[solved] - Thanks Everyone - login php script problem

  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

PHP Code: [ Select ]
 
<?PHP
 
//connect to database
 
include('connect.php');
 
//fetch certain information
 
$user_data = mysql_fetch_array(mysql_query("SELECT username, password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
 
//If they match add a cookie and go to admin page
 
if ($username == "$user" && $password == "MD5('$pass')") {
 
//set a cookie here
 
Setcookie("admin", $userid, Time()+3600);
 
//put on this message
 
} echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
 
else
 
//or otherwise use this message
 
echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
 
?>
  1.  
  2. <?PHP
  3.  
  4. //connect to database
  5.  
  6. include('connect.php');
  7.  
  8. //fetch certain information
  9.  
  10. $user_data = mysql_fetch_array(mysql_query("SELECT username, password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
  11.  
  12. //If they match add a cookie and go to admin page
  13.  
  14. if ($username == "$user" && $password == "MD5('$pass')") {
  15.  
  16. //set a cookie here
  17.  
  18. Setcookie("admin", $userid, Time()+3600);
  19.  
  20. //put on this message
  21.  
  22. } echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
  23.  
  24. else
  25.  
  26. //or otherwise use this message
  27.  
  28. echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
  29.  
  30. ?>


I again playing around with this code, and i got a good feeling it will work this time.

Now i keep getting a parse error on line 12 which is:

PHP Code: [ Select ]
else
:S

Whats wrong with it?
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

can someone also explain the cause of the brackets? Whats the purpose?

Any tips that will be useful when adding brackets?
  • jshaulis
  • Student
  • Student
  • jshaulis
  • Posts: 70

Post 3+ Months Ago

I am no expert on this but i do not think you can have the echo statement then the else statement. The brackets act as the starting and ending of your if statement. for example

if (whatever)
{
statments
}
else
{
other statements
}

I do not think that you can write something after you first if statement, THEN say else.
  • jshaulis
  • Student
  • Student
  • jshaulis
  • Posts: 70

Post 3+ Months Ago

Try this instead

Code: [ Select ]
<?PHP
//connect to database
include('connect.php');
//fetch certain information
$user_data = mysql_fetch_array(mysql_query("SELECT username, password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
//If they match add a cookie and go to admin page
if ($username == "$user" && $password == "MD5('$pass')")
{
//set a cookie here
Setcookie("admin", $userid, Time()+3600);
//put on this message
echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";

else
{
//or otherwise use this message
echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
}
?>
  1. <?PHP
  2. //connect to database
  3. include('connect.php');
  4. //fetch certain information
  5. $user_data = mysql_fetch_array(mysql_query("SELECT username, password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
  6. //If they match add a cookie and go to admin page
  7. if ($username == "$user" && $password == "MD5('$pass')")
  8. {
  9. //set a cookie here
  10. Setcookie("admin", $userid, Time()+3600);
  11. //put on this message
  12. echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
  13. else
  14. {
  15. //or otherwise use this message
  16. echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
  17. }
  18. ?>
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

You have to add the bracket, it designates code blocks.
Code: [ Select ]
if(this){ do the thing in this set of brackets }
else {do the stuff in this set of brackets }
  1. if(this){ do the thing in this set of brackets }
  2. else {do the stuff in this set of brackets }

In VB, it works like
Code: [ Select ]
if(this) then
do this stuff
else
do this stuff
end if
  1. if(this) then
  2. do this stuff
  3. else
  4. do this stuff
  5. end if


The idea is the same, just no brackets.

.c
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

By the way, here is the correct syntax for the snippet you provided above, less the comments:

PHP Code: [ Select ]
 
<?
 
  include('connect.php');
 
  $user_data = mysql_fetch_array(mysql_query("SELECT username, password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
 
 
 
  if ($username == "$user" && $password == "MD5('$pass')") {
 
    Setcookie("admin", $userid, Time()+3600);
 
    echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
 
  }
 
  else{ echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>"; }
 
?>
 
 
  1.  
  2. <?
  3.  
  4.   include('connect.php');
  5.  
  6.   $user_data = mysql_fetch_array(mysql_query("SELECT username, password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
  7.  
  8.  
  9.  
  10.   if ($username == "$user" && $password == "MD5('$pass')") {
  11.  
  12.     Setcookie("admin", $userid, Time()+3600);
  13.  
  14.     echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
  15.  
  16.   }
  17.  
  18.   else{ echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>"; }
  19.  
  20. ?>
  21.  
  22.  


.c
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

ohhhhhhhhh
NOW I UNDERSTAND!!!!
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

:'( the code doesnt work!!
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

No? what error are you getting?

does the connect.php include have the right connection settings to an existing database that also has entries that match the $user and md5('$pass') values?

.c
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

its not the error, its the code itself...

when i type in the correct values in the form it doesnt go to "Welcome to ADMIN" screen. Instead it says they are invalid
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

PHP Code: [ Select ]
 
<?PHP
 
//connect to database
 
include('connect.php');
 
//fetch certain information
 
$user_data = mysql_fetch_array(mysql_query("SELECT username, password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
 
//If they match add a cookie and go to admin page
 
if ($username == "$user" && $password == "MD5('$pass')")
 
{
 
//set a cookie here
 
Setcookie("admin", $userid, Time()+3600);
 
