Jump to content

login to a group of page


KYKK

Recommended Posts

um.. ok now i find out a problem..i can even login with a username and password that not registered..so how do i say Username in some table have the same passwords like how do i check to see if they enter the username with the right password ?so i connect the sql

<?php$con = mysql_connect("localhost","peter","abc123");if (!$con)  {  die('Could not connect: ' . mysql_error());  }// some codemysql_close($con);?>

then i set ..do i set the sql database or the table name ?

$result = mysql_query("SELECT * FROM mybb_user");

then im lost... idk how to ask for the username for the right password,... thanks

Link to comment
Share on other sites

$result = mysql_query("SELECT password FROM mybb_user WHERE username='{$user}'");Then check the password field of the result to make sure it matches what they submitted. You can also use mysql_num_rows to make sure that $result has at least 1 result, if it has 0 then the username wasn't found.

Link to comment
Share on other sites

wait i say userNameField$result = mysql_query("SELECT password FROM mybb_user WHERE username='{$user}'"); or just $result.....?and this my codeis it how i suppose to be? thanks you.. i load it to http://ksbsm.co.cc/Strategy/log.htm

<?xml version="1.0" encoding="[CONTENT_ENCODING/]"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="[LANG_CODE/]" lang="[LANG_CODE/]" dir="[bASE_DIRECTION/]"><head><meta http-equiv="Content-Type" content="[CONTENT_TYPE/]" /><title>KS Chat</title><style type="text/css">body {padding:0;margin:0;}</style><!--[if lt IE 7]><link rel="stylesheet" type="text/css" href="css/ie5-6.css"/><![endif]--><script src="js/chat.js" type="text/javascript" charset="UTF-8"></script><script src="js/lang/[LANG_CODE/].js" type="text/javascript" charset="UTF-8"></script><script src="js/config.js" type="text/javascript" charset="UTF-8"></script><script type="text/javascript">// <![CDATA[function handleLogin() {var loginForm = document.getElementById('loginForm');var userNameField = document.getElementById('userNameField');var passwordField = document.getElementById('passwordField');var channelField = document.getElementById('channelField');var redirectField = document.getElementById('redirectField');if(passwordField.value.length == 0) {// IE fails to set the form action attribute if a form element with the name "action" exists,// so we just remove this element as a workaraound:var actionField = document.getElementById('actionField');actionField.parentNode.removeChild(actionField);loginForm.setAttribute('action', 'home.htm');userNameField.setAttribute('name', 'userName');} else {var regExp = /\?/;if(regExp.test(redirectField.value)) {redirectField.value += '&';} else {return true;}// ]]></script></head><?php$con = mysql_connect("localhost","ksbsm_ks","@@11@@oo");if (!$con)  {  die('Could not connect: ' . mysql_error());  }//mysql_close($con);$result = mysql_query("SELECT * FROM mybb_user");$result = mysql_query("SELECT password FROM mybb_user WHERE username='{$user}'");?><body onload="initializeLoginPage();"><div id="loginContent"><div id="loginHeadlineContainer"><h1>KS Chat</h1><h5></div><form id="loginForm" action="home.htm" method="post" enctype="application/x-www-form-urlencoded" onsubmit="return handleLogin();"><div id="loginFormContainer"><input type="hidden" name="action" id="actionField" value="do_login"/><input type="hidden" name="url" id="redirectField" value="home.htm"/><div><label for="userNameField">userName:</label><br /><input type="text" name="username" id="userNameField" maxlength="[uSER_NAME_MAX_LENGTH/]"/></div><div><label for="passwordField">password:</label><br /><input type="password" name="password" id="passwordField"/></div><div><input type="submit" name="submit" id="loginButton" value="login"/></div></form></div></body></html>

Link to comment
Share on other sites

First off, what are you doing with this Javascript function:

function handleLogin() {var loginForm = document.getElementById('loginForm');var userNameField = document.getElementById('userNameField');var passwordField = document.getElementById('passwordField');var channelField = document.getElementById('channelField');var redirectField = document.getElementById('redirectField');if(passwordField.value.length == 0) {// IE fails to set the form action attribute if a form element with the name "action" exists,// so we just remove this element as a workaraound:var actionField = document.getElementById('actionField');actionField.parentNode.removeChild(actionField);loginForm.setAttribute('action', 'home.htm');userNameField.setAttribute('name', 'userName');} else {var regExp = /\?/;if(regExp.test(redirectField.value)) {redirectField.value += '&';} else {return true;}

