Hello,

I'm a newbie to PHP and MySQL and really need help, here is my problem:

I want to get this form to check the database and then whether the username is right or not send it to a page based on that information. All database information is in "database.php" in the same directory. I want the correct one to be sent to "room1.php" and the wrong one sent to "wrongpass.php." I have a register script all working and know all I need is th elogin-script for the specific file. Here is what it consists of:

<?

/
Connect to the mysql database.
*/
$conn = mysql_connect("localhost", "sythe", "kieran") or die(mysql_error());
mysql_select_db('sythe_users', $conn) or die(mysql_error());

?>

Here is my first attempt:
It's in html:


form action="room1.php" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr>
<tr><td>Password:</td><td>
1104
<input type="password" name="pass" maxlength="30"></td></tr>
<tr><td colspan="2" align="left"><input type="checkbox" name="remember">
<font size="2">Remember me next time</td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr>
<tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr>
</table>
</form>


This however is total rubbish it doesn't matter what username you have it still logs you in if it is bogus or not.

Please help me establish a good login script for my site,

Thanks in advance,

SyTHe

P.S. You can see it action at
http://sythe.hostcubix.com/alpha
or
http://teaminferno.co.nr

Thanks again,

SyTHe

    Where's the part where you take the username and password entered in the form, assemble some SQL ("SELECT * FROM registeredUsers WHERE id='$userid' and password='$pass'" or something similar)? Where's the part where you check to see if there's a record with that informaton?

    Have you created a registered users type table?
    Have you populated it with usernames and passwords?

      I got the code froma site.

      I have a MySQL database with a table with all the users in it. We can rewrite the code from scratch, I don't care so long as it works.

        Well, if you got the code from a site, go back to the site and see if you can find the parts of the code that do the things described in my previous message.

          Yeah,

          I have but it still odesn't work, the PHP code doesn't show on my site.

          Can you guys get me some alternate code linking to the database getting the right info and doing its job,

          Thanks,

          SyTHe

            looks to me like your form is pointing straight to room1.php and not checking anything. But heres a simple thing to use as a guide

            SECURITY FLAWS ALL OVER THIS CODE but its the basics as to what you should have.

            //first a form on page form.php
            //it points to login.php which will check the username and password against the database.
            
            ?>
            <form action="loginphp" method="post"> 
            <table align="left" border="0" cellspacing="0" cellpadding="3"> 
            <tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr> 
            <tr><td>Password:</td><td> 
            1104 
            <input type="password" name="pass" maxlength="30"></td></tr> 
            <tr><td colspan="2" align="left"><input type="checkbox" name="remember"> 
            <font size="2">Remember me next time</td></tr> 
            <tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr> 
            <tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr> 
            </table> 
            </form>
            
            <?php
            
            
            
            //login.php
            //Connect, query, deal with result
            $conn = mysql_connect("localhost", "sythe", "kieran") or die(mysql_error()); 
            mysql_select_db('sythe_users', $conn) or die(mysql_error());
            
            //connected.
            
            
            $query = "SELECT FROM user_table WHERE username='".$_POST['user']."' AND password='".$_POST['pass']."'";
            $result = mysql_query($query);
            
            $num = mysql_num_rows($result);
            
            //If $num = 1 then we have a match and the right username/password combo was given, else no match so throw an error.
            
            if ($num!=1) {
            
            
            //Code to deal with wrong username/password
            
            
            } else {
            
            
            //code to deal with correct username/password
            
            
            }
            
            
            
            
            

            I dunno if you got all that originally, but from what you have shown me it looks like your missing the whole autenticatin thing out.

            Remeber, that script has loads of security flaws, look into encryption and encoding special characters.

              http://www.phpbuilder.com/board/showthread.php?s=&threadid=10278263 🙂

              It does not yet have the code that gets usernames and passwords from a table. But let's say that you have the following table

              
              CREATE TABLE `users` (
                `uid` int(11) unsigned NOT NULL auto_increment,
                `name` varchar(255) NOT NULL default '',
                `password` varchar(255) NOT NULL default '',
                PRIMARY KEY  (`id`)
              ) TYPE=MyISAM;
              

              Let's also say you store your password during registration as a SHA1 hash sha1($password);

              Then copy/paste

              $result = sql_query("SELECT uid,name,password FROM users WHERE name = '".addslashes($_POST['name']."'", $conn);
              list($uid, $name, $pwd) = sql_fetch_row($result);
              
              if(sha1($password . $_SESSION['randval']) == $_POST['pwd']) && $name = $_POST['name']))
              {
                  //user logged in
              }
              else
              {
                 //user too stupid to remeber password and/or to read the random number
              }
              

              Into the script where the comments // Set cookie/session are.

                ;
                <?php 
                
                
                
                //login.php 
                //Connect, query, deal with result 
                $conn = mysql_connect("localhost", "sythe", "kieran") or die(mysql_error());  
                mysql_select_db('sythe_users', $conn) or die(mysql_error()); //connected. $query = "SELECT FROM user_table WHERE username='".$_POST['user']."' AND password='".$_POST['pass']."'"; $result = mysql_query($query); $num = mysql_num_rows($result); //If $num = 1 then we have a match and the right username/password combo was given, else no match so throw an error. if ($num!=1) { //Code to deal with wrong username/password } else { //code to deal with correct username/password }

                Can you help me incorporate this with HTML in avery simple orm.

                Also, security can be really bad, people who view this site may be able to hack it but I don't care.

                //code to deal with correct username/password

                What code do I put to make the right user go to "room1.php".

                //Code to deal with wrong username/password

                What code do I need to send them to "wrongpassword.php"

                Cany you help?

                Thanks,

                SyTHe.

                PS. My knowledge in PHP is so limited I don't know one statement or command. Thanks for helping.

                  to redirect a user use:

                  header("Location: wrongpassword.php"); 
                  
                  exit;

                  Also, if you have more than one users in the database replace:

                  if ($num!=1) {

                  with:

                  if ($num < 1) {

                    Thanks so much,

                    I will try this.

                    Thanks.

                      :queasy: I can't get it to work.

                      Have any other scripts can use.

                        Write a Reply...