//put on this message
 
echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
 
}  
 
else
 
{
 
//or otherwise use this message
 
echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
 
}
 
?>
 
 
  1.  
  2. <?PHP
  3.  
  4. //connect to database
  5.  
  6. include('connect.php');
  7.  
  8. //fetch certain information
  9.  
  10. $user_data = mysql_fetch_array(mysql_query("SELECT username, password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
  11.  
  12. //If they match add a cookie and go to admin page
  13.  
  14. if ($username == "$user" && $password == "MD5('$pass')")
  15.  
  16. {
  17.  
  18. //set a cookie here
  19.  
  20. Setcookie("admin", $userid, Time()+3600);
  21.  
  22. //put on this message
  23.  
  24. echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
  25.  
  26. }  
  27.  
  28. else
  29.  
  30. {
  31.  
  32. //or otherwise use this message
  33.  
  34. echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
  35.  
  36. }
  37.  
  38. ?>
  39.  
  40.  


what seems to be wrong? I mean its getting the values, sseeing if they both add up.... now what?
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

i want the comments there for future reference
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

now im getting

PHP Code: [ Select ]
 
<?PHP
 
 
 
include('connect.php');
 
 
 
$user_data = mysql_fetch_array(mysql_query("SELECT username password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
 
 
 
if ($user_data = false);
 
{
 
echo "couldnt get informtion";
 
}
 
 
 
if ($username == "$user" && $password == "MD5('$pass')")
 
{
 
 
 
Setcookie("admin", $userid, Time()+3600);
 
 
 
echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
 
}  else  {
 
 
 
echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
 
}
 
?>
 
 
  1.  
  2. <?PHP
  3.  
  4.  
  5.  
  6. include('connect.php');
  7.  
  8.  
  9.  
  10. $user_data = mysql_fetch_array(mysql_query("SELECT username password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
  11.  
  12.  
  13.  
  14. if ($user_data = false);
  15.  
  16. {
  17.  
  18. echo "couldnt get informtion";
  19.  
  20. }
  21.  
  22.  
  23.  
  24. if ($username == "$user" && $password == "MD5('$pass')")
  25.  
  26. {
  27.  
  28.  
  29.  
  30. Setcookie("admin", $userid, Time()+3600);
  31.  
  32.  
  33.  
  34. echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
  35.  
  36. }  else  {
  37.  
  38.  
  39.  
  40. echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
  41.  
  42. }
  43.  
  44. ?>
  45.  
  46.  


i changed the script again,

and it shows on the screen

Quote:
couldnt get informtionYou do not have permission to access this area, sorry click here to go back


the form i work on is
Code: [ Select ]
<? include('http://www.69kilobytes.co.uk/header.php'); ?>
<form name="admin_login" method="post" action="admin_login.php">
<input type="text" name="username" id="$user">
<input type="password" name="password" id="MD5('$pass')">
 <input type="submit" value="submit" name="submit">
</form>
<? include('http://www.69kilobytes.co.uk/footer.php'); ?>
  1. <? include('http://www.69kilobytes.co.uk/header.php'); ?>
  2. <form name="admin_login" method="post" action="admin_login.php">
  3. <input type="text" name="username" id="$user">
  4. <input type="password" name="password" id="MD5('$pass')">
  5.  <input type="submit" value="submit" name="submit">
  6. </form>
  7. <? include('http://www.69kilobytes.co.uk/footer.php'); ?>
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

Ah.

Ok, the HTML form is wrong, you've got PHP code in there and that just won't do.



Code: [ Select ]
<? include('http://www.69kilobytes.co.uk/header.php'); ?>
<form name="admin_login" method="post" action="admin_login.php">

<input type="text" name="username" id="username">
<input type="password" name="password" id="password">
<input type="submit" value="submit" name="submit">
</form>

<? include('http://www.69kilobytes.co.uk/footer.php'); ?>
  1. <? include('http://www.69kilobytes.co.uk/header.php'); ?>
  2. <form name="admin_login" method="post" action="admin_login.php">
  3. <input type="text" name="username" id="username">
  4. <input type="password" name="password" id="password">
  5. <input type="submit" value="submit" name="submit">
  6. </form>
  7. <? include('http://www.69kilobytes.co.uk/footer.php'); ?>


This is just the element ID, so it's probably not a big deal, but it's nevertheless wrong.

Next, are you sure the password is being stored in the database under md5? That is, when you look at what the database has stored for the password, is it encrypted or not? If it IS, then that's not the problem, if it's not, then there you go.

Do you have cookies enabled on your browser (and are you SURE you do? go check that it's not restricted somehow...)? From the look of the script, that shouldn't matter at login, but you never know.

Finally, are you sure that the $username and $password are being populated correctly from the form post? Just after the include statement, add this to see what the output really is. if the thing inside the parenthesis doesn't match what's in the database, you script will not work, and you'll see the access denied result.

PHP Code: [ Select ]
 
print "<p>Username: " . $user . " :: Password: " .  $pass .  "(" . MD5('$pass') . ")</p>";
 
 
  1.  
  2. print "<p>Username: " . $user . " :: Password: " .  $pass .  "(" . MD5('$pass') . ")</p>";
  3.  
  4.  
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

Thanks for your reply.

1) How can not the form be right? It is being posted towards the php file right?

2) here is what you need to know:
http://www.69kilobytes.co.uk/cp/admin_login.php
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

Nem wrote:
1) How can not the form be right? It is being posted towards the php file right?


Yeah, except the HTML isn't inside a PHP script delimiter ( <? PHP HERE ?> ). I doubt that's the problem, since the php stuff was only in the ID attribute, so unless you're using some sort of JS, it wouldn't cause a problem. The NAME attribute is the important one when it comes to HTTP.

Nem wrote:
2) here is what you need to know:
http://www.69kilobytes.co.uk/cp/admin_login.php


That tells me the username isn't being passed properly. In other words, the $user variable is empty, which would definatly cause your error.

