Login and logout

aggiy2k

Friends,

I have created forms to login and logout. but how to write logout program ?.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<form name="login" method="post" action="login.php">
<p> </p>
<table width="75%" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
<tr>
<td>User Name:</td>
<td><input name="user" type="text" id="user"></td>
</tr>
<tr>
<td>Password :</td>
<td><input name="password" type="password" id="password"></td>
</tr>
<tr>
<td colspan="2"><div align="center">
<input type="submit" name="Submit" value="Login">
</div></td>
</tr>
</table>
<p> </p></form>
</body>
</html>

signup.htm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Register</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<form name="register" method="post" action="register.php">
<table width="75%" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
<tr>
<td>Name :</td>
<td><input name="name" type="text" id="name"></td>
</tr>
<tr>
<td>Lname :</td>
<td><input name="lname" type="text" id="lname"></td>
</tr>
<tr>
<td>User Name :</td>
<td><input name="user" type="text" id="user"></td>
</tr>
<tr>
<td>Password :</td>
<td><input name="password" type="password" id="password"></td>
</tr>
<tr>
<td>Email :</td>
<td><input name="email" type="text" id="email"></td>
</tr>
<tr>
<td>Company :</td>
<td><input name="company" type="text" id="company"></td>
</tr>
<tr>
<td>Tel.</td>
<td><input name="tel" type="text" id="tel"></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td><div align="right">
<input type="submit" name="Submit" value="Submit">
</div></td>
<td> <input name="reset" type="reset" id="reset" value="Reset"></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
</table>
</form>
</body>
</html>

now how to write logout program ?.

khaine

How are you storing the fact that they are logged in? if you are using a session variable or a cookie all you need to do is destory the cookie or unset the session variable.

Mark.

aggiy2k

This is how i wrote the program when user registed. Is this correct ?.

$host = "localhost";

MySQL_connect("$host");

MySQL_select_db("user") or die("Could not select database");

$name = $POST['name'];
$lname = $POST['lname'];
$user = $POST['user'];
$password =$POST['password'];
$email = $POST['email'];
$company =$POST['company'];
$tel =$_POST['tel'];

$sql = "INSERT INTO user SET
name ="$name",
lname ="$lname",
user ="$user",
password ="$password",
email="$email",
company ="$company",
tel ="$tel",
");

$result = mysql_query($sql);

if ($result) {

echo(" You have being added");
}
else {
echo(" Error in your datas");
}

MySQL_close()
?>

khaine

The code you have is to register a user on your data base but how do you know whos logged in? The usuall way is a session or a cookie. the cookie is not ideal because these can be turned off or blocked.

As a side note I would write the insert as

$sql = "INSERT INTO user (name, lname, user, password, email, company, tel) values (";
$sql.="\"".$name."\", ";
$sql.="\"".$lname."\",";
$sql.="\"".$user."\",";
$sql.="\"".$password."\",";
$sql.="\"".$email."\",";
$sql.="\"".$company."\",";
$sql.="\"".$tel."\")";

I think it looks neater and is easier to follow and change.

Mark.

aggiy2k

Mark,

It gives error it goes to else condition " error in your data ".

khaine

Whats the error message it gives?

for a guess theres some quotes in one of the fields that is causing problems. try this instead.

$sql = "INSERT INTO user (name, lname, user, password, email, company, tel) values (";
$sql.="\"".addslashes($name)."\", ";
$sql.="\"".addslashes($lname)."\",";
$sql.="\"".addslashes($user)."\",";
$sql.="\"".addslashes($password)."\",";
$sql.="\"".addslashes($email)."\",";
$sql.="\"".addslashes($company)."\",";
$sql.="\"".addslashes($tel)."\")";

aggiy2k

khaine,

Yes you are correct i have wrote wrong table now. I get an error when i login error as " Parse error: parse error in c:\apache\htdocs\login.php on line 13" . I think i have made mistake some where line 13.

$host = "localhost";

MySQL_connect("$host");

MySQL_select_db("user") or die("Could not connect");

$user = $POST['user'];
$password =$POST['password'];

$sql="select * from register";

IF ($user==$rows['user'] & $password==$rows['password'] )

{
echo("You may enter");
} ELSE {
echo("Incorrect username and Password");
}

MySQL_close()
?>

khaine

Your code has got a few flaws in it first of all you never actually populate the $rows variable and your select is a bit abigious. your login script should be more like


<? 

$user = $_POST['user']; 
$password =$_POST['password']; 

// make connection to database
$connect = mysql_connect($host, "username", "password") 
       or die("Could not connect"); 

//select the working database
mysql_select_db("usernames") or die("Could not select database"); 

//base query on username and password.
$query="select * from register where user like '".$user."' and password like '".$password."'"; 
$result = mysql_query($query) or die("Query failed"); 

if ($result)
{ 
    echo("You may enter"); 
}
else
{ 
    echo("Incorrect username and Password"); 
} 

MySQL_close() 

?>

Oh you should also be storing the passwords encrypted. using the password() function of mysql. the storage using the earlier example would be


$sql = "INSERT INTO user (name, lname, user, password, email, company, tel) values ("; 
$sql.="\"".addslashes($name)."\", "; 
$sql.="\"".addslashes($lname)."\","; 
$sql.="\"".addslashes($user)."\","; 
$sql.="\"password(".$password.")\","; 
$sql.="\"".addslashes($email)."\","; 
$sql.="\"".addslashes($company)."\","; 
$sql.="\"".addslashes($tel)."\")";

then you would replace the query from earlier with


$query="select * from register where user like '".$user."' and password like password('".$password."')";

This will store the encrypted password in the database and also compare the password with it still encrypted.