Basic Password Code

nick2005

I'm trying to make a 'members area' next for everyone who adds a link to my site, so they can edit their details place a return link on their site etc.

When they add their link, its adds it to a table called 'links'

When they add a site they are automatically emailed a username and password (this i've done myself), but i need some code that processes their login, ie checks their details, password/username are correct. Does anyone know how to write this code?

I'd also need some code to go in the other pages of the members section, to check if their logged in.

I've got a basic knowledge of mysql and I run a non-profit so any help will be most appreciated.

Thanks in advance.

russellbcv

To start you off!

You need to write something similar to this...(using your own file names of course!)...

Create a simple login form i.e "login.php" which contains username & password <form action = "authenticated.php".....

Create a "users" table in MySQL which contains the users username & password.

"authenticated.php"

<?php
session_start();
if ($_SESSION['logged_in'] != "true"){
     $username = $_POST['username'];
     $password = $_POST['password'];
}
else {$username = $_SESSION['username'];
     $password = $_SESSION['password'];
 }

$self = $_SERVER['PHP_SELF'];
$referer = 'login.php';

if( ( !$username ) or ( !$password ) )
{ header( "Location:$referer" ); }

$conn = @mysql_connect( "localhost", "xxx", "xxx" )
or die ( "Could not connect" );
$rs = @mysql_select_db( "xxx", $conn )
or die( "Could not select database" );
$sql="select * from xxx where username = '" . $username . "'
and password = '". $password . "'";
$rs = mysql_query( $sql, $conn )
or die(mysql_error() . "Could not execute query" );
$num = mysql_numrows( $rs );

if( $num != 0 ){
$_SESSION['logged_in'] = "true";
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;

$rs = @mysql_select_db( "xxx", $conn )
or die( "Could not select database" );
$sql = "select * from xxx where username = '" . $username . "'";
$rs = mysql_query( $sql, $conn )
or die(mysql_error() . "Could not execute query" );

The above example would first authenticate the user then secondly connect to another table to extract data.

It's now up to you what you want to do with this???

nick2005

Thanks, i'll have a fiddle about with it, see where it takes me.

nick2005

Thanks for the code I'm a little bit stuck with this. I'm not sure what you have given me, I have edited the fields with my data.

But where should i put, what you see if you have entered the correct/incorrect username and password?

Here's my edited code - link_id = username and link_password = password.

 //work around for register_globals being switched off

foreach ($_COOKIE as $key => $value) {
    $$key = $value;
}
foreach ($_GET as $key => $value) {
    $$key = $value;
}
foreach ($_POST as $key => $value) {
    $$key = $value;
}

include('member_functions.php');

session_start(); 
if ($_SESSION['logged_in'] != "true"){ 
     $link_id = $_POST['link_id']; 
     $link_password = $_POST['link_password']; 
} 
else {$link_id = $_SESSION['link_id']; 
     $link_password = $_SESSION['link_password']; 
	  } 

$self = $_SERVER['PHP_SELF']; 
$referer = 'index.php'; 

if( ( !$link_id ) or ( !$link_password ) ) 
{ header( "Location:$referer" ); } 

$conn = @mysql_connect( "localhost", "mysqlusername", "mysqlpassword" ) 
or die ( "Could not connect" ); 
$rs = @mysql_select_db( "uktvindex", $conn ) 
or die( "Could not select database" ); 
$sql="select * from links where link_id = '" . $link_id . "' 
and link_password = '". $link_password . "'"; 
$rs = mysql_query( $sql, $conn ) 
or die(mysql_error() . "Could not execute query" ); 
$num = mysql_numrows( $rs ); 

if( $num != 0 ){ 
$_SESSION['logged_in'] = "true"; 
$_SESSION['link_id'] = $link_id; 
$_SESSION['link_password'] = $link_password; 

$rs = @mysql_select_db( "uktvindex", $conn ) 
or die( "Could not select database" ); 
$sql = "select * from links where link_id = '" . $link_id . "'"; 
$rs = mysql_query( $sql, $conn ) 
or die(mysql_error() . "Could not execute query" ); 
$sql = "SELECT * FROM `links` WHERE `link_id` = '$link_id' ";

$query = mysql_query($sql);
$myrow = mysql_fetch_array($query);


$link_title = $myrow["link_title"];
$link_url = $myrow["link_url"];
$link_title = $myrow["link_title"];
$link_description = $myrow["link_description"];
$link_rating = $myrow["link_rating"];
$link_date = $myrow["link_date"];
$link_email = $myrow["link_email"];

echo ("$link_title");

} elseif( $num == 0 ){ 
$_SESSION['logged_in'] != "false"; 
echo ("your not logged in"); }



?>

Would really appreciate any more direction you could give me.

twcmad

Hi just stepping in here but dont you have to start the session in php before any other code or blank lines appear.

Dave

liquorvicar

i think you have to issue session_start() before anything is output to the browser. assuming there are no output functions in member_functions.php then you're OK but i would get into the habit of putting at the top of the script (or top of an all-pervasive include).

btw, i wouldn't recommend working around register_globals like that it kinds defeats the point of register_globals being off! you should get into the good habit of grabbing and cleaning any external data that comes into your script.

as to the poster's question, i think the bit you're looking for is this

if( $num != 0 ){
<code1>
} elseif( $num == 0 ){ 
<code2>
}

this says that if any rows are found (i.e. any valid user/pass combinations) do <code1> else (they haven't entered a user/pass or they've entered an incorrect user/pass) do <code2>