Can you post the contents of connect.php (you can, and should, omit the database login lines... better not to post real passwords in plain text, =])

.c
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

PHP Code: [ Select ]
 
<?php
 
 
 
$username = "";
 
$password = "";
 
$host = "localhost";
 
$database = "69kilobytes_co_uk_portal";
 
mysql_connect($host,$username,$password) or die("Cannot connect to the database.<br>" . mysql_error());
 
mysql_select_db($database) or die("Cannot select the database.<br>" . mysql_error());
 
 
 
?>
  1.  
  2. <?php
  3.  
  4.  
  5.  
  6. $username = "";
  7.  
  8. $password = "";
  9.  
  10. $host = "localhost";
  11.  
  12. $database = "69kilobytes_co_uk_portal";
  13.  
  14. mysql_connect($host,$username,$password) or die("Cannot connect to the database.<br>" . mysql_error());
  15.  
  16. mysql_select_db($database) or die("Cannot select the database.<br>" . mysql_error());
  17.  
  18.  
  19.  
  20. ?>


the admin table is in the correct database.
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

Wait... the $pass isn't being passed either. The md5 encryption is invalid, it's either the encryption for NULL, undefiend or "" or FALSE, or something like that... whatever the default value PHP is assigning it.

Please post the connect.php, or whatever the part of your script is that's parsing the HTTP request.

thanks
.c
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

i will show you all the contents i am using for this login....

please hold on for a sec so i can put it all on to one post
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

got it.

Ok, there is something missing still.

I don't see any script that parsed the HTTP request.... Is there anything anywhere that does looks for something like $_POST? If so, post that snippet. Are there any other include files in admin_login.php?


.c

**EDIT: heh, we're getting out of sync on our posts... I'll wait to post anything more until you've posted the content of the file. =]
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

login form
PHP Code: [ Select ]
 
<? include('http://www.69kilobytes.co.uk/header.php'); ?>
 
<?
 
echo "<form name=admin_login method=post action=admin_login.php>
 
<input type=text name=username id=user>
 
<input type=password name=password id=MD5('$pass')>
 
 <input type=submit value=submit name=submit>
 
</form>"
 
?>
 
<? include('http://www.69kilobytes.co.uk/footer.php'); ?>
 
 
  1.  
  2. <? include('http://www.69kilobytes.co.uk/header.php'); ?>
  3.  
  4. <?
  5.  
  6. echo "<form name=admin_login method=post action=admin_login.php>
  7.  
  8. <input type=text name=username id=user>
  9.  
  10. <input type=password name=password id=MD5('$pass')>
  11.  
  12.  <input type=submit value=submit name=submit>
  13.  
  14. </form>"
  15.  
  16. ?>
  17.  
  18. <? include('http://www.69kilobytes.co.uk/footer.php'); ?>
  19.  
  20.  


-i just edited the code, hopefully it is correct now. Within the footer and the header are both html tags. Any php code in there will start with <? and end with ?> but is saved altogether as a php document.

connect.php
PHP Code: [ Select ]
 
<?php
 
 
 
$username = "";
 
$password = "";
 
$host = "localhost";
 
$database = "69kilobytes_co_uk_portal";
 
mysql_connect($host,$username,$password) or die("Cannot connect to the database.<br>" . mysql_error());
 
mysql_select_db($database) or die("Cannot select the database.<br>" . mysql_error());
 
 
 
?>
 
 
  1.  
  2. <?php
  3.  
  4.  
  5.  
  6. $username = "";
  7.  
  8. $password = "";
  9.  
  10. $host = "localhost";
  11.  
  12. $database = "69kilobytes_co_uk_portal";
  13.  
  14. mysql_connect($host,$username,$password) or die("Cannot connect to the database.<br>" . mysql_error());
  15.  
  16. mysql_select_db($database) or die("Cannot select the database.<br>" . mysql_error());
  17.  
  18.  
  19.  
  20. ?>
  21.  
  22.  

-was sent before

now finally the login php code
PHP Code: [ Select ]
 
<?PHP
 
 
 
include('connect.php');
 
print "<p>Username: " . $user . " :: Password: " .  $pass .  "(" . MD5('$pass') . ")</p>";
 
$user_data = mysql_fetch_array(mysql_query("SELECT username password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
 
 
 
if ($user_data = false);
 
{
 
echo "couldnt get informtion";
 
}
 
 
 
if ($username == "$user" && $password == "MD5('$pass')")
 
{
 
 
 
Setcookie("admin", $userid, Time()+3600);
 
 
 
echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
 
}  else  {
 
 
 
echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
 
}
 
?>
 
 
  1.  
  2. <?PHP
  3.  
  4.  
  5.  
  6. include('connect.php');
  7.  
  8. print "<p>Username: " . $user . " :: Password: " .  $pass .  "(" . MD5('$pass') . ")</p>";
  9.  
  10. $user_data = mysql_fetch_array(mysql_query("SELECT username password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
  11.  
  12.  
  13.  
  14. if ($user_data = false);
  15.  
  16. {
  17.  
  18. echo "couldnt get informtion";
  19.  
  20. }
  21.  
  22.  
  23.  
  24. if ($username == "$user" && $password == "MD5('$pass')")
  25.  
  26. {
  27.  
  28.  
  29.  
  30. Setcookie("admin", $userid, Time()+3600);
  31.  
  32.  
  33.  
  34. echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
  35.  
  36. }  else  {
  37.  
  38.  
  39.  
  40. echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
  41.  
  42. }
  43.  
  44. ?>
  45.  
  46.  

-this i made and im a total newb at this and learning.

on top of every page i protect i add:

PHP Code: [ Select ]
if(isset($_COOKIE["admin"])) { echo 'welcome'; } else { echo 'You need to login to view this area of the site';}?>
 
 
  1. if(isset($_COOKIE["admin"])) { echo 'welcome'; } else { echo 'You need to login to view this area of the site';}?>
  2.  
  3.  



hope this helps
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

hey, i be back at 5.30GMT. If you reply then thanks, and i am not ignoring you taking away any answers you have.

