Jump to content

CoconutJJ

Members
  • Posts

    4
  • Joined

  • Last visited

CoconutJJ's Achievements

Newbie

Newbie (1/7)

1

Reputation

  1. Here's a fully working login system. Where users can sign up and access a members page. Features Include: - Login & Sign Up Page - Members Page Only **NOTE: I have not added any security code, you'll need to add this by yourself...** Step 1: Creating a Login and Sign Up Form. This will be a simple login page where users can enter their username and password, then click the submit button to access the members page. "login.php" will be the script that will be executed when they login. This processes the user information entered to check the validity through a database of users. HTML LOGIN FORM:<form method="post" action="login.php"><input type="text" placeholder="username" name="username"><input type="password" placeholder="password" name="password"><input type="submit" value="Submit"></form> This will be a simple register page where users can enter their desired username and password, then click the submit button to register button to make an account. "register.php" will be the script that will be executed when they register. This processes the user information and enters the information to the database <form method="post" action="register.php"><input type="text" placeholder="Desired Username"><input type="password" placeholder="Desired Password"><input type="password" placeholder="Password Again"><input type="submit" value="Register"></form> Step 2: Creating the login.php and register.php scripts Login Script<?phpsession_start(); //Starts User Session... will explain laterinclude("connect.php")//I'm going to assume you know how to connect to a database.$username = $_POST["username"];$password = $_POST["password"];//Sanitize DATA HERE//Assuming you have the corresponding column names...$q = mysqli_query($connect, "SELECT * FROM users WHERE username='$username' AND password='$password' ")$numrows = mysqli_num_rows($q);//Here we get the number of rows that correspond with the users informationif($numrows == 1){//If the number of rows is equal to 1, let them loginwhile($rows = mysqli_fetch_assoc($q)){//Here we retrieve values from database and initiate SESSION Variables $_SESSION["username"] = $row["username"]; $_SESSION["password"] = $row["password"];}header("location: memberspage.php")//redirect to members page... information correct.} else {header("location: index.php")//go back to login page... information incorrect.//error message here...} Register Script<?phpsession_start(); //Starts User Session... will explain laterinclude("connect.php")//I'm going to assume you know how to connect to a database.$username = $_POST["username"];$password = $_POST["password"];$password2 = $_POST["confirm"];//Sanitize DATA HEREif($password == $password2){//Assuming you have the corresponding column names...$q = mysqli_query($connect, "SELECT * FROM users WHERE username='$username'")$numrows = mysqli_num_rows($q);//Check if username is taken...if($numrows == 0){//If the number of rows is equal to 0, let them register$q = mysqli_query($connect, "INSERT INTO users (username, password) VALUES ('$username', '$password")header("location: index.php")//redirect to login page//login success message here} else {header("location: index.php")//go back to login page//username taken message}} else {//password no match message} Step 3: Members Page This is the members page... you can only access this page after login. memberspage.php<?phpif(!isset($_SESSION["username"])){//IF user is not logged in, redirect to login page. This checks whether the username session var has been created yet.header("location: index.php");}//else... load the members page?><!DOCTYPE html><!--HTML HERE FOR MEMBERS PAGE--> This is pretty much it... Remember to change column names where necessary... Don't forget the connect.php file ! Its is suggested you change mysqli_query() to prepared statements. You can do this on your own.
  2. I have a problem with the jQuery AJAX Append function. Everytime I append a comment to the <span>, not only does it append that single one, but also replicates every other comment dynamically generated by the PHP. So I end up with multiple repeated comments. However, the repeated comments aren't stored in the database, so whenever I refresh the page, it goes away. How can I prevent this without refreshing the page everytime? PHP: To display all comments <span id="commentHint"></span><?phpecho "<b>$comment_user said:</b><small>$comment_time</small><br>"; echo "$comment<br>";?> AJAX: Comment On Submit <script> $(document).ready(function () { var form = $('#form'); var submit = $('#submit'); form.on('submit', function (e) { // prevent default action e.preventDefault(); // send ajax request $.ajax({ url: 'commentpost.php', type: 'POST', cache: false, data: form.serialize(), beforeSend: function () { // change submit button value text and disabled it submit.val('Submitting...').attr('disabled', 'disabled'); }, success: function (data) { var item = data; $('#commentHint').append(item); //Appends it to div. form.trigger('reset'); submit.val('Submit Comment').removeAttr('disabled'); }, error: function (e) { alert(e); } }); }); });</script>
  3. UPDATE FROM users SET column_name = 'DATA', column_name = 'DATA', column_name = 'DATA', WHERE column_name='DATA'
  4. CoconutJJ

    hash in PHP

    Hi RaRa3, I'm not quite sure about the question you're asking but here is how you would hash a password and insert it into a database Your HTML <form> element should be a POST request. (Using GET requests for passwords is a bad idea) It should look like this <form action="" method="post">...</form> <?php //CORRECTED VERSION//GET ALL THE VALUES AND STORE THEM INTO VARIABLES$firstname = $_POST["firstName"];$lastname = $_POST["lastName"];$user = $_POST["username"]$pass = $_POST["pass"]; //We first store the value of the password to $pass$email = $_POST["email"];$address = $_POST["address"];//HASH PASSWORD$pass = md5($pass); //We hash the value of $pass//INSERT THEM INTO DATABASE$sql = "INSERT INTO UserAccount (firstName, lastName, userName, password, email, address) VALUES ('$firstname','$lastname','$user','$pass','$email','$address')";$res=mysql_query($sql); //We INSERT $pass(HASHED) into the database, not $_POST["pass"](NOT HASHED) <?php //start php tag//include connect.php page for database connectioninclude('connect.php');//if submit is not blanked i.e. it is clicked.if(isset($_POST['submit'])) { //You do not need the !="". This line is enough for checking if a button has been clicked$firstname = $_POST["firstName"];$lastname = $_POST["lastName"];$user = $_POST["username"]$pass = $_POST["pass"];$email = $_POST["email"];$address = $_POST["address"];if(empty($firstname) || empty($lastname) || empty($user) || empty($pass) || empty($email) || empty($address)) { //Try using the built in empty() function to detect blank fields. Much easierEcho "Please fill the empty field(s).";}Else{//////////REPLACE THIS WITH CODE IN THE ABOVE SECTION//////////////$sql = "INSERT INTO UserAccount (firstName, lastName, userName, password, email, address) VALUES ('$_POST[firstName]','$_POST[lastName]','$_POST[user]','$_POST[pass]','$_POST[email]','$_POST[address]')";$password = md5($pass);$res=mysql_query($sql);This code will not work.. Notice how you have not defined $pass or $password yet? and your values are directly taken from a POST[] Request///////////////////////////////////////////////////////////////////if($res){Echo "Thank you for signing up";}Else{Echo "There is some problem in inserting record";}}}?> Tips for next time: 1. You should really start using mysqli_query since mysql_query is deprecated 2. When you're getting a value from a form please first store it into a variable first. Then you can manipulate the variable. 3. This code is insecure, you should use functions such as mysql_real_escape_string() or stripslashes() to prevent SQL INJECTION Measures. 4. Always use POST[] requests when handling sensitive data (passwords etc.). I'd prefer you stay away from the REQUEST[] operator.
×
×
  • Create New...