysql_connect($host,$login,$password);
mysql_select_db($db);

if(!isset($_SESSION&#1111;user])) { 
  $user = $_POST&#1111;user];
  $pass = $_POST&#1111;pass]; 
  $query = mysql_query("SELECT * FROM users WHERE user = '$user' AND pass = '$pass'"); 

  if(mysql_num_rows($query) == 0) { 
    //header("location: errorpage.html"); 
    echo "User/Pass does not exist";
    die;
  } else { 
    session_register("user"); 
    echo "logged in.";
  } 
}
?&amp;gt;
should work fine if you have the data entered correctly in your table

Posted: Sat Sep 14, 2002 1:02 am
by Takuma
If so some reason dusty's script doesn't work

Code: Select all

&lt;?php
$host = "www.freesql.org";    
$login = "niallhatton ";   
$password = "";   
$db = "tipsdb";   

mysql_connect($host,$login,$password); 
mysql_select_db($db); 

if(!isset($_SESSION&#1111;user])) {  
  $user = $_POST&#1111;user]; 
  $pass = $_POST&#1111;pass];  
  $query = mysql_query("SELECT username FROM users WHERE user = '$user' AND pass = '$pass'");  

  if($query&#1111;"username"] == $user &amp;&amp; !empty($user)) {  
    //header("location: errorpage.html"); 
    echo "User/Pass does not exist"; 
    die; 
  } else {  
    session_register("user");  
    echo "logged in."; 
  }  
} 

?&gt;