login help

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
akurashy
Forum Newbie
Posts: 5
Joined: Wed Feb 02, 2005 1:17 pm

login help

Post by akurashy »

hello i just started learning php last saturday and i want to know how to do a login feature, i have already scripted registration with md5 salted
i jjust want now to log in and continue my script
can anyone gimme a example of how to do a login script using cookies or session >_< 8O
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Code: Select all

//initialize session
session_start();

if (!empty($_POST))
&#123;
	//make the query
	$sql = "SELECT * FROM `users` WHERE `username` = '".$_POST&#1111;'username']."' && `password` = '".$_POST&#1111;'password']."' LIMIT 1";
	
	//perform the query w/ error output
	$result = mysql_query($sql) or die(mysql_error);
	
	//check if a row exists
	if (mysql_num_rows($result) > 0)
	&#123;
		//fetch the row checking if row exists
		//get users info
		$user = mysql_fetch_assoc($result);
		
		//create session "logged in"
		$_SESSION&#1111;'loggedin'] = true;
		//add user to session
		$_SESSION&#1111;'username'] = $user&#1111;'username'];
		
		//redirect them to new page
		header("Location: loggedin.html");
	&#125;
&#125;

//put form here
This is a pretty simple way of doing a quick login.
To check on pages to see if they are logged in you would do something like

Code: Select all

if ($_SESSION&#1111;'loggedin'])
&#123;

//show protected content

&#125;
akurashy
Forum Newbie
Posts: 5
Joined: Wed Feb 02, 2005 1:17 pm

Post by akurashy »

where is the password verifier =/?
i mean how i know if the user is in the right paswword O_o
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Code: Select all

$sql = "SELECT * FROM `users` WHERE `username` = '".$_POST&#1111;'username']."' && `password` = '".$_POST&#1111;'password']."' LIMIT 1";
I would also suggest verifying that the post results are letters and numbers only to protect from sql injection. Also I would store the passwords in the database encrypted and encrypt the posted password and compare it to the database.
akurashy
Forum Newbie
Posts: 5
Joined: Wed Feb 02, 2005 1:17 pm

Post by akurashy »

well i have it encrypted

md5 salted
but im confused of how login works
im trying to figure it out of how the function work if you know what i mean
i like to "study" how the feature work and i dont get login thingy
you say i should do a <input name="password"> and do the function and match it to the sql?
Black Unicorn
Forum Commoner
Posts: 48
Joined: Mon Jun 16, 2003 9:19 am
Location: United Kingdom

Logins and forms

Post by Black Unicorn »

The single most important thing is the form. This is where the script gets its user information from.

Code: Select all

if (!empty($_POST))&#123; ...
The form elements have name attributes which the script uses to access their values. So,

Code: Select all

<input type="text" name="username" size="25" maxlength="25" />
is accessed by the PHP script as

Code: Select all

$_POST&#1111;"username"]; // Will contain the value typed into the form element named "username".
This are pretty basic stuff. PHP uses HTML forms ALOT, since it's the most obvious way to transport data from a client to the server. The most useful feature of PhP I find is the

Code: Select all

print_r($_POST)
function, try it out at the start of your script if you're playing with forms.

Regards,
H
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

ok I'll break it down into words for you

Initialize the session to allow use of session variables. Generally has to be on line one.

Check if a form has been submitted by detected any $_POST variables

The query should be changed if you store the passwords encrypted to

Code: Select all

$sql = "SELECT * FROM `users` WHERE `username` = '".$_POST&#1111;'username']."' && `password` = '".md5($_POST&#1111;'password'])."' LIMIT 1";
This will search for 1 row where the username is $_POST['username'] and password is $_POST['password'], encrypted. If there is a match then the username is valid.

Then I run the query and see if a row for this user exists

I then create a session for logged_in to allow access to restricted sites and then store whatever user information I need.

You then redirect him to whatever page you want to a page sayig like you've successfully logged in or whatnot.

If No rows were found, show the form again
akurashy
Forum Newbie
Posts: 5
Joined: Wed Feb 02, 2005 1:17 pm

Post by akurashy »

ah! thanks you phenom :D
akurashy
Forum Newbie
Posts: 5
Joined: Wed Feb 02, 2005 1:17 pm

Post by akurashy »

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /var/www/news/config.php:31) in /var/www/news/login_process.php on line 34

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /var/www/news/config.php:31) in /var/www/news/login_process.php on line 34
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

*sigh* "Please read the tutorial section's thread about header information."
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Phenom wrote: Initialize the session to allow use of session variables. Generally has to be on line one.
And before any output.
Post Reply