Regards
Nem

Ps. thank you for giving me help towards this annoying bit of code.
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

It does. It tells me there is nothing actually looking to figure out what was entered into the form. Add this above the include call, at the top of the page:

PHP Code: [ Select ]
 
 
if($_POST){
 
   foreach ($_POST as $key => $value) {
 
      if($key == "username"){ $user = $value); }
 
      if($key == "password"){ $pass = $value); }
 
  }
 
}
 
 
  1.  
  2.  
  3. if($_POST){
  4.  
  5.    foreach ($_POST as $key => $value) {
  6.  
  7.       if($key == "username"){ $user = $value); }
  8.  
  9.       if($key == "password"){ $pass = $value); }
  10.  
  11.   }
  12.  
  13. }
  14.  
  15.  


You'll notices that the string in the if statements match the NAME attributes in your form elements. You can use the same structure for $_GET for QueryString variables (values passed in the URL, for example: file.php?this=that&key=value) and $_COOKIE for cookie values.

I usually create a global include file that is added to EVERY page on the site, (I call it common.php, but you can call it whatever you want). This lets me include functions and variables that I might want access to across the board, like sessions, or forms...

You could put these loops into a function, and pass the the string as an argument, for example:

PHP Code: [ Select ]
 
 
 
 
//THIS IS IN THE COMMON INCLUDE FILE:
 
function get_post($form_element){
 
  foreach ($_POST as $key => $value) {
 
    if($key == $form_element){return $value); }
 
  }
 
  return "";
 
}
 
 
 
 
 
//THIS IS ON WHATEVER PAGE:
 
$some_variable = get_post("form_element_name");
 
 
 
 
  1.  
  2.  
  3.  
  4.  
  5. //THIS IS IN THE COMMON INCLUDE FILE:
  6.  
  7. function get_post($form_element){
  8.  
  9.   foreach ($_POST as $key => $value) {
  10.  
  11.     if($key == $form_element){return $value); }
  12.  
  13.   }
  14.  
  15.   return "";
  16.  
  17. }
  18.  
  19.  
  20.  
  21.  
  22.  
  23. //THIS IS ON WHATEVER PAGE:
  24.  
  25. $some_variable = get_post("form_element_name");
  26.  
  27.  
  28.  
  29.  



I'd stick the the more hardcoded version to start until you have more grasp of PHP though.

.c


**EDIT: no problem, glad to help.
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

Could you explain what page i should put them in?
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

I have to also admit, you kind of lost me within what you tryied to explain "common"?

I am very new to this..
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

here is my final "form" page

PHP Code: [ Select ]
 
<? if($_POST){
 
    foreach ($_POST as $key => $value) {
 
        if($key == "username"){ $user = $value); }
 
        if($key == "password"){ $pass = $value); }
 
  }
 
}
 
include('http://www.69kilobytes.co.uk/header.php');
 
?>
 
<?
 
echo "<form name=admin_login method=post action=admin_login.php>
 
<input type=text name=username id=user>
 
<input type=password name=password id=MD5('$pass')>
 
 <input type=submit value=submit name=submit>
 
</form>"
 
?>
 
<? include('http://www.69kilobytes.co.uk/footer.php'); ?>
 
 
  1.  
  2. <? if($_POST){
  3.  
  4.     foreach ($_POST as $key => $value) {
  5.  
  6.         if($key == "username"){ $user = $value); }
  7.  
  8.         if($key == "password"){ $pass = $value); }
  9.  
  10.   }
  11.  
  12. }
  13.  
  14. include('http://www.69kilobytes.co.uk/header.php');
  15.  
  16. ?>
  17.  
  18. <?
  19.  
  20. echo "<form name=admin_login method=post action=admin_login.php>
  21.  
  22. <input type=text name=username id=user>
  23.  
  24. <input type=password name=password id=MD5('$pass')>
  25.  
  26.  <input type=submit value=submit name=submit>
  27.  
  28. </form>"
  29.  
  30. ?>
  31.  
  32. <? include('http://www.69kilobytes.co.uk/footer.php'); ?>
  33.  
  34.  


im getting a parse error on line 3
  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Posts: 3422
  • Loc: Richland, WA

Post 3+ Months Ago

PHP Code: [ Select ]
<? if($_POST){
 
    foreach ($_POST as $key => $value) {
 
        if($key == "username"){ $user = $value; }
 
        if($key == "password"){ $pass = $value; }
 
  }
 
}
 
 
  1. <? if($_POST){
  2.  
  3.     foreach ($_POST as $key => $value) {
  4.  
  5.         if($key == "username"){ $user = $value; }
  6.  
  7.         if($key == "password"){ $pass = $value; }
  8.  
  9.   }
  10.  
  11. }
  12.  
  13.  


no ) after your values
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

ok the error is out of the way:

now the dummy username and password i just inputted in to the dbase and md5'd is "lol" and "lol" both username and password.

here is the form

http://www.69kilobytes.co.uk/cp/login.php

to you, what is the problem? The codes are half way up this page
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

ok... that's weird.
Let me do some tooling around and see if I can make it work on my server here...

.c
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

THANKS!
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

ok, the extra ) was my fault, sorry about that.

You need to put the $_POST stuff on the admin_login.php page, not the login.php page. It RETRIEVES the data, it doesn't send data... see what I mean?

So:

1) Get rid of the PHP stuff in your HTML form, unless you're planning to use a cookie to add their username to the VALUE field for username, there's no point.

2) Remove any other PHP code you added to the login.php form due to this thread.

