Login Script

Zanjo

I can't get this script working, it goes to the PHP page and does nothing. I'm not sure whats wrong though.

Files

Info.inc //A inc file

<?php
//The Database User/Host and password
$host="localhost";
$database="login";
$user="***";
$password="***:;

?>

index.html //Page with the forms

<html><head><title>Home</title></head></html>
<body>
<a href="http://zanjo.freesuperhost.com/login.php">Login to Site</a>
<a href="http://zanjo.freesuperhost.com/login.php?module=new">Register</a>
<form method="post" action="http://www.zanjo.byethost4.com/login.php">
<p>Username </p><input type="text" name="Username"><br>
<p>Password </p><input type="password" name="Password"><br>
<input type="submit" name="submit" value="Login"><br>
</form>

</body></html>

Login.php //Processes the index.html form

<?php session_start();
//Login.php: Login Page
include("info.inc");
switch (@$GET['do'])
{
default:
$connect = mysql_connect($host, $user, $password)
or die("Database connection error."); //Connects to database
$db = mysql_select_db($database, $connect)
or die("Database selection error."); //Selects Database
$sql = "SELECT username FROM members
WHERE username='$POST[Username]'"; //Compares Username provided to the one in the database
$query = mysql_query($sql)
or die ("Couldn't execute MYSQL Query."); //Executes Username comparation
$row = mysql_num_rows($query); //Counts amout of usernames that match
if ($row == 1) //Login Name Was Found
{
$sql = "SELECT username FROM members
WHERE username='$POST[Username]'
AND password=password('$POST[Password]')";
$query2 = mysql_query($sql)
or die("Couldn't execute MYSQL Query number 2.");
$row2 = mysql_num_rows($query2);
if (0 < $row2) //Password matches username and is correct
{
$SESSION['auth']="yes"; //Gives user authentication
$logname=$POST['Username']; //Writes log
$_SESSION['logname'] = $logname;
$today = date("d-m-Y hⓂs");
$sql = "INSERT INTO loginlog (username,logintime)
VALUES ('$logname','$today')";
mysql_query($sql) or die("Couldn't Execute MYSQL Query number 3."); //Inserts log into database
header("Location:members.php");
}
else
{
unset($do)
$message="Username or Password is incorrect.<br>"; //Incorrect Username/Password
include("loginform.php?module=new");
}
}
elseif ($row == 0) //Login name not found
{
unset($do)
$message="The Username you have entered does not exist.<br>";
include("loginform.php?module=new")
}
break;

case "new":
if(empty($POST['Username']))
{
echo "Please fill in your user name."
include "loginform.php?module=new"
exit();
}
if(empty($POST['Password']))
{
echo "Please fill in your Password."
include "loginform.php?module=new"
exit();
}
if(empty($POST['Firstname']))
{
echo "Please fill in your First Name."
include "loginform.php?module=new"
exit();
}
if(empty($POST['Lastname']))
{
echo "Please fill in your Last Name."
include "loginform.php?module=new"
exit();
}
if(empty($POST['Email']))
{
echo "Please fill in your Email addres."
include "loginform.php?module=new"
exit();
}
$POST['Username'] = $Fusername;
$POST['Password'] = $Fpassword;
$POST['Firstname'] = $Ffirstname;
$POST['Lastname'] = $Flastname;
$POST['Email'] = $Femail;
$POST['Confirm'] = $Fconfirm
include("info.inc");
$connect = mysql_connect($host, $user, $password)
or die("Database connection error."); //Connects to database
$db = mysql_select_db($database, $connect)
or die("Database selection error."); //Selects Database
$sql = "SELECT username FROM members
WHERE username='$Fusername'";
$query = mysql_query($sql)
or die("Couldn't execute MYSQL Query.");
$row = mysql_num_rows($query);
if(Fpassword != Fconfirm)
{
unset($GET['do'];
echo "Your two passwords do not match.";
include("loginform.php?module=new");
exit();
}
if (0 < $row)
{
unset($GET['do'];
echo "$Fusername already used. Please select another username.";
include("loginform.php?module=new");
exit();
}
else
{
$today = date("d-m-Y");
$sql = "INSERT INTO members
(username,dateofcreation,pass,email,firstname,lastname)
VALUES
('$Fusername','$today','$Fpassowrd','$Femail','$Ffirstname','$Flastname')";
mysql_query($sql);
$SESSION['auth']="yes";
$_SESSION['log'] = $Fusername;
$emess = "You have sucsessfully signed up at www.zanjo.byethost4.com";
$esubj = "www.zanjo.byethost4.com";
$ehead = "From: www.zanjo.byethost4.com";
mail("$Femail","$esubj","$emess","$ehead");
header("Location: new.php");
}
break;

default:
include("loginform.inc");

}

?>

Loginform.php //Just a substitue inc file, like index.html, but with the switch script, the new case isnt used yet though.

<?php session_start();
switch (@$_GET['module'])
{
default:
echo "<html><head><title>Login</title></head>
<body>
<form method="post">
<input type="text" name="Username">
<input type="password" name="Password">
</form>"

break;

case "new":
echo "<html><head><title>Login</title></head>
<body>
<form method="post">
<p>Username <input type="text" name="Username" maxlength="20"><br>
Password <input type="password" name="Password" maxlength="20"><br>
Confirm Password <input type="password" name="Confirm" maxlength="20"><br>
First Name <input type="text" name ="Firstname" maxlength="20"><br>
Last Name <input type="text" name="Lastname" maxlength="35"><br>
Email Address <input typr="text" name="Email" maxlength="40"><br>
</form>"
break;

default:

}

Thanks

Roger_Ramjet

Learn to use the php tags if you are going to post such a long script here

// opening tag is [code=php]
// closing tag is

[/code]

Rictus

To be honest I don't read your script...it was too long.

