Hello,
I'am having problems getting a login system to work, I 've been messin with the code for days and the damm thing won't work.
If anyone can help please see attached code.
9 files in total
index.php
sendto.php
header.php
includedb.php
pageone.php
pagetwo.php
logout.php
logoutform.php
bye.php
Thanks.
RA
//index.php file
<?php
?>
<html>
<head>
</head>
<body>
<form method="POST" action="sendto.php?<?=SID?>">
<?
//error messages to match the type of error
//this message is if no username/password pair is entered
if ($error==1){
echo "<font color=\"#FF0000\" face=\"arial\" size=\"2\">";
echo "Invalid Login - Please try again";
echo "</font>";
echo "<br>";
session_destroy();
}
//this message is if the wrong username/password pair is entered
if ($error==2){
echo "<font color=\"#FF0000\" face=\"arial\" size=\"2\">";
echo "Unauthorized Access - Please Login";
echo "</font>";
echo "<br>";
session_destroy();
}
//this message is if the cookie has expired
if ($error==3){
echo "<font color=\"#FF0000\" face=\"arial\" size=\"2\">";
echo "Session has expired - Please Login";
echo "</font>";
echo "<br>";
session_destroy();
}
//setting the form now for input
?>
<div align="center">name:<br>
<input type="text" name="username" size="20">
<br>
password: <br>
<input type="password" name="password" size="20">
<br>
<input type="submit" value="Submit" name="B1">
<br>
<input type="reset" value="Reset" name="B2">
</div>
</form>
</body>
</html>
//sendto.php file
<?php
//this file is the gateway file. This file is meant as a reroute
session_start(); //start the session
//i used an include file for all of my db stuff.
include("includedb.php");
//added this part because if someone hits submit with the username/password boxes empty, you could get in
//so i set the string length to less than two, but you can use any number you wish - its dependent
//on how long your usernames and passwords must be
$loginstr="$username"."$password";
$loginstrlen=strlen($loginstr);
if ($loginstrlen<2){
//confused on headers? see the manual
//this means - go to index.php
Header("Location: index.php");
$error = 1;
session_register("error");
}
if (@$username && @$password) {
$res = @mysql_query("SELECT username,password FROM $connectdb1 WHERE username='$username' AND password='$password'");
if(@mysql_num_rows($res) != 0) {
Header("Location: pageone.php");
$verified_user = $username;
$verified_userpw = $password;
session_register("verified_user");
session_register("verified_userpw");
//setting a cookie to expire in 60 seconds (you can change it)
//this will not let someone do something after a certain amount(60 seconds) of inactivity
//
setcookie("time",$PHPSESSID,time()+60,"/",".cwams.co.uk",0);
}
else {
//if you are bad, you go back and reenter your password, mister!
Header("Location: index.php");
$error = 1;
session_register("error");
}
}
?>
//header.php file
<?
session_start();
//db stuff
$connection = mysql_connect("localhost","mydbi") or die ("Could not connect to the MySQL Server");
$db = mysql_select_db("mydb", $connection) or die ("Unable to select database.");
$connectdb1="users";
$res = @mysql_query("SELECT username FROM $connectdb1 WHERE username='$verified_user' AND password='$verified_userpw'");
if(@mysql_num_rows($res) == 0) {
Header("Location: index.php");
$error = 2;
session_register("error");
}
//using our good friend cookie here
$time=$HTTP_COOKIE_VARS["time"];
$timesl=strlen($time);
if($timesl<1) {
Header("Location: index.php");
$error = 3;
session_register("error");
}
//if no problems, reset the cookie to expire 60 seconds from now
//see the above file about the domain thing here
setcookie("time",$PHPSESSID,time()+60,"/",".cwams.co.uk",0);
?>
//includedb.php file
<?
//simple db connect
//used for sendto.php
$connection = mysql_connect("localhost","mydb") ("Could not connect to the MySQL Server");
$db = mysql_select_db("cwafsmi", $connection) ("Unable to select database.");
$connectdb1="users";
?>
//pageone.php file
<?php
//add the db stuff
include("header.php");
//for testing purposes, you can see what the username/password is, and i added the
//this is page one part so you can reference the page
//all of this part is unecessary
echo "this is page one";
echo "<br>Your username is: ";
echo $verified_user;
echo "<br>Your password is: ";
echo $verified_userpw;
//add your database query here
$sql1 = "SELECT color FROM $connectdb1 WHERE username=\"$verified_user\"";
$sql_result1 = mysql_query($sql1,$connection) or die ("Cant do sql1");
while ($row = mysql_fetch_object($sql_result1))
{
$color=$row->color;
}
?>
<br>
You did good. this is pageone.php. now go to <a href="pagetwo.php">pagetwo.php</a>
<hr>
<?
//i added a variable to output
echo $color;
?>
<hr>
<?
//adds the logout button
include ("logoutform.php");
?>
//pagetwo.php file
<?php
//add the db stuff
include("header.php");
echo "i knew you could do it!";
echo "<br>";
//database query here
$sql1 = "SELECT color FROM $connectdb1 WHERE username=\"$verified_user\"";
$sql_result1 = mysql_query($sql1,$connection) or die ("Cant do sql1");
while ($row = mysql_fetch_object($sql_result1))
{
$color=$row->color;
}
?>
<br>
You did good. this is pagetwo.php. now go to <a href="pageone.php">pageone.php</a>
<hr>
<?
//i added a variable to output
echo $color;
?>
<hr>
<?
//adds the logout button
include ("logoutform.php");
?>
//logout.php file
<?php
session_start();
//sending you to a custom 'Good-bye' page
Header("Location: bye.php");
$verified_user = " ";
$verified_userpw = " ";
session_register("verified_user");
session_register("verified_userpw");
session_destroy();
?>
//logoutform.php
?php
<form method=\"POST\" action=\"logout.php\">
<input type=\"submit\" value=\"Logout\">
</form>
";
?>
//bye.php file
<?php
//custom 'buh-bye' page
echo "thanks for visiting";
echo "<br>";
echo "<a href=\"index.php\">Login Again</a>";
echo "<hr>";
echo "bet you would like to try to get back into page one without logging in, huh?";
echo "<br>";
echo "go ahead and try, but don't say I didn't warn you!!";
echo "<br>";
echo "<a href=\"pageone.php\">pageone.php";
?>
end.
login system
Moderator: General Moderators
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
- skylavelle
- Forum Newbie
- Posts: 18
- Joined: Sun May 04, 2003 11:33 pm
- Location: Brisbane, Australia
This is the login I use, it opens up a login box - though what it neat is it only asks you once, until you close the window.
Just put it at the top of each page that you want protected.
Cheers
Sky
P.S. You should really indent your code it makes it a lot easier for people to read.
Code: Select all
<?
/*******************************************************************************/
$LOGIN = "";
$PASSWORD = "";
/******************************************************************************/
function error ($error_message) {
echo $error_message."<BR>";
exit;
}
if ( (!isset($PHP_AUTH_USER)) || ! (($PHP_AUTH_USER == $LOGIN) && ( $PHP_AUTH_PW == "$PASSWORD" )) ) {
header("WWW-Authenticate: Basic entrer="Form2txt admin"");
header("HTTP/1.0 401 Unauthorized");
error("Unauthorized access...");
}
?>Cheers
Sky
P.S. You should really indent your code it makes it a lot easier for people to read.