3) On admin_login.php (the target, aka, ACTION, for your login form) make it look like this:

PHP Code: [ Select ]
 
 
 
<?
 
   include('connect.php');
 
 
 
   function get_data_by_method($method_hash,$element){
 
      foreach ($method_hash as $key => $value) {
 
         if($key == $element){return $value; }
 
      }
 
      return "";
 
   }
 
 
 
 
 
   $user = get_data_by_method($_POST,"username");
 
   $pass = md5(get_data_by_method($_POST,"password"));
 
 
 
 
 
   $sql = "SELECT username,password FROM admin WHERE username='".$user."' and password='".$pass)."';";
 
   $results = mysql_fetch_array(mysql_query($sql));
 
 
 
   if(!isset($db_user)){$db_user = false;}
 
   if(!isset($db_pass)){$db_pass = false;}
 
 
 
   foreach($results as $field => $value){
 
      if($field == "username"){$db_user = $value; }
 
      if($field == "password"){$db_pass = $value; }
 
   }
 
 
 
   if(!$db_user || !$db_pass){ echo "couldnt get informtion"; }
 
   else{
 
      if($db_user == $user && $db_pass == $pass){
 
         setcookie("admin",$userid,time() + 3600);
 
         echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
 
      }
 
      else{ echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>"; }
 
   }
 
?>
 
 
  1.  
  2.  
  3.  
  4. <?
  5.  
  6.    include('connect.php');
  7.  
  8.  
  9.  
  10.    function get_data_by_method($method_hash,$element){
  11.  
  12.       foreach ($method_hash as $key => $value) {
  13.  
  14.          if($key == $element){return $value; }
  15.  
  16.       }
  17.  
  18.       return "";
  19.  
  20.    }
  21.  
  22.  
  23.  
  24.  
  25.  
  26.    $user = get_data_by_method($_POST,"username");
  27.  
  28.    $pass = md5(get_data_by_method($_POST,"password"));
  29.  
  30.  
  31.  
  32.  
  33.  
  34.    $sql = "SELECT username,password FROM admin WHERE username='".$user."' and password='".$pass)."';";
  35.  
  36.    $results = mysql_fetch_array(mysql_query($sql));
  37.  
  38.  
  39.  
  40.    if(!isset($db_user)){$db_user = false;}
  41.  
  42.    if(!isset($db_pass)){$db_pass = false;}
  43.  
  44.  
  45.  
  46.    foreach($results as $field => $value){
  47.  
  48.       if($field == "username"){$db_user = $value; }
  49.  
  50.       if($field == "password"){$db_pass = $value; }
  51.  
  52.    }
  53.  
  54.  
  55.  
  56.    if(!$db_user || !$db_pass){ echo "couldnt get informtion"; }
  57.  
  58.    else{
  59.  
  60.       if($db_user == $user && $db_pass == $pass){
  61.  
  62.          setcookie("admin",$userid,time() + 3600);
  63.  
  64.          echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
  65.  
  66.       }
  67.  
  68.       else{ echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>"; }
  69.  
  70.    }
  71.  
  72. ?>
  73.  
  74.  


Let me know if that works

.c

*EDIT: Changed function name to work for ANY collectoin hash, not just post....
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

ok 1)

Code: [ Select ]
<? include('http://www.69kilobytes.co.uk/header.php'); ?>

<form name=admin_login method=post action=admin_login.php>
<input type=text name=username id=user>
<input type=password name=password id=MD5('$pass')>
 <input type=submit value=submit name=submit>
</form>

<? include('http://www.69kilobytes.co.uk/footer.php'); ?>
  1. <? include('http://www.69kilobytes.co.uk/header.php'); ?>
  2. <form name=admin_login method=post action=admin_login.php>
  3. <input type=text name=username id=user>
  4. <input type=password name=password id=MD5('$pass')>
  5.  <input type=submit value=submit name=submit>
  6. </form>
  7. <? include('http://www.69kilobytes.co.uk/footer.php'); ?>


link: http://www.69kilobytes.co.uk/cp/login.php

i will post the rest as well...
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

ok the admin login php page

link: http://www.69kilobytes.co.uk/cp/admin_login.php

ERROR line 15... and it still says "You do not have permission blah blah" meaning the username and password did not work. Even though they are correct.
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

Ok... sorry, I noticed something else... the md5 stuff was wrong, and there isn't anything actually reading the data retrieved from the query. I've updated the script above, see if that works. If it doesn't, I'll create a test database and actually trying the scripts... I'm writting from memory here.. heh
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

Stop the presses!

heh

Give this a try. I combined the connect.php include file in for sake of ease. I ran this against a test database and it worked. Give it a try on your site and let me know.

PHP Code: [ Select ]
 
<?
 
   function get_data_by_method($method_hash,$element){
 
      foreach ($method_hash as $key => $value){
 
         if($key == $element){ return $value; }
 
      }
 
      return "";
 
   }
 
 
 
 
 
  $submit = get_data_by_method($_POST,"submit");
 
   $user = get_data_by_method($_POST,"username");
 
   $pass = md5(get_data_by_method($_POST,"password"));
 
   if(!isset($db_user)){$db_user = false;}
 
   if(!isset($db_pass)){$db_pass = false;}
 
 
 
   $username = "";
 
   $password = "";
 
   $host = "";
 
   $database = "";
 
   mysql_connect($host,$username,$password) or die("Cannot connect to the database.<br>" . mysql_error());
 
   mysql_select_db($database) or die("Cannot select the database.<br>" . mysql_error());
 
   $result = mysql_query("SELECT username,password FROM userdata WHERE username='".$user."' and password='".$pass."';");
 
   while ($row = mysql_fetch_array($result, MYSQL_BOTH)) {
 
      $db_user = $row["username"];
 