Here is I script that made once, it is mabe the worst that I had ever made but it is very simple...and it works...but as I think that you should notice If you continue looking for healp ther's a lot of similar scripts. I suggest that If you understand this one use it and update it to you needs. In my case when I'm writing a script I try to test in parts to make shure that everything is working. If this don't work... e-mail me and I will send you a complete login script that for shure will work.

<?php
// start the session
session_start();
header("Cache-control: private"); //IE 6 Fix

echo "<strong>Validating... </strong><br />";

// Get the user's input from the form
$name = $POST['name'];
$pass = $POST['pass'];
$auth = false;
$valid = 0;

If ($name == null)
{echo "Please write your username";
exit;
}

include('databaseinformation.php');
mysql_connect($host, $user, $pass) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());
$sql = "SELECT * FROM login WHERE name = '$name' AND password = '$pass'";

$result = mysql_query( $sql ) or die ( 'Unable to execute query.' );
$num = mysql_numrows( $result );
if ( $num != 0 ) {$auth = true; }

if ( ! $auth )

{echo "Username not found ";
echo "<a href=\"#\" onClick=\"history.go(-1)\"><font size=\"2\" color=\"#03407C\">Back</font></a><font color=\"#03407C\">";

exit;}

else {

$ip = getenv('REMOTE_ADDR');
$date_time = date('l M d, Y @ g:i A');

$valid = 1;
$SESSION['name'] = $name;
$SESSION['valid'] = $valid;

echo $_SESSION['name'];
echo "<br />";
echo "$ip <br />";
echo "$date_time <br />";
echo "<script>

var targetURL=\"controlpanel.php\"
window.location=targetURL
</script>";
}

Zanjo

$ip = getenv('REMOTE_ADDR');

What does that command do?

Rictus

This Get the Ip address of the person this singning in...this is if you want to make a log file of something like that to store the data of the people that log into your website.

Rictus

Well if you want you could change the script to this:

<?php
// start the session
session_start();
header("Cache-control: private"); //IE 6 Fix

echo "<strong>Validating... </strong><br />";

// Get the user's input from the form
$name = $POST['name'];
$pass = $POST['pass'];
$auth = false;
$valid = 0;

If ($name == null)
{echo "Please write your username";
exit;
}

$result = mysql_query( $sql ) or die ( 'Unable to execute query.' );
$num = mysql_numrows( $result );
if ( $num != 0 ) {$auth = true; }

if ( ! $auth )
{echo "Username not found ";
echo "<a href=\"#\" onClick=\"history.go(-1)\"><font size=\"2\" color=\"#03407C\">Back</font></a><font color=\"#03407C\">";

exit;}

else {

$valid = 1;
$SESSION['name'] = $name;
$SESSION['valid'] = $valid;

echo "<script>

var targetURL=\"controlpanel.php\"
window.location=targetURL
</script>";
}

Then Start the target webpage with this:

<?php
// start the session
session_start();
header("Cache-control: private"); //IE 6 Fix

If ($_SESSION['valid'] == null)
{header("Location: http://www.yoursite.com/login");}

If ($_SESSION['valid'] = 1)
{echo "";}
else
{header("Location: http://www.yoursite.com/login");}
?>

Zanjo

\"controlpanel.php\"

Why are there slashes before and at the end of the quotes?

Roger_Ramjet

Cos he hasn't figured out how to use single quotes for his echo strings so that he doesn't have to escape the html double quotes. The backslash \ is the php escape character.

halojoy

Zanjo wrote:
Why are there slashes before and at the end of the quotes?

As Roger Ramjet says it is about, wrapping the whole string in one type of quote character
and use another character for quotes inside string

This will give an error:

$string = "<div align="center">hello world</div>";

The beginning of string is marked using double quote
so php expects the string will end with "
I we had written

$string = "<div align=";

it would be alright.
Because after the string, php expects ; as mark the end of each php statement.
Here is where the error comes.

To avoid this we could escape " using a backslash \", inside the string, and so tell php it it not the end of string,

but a quote character inside the string.

Instead of having to use escape backslash we can instead use two different quote charactes.
There are single quote and double quote.
We let the begin and endmarker of string be single quote char
and all quotes inside are double quote char

$string = '<div align="center">hello world</div>';

Here php will look for a single quote to mark the end of string
and will be no error using "center"

/mattafort

Rictus

Another way to do the same thing is...

$html = '<script>';
$html .= 'var targetURL="controlpanel.php"';
$html .= 'window.location=targetURL';
$html .= '</script>';

echo "$html";

</script>

Roger_Ramjet

One final point: because XHTML standard dictates double-quotes in it's code, I ALWAYS use single quotes around my php strings. The only exception to this is query strings. Because the SQL standard is for single quotes around string values in queries, I use double quotes for sql query strings.

If you get into the habit of doing the same then you will avoid innumerable syntax errors in your code, as well as rendering it all much more legible and logical.

Zanjo

$html = '<script>';
$html .= 'var targetURL="controlpanel.php"';
$html .= 'window.location=targetURL';
$html .= '</script>';

Does a variable with a dot and a space turn into a array when printed?