user login article?

pinehead18

Does anybody know a url to a user auth system written on phpbuilder?

I am unable to find one yet i have herd about one being on here somewhere.

Thanks, Anthony

waltherjt

I have one. It takes 3 values from a form, rep_id, email, password. You can modify this if you need. Basically it checks for missing values, verify they are a valid user, and sets two cookies, one for their rep_id, and the other to use for authorization on all pages they need to be logged in to see.

<?
//check to see if all fields have values
if((!$POST[rep_id]) || (!$POST[email]) || (!$_POST[password])) {
header("Location: http://address.com/ofyourloginpage.html");
exit;
}

//check to see if rep is valid by counting rows where all three variables match database.

$connection = @mysql_connect("localhost", "username", "password");
$db = @mysql_select_db(database_name, $connection);
$sql = "SELECT * FROM reps WHERE id = '$POST[rep_id]' AND email = '$POST[email]' AND pass = password('$_POST[password]')";
$result = @($sql, $connection);
$num = mysql_num_rows($result);

if ((!$result)||($num!=1)) {
header( "Location: http://address.com/ofyourloginpage.html");
exit;
} else {

$rep_id = $_POST[rep_id];

//if rep is valid set rep id cookie and auth ok
setcookie(rep_id, $rep_id);
setcookie(auth, "ok");
$msg = "you are now logged in.";
}

pinehead18

function userlogin() {

    $con = mysql_connect("localhost", "user", "pass") or die(mysql_error());
    $db = mysql_select_db("pinehead", $con) or die(mysql_error());
    $sql = "SELECT * FROM users where uname='$uname' and pass='$pass'";
    $result =  mysql_query($sql);
    $row =  mysql_fetch_array($result);

    if ($row["uname"] == $uname && $row["pass"] ==
$pass) {
        setcookie ("user", $uname, time()+604800);
        echo "you are now logged in";
        } else {
        echo "Incorrect login";
}
}

Thank you for your code.. Before I saw this post I attempted to write my own.. Maby i can have some advice on it? it seems to always log the user in.. No matter what...

Thanks for your help
- ANthony

waltherjt

On mine, I check to see if the username and password are in the database. If they aren't, you won't have any result. Also, they should only be there once. Then I check the number of rows to make sure it's 1.

$num = mysql_num_rows($result);

You are using $row instead of $result, just change that. Then check to see if $row and $num have values. If they do, then the user is already in your db.

My code works for me. Feel free to copy it/tweakit. In you sql statement, you didn't capitalize WHERE. I am not sure if this matters.