MySQL PHP login based on username and password

dmacman1962

I have a site that is built to display items based on the ID of the user. IE if I login in then only see my items. I have this done.

What I am trying to create is login that will do several things.
1) Let the user login and register.
2) Let them get lost passwords
3) Let me set the user ID (which I can) then direct them to the dynamic page based on their ID

I know this is probably already coded, to some extent.

I found most either send everyone to the same page after login, or to a specific directory.

Thanks in advance,

Don

thorpe

what part are you stuck on?

dmacman1962

Hi Thorpe,

I am looking for either code that I can adapt, or suggestions.

I have a table called users. In that I have:
ID
FirstName
LastName
EmailAddress
UserName
Password
URL

I am looking to do 2 things.

1) create a login that allows them to register and login.

2) upon login, send them to a dynamic page I created based on the url I put inthe database. (I will have the beginning of the url as a static address) and send them to my page which will query the table based on their ID and url.

I hope that makes sense.

Here is what I have for the login page:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>
<form name="form1" method="post" action="checkID.php">
  <p>
    <input name="User" type="text" id="User"> 
  User Name:</p>
  <p>
    <input name="PW" type="password" id="PW"> 
    Password</p>
  <p>
    <input type="submit" name="Submit" value="Submit">
    <input type="reset" name="Reset" value="Reset">
  </p>

  <?php 
if($_GET['error'] == 1) 
{ 
    echo 'Incorrect username or password.'; 
} 
?> 
</form>
</body>
</html>

And here is what I have for the checkID page (this is not working yet, I am still working on it).

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>
 <?php 
$hostname = "localhost";  

$database = "a;  

$username = "b;  

$password = "c;   

$connpt = mysql_pconnect($hostname, $username, $password) or trigger_error(mysql_error(),E_USER_ERROR);   

mysql_select_db($database, $connpt);  

$result = mysql_query("SELECT * FROM Users WHERE $UserName = $User");  

while($row = mysql_fetch_assoc($result)) { 
	$ID = $row['ID'];
	$Company = $row['Company'];
	$FirstName = $row['FirstName'];
	$LastName = $row['LastName'];
	$EmailAddress = $row['EmailAddress'];
	$UserName = $row['UserName'];
	$Password = $row['Password'];
	$URL = $row['URL'];

}
$User = $_POST['User']; 
$PW = $_POST['PW']; 

if ($User==$UserName && $PW==$Password){ 
    header('location: order.php'); 
}else{ 
    header('location: login.php?error=1'); 
}  

?>
</body>
</html>

Thanks,

Don

Nixon

The register script, im sure you can do youself? Just create a form then create a page inputting the data into the database? My example from my site:


<?php
$error=NULL;
$time=time();

$check_username=mysql_query("select username from members where username='".$_POST['username']."'");

if ( mysql_num_rows($check_username) > 0) { $error .= "Sorry but that username is already being used!<br>"; }
if ($_POST['password1'] != $_POST['password2']) { $error .= "Sorry but your 2 passwords did not match!<br>"; }
if ( strlen($_POST['username']) > 15 ) { $error .= "Sorry but your username cannot be over 15 characters.<br>"; }
if ( empty( $_POST['username']) ) { $error.= "You must choose a username!<br>"; }
if ( empty( $_POST['password1']) OR empty($_POST['password2']) ) { $error.= "You must fill in both password fields!<br>"; }
if ( empty( $_POST['email']) ) { $error .= "You must enter an email address!<br>"; }

if ($error == NULL) 

{

mysql_query("insert into members(username,password,email,location,datejoined,question1) values('".$_POST['username']."','".$_POST['password1']."','".$_POST['email']."','".$_POST['location']."','".$time."','".$_POST['question1']."')");

}

else { $error .= "<br>Please <a href='../register.php'>try again</a>!"; }

?>

The actual script which logs you in:


<?php 

ob_start();

include("../includes/general.php");
include("../includes/connect_db.php");

$check_login=mysql_query("SELECT COUNT(*) AS is_member FROM members WHERE username='".$_POST['username']."' AND password='".$_POST['password']."'");
$row=mysql_fetch_assoc($check_login);

if ( $row['is_member'] == 1 ) 

{

session_register("username");
$username = $_POST['username'];

session_register("password");
$password = $_POST['password'];

session_register("logged_in");
$logged_in = 1;

$login_result = "<b>Thank you for logging in " . $_POST['username'] . "</b>";
$login_action = "<b><a href='".$_GET['referer']."?topicid=".$HTTP_SESSION_VARS['topicid']."&cat=".$HTTP_SESSION_VARS['cat']."'>Continue</a></b></font>";

header("Location: ".$_GET['referer']."?topicid=".$HTTP_SESSION_VARS['topicid']."&cat=".$HTTP_SESSION_VARS['cat']."");

unset($HTTP_SESSION_VARS['topicid'],$HTTP_SESSION_VARS['topicid']);

}

else

{

session_register("username");
$username = $_POST['username'];

session_register("password");
$username = $_POST['password'];

session_register("logged_in");
$logged_in = 0;

$login_result = "<font class=style5>Sorry but your username and password combination was incorrect!";
$login_action = "<b><a href='../login.php'>Try Again</a></b></font>";

header("Location: ../login.php?problem=1");

}

?>

The part which checks whether you are logged in or not on each page, using SESSION variables.


$check_login=mysql_query("SELECT COUNT(*) AS is_member FROM members WHERE username='".$_SESSION['username']."' AND password='".$_SESSION['password']."'");
$row=mysql_fetch_assoc($check_login);

if ( $row['is_member'] == 1 ) 

{ $logged_in=1; } 

else

{ $logged_in=0; }

Thats the basic password script I use on my site, i'm not going to adapt it to your needs, just work over it slowly, understand what does what and it will be easy to modify, and if you get stuck again, post with a SPECIFIC question, not just DO THIS FOR ME BECAUSE IM LAZY. Sheesh the amount of people nowadays who expect code from no where. What stopped you taking it out of a cms system ect... ?? [/rant]

Jack.

dmacman1962

Hi Nixon,

Thanks for the sample code you gave and the explanation.

I may have not explained what i want the best way. I am not looking for anyone to do the work for me. I would never learn it otherwise and everyone on this site has been a great help.

I was looking for feedback like yours to give me some direction.

The register is easy, its just populating the DB.

I was lost on how to get their name and PW and compare it.

I can take what you gave me and some code I did a few years ago that used the :

somename.php?ID=$ID

to get their ID and match that to the ID I have for the items to display for that person.

Thanks a bunch,

Don

BTW, I do not understand this "What stopped you taking it out of a cms system ect... ?? " ??

Nixon

Hi sorry for ranting at you 😛

The piece of code which checks the username and password is this:

$check_login=mysql_query("SELECT COUNT(*) AS is_member FROM members WHERE username='".$_POST['username']."' AND password='".$_POST['password']."'"); 

if ( $row['is_member'] == 1 ) { //Set session or cookie variable }

The query above checks the database for rows which have the username AND password that the form has inputted. You would want to make a login page with a textbox for username and a textbox for password, then on your form action send it to a page which checks the information entered, where you would put the code above. Then to check that a user is logged in, you would set a session variiable or a cookie and check that it is set on each page, otherwise direct them to the log in sctipt.

Hope this helps!

Jack.