Look at what that function does. If the password field is blank then it removes a hidden form element, sets the action of the form to what it already is, and then sets the name of the username field to what it already is. If the password is not blank then it checks if the redirect field has a question mark in it and, if so, adds an ampersand to the end of it. I have no clue what the purpose of any of that is or why you have it there, it's not doing anything useful as far as I can tell.You put your PHP code right in the middle of the HTML code. It should probably go at the top. If the PHP code isn't running, you might need to rename the file to .php (unless the server is set up to send .htm files to PHP). Your PHP code connects to the database, then immediately closes the connection. Obviously that's not going to work, you need the connection to still be open if you're going to use the database. You can name the variable whatever you want (as long as it's a legal variable name), but you can use the line of code I gave you to get the password from the database for whatever the username was that was typed in. You should also read this thread for more information about processing forms and logging people in:http://w3schools.invisionzone.com/index.php?showtopic=12509

Link to comment
Share on other sites

oop because i started this with a chat system.. so i copy it and edit...i was editing the form part forgot to edit the top part... .... ok i put the sql close tag behind the results.. then i delete the unusefull stuff. now where i do put if password match the username then jump to page...elsejump to login fail page..like that how do i put it and where ? under the submit button or under the results ?thanks

Link to comment
Share on other sites

So i have a login page and the page i want to lock.. so this my login form

<?php$con = mysql_connect("localhost","ksbsm_ks","@@11@@oo");if (!$con)  {  die('Could not connect: ' . mysql_error());  }$result = mysql_query("SELECT * FROM mybb_user");$result = mysql_query("SELECT password FROM mybb_user WHERE username='{$mybb_users}'");mysql_close($con);?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="[LANG_CODE/]" lang="[LANG_CODE/]" dir="[bASE_DIRECTION/]"><head><meta http-equiv="Content-Type" content="[CONTENT_TYPE/]" /></head><body onload="initializeLoginPage();"><div id="loginContent"><div id="loginHeadlineContainer"></div><form id="loginForm" action="home.htm" method="post" enctype="application/x-www-form-urlencoded" onsubmit="return handleLogin();"><div id="loginFormContainer"><input type="hidden" name="action" id="actionField" value="do_login"/><input type="hidden" name="url" id="redirectField" value="logs.htm"/><div><label for="userNameField">Username:</label><br /><input type="text" name="username" id="userNameField" maxlength="[uSER_NAME_MAX_LENGTH/]"/></div><div><label for="passwordField">Password:</label><br /><input type="password" name="password" id="passwordField"/></div><div><input type="submit" name="submit" id="loginButton" value="login"/></div></form></div></body></html>

and this my page want to log..

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>無標題文件</title></head><body>You have login with username and password</body></html>

and question is what sessions do i put in the locked page to check to see if login sucessful ?i think the form is all right but the locked one didn;t set to stop ppl without login..so here my guess..the cookie way..<?php session_start( PUT COOKIE ); ?> on the form page then say end cookie when leave the locked page <?php//retrieve session dataecho "Pageviews=". $_SESSION['views'];?> and say check to see if there cookie ???it say Storing a Session Variable in the w3school and is it saying storing cookie ? or ??....idk thanks for helping ^^

Link to comment
Share on other sites

ook cool i will read them... it very very long...oo i find a problem i used MyBB forums and it change the password into some code will be matter ? so my password is 6 letter and it chagne to 5bd913e4a9549e34d1e55c18fff1315a will it ""match"" the password like that ?so this the login.php like you said i change the e-mail to password

