Page 1 of 1
login help
Posted: Wed Feb 02, 2005 1:52 pm
by akurashy
hello i just started learning php last saturday and i want to know how to do a login feature, i have already scripted registration with md5 salted
i jjust want now to log in and continue my script
can anyone gimme a example of how to do a login script using cookies or session >_<

Posted: Wed Feb 02, 2005 2:16 pm
by John Cartwright
Code: Select all
//initialize session
session_start();
if (!empty($_POST))
{
//make the query
$sql = "SELECT * FROM `users` WHERE `username` = '".$_POSTї'username']."' && `password` = '".$_POSTї'password']."' LIMIT 1";
//perform the query w/ error output
$result = mysql_query($sql) or die(mysql_error);
//check if a row exists
if (mysql_num_rows($result) > 0)
{
//fetch the row checking if row exists
//get users info
$user = mysql_fetch_assoc($result);
//create session "logged in"
$_SESSIONї'loggedin'] = true;
//add user to session
$_SESSIONї'username'] = $userї'username'];
//redirect them to new page
header("Location: loggedin.html");
}
}
//put form here
This is a pretty simple way of doing a quick login.
To check on pages to see if they are logged in you would do something like
Code: Select all
if ($_SESSIONї'loggedin'])
{
//show protected content
}
Posted: Wed Feb 02, 2005 7:15 pm
by akurashy
where is the password verifier =/?
i mean how i know if the user is in the right paswword O_o
Posted: Wed Feb 02, 2005 7:25 pm
by John Cartwright
Code: Select all
$sql = "SELECT * FROM `users` WHERE `username` = '".$_POSTї'username']."' && `password` = '".$_POSTї'password']."' LIMIT 1";
I would also suggest verifying that the post results are letters and numbers only to protect from sql injection. Also I would store the passwords in the database encrypted and encrypt the posted password and compare it to the database.
Posted: Wed Feb 02, 2005 11:12 pm
by akurashy
well i have it encrypted
md5 salted
but im confused of how login works
im trying to figure it out of how the function work if you know what i mean
i like to "study" how the feature work and i dont get login thingy
you say i should do a <input name="password"> and do the function and match it to the sql?
Logins and forms
Posted: Thu Feb 03, 2005 4:40 am
by Black Unicorn
The single most important thing is the form. This is where the script gets its user information from.
The form elements have name attributes which the script uses to access their values. So,
Code: Select all
<input type="text" name="username" size="25" maxlength="25" />
is accessed by the PHP script as
Code: Select all
$_POSTї"username"]; // Will contain the value typed into the form element named "username".
This are pretty basic stuff. PHP uses HTML forms ALOT, since it's the most obvious way to transport data from a client to the server. The most useful feature of PhP I find is the
function, try it out at the start of your script if you're playing with forms.
Regards,
H
Posted: Thu Feb 03, 2005 6:08 am
by John Cartwright
ok I'll break it down into words for you
Initialize the session to allow use of session variables. Generally has to be on line one.
Check if a form has been submitted by detected any $_POST variables
The query should be changed if you store the passwords encrypted to
Code: Select all
$sql = "SELECT * FROM `users` WHERE `username` = '".$_POSTї'username']."' && `password` = '".md5($_POSTї'password'])."' LIMIT 1";
This will search for 1 row where the username is $_POST['username'] and password is $_POST['password'], encrypted. If there is a match then the username is valid.
Then I run the query and see if a row for this user exists
I then create a session for logged_in to allow access to restricted sites and then store whatever user information I need.
You then redirect him to whatever page you want to a page sayig like you've successfully logged in or whatnot.
If No rows were found, show the form again
Posted: Thu Feb 03, 2005 8:59 am
by akurashy
ah! thanks you phenom

Posted: Thu Feb 03, 2005 4:25 pm
by akurashy
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /var/www/news/config.php:31) in /var/www/news/login_process.php on line 34
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /var/www/news/config.php:31) in /var/www/news/login_process.php on line 34
Posted: Thu Feb 03, 2005 4:46 pm
by feyd
*sigh* "Please read the tutorial section's thread about header information."
Posted: Fri Feb 04, 2005 8:05 am
by John Cartwright
Phenom wrote:
Initialize the session to allow use of session variables. Generally has to be on line one.
And before any output.