Username and Password
Moderator: General Moderators
-
Straterra
- Forum Regular
- Posts: 527
- Joined: Mon Nov 24, 2003 8:46 am
- Location: Indianapolis, Indiana
- Contact:
Username and Password
I have a database with a table. In the table, I have two columns, one is username and one is password...Now, I am wanting to have someone log in, and PHP checks the database and see if the password corresponds with the username..how would I do this?
- Saethyr
- Forum Contributor
- Posts: 182
- Joined: Thu Sep 25, 2003 9:21 am
- Location: Wichita, Kansas USA
- Contact:
Something along the lines of the following will get you close, I have to leave for training so it may take a more experienced person to look this over and fix my code, but these functions will get you where you need to go.
Saethyr
***Got to looking at it and I had it selecting nothing so I updated it a bit....off to train
Code: Select all
<?php
$sql = "SELECT username, password FROM table WHERE username = '$username' and password = '$password'";
$sql_result = mysql_query($sql);
if (mysql_num_rows($sql_result) != 1)
{
echo "You are not authorized to view this page";
exit;
}
else
{
header('Location: http://www.yourmembersarea.com');
exit;
}
?>Saethyr
***Got to looking at it and I had it selecting nothing so I updated it a bit....off to train
- Saethyr
- Forum Contributor
- Posts: 182
- Joined: Thu Sep 25, 2003 9:21 am
- Location: Wichita, Kansas USA
- Contact:
according to the manual as I have never used [php_man]sqlite[/php_man] it should be
Saethyr
Code: Select all
<?php
$sql = "SELECT username, password FROM table WHERE username = '$username' and password = '$password'";
$sql_result = sqlite_query($sql);
if (sqlite_num_rows($sql_result) != 1)
{
echo "You are not authorized to view this page";
exit;
}
else
{
header('Location: http://www.yourmembersarea.com');
exit;
}
?>Not very secure...
instead of forwarding the user to a page when the login is correct, put some session variables, and then forward him.. on the target page, check if the session variables are set.. else some can just use the url he's being forwarded to...
On all the pages you need secured, include a page called checklogin.php or something (first line on those pages)
checklogin.php:
I think something like this should do the trick...
instead of forwarding the user to a page when the login is correct, put some session variables, and then forward him.. on the target page, check if the session variables are set.. else some can just use the url he's being forwarded to...
Code: Select all
else
{
session_start();
$_SESSION['username']=$username;
if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$ipadres = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ipadres = $_SERVER['REMOTE_ADDR'];
}
$_SESSION['userip']=$ipadres;
header("Location: securepage.php");
}checklogin.php:
Code: Select all
session_start();
if (!isset($_SESSION["username"])) header("Location: login.php");
else {
if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$ipadres = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ipadres = $_SERVER['REMOTE_ADDR'];
}
if ($_SESSION['userip']==$ipadres) header("Location: login.php");
}- Saethyr
- Forum Contributor
- Posts: 182
- Joined: Thu Sep 25, 2003 9:21 am
- Location: Wichita, Kansas USA
- Contact:
aquila,
The reason it was not secure is because I was not trying to write the code for him. He asked how to get the information and use it, I showed him one way and told him that should get him started.
Saethyr
**** Reread my post and realized it sounded a bit flammy, not intentional by any means******
The reason it was not secure is because I was not trying to write the code for him. He asked how to get the information and use it, I showed him one way and told him that should get him started.
Saethyr
**** Reread my post and realized it sounded a bit flammy, not intentional by any means******
-
Straterra
- Forum Regular
- Posts: 527
- Joined: Mon Nov 24, 2003 8:46 am
- Location: Indianapolis, Indiana
- Contact:
This is weird..it says that the pw and username don't match..but they do? This is the code I am using. This code creates a new table, adds the columns and everything..please tell me what is wrong with it.
Code: Select all
<?php
$dbname = 'eckbios';
if ($db = sqlite_open($dbname, 0666, $sqliteerror)){
sqlite_query($db, "create table testing
(username varchar(60),
password varchar(15)
)
");
sqlite_query($db, "insert into testing
(username, password)
values ('testname', 'testpw')");
$username = 'testname';
$password = 'testpw';
$sql = "SELECT username, password FROM testing WHERE username = '$username' and password = '$password'";
$sql_result = sqlite_query($db, $sql);
if (sqlite_num_rows($sql_result) != 1)
{
echo "You are not authorized to view this page";
exit;
}
else
{
echo "You are logged in.";
exit;
}
} else {
die ($sqliteerror);
}
?>Why bother to write your own code when can use a FREE complete username password members area like phpAutoMembersArea, you can view and download the scripts here:
http://www.thedemosite.co.uk/phpautomembersarea/
And its secure
http://www.thedemosite.co.uk/phpautomembersarea/
And its secure