Page 1 of 1

teachers login

Posted: Sat Sep 17, 2005 8:39 am
by rami
i could have posted all in one post but i thought may be this might be unanswered so i am posting it in next post
i think it is not wrong
if it is then sorry


tables in mysql
teachers(id,fname,email)
lec_table(id,lecture,question)


i have login page for teachers
<?php
if (isset($_POST['submit']))
require_once ('../mysql_connect.php');


if (empty($_POST['username'])) {
$u = FALSE;
echo '<p><font color="red" size="+1">You forgot to enter your username!</font></p>';
}
else {
$u = escape_data($_POST['username']);}
if (empty($_POST['password'])) {
$p = FALSE;
echo '<p><font color="red" size="+1">You forgot to enter your password!</font></p>';
} else {


$p = escape_data($_POST['password']); }
if ($u && $p) {

$query = "SELECT user_id, first_name FROM students WHERE username='$u' AND password=PASSWORD('$p')";

$result = @mysql_query ($query);
$row = mysql_fetch_array ($result, MYSQL_NUM);
if ($row) {

$_SESSION['first_name'] = $row[1];
$_SESSION['user_id'] = $row[0];

ob_end_clean();

header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/viewuser.php ?

uid=$row['user_id]}""); exit();
} else {
echo '<p><font color="red" size="+1">The username and password entered do not match those on

file.</font></p>'; } mysql_close();
} else {
echo '<p><font color="red" size="+1">Please try again.</font></p>'; } } <h1>Login</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset>
<p><b>User Name:</b> <input type="text"

name="username" size="10" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /></p>
<p><b>Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>
<div align="center"><input

type="submit" name="submit" value="Login" /></div>
</form><!-- End of Form -->

?>
it links to viewteachers

<?php
require_once('../mysql_connect.php');
if (!isset($_SESSION[first_name']))
{
header("location:http//".$_SERVER['HTTP_HOST']. dirname(PHP_SELF]).login.php");
ob_end-clean();
exit();
}
else
if (isset($_GET['uid']))
{
$query="select fname,subjects from teachers where user_id={$GET['uid']}
$results=@mysql_query($query);
if (mysql_affected_row()==1)
{
echo'{name $row['fname']}'<br>
echo'{subject $row['subject']}'<br>
}
// i have not joined table for simplicity now
$query1="select lecture,question from lec_table where user_id={$GET['uid']}
$results=@mysql_query($query1);
if (mysql_affected_row()==1)
{
echo'{name $row['lecture']}'<br>
echo'{subject $row['question']}'<br>
}
else
{
echo'no such no lectures';
}

else
{
echo' no such teacher';


echo '<a href=/"results.php ? uid={$row ['id'}}\">results</a>'
echo '<a href=/"notes.php ? uid={$row ['id'}}\">notes</a>'
mysql_close();
else
{
echo'system error';
exit
}
?>
is the program correct please help
thanks
rami
[/quote]

Posted: Sat Sep 17, 2005 10:24 am
by jayshields
just test it in your web server...

btw, it wont work as it should anyway because you've tried to escape the double quotes in the web links at the bottom ...when it isnt even necessary as they are contained in single quotes... and youve escaped one of them with a forward slash instead of a backslash. lol just looking at the same links again, they have spaces in them aswell.

uber lol, just looked at the same echo lines, you havent closed the lines with semi colons either...

i havent read the rest but i get the idea it will need alot of work.

edit: MEGA LOL!!! just checked larry ulmans book forum and you have posted loads of topics there too, claiming you read the book in 4 days, haha. i thought the code in your post looked familiar, the snippets that look ok and logical have just been copied from his book, hahaha.

if you can read a 572 page book in 4 days and take all the info in, i salute you. i have been reading it for about 6 months and i just got to the last chapter.

maybe you should re-read the book and actually do the examples.

Posted: Sat Sep 17, 2005 12:45 pm
by feyd
rami, do not double post.. official warning.

Posted: Sat Sep 17, 2005 11:09 pm
by rami
jayshields wrote:just test it in your web server...

btw, it wont work as it should anyway because you've tried to escape the double quotes in the web links at the bottom ...when it isnt even necessary as they are contained in single quotes... and youve escaped one of them with a forward slash instead of a backslash. lol just looking at the same links again, they have spaces in them aswell.

uber lol, just looked at the same echo lines, you havent closed the lines with semi colons either...

i havent read the rest but i get the idea it will need alot of work.

edit: MEGA LOL!!! just checked larry ulmans book forum and you have posted loads of topics there too, claiming you read the book in 4 days, haha. i thought the code in your post looked familiar, the snippets that look ok and logical have just been copied from his book, hahaha.

