ok I have my code really close to what I want it to do,but i have 2 problems.
What im trying to accomplish, is set a users guid in my database, checking their password, Name, and member group before this is done to see if this should be done.
My way of doing this may be strange, i would like to have the guid update inside of the login success page, along with their name, and their old guid, and perhaps a timer to limit guid change to only 1 time per 2 hours.
- When it updates the GUID structure of my table, it makes it 6.
- I have added in a check to check whether the member is in group 6 which is one of my member groups and once i have done this it dosnt work.
Any help will be appreciated.
Here is the code, this is not my code, I have just modified a login script i have found on the internet.
The login page
Login.php
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td>GUID</td>
<td>:</td>
<td><input name="myguid" type="text" id="myguid"></td>
<td>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
checklogin.php
<?php
ob_start();
$host="localhost"; // Host name
$username="XXXXXXXXXXX"; // Mysql username
$password="XXXXXXXXXXX"; // Mysql password
$db_name="XXXXXXXXXXX"; // Database name
$tbl_name="XXXXXXXXXXX"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$myguid=$_POST['myguid'];
$mygroup =6;
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$mygroup =stripslashes($mygroup);
$myguid = stripslashes($mygroup);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$mygroup = mysql_real_escape_string($mygroup);
$myguid = mysql_real_escape_string($myguid);
$sql="SELECT * FROM $tbl_name WHERE name='$myusername' and password='$mypassword' and mgroup='$mygroup'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
session_register('$mygroup');
mysql_query("UPDATE ibf_members SET GUID='$myguid' WHERE name='$myusername' and password ='$mypassword' and mgroup='$mygroup'")or die(mysql_error());
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
login_success.php
<?
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>
<html>
<body>
Login Successful
</body>
</html>
