Page 1 of 1
Username and Password
Posted: Wed Dec 17, 2003 8:23 am
by Straterra
I have a database with a table. In the table, I have two columns, one is username and one is password...Now, I am wanting to have someone log in, and PHP checks the database and see if the password corresponds with the username..how would I do this?
Posted: Wed Dec 17, 2003 8:47 am
by Saethyr
Something along the lines of the following will get you close, I have to leave for training so it may take a more experienced person to look this over and fix my code, but these functions will get you where you need to go.
Code: Select all
<?php
$sql = "SELECT username, password FROM table WHERE username = '$username' and password = '$password'";
$sql_result = mysql_query($sql);
if (mysql_num_rows($sql_result) != 1)
{
echo "You are not authorized to view this page";
exit;
}
else
{
header('Location: http://www.yourmembersarea.com');
exit;
}
?>
Saethyr
***Got to looking at it and I had it selecting nothing so I updated it a bit....off to train

Posted: Wed Dec 17, 2003 8:58 am
by Straterra
Well..I don't use MYSQL, I use SQLite, but it should be the same..correct?
Posted: Wed Dec 17, 2003 11:26 am
by Saethyr
according to the manual as I have never used [php_man]sqlite[/php_man] it should be
Code: Select all
<?php
$sql = "SELECT username, password FROM table WHERE username = '$username' and password = '$password'";
$sql_result = sqlite_query($sql);
if (sqlite_num_rows($sql_result) != 1)
{
echo "You are not authorized to view this page";
exit;
}
else
{
header('Location: http://www.yourmembersarea.com');
exit;
}
?>
Saethyr
Posted: Wed Dec 17, 2003 12:17 pm
by aquila125
Not very secure...
instead of forwarding the user to a page when the login is correct, put some session variables, and then forward him.. on the target page, check if the session variables are set.. else some can just use the url he's being forwarded to...
Code: Select all
else
{
session_start();
$_SESSION['username']=$username;
if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$ipadres = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ipadres = $_SERVER['REMOTE_ADDR'];
}
$_SESSION['userip']=$ipadres;
header("Location: securepage.php");
}
On all the pages you need secured, include a page called checklogin.php or something (first line on those pages)
checklogin.php:
Code: Select all
session_start();
if (!isset($_SESSION["username"])) header("Location: login.php");
else {
if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$ipadres = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ipadres = $_SERVER['REMOTE_ADDR'];
}
if ($_SESSION['userip']==$ipadres) header("Location: login.php");
}
I think something like this should do the trick...
Posted: Wed Dec 17, 2003 12:19 pm
by aquila125
Hmm.. just read it's best to save both the forwarded IP (proxy) and the regular instead of just one of them...
not that a big of a change.. just to let you know..
Posted: Wed Dec 17, 2003 1:52 pm
by Saethyr
aquila,
The reason it was not secure is because I was not trying to write the code for him. He asked how to get the information and use it, I showed him one way and told him that should get him started.
Saethyr
**** Reread my post and realized it sounded a bit flammy, not intentional by any means******
Posted: Wed Dec 17, 2003 4:24 pm
by Straterra
This is weird..it says that the pw and username don't match..but they do? This is the code I am using. This code creates a new table, adds the columns and everything..please tell me what is wrong with it.
Code: Select all
<?php
$dbname = 'eckbios';
if ($db = sqlite_open($dbname, 0666, $sqliteerror)){
sqlite_query($db, "create table testing
(username varchar(60),
password varchar(15)
)
");
sqlite_query($db, "insert into testing
(username, password)
values ('testname', 'testpw')");
$username = 'testname';
$password = 'testpw';
$sql = "SELECT username, password FROM testing WHERE username = '$username' and password = '$password'";
$sql_result = sqlite_query($db, $sql);
if (sqlite_num_rows($sql_result) != 1)
{
echo "You are not authorized to view this page";
exit;
}
else
{
echo "You are logged in.";
exit;
}
} else {
die ($sqliteerror);
}
?>
Posted: Wed Dec 17, 2003 4:48 pm
by aquila125
Try to create your table just once.. and do it in a separate script (or use PHPMyAdmin or something..) instead of recreating the same table over and over again...
if it still doesn't work, output both the username you entered and the one in the database, and make sure they match..
Posted: Wed Dec 17, 2003 4:57 pm
by Straterra
Weird..it works now! Thanks for your help guys! but..perhaps you could explain to me the whole $ipadres thingy you were doing before?
Posted: Wed Dec 17, 2003 5:16 pm
by Weirdan
Don't use ipcheck. Sometimes ip changes during session, for example AOL users have different ip on each request.
Posted: Thu Dec 18, 2003 6:03 am
by seiretto
Why bother to write your own code when can use a FREE complete username password members area like phpAutoMembersArea, you can view and download the scripts here:
http://www.thedemosite.co.uk/phpautomembersarea/
And its secure

Posted: Thu Dec 18, 2003 8:35 am
by Straterra
Because it fills me with pride to write my own..also, if I write my own, I can customize it fully, unlike one someone else wrote. Also, that software is not flexible. It only supports *nix servers.