      $db_pass = $row["password"];
 
   }
 
 
 
   if(!$db_user || !$db_pass){ echo "couldnt get informtion"; }
 
   else{
 
      if($db_user == $user && $db_pass == $pass){
 
         setcookie("admin",$userid,time() + 3600);
 
         echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
 
      }
 
      else{ echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>"; }
 
   }
 
   mysql_free_result($result);
 
?>
 
 
  1.  
  2. <?
  3.  
  4.    function get_data_by_method($method_hash,$element){
  5.  
  6.       foreach ($method_hash as $key => $value){
  7.  
  8.          if($key == $element){ return $value; }
  9.  
  10.       }
  11.  
  12.       return "";
  13.  
  14.    }
  15.  
  16.  
  17.  
  18.  
  19.  
  20.   $submit = get_data_by_method($_POST,"submit");
  21.  
  22.    $user = get_data_by_method($_POST,"username");
  23.  
  24.    $pass = md5(get_data_by_method($_POST,"password"));
  25.  
  26.    if(!isset($db_user)){$db_user = false;}
  27.  
  28.    if(!isset($db_pass)){$db_pass = false;}
  29.  
  30.  
  31.  
  32.    $username = "";
  33.  
  34.    $password = "";
  35.  
  36.    $host = "";
  37.  
  38.    $database = "";
  39.  
  40.    mysql_connect($host,$username,$password) or die("Cannot connect to the database.<br>" . mysql_error());
  41.  
  42.    mysql_select_db($database) or die("Cannot select the database.<br>" . mysql_error());
  43.  
  44.    $result = mysql_query("SELECT username,password FROM userdata WHERE username='".$user."' and password='".$pass."';");
  45.  
  46.    while ($row = mysql_fetch_array($result, MYSQL_BOTH)) {
  47.  
  48.       $db_user = $row["username"];
  49.  
  50.       $db_pass = $row["password"];
  51.  
  52.    }
  53.  
  54.  
  55.  
  56.    if(!$db_user || !$db_pass){ echo "couldnt get informtion"; }
  57.  
  58.    else{
  59.  
  60.       if($db_user == $user && $db_pass == $pass){
  61.  
  62.          setcookie("admin",$userid,time() + 3600);
  63.  
  64.          echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
  65.  
  66.       }
  67.  
  68.       else{ echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>"; }
  69.  
  70.    }
  71.  
  72.    mysql_free_result($result);
  73.  
  74. ?>
  75.  
  76.  
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

but.... How will the other pages know i logged in? :O

Thanks for the code i really appreciate it. I spent a week trying to get this bit working


is this ok?
PHP Code: [ Select ]
if(isset($_COOKIE["admin"])) { echo 'welcome'; } else { echo 'You need to login to view this area of the site';}?>
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

oops, i didn't take that into account. you can't use $userid, unless you add that to the mysql query. after SELECT, replace userid with whatever the auto-incrementing primary key field name is (uid, id, userid, whatever it is)

PHP Code: [ Select ]
 
    $result = mysql_query("SELECT userid,username,password FROM userdata WHERE username='".$user."' and password='".$pass."';");
 
    while ($row = mysql_fetch_array($result, MYSQL_BOTH)) {
 
        $db_uid = $row["userid"];
 
        $db_user = $row["username"];
 
        $db_pass = $row["password"];
 
    }
 
 
  1.  
  2.     $result = mysql_query("SELECT userid,username,password FROM userdata WHERE username='".$user."' and password='".$pass."';");
  3.  
  4.     while ($row = mysql_fetch_array($result, MYSQL_BOTH)) {
  5.  
  6.         $db_uid = $row["userid"];
  7.  
  8.         $db_user = $row["username"];
  9.  
  10.         $db_pass = $row["password"];
  11.  
  12.     }
  13.  
  14.  


Then, when you're setting the cookie, use:

PHP Code: [ Select ]
setcookie("admin",$db_uid,time() + 3600);



PHP Code: [ Select ]
 
<?
 
  if(!isset($cookie_uid)){$cookie_uid = false;}
 
  $cookie_uid = get_data_by_method($_COOKIE,"admin");
 
  if(!$cookie_uid){ header("Location: login.php"); }
 
?>
 
 
  1.  
  2. <?
  3.  
  4.   if(!isset($cookie_uid)){$cookie_uid = false;}
  5.  
  6.   $cookie_uid = get_data_by_method($_COOKIE,"admin");
  7.  
  8.   if(!$cookie_uid){ header("Location: login.php"); }
  9.  
  10. ?>
  11.  
  12.  

This must go at the top of the page or the header call will give an error. You must send all headers before anything is actually sent to the browser, or you will get an error.


Also, just to note on some naming conventions. I like to use $db_varname to denote any variable that contains a value that was pulled from the database. That's the "real" data, and no potentially garbage data that someone has submitted... It has no real bearing on the script, it just makes it easier to read, for me anyway.

.c
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

PHP Code: [ Select ]
 
$cookie_uid = get_data_by_method($_COOKIE,"admin");
 
 
  1.  
  2. $cookie_uid = get_data_by_method($_COOKIE,"admin");
  3.  
  4.  


Fatal error: Call to undefined function: get_data_by_method() in /home/virtual/site2/fst/var/www/html/cp/admin.php on line 4
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

again, if you add the function get_data_by_method to a common include file you can call it from anywhere. If you don't, then you'll need to include the whole function on every page.

I would suggest adding:

PHP Code: [ Select ]
require_once("common.php");


to every page on your site (the path to the common.php file must be set right, obviously, just as you would with regular link).

