Site Member Section
I've started building a site member section on my site and I cant seem to get the login script to work..
<?php
session_start();
include(\"/home/silonet/public_html/includes/header.php\");
if(!isset($username)) {
<p><div align=\"center\"><h4> Login Required </h4></div></p>
You must login to access this area of the site! <br>
If you are not a registered user, <a href=\"signup.php\">click here</a> to sign up for instant access! <P>
Please don't try to hack..
<br> Your ip address is =$REMOTE_ADDR. <br>
Your broswer and operating system is =$HTTP_USER_AGENT.
<form method=\"post\" action=\"=$_SERVER[\"PHP_SELF\"]\">
Username: <input type=\"text\" name=\"username\" size=\"8\"><br>
Password: <input type=\"password\" name=\"password\" SIZE=\"8\"><br>
<input type=\"submit\" value=\"Log in\">
</form></p>
exit;
}
session_register(\"username\");
session_register(\"password\");
$db = mysql_connect(\"####\", \"####\", \"####\");
if (!$db)
echo \"A conection to the database could not be made. Please try again later or contact the website administrator.\";
mysql_select_db(\"####\",$db);
$result = mysql_query(\"SELECT * FROM member WHERE username=$username AND password=md5($password);\", $db);
if (!$result) {
session_unregister(\"username\");
session_unregister(\"password\");
<html>
<head>
<title> Access Denied </title>
</head>
<body>
<h1> Access Denied </h1>
<p>Your username and/or password is incorrect, or you are not a
registered user on this site. To try logging in again, click
<a href=\"=$PHP_SELF\">here</a>. To register for instant
access, click <a href=\"signup.php\">here</a>.</p>
</body>
</html>
exit;
}
if ($id == logoff)
{
session_unregister(\"username\");
session_unregister(\"password\");
session_destroy();
}
echo \"Welcome to this area, soon to come will be a place to change
your details such as password etc.. This login script will be
implemented into my code snippet library (under construction)
and eventually into my site for total interaction.\";
echo \" <a href=\\"$PHP_SELF?id=logoff\\">Log Off</a>\";
include(\"/home/silonet/public_html/includes/footer.php\");
?>Here is the table structure:
<?php
CREATE TABLE member (
userid smallint(6) NOT NULL auto_increment,
username varchar(50) default NULL,
password varchar(16) default NULL,
fullname varchar(50) default NULL,
email varchar(50) default NULL,
msn varchar(30) default NULL,
icq varchar(8) default NULL,
location varchar(20) default NULL,
website varchar(35) default NULL,
PRIMARY KEY (userid)
) TYPE=MyISAM;
?>
Busy posted this at 21:50 — 24th April 2003.
He has: 6,151 posts
Joined: May 2001
what errors are you getting (if any)
mysql_select_db("####",$db); doesn't need the ,$db bit as you've already opened the db by setting $db
the mysql_query (SELECT tag) doesn't need the end part either, this part );", $db you've already choosen the database opened and choosen the database
nuk3 posted this at 01:29 — 25th April 2003.
They have: 238 posts
Joined: May 2002
Well for some reason it cant compare the username and password entered on the form with the ones in the database.. Even more strangely when I enter 1 for the password and username it logs in.
http://www.silonetwork.com/signup.php
http://www.silonetwork.com/accesscontrol.php
nuk3 posted this at 01:33 — 25th April 2003.
They have: 238 posts
Joined: May 2002
I've just noticed that if I enter any combination of numbers in the login form it logs in even though that data doesn't exist in the database?!
Busy posted this at 02:41 — 25th April 2003.
He has: 6,151 posts
Joined: May 2001
I take it your password starts with md5
try add mysql_error() in the result check
if(!$result) { mysql_error(); ... }
the other thing to do is wrap the 'congrats your in' bit in an else statement from the !$result above
I tried the link you gave and got access denied, are you using cookies or anything that could be logging you in when you test it?
just a side note, i wouldn't add the bit about don't hack ... if someone was going to they would hide behind a proxy server so what you have would mean nothing, maybe just add a note stating 'your ip has been recorded' or something, or just do that if the name or p/w is wrong.
also take out the password value
nuk3 posted this at 03:21 — 25th April 2003.
They have: 238 posts
Joined: May 2002
<?php
session_start();
include(\"/home/silonet/public_html/includes/header.php\");
if(!isset($username)) {
<p><div align=\"center\"><h4> Login Required </h4></div></p>
You must login to access this area of the site! <br>
If you are not a registered user, <a href=\"signup.php\">click here</a> to sign up for instant access! <P>
<form method=\"post\" action=\"=$_SERVER[\"PHP_SELF\"]\">
Username: <input type=\"text\" name=\"username\" size=\"20\"><br>
Password: <input type=\"password\" name=\"password\" SIZE=\"20\"><br>
<input type=\"submit\" value=\"Log in\">
</form></p>
exit;
}
if (isset($username)) {
session_register(\"username\");
session_register(\"password\");
$db = mysql_connect(\"localhost\", \"removed\", \"removed\");
if (!$db)
echo \"A conection to the database could not be made. Please try again later or contact the website administrator.\";
mysql_select_db(\"removed\");
$result = mysql_query(\"SELECT * FROM member\");
$myrow = mysql_fetch_array($result);
$password == md5($password);
if ($myrow[\"password\"] != $password or $myrow[\"username\"] != $username)
{
mysql_error();
session_unregister(\"username\");
session_unregister(\"password\");
<html>
<head>
<title> Access Denied </title>
</head>
<body>
<h1> Access Denied </h1>
<p>Your username and/or password is incorrect, or you are not a
registered user on this site. To try logging in again, click
<a href=\"=$PHP_SELF\">here</a>. To register for instant
access, click <a href=\"signup.php\">here</a>.</p>
</body>
</html>
exit;
}
}
if ($id == logoff)
{
session_unregister(\"username\");
session_unregister(\"password\");
session_destroy();
}
echo \"Welcome to this area, soon to come will be a place to change your details such as password etc.. This login script will be implemented into my code snippet library (under construction) and eventually into my site for total interaction.\";
echo \" <a href=\\"$PHP_SELF?id=logoff\\">Log Off</a>\";
include(\"/home/silonet/public_html/includes/footer.php\");
?>
I've rescipted it, but it still doesn't work. There is obviously no error ( I added in mysql_error(); ) and I'm thinking its having problems comparing the two passwords.. http://www.silonetwork.com/accesscontrol2.php
Renegade posted this at 11:07 — 25th April 2003.
He has: 3,022 posts
Joined: Oct 2002
Maybe this site may be of some help to you:
http://www.evolt.org/article/Creating_a_Login_Script_with_PHP_4/17/19661/
Busy posted this at 04:12 — 26th April 2003.
He has: 6,151 posts
Joined: May 2001
the 'welcome to this area ...' bit is outside any if/else statements so will always show no matter what happens
you don't need if(!isset($username)) and if(isset($username))
just use one with an else
if(!isset($username)) { // or use (isset(
....
} else {
...
} // this should be the very last tag of the page unless you want stuff to always show
?>
and place everything between the approtiate sections
nuk3 posted this at 06:17 — 17th May 2003.
They have: 238 posts
Joined: May 2002
I may as well post my solution, it turns out that the password column was varchar 16 when the md5() algorithm encrypts a string into 32 characters. Therefore the script was trying to compare a 32 character password with a 16 character password in the database. I've managed to get it all working. Its always the small things..
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.