login system

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
rashpal
Forum Newbie
Posts: 7
Joined: Tue Apr 15, 2003 7:22 am

login system

Post by rashpal »

Hello,

I'am having problems getting a login system to work, I 've been messin with the code for days and the damm thing won't work.

If anyone can help please see attached code.

9 files in total

index.php
sendto.php
header.php
includedb.php
pageone.php
pagetwo.php
logout.php
logoutform.php
bye.php

Thanks.

RA

//index.php file
<?php

?>
<html>
<head>
</head>
<body>

<form method="POST" action="sendto.php?<?=SID?>">
<?
//error messages to match the type of error

//this message is if no username/password pair is entered
if ($error==1){
echo "<font color=\"#FF0000\" face=\"arial\" size=\"2\">";
echo "Invalid Login - Please try again";
echo "</font>";
echo "<br>";
session_destroy();
}
//this message is if the wrong username/password pair is entered
if ($error==2){
echo "<font color=\"#FF0000\" face=\"arial\" size=\"2\">";
echo "Unauthorized Access - Please Login";
echo "</font>";
echo "<br>";
session_destroy();
}

//this message is if the cookie has expired
if ($error==3){
echo "<font color=\"#FF0000\" face=\"arial\" size=\"2\">";
echo "Session has expired - Please Login";
echo "</font>";
echo "<br>";
session_destroy();
}

//setting the form now for input
?>
<div align="center">name:<br>
<input type="text" name="username" size="20">
<br>
password: <br>
<input type="password" name="password" size="20">
<br>
<input type="submit" value="Submit" name="B1">
<br>
<input type="reset" value="Reset" name="B2">
</div>
</form>
</body>
</html>

//sendto.php file
<?php
//this file is the gateway file. This file is meant as a reroute

session_start(); //start the session
//i used an include file for all of my db stuff.
include("includedb.php");

//added this part because if someone hits submit with the username/password boxes empty, you could get in
//so i set the string length to less than two, but you can use any number you wish - its dependent
//on how long your usernames and passwords must be

$loginstr="$username"."$password";
$loginstrlen=strlen($loginstr);

if ($loginstrlen<2){

//confused on headers? see the manual
//this means - go to index.php

Header("Location: index.php");
$error = 1;
session_register("error");
}


if (@$username && @$password) {
$res = @mysql_query("SELECT username,password FROM $connectdb1 WHERE username='$username' AND password='$password'");
if(@mysql_num_rows($res) != 0) {
Header("Location: pageone.php");
$verified_user = $username;
$verified_userpw = $password;
session_register("verified_user");
session_register("verified_userpw");
//setting a cookie to expire in 60 seconds (you can change it)
//this will not let someone do something after a certain amount(60 seconds) of inactivity
//

setcookie("time",$PHPSESSID,time()+60,"/",".cwams.co.uk",0);
}
else {
//if you are bad, you go back and reenter your password, mister!
Header("Location: index.php");
$error = 1;
session_register("error");
}
}
?>

//header.php file
<?
session_start();
//db stuff
$connection = mysql_connect("localhost","mydbi") or die ("Could not connect to the MySQL Server");
$db = mysql_select_db("mydb", $connection) or die ("Unable to select database.");
$connectdb1="users";

$res = @mysql_query("SELECT username FROM $connectdb1 WHERE username='$verified_user' AND password='$verified_userpw'");

if(@mysql_num_rows($res) == 0) {
Header("Location: index.php");
$error = 2;
session_register("error");
}

//using our good friend cookie here
$time=$HTTP_COOKIE_VARS["time"];
$timesl=strlen($time);
if($timesl<1) {
Header("Location: index.php");
$error = 3;
session_register("error");
}
//if no problems, reset the cookie to expire 60 seconds from now
//see the above file about the domain thing here
setcookie("time",$PHPSESSID,time()+60,"/",".cwams.co.uk",0);
?>

//includedb.php file
<?
//simple db connect
//used for sendto.php


$connection = mysql_connect("localhost","mydb") ("Could not connect to the MySQL Server");
$db = mysql_select_db("cwafsmi", $connection) ("Unable to select database.");
$connectdb1="users";
?>

//pageone.php file
<?php
//add the db stuff
include("header.php");

//for testing purposes, you can see what the username/password is, and i added the
//this is page one part so you can reference the page
//all of this part is unecessary
echo "this is page one";
echo "<br>Your username is: ";
echo $verified_user;
echo "<br>Your password is: ";
echo $verified_userpw;

//add your database query here
$sql1 = "SELECT color FROM $connectdb1 WHERE username=\"$verified_user\"";
$sql_result1 = mysql_query($sql1,$connection) or die ("Cant do sql1");

while ($row = mysql_fetch_object($sql_result1))
{
$color=$row->color;
}

?>
<br>
You did good. this is pageone.php. now go to <a href="pagetwo.php">pagetwo.php</a>
<hr>
<?
//i added a variable to output
echo $color;
?>
<hr>
<?
//adds the logout button
include ("logoutform.php");
?>

//pagetwo.php file
<?php
//add the db stuff
include("header.php");

echo "i knew you could do it!";
echo "<br>";

//database query here
$sql1 = "SELECT color FROM $connectdb1 WHERE username=\"$verified_user\"";
$sql_result1 = mysql_query($sql1,$connection) or die ("Cant do sql1");

while ($row = mysql_fetch_object($sql_result1))
{
$color=$row->color;
}

?>
<br>
You did good. this is pagetwo.php. now go to <a href="pageone.php">pageone.php</a>
<hr>
<?
//i added a variable to output
echo $color;
?>
<hr>
<?
//adds the logout button
include ("logoutform.php");
?>

//logout.php file

<?php

session_start();
//sending you to a custom 'Good-bye' page
Header("Location: bye.php");
$verified_user = " ";
$verified_userpw = " ";
session_register("verified_user");
session_register("verified_userpw");
session_destroy();
?>


//logoutform.php
?php

<form method=\"POST\" action=\"logout.php\">
<input type=\"submit\" value=\"Logout\">
</form>
";
?>

//bye.php file

<?php
//custom 'buh-bye' page
echo "thanks for visiting";
echo "<br>";
echo "<a href=\"index.php\">Login Again</a>";
echo "<hr>";
echo "bet you would like to try to get back into page one without logging in, huh?";
echo "<br>";
echo "go ahead and try, but don't say I didn't warn you!!";
echo "<br>";
echo "<a href=\"pageone.php\">pageone.php";

?>

end.
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

Which version of PHP are you using? Do you get error messages or what happens/does not happen that shouldn't/should?

Mac
User avatar
skylavelle
Forum Newbie
Posts: 18
Joined: Sun May 04, 2003 11:33 pm
Location: Brisbane, Australia

Post by skylavelle »

This is the login I use, it opens up a login box - though what it neat is it only asks you once, until you close the window.

Code: Select all

<?
/*******************************************************************************/
$LOGIN = "";
$PASSWORD = "";
/******************************************************************************/
function error ($error_message) {
echo $error_message."<BR>";
exit;
}

if ( (!isset($PHP_AUTH_USER)) || ! (($PHP_AUTH_USER == $LOGIN) && ( $PHP_AUTH_PW == "$PASSWORD" )) ) {
                header("WWW-Authenticate: Basic entrer="Form2txt admin"");
                header("HTTP/1.0 401 Unauthorized");
                error("Unauthorized access...");
}
?>
Just put it at the top of each page that you want protected.

Cheers
Sky

P.S. You should really indent your code it makes it a lot easier for people to read.
Post Reply