Do not include anthing except functions or variable declarations in the file, since it will be on every page. The require_once call means you will get a fatal error if it's not found (make sure the path is right) and the _once part means it will only every be included once, even if you accidently include another file that also tries to include it. require and include do the same thing, the only difference is require stops the parser if the file isn't found, include doesn't.

I make a habit of using include_once or require_once, unless I specifically want to include a particular file more than once on a given page, which is pretty rare.

.c
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

oh... and if you add that function to an include, make sure to remove it from any page you have copied it on to. You don't want to have the function defined twice, that can cause some unexpected results...

Remember, including a file is basically the same thing as copying and pasting the whole file you're including into the document you're including it on where the include call is (heh how many times can YOU use include in the same sentence?). So

file 1:
hello there

file 2:
blah
include(file1)
blahh

is the same as:
blah
hello there
blahh


so, if instead, file 2 was:
blah
hello there
include(file1)
blahh

you're really have:
blah
hello there
hello there
blahh

see what I mean?
.c
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

please read previous post :P
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

I know about the includes dude :$ im not that much of a noob no more :P
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

heh, you never know =]

Anyway, in that case. Just add the function to an include file called common.php and on every page you want to protect:

PHP Code: [ Select ]
 
<?
 
  $path_to_includes = "../includes/";
 
  require_once($path_to_includes."common.php");
 
  if(!isset($cookie_uid)){$cookie_uid = false;}
 
  $cookie_uid = get_data_by_method($_COOKIE,"admin");
 
  if(!$cookie_uid){ header("Location: login.php"); }
 
?>
 
 
 
 
  1.  
  2. <?
  3.  
  4.   $path_to_includes = "../includes/";
  5.  
  6.   require_once($path_to_includes."common.php");
  7.  
  8.   if(!isset($cookie_uid)){$cookie_uid = false;}
  9.  
  10.   $cookie_uid = get_data_by_method($_COOKIE,"admin");
  11.  
  12.   if(!$cookie_uid){ header("Location: login.php"); }
  13.  
  14. ?>
  15.  
  16.  
  17.  
  18.  


(Ok... I added something new... heh, just change the $path_to_includes value to be whatever it needs to be based on the page...)


OR

Just copy the function to the page. It would be the same, using the include is just easier and cleaner.

.c
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

dude, there is no such function as:

get_data_by_method

i even checked on php.net
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

It's part of the code I provided above:

PHP Code: [ Select ]
 
 
 
    function get_data_by_method($method_hash,$element){
 
        foreach ($method_hash as $key => $value){
 
            if($key == $element){ return $value; }
 
        }
 
        return "";
 
    }
 
 
 
 
  1.  
  2.  
  3.  
  4.     function get_data_by_method($method_hash,$element){
  5.  
  6.         foreach ($method_hash as $key => $value){
  7.  
  8.             if($key == $element){ return $value; }
  9.  
  10.         }
  11.  
  12.         return "";
  13.  
  14.     }
  15.  
  16.  
  17.  
  18.  
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

Im still running in to problems...

I opened up my cookie folder... once i logged in i refreshed the cookie folder and the cookie didnt appear.

Also, i can still go on to the 'secure' pages without even logging in? The log out button works fine but i had to rearrange it to this:

PHP Code: [ Select ]
 
<?PHP
 
session_start();
 
session_destroy();
 
 
 
echo "You have been successfully logged out.";
 
?>
  1.  
  2. <?PHP
  3.  
  4. session_start();
  5.  
  6. session_destroy();
  7.  
  8.  
  9.  
  10. echo "You have been successfully logged out.";
  11.  
  12. ?>


The common.php file
PHP Code: [ Select ]
<?
 
  require_once("admin_login.php");
 
  if(!isset($cookie_uid)){$cookie_uid = false;}
 
  $cookie_uid = get_data_by_method($_COOKIE,"admin");
 
  if(!$cookie_uid){ header("Location: login.php"); }
 
?>
  1. <?
  2.  
  3.   require_once("admin_login.php");
  4.  
  5.   if(!isset($cookie_uid)){$cookie_uid = false;}
  6.  
  7.   $cookie_uid = get_data_by_method($_COOKIE,"admin");
  8.  
  9.   if(!$cookie_uid){ header("Location: login.php"); }
  10.  
  11. ?>


now this is working fine, but this is the main cause of going on to secure pages logged in or logged out.

I been trying to figure it out, but i got a splitting headache. Im almost out of time too.[/php]
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

Ok, try this.

Remove all the stuff about cookies...

In your common.php file:

PHP Code: [ Select ]
 
<?
 
  session_start();
 
  if(!isset($_SESSION['username'])){$_SESSION['username'] = false;}
 
?>
 
 
 
 
  1.  
  2. <?
  3.  
  4.   session_start();
  5.  
  6.   if(!isset($_SESSION['username'])){$_SESSION['username'] = false;}
  7.  
  8. ?>
  9.  
  10.  
  11.  
  12.  


Make sure common.php is included on your homepage so the session will be activated and the username variable instantiated to false.

