Username and Password

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
Straterra
Forum Regular
Posts: 527
Joined: Mon Nov 24, 2003 8:46 am
Location: Indianapolis, Indiana
Contact:

Username and Password

Post by Straterra »

I have a database with a table. In the table, I have two columns, one is username and one is password...Now, I am wanting to have someone log in, and PHP checks the database and see if the password corresponds with the username..how would I do this?
User avatar
Saethyr
Forum Contributor
Posts: 182
Joined: Thu Sep 25, 2003 9:21 am
Location: Wichita, Kansas USA
Contact:

Post by Saethyr »

Something along the lines of the following will get you close, I have to leave for training so it may take a more experienced person to look this over and fix my code, but these functions will get you where you need to go.

Code: Select all

<?php
$sql = "SELECT username, password FROM table WHERE username = '$username' and password = '$password'";

$sql_result = mysql_query($sql);

if (mysql_num_rows($sql_result) != 1)
  {
     echo "You are not authorized to view this page";
     exit;
  }
   else
  {
      header('Location: http://www.yourmembersarea.com');
      exit;
   }
?>

Saethyr


***Got to looking at it and I had it selecting nothing so I updated it a bit....off to train ;)
Straterra
Forum Regular
Posts: 527
Joined: Mon Nov 24, 2003 8:46 am
Location: Indianapolis, Indiana
Contact:

Post by Straterra »

Well..I don't use MYSQL, I use SQLite, but it should be the same..correct?
User avatar
Saethyr
Forum Contributor
Posts: 182
Joined: Thu Sep 25, 2003 9:21 am
Location: Wichita, Kansas USA
Contact:

Post by Saethyr »

according to the manual as I have never used [php_man]sqlite[/php_man] it should be

Code: Select all

<?php
$sql = "SELECT username, password FROM table WHERE username = '$username' and password = '$password'"; 

$sql_result = sqlite_query($sql); 

if (sqlite_num_rows($sql_result) != 1) 
  { 
     echo "You are not authorized to view this page"; 
     exit; 
  } 
   else 
  { 
      header('Location: http://www.yourmembersarea.com'); 
      exit; 
   } 
?>
Saethyr
User avatar
aquila125
Forum Commoner
Posts: 96
Joined: Tue Dec 09, 2003 10:39 am
Location: Belgium

Post by aquila125 »

Not very secure...

instead of forwarding the user to a page when the login is correct, put some session variables, and then forward him.. on the target page, check if the session variables are set.. else some can just use the url he's being forwarded to...

Code: Select all

else
{
      session_start();
      $_SESSION['username']=$username;
      if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) 
      { 
            $ipadres = $_SERVER['HTTP_X_FORWARDED_FOR']; 
      } 
      else 
      { 
            $ipadres = $_SERVER['REMOTE_ADDR']; 
      }  
      $_SESSION['userip']=$ipadres;
       header("Location: securepage.php");
}
On all the pages you need secured, include a page called checklogin.php or something (first line on those pages)

checklogin.php:

Code: Select all

session_start();
if (!isset($_SESSION["username"])) header("Location: login.php");
else {
      if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) 
      { 
            $ipadres = $_SERVER['HTTP_X_FORWARDED_FOR']; 
      } 
      else 
      { 
            $ipadres = $_SERVER['REMOTE_ADDR']; 
      }  
if ($_SESSION['userip']==$ipadres) header("Location: login.php");
}
I think something like this should do the trick...
User avatar
aquila125
Forum Commoner
Posts: 96
Joined: Tue Dec 09, 2003 10:39 am
Location: Belgium

Post by aquila125 »

Hmm.. just read it's best to save both the forwarded IP (proxy) and the regular instead of just one of them...

not that a big of a change.. just to let you know..
User avatar
Saethyr
Forum Contributor
Posts: 182
Joined: Thu Sep 25, 2003 9:21 am
Location: Wichita, Kansas USA
Contact:

Post by Saethyr »

aquila,

The reason it was not secure is because I was not trying to write the code for him. He asked how to get the information and use it, I showed him one way and told him that should get him started.



Saethyr

**** Reread my post and realized it sounded a bit flammy, not intentional by any means******
Straterra
Forum Regular
Posts: 527
Joined: Mon Nov 24, 2003 8:46 am
Location: Indianapolis, Indiana
Contact:

Post by Straterra »

This is weird..it says that the pw and username don't match..but they do? This is the code I am using. This code creates a new table, adds the columns and everything..please tell me what is wrong with it.

Code: Select all

<?php
$dbname = 'eckbios';
if ($db = sqlite_open($dbname, 0666, $sqliteerror)){
sqlite_query($db, "create table testing
(username varchar(60),
password varchar(15)
)
");
sqlite_query($db, "insert into testing
(username, password)
values ('testname', 'testpw')");
$username = 'testname';
$password = 'testpw';
$sql = "SELECT username, password FROM testing WHERE username = '$username' and password = '$password'"; 

$sql_result = sqlite_query($db, $sql); 

if (sqlite_num_rows($sql_result) != 1) 
  { 
     echo "You are not authorized to view this page"; 
     exit; 
  } 
   else 
  { 
      echo "You are logged in.";
      exit; 
   }
} else {
  die ($sqliteerror);
}
?>
User avatar
aquila125
Forum Commoner
Posts: 96
Joined: Tue Dec 09, 2003 10:39 am
Location: Belgium

Post by aquila125 »

Try to create your table just once.. and do it in a separate script (or use PHPMyAdmin or something..) instead of recreating the same table over and over again...

if it still doesn't work, output both the username you entered and the one in the database, and make sure they match..
Straterra
Forum Regular
Posts: 527
Joined: Mon Nov 24, 2003 8:46 am
Location: Indianapolis, Indiana
Contact:

Post by Straterra »

Weird..it works now! Thanks for your help guys! but..perhaps you could explain to me the whole $ipadres thingy you were doing before?
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

Don't use ipcheck. Sometimes ip changes during session, for example AOL users have different ip on each request.
seiretto
Forum Newbie
Posts: 12
Joined: Thu Jul 17, 2003 9:26 am
Location: UK

Post by seiretto »

Why bother to write your own code when can use a FREE complete username password members area like phpAutoMembersArea, you can view and download the scripts here:

http://www.thedemosite.co.uk/phpautomembersarea/

And its secure :D
Straterra
Forum Regular
Posts: 527
Joined: Mon Nov 24, 2003 8:46 am
Location: Indianapolis, Indiana
Contact:

Post by Straterra »

Because it fills me with pride to write my own..also, if I write my own, I can customize it fully, unlike one someone else wrote. Also, that software is not flexible. It only supports *nix servers.
Post Reply