if you can read a 572 page book in 4 days and take all the info in, i salute you. i have been reading it for about 6 months and i just got to the last chapter.

maybe you should re-read the book and actually do the examples.
i read the whole book in 4 days i mean it.
Those introducory part is all same in all programming language...so started from those database tropic

i dont think that its wrong using the logic from the book as it was just what i wanted may be it was what every site need that password and all

allease i didnt tried to copied it all

i am just confused about passing varibales across pages and all

i still think i have got many thing from that books in 4 days .
After i finish my coding and small application with in this month (most probably)
i will definately inform you or may be show you.

i am very very confident that this small script is not going to take 6 month for me.


about posting in that book forum ,it may be becoz of some user like ...who dont answer and just mess up with post so i just felt if not from this forum answer may come from that forum.

i was asking about logic not that ; and , for now ,those are secodary things (they matter but ...)

any way thanks
i think i need to do all myself.

forum for just forum

Posted: Sat Sep 17, 2005 11:17 pm
by rami
feyd wrote:rami, do not double post.. official warning.
please look closely its not the double post ,the login page also slightly differs and that viewteacher and
viewstudents page (of another post) is totally different.

it gave me feeling that you are here just to monitor the thing not to help or go though post
is it?

no hard feeling

thanks for reminding but is not double post ...teacherpage uses diff logic

but no satisfying answer from both post.
thanks

Posted: Sun Sep 18, 2005 6:16 am
by raghavan20
hi rami,
let me offer you some suggestions to your problem before I give you some advice.

i think you want logic more than code

Logic can be:

1. you have a form where the user enters the username and password
2. the authentication script can be on the same page or a different page which you provide in the action field of a form.
3. when you see both the usernames and passwords(use POST), the POST variables are set then you can come inside the authentication code.
4. you can use strip_tags or custom regex to remove malicious input from username and password fields.
5. check the length of both those fields for validation else display not a valid username and/or password.
6. if the inputs are valid use the same sql query you used to check whether an username exists with the password entered by the user.
7. if a row is returned, there exists a user so you can set a session/cookie variable with the name username and value the username itself
8. if no rows returned; print invalid username and password

I assume you dont want get into encryption algorithms at this stage.

Alright, here comes the advice,
1. As an user, you should read the first post of every forum, atleast the posting guidelines which will make your code and post look better.
2. you should have used php tags instead of code tags so read both of them.
3. when you post a code make sure its properly indented; as you see your code is full of if blocks and I dont know which else belongs to which if block.

hope you read the posting guidelines now and edit your first post so that more people can read your post and will give you the best solution.

Posted: Sun Sep 18, 2005 9:44 am
by rami
raghavan20 wrote:hi rami,
let me offer you some suggestions to your problem before I give you some advice.

i think you want logic more than code

Logic can be:

1. you have a form where the user enters the username and password
2. the authentication script can be on the same page or a different page which you provide in the action field of a form.
3. when you see both the usernames and passwords(use POST), the POST variables are set then you can come inside the authentication code.
4. you can use strip_tags or custom regex to remove malicious input from username and password fields.
5. check the length of both those fields for validation else display not a valid username and/or password.
6. if the inputs are valid use the same sql query you used to check whether an username exists with the password entered by the user.
7. if a row is returned, there exists a user so you can set a session/cookie variable with the name username and value the username itself
8. if no rows returned; print invalid username and password

I assume you dont want get into encryption algorithms at this stage.

Alright, here comes the advice,
1. As an user, you should read the first post of every forum, atleast the posting guidelines which will make your code and post look better.
2. you should have used php tags instead of code tags so read both of them.
3. when you post a code make sure its properly indented; as you see your code is full of if blocks and I dont know which else belongs to which if block.

hope you read the posting guidelines now and edit your first post so that more people can read your post and will give you the best solution.
thanks for your good intension ,really appreciable i will take that words for may be later,good intention to help thanks anyway
i have done some programming before
and i am very clear about the logic
in addition to it giving message i have been tried to redirect user to a page(using header) passing variable (a table coulmn)
and in next page user see his/her personal data
as i am planning to do

select * .....where user_id={$_GET[passedcoulmn]};


any way thanks for other words...the password in the table is encrypted using password function for now..and i have been planning to encrypt some files in server using DES.

other advice were good for me...i will take care...

actually i think i was being insane thinking that people will go line by line will have time to debug it ,i have got easyphp myself now so may be i will debug all this myself and post the corrected program soon

any way actually i need code with same logic but i think no body knows where the program with the logic i desire is ..i asked but no site up to now

any way thanks for reply