Now, on your admin_login.php file:


PHP Code: [ Select ]
 
<?
 
    function get_data_by_method($method_hash,$element){
 
        foreach ($method_hash as $key => $value){
 
            if($key == $element){ return $value; }
 
        }
 
        return "";
 
    }
 
 
 
 
 
  $submit = get_data_by_method($_POST,"submit");
 
    $user = get_data_by_method($_POST,"username");
 
    $pass = md5(get_data_by_method($_POST,"password"));
 
    if(!isset($db_user)){$db_user = false;}
 
    if(!isset($db_pass)){$db_pass = false;}
 
 
 
    $username = "";
 
    $password = "";
 
    $host = "";
 
    $database = "";
 
    mysql_connect($host,$username,$password) or die("Cannot connect to the database.<br>" . mysql_error());
 
    mysql_select_db($database) or die("Cannot select the database.<br>" . mysql_error());
 
    $result = mysql_query("SELECT username,password FROM userdata WHERE username='".$user."' and password='".$pass."';");
 
    while ($row = mysql_fetch_array($result, MYSQL_BOTH)) {
 
        $db_user = $row["username"];
 
        $db_pass = $row["password"];
 
    }
 
 
 
    if(!$db_user || !$db_pass){ echo "couldnt get informtion"; }
 
    else{
 
        if($db_user == $user && $db_pass == $pass){
 
           $_SESSION['username'] = $db_user;
 
            echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
 
        }
 
        else{ echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>"; }
 
    }
 
    mysql_free_result($result);
 
?>
 
 
  1.  
  2. <?
  3.  
  4.     function get_data_by_method($method_hash,$element){
  5.  
  6.         foreach ($method_hash as $key => $value){
  7.  
  8.             if($key == $element){ return $value; }
  9.  
  10.         }
  11.  
  12.         return "";
  13.  
  14.     }
  15.  
  16.  
  17.  
  18.  
  19.  
  20.   $submit = get_data_by_method($_POST,"submit");
  21.  
  22.     $user = get_data_by_method($_POST,"username");
  23.  
  24.     $pass = md5(get_data_by_method($_POST,"password"));
  25.  
  26.     if(!isset($db_user)){$db_user = false;}
  27.  
  28.     if(!isset($db_pass)){$db_pass = false;}
  29.  
  30.  
  31.  
  32.     $username = "";
  33.  
  34.     $password = "";
  35.  
  36.     $host = "";
  37.  
  38.     $database = "";
  39.  
  40.     mysql_connect($host,$username,$password) or die("Cannot connect to the database.<br>" . mysql_error());
  41.  
  42.     mysql_select_db($database) or die("Cannot select the database.<br>" . mysql_error());
  43.  
  44.     $result = mysql_query("SELECT username,password FROM userdata WHERE username='".$user."' and password='".$pass."';");
  45.  
  46.     while ($row = mysql_fetch_array($result, MYSQL_BOTH)) {
  47.  
  48.         $db_user = $row["username"];
  49.  
  50.         $db_pass = $row["password"];
  51.  
  52.     }
  53.  
  54.  
  55.  
  56.     if(!$db_user || !$db_pass){ echo "couldnt get informtion"; }
  57.  
  58.     else{
  59.  
  60.         if($db_user == $user && $db_pass == $pass){
  61.  
  62.            $_SESSION['username'] = $db_user;
  63.  
  64.             echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
  65.  
  66.         }
  67.  
  68.         else{ echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>"; }
  69.  
  70.     }
  71.  
  72.     mysql_free_result($result);
  73.  
  74. ?>
  75.  
  76.  



Then, on any page you wish to protect with a login:

PHP Code: [ Select ]
 
 
 
<?
 
  if(!$_SESSION['username']){header("Location: login.php");}
 
?>
 
 
 
 
  1.  
  2.  
  3.  
  4. <?
  5.  
  6.   if(!$_SESSION['username']){header("Location: login.php");}
  7.  
  8. ?>
  9.  
  10.  
  11.  
  12.  


Then, when you want to log out:
PHP Code: [ Select ]
 
<?
 
  $_SESSION['username'] = false;
 
  session_destroy();
 
?>
 
 
 
 
 
Give that a try instead of cookies.
 
 
 
.c
  1.  
  2. <?
  3.  
  4.   $_SESSION['username'] = false;
  5.  
  6.   session_destroy();
  7.  
  8. ?>
  9.  
  10.  
  11.  
  12.  
  13.  
  14. Give that a try instead of cookies.
  15.  
  16.  
  17.  
  18. .c
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

i fixed it carnix! read topic title :P [solved]
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

Ah, excellent!
.c
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

one thing though :$

i created a news script to add/edit/delete from a dbase.

But i got a table like this...

Code: [ Select ]
<table width="90%" height="109" border="1" cellpadding="0" cellspacing="0" bordercolor="666666" class="newstable">
       <tr>
        <td height="21" class="news_title">Title</td>
       </tr>
       <tr>
        <td height="63" align="right" valign="bottom" class="news_bg"><br>
         <font size="2" face="Verdana, Arial, Helvetica, sans-serif"><em><br>
         Click here for more...</em></font></td>
       </tr>
       <tr>
        <td height="12" class="news_title">
         <div align="right"><font size="1" face="Verdana, Arial, Helvetica, sans-serif">Posted
          By: $USER Date: $Date</font></div></td>
       </tr>
      </table>
      <br>
  1. <table width="90%" height="109" border="1" cellpadding="0" cellspacing="0" bordercolor="666666" class="newstable">
  2.        <tr>
  3.         <td height="21" class="news_title">Title</td>
  4.        </tr>
  5.        <tr>
  6.         <td height="63" align="right" valign="bottom" class="news_bg"><br>
  7.          <font size="2" face="Verdana, Arial, Helvetica, sans-serif"><em><br>
  8.          Click here for more...</em></font></td>
  9.        </tr>
  10.        <tr>
  11.         <td height="12" class="news_title">
  12.          <div align="right"><font size="1" face="Verdana, Arial, Helvetica, sans-serif">Posted
  13.           By: $USER Date: $Date</font></div></td>
  14.        </tr>
  15.       </table>
  16.       <br>


i connect to dbase, and "SELECT * FROM news WHERE"...

How do i insert this on to the table and make it loop until it has input all the news? there is an id on the news table btw.
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

dont worry, i done it.

Post Information

  • Total Posts in this topic: 51 posts
  • Users browsing this forum: No registered users and 39 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2016. Ozzu® is a registered trademark of Unmelted, LLC.