<?phpsession_start();require_once 'db.php';$page_mode = isset($_POST['page_mode']) ? $_POST['page_mode'] : '';$error_string = '';if ($page_mode == 'login'){  $username = $_POST['username'];  $password = $_POST['password'];  if (trim($username) == '' || trim($password) == '')    $error_string .= 'Please enter your username and password.<br>';  else  {    $result = db_query("SELECT username,password FROM mybb_users WHERE username='" . mysql_real_escape_string($username) . "'");    if (!($row = mysql_fetch_assoc($result)))      $error_string .= 'The username was not found.<br>';    elseif ($row['password'] != sha1($password))      $error_string .= 'The password did not match.<br>';    else    {      $_SESSION['user_id'] = $row['id'];      $_SESSION['username'] = $row['username'];      $_SESSION['password'] = $row['password'];      header('Location: index.php');      exit();    }  }}?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>  <head>    <title>Register</title>    <style type="text/css">    .error_text {      color: #FF0000;      width: 400px;      text-align: center;    }    .left_box {      float: left;      width: 150px;      text-align: right;      padding-right: 5px;    }    .right_box {      clear: right;    }    </style>  </head>  <body>    <div class="error_text"><?php echo $error_string; ?></div>    <form action="login.php" method="post">    <input type="hidden" name="page_mode" value="login">    <div class="left_box">Username</div>    <div class="right_box"><input type="text" name="username" size="30" maxlength="255" value="<?php if (isset($username)) echo $username; ?>"></div>    <div class="left_box">Password</div>    <div class="right_box"><input type="password" name="password" size="30"></div>    <div class="left_box"> </div>    <div class="right_box"><input type="submit" value="Log In" size="30"></div>    </form>  </body></html>

and this the index..

<?phpsession_start();?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>  <head>    <title>Index</title>  </head>  <body>    <?php    if (isset($_SESSION['user_id']))    {    ?>    Hello, <?php echo $_SESSION['user_name']; ?>, what do you think you're doing?  I'm sorry, <?php echo $_SESSION['user_name']; ?>, I can't let you do that.    <br><br>    <a href="logout.php">Log out</a>    <?php    }    else    {    ?>    Click <a href="register.php">here</a> to register or click <a href="login.php">here</a> to log in.    <?php    }    ?>  </body></html>logout.phpThe final part of this is the log out page, which is linked to if someone is logged in. All the page needs to do is unset everything that was previously set in the session, and redirect back to the index page.CODE<?phpsession_start();unset($_SESSION['user_id']);unset($_SESSION['password']);unset($_SESSION['username']);header('Location: index.php');exit();?>

Link to comment
Share on other sites

logout.phpThe final part of this is the log out page, which is linked to if someone is logged in. All the page needs to do is unset everything that was previously set in the session, and redirect back to the index page.
In that page it is cleaner and more permanent to call session_destroy() (which destroys the session and all its information).
so my password is6 letter and it chagne to 5bd913e4a9549e34d1e55c18fff1315a will it ""match"" the password like that ?
The passwords are stored as MD5 hashes in the myBB database. You will need to hash the user input as well to check for a match. You seem to be doing that already, however, though through the wrong hashing algorithm (use MD5)
elseif ($row['password'] != sha1($password))

Link to comment
Share on other sites

so how do i set it to match MD5 hashes codes ?? or hash the password input ? in the w3school it only say how to change some word into code and put code into word didn't say input form...

Link to comment
Share on other sites

umm ok it say string md5 ( string $str [, bool $raw_output ] ) but where do i put it in the form ? php ? can you like add it to my code plz im confuse,,, thanks

Link to comment
Share on other sites

ok so i change

    elseif ($row['password'] != sha1($password))

    elseif ($row['password'] != string md5  ( string $str  [, bool $raw_output  ] )($password))

and then it sayParse error: syntax error, unexpected T_STRING in /home/ksbsm/public_html/TESTING/login.php on line 23when i update it to my website y?..

Link to comment
Share on other sites

ok.. so ... this getting me crazyso this my login.php

<?phpsession_start();require_once 'db.php';$page_mode = isset($_POST['page_mode']) ? $_POST['page_mode'] : '';$error_string = '';if ($page_mode == 'login'){  $username = $_POST['username'];  $password = $_POST['password'];  if (trim($username) == '' || trim($password) == '')    $error_string .= 'Please enter your username and password.<br>';  else  {    $result = db_query("SELECT username,password FROM mybb_users WHERE username='" . mysql_real_escape_string($username) . "'");    if (!($row = mysql_fetch_assoc($result)))      $error_string .= 'The username was not found.<br>';    elseif ($row['password'] != md5($password))      $error_string .= 'The password did not match.<br>';    else    {      $_SESSION['user_id'] = $row['id'];      $_SESSION['username'] = $row['username'];      $_SESSION['password'] = $row['password'];      header('Location: index.php');      exit();    }  }}?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>  <head>    <title>Register</title>    <style type="text/css">    .error_text {      color: #FF0000;      width: 400px;      text-align: center;    }    .left_box {      float: left;      width: 150px;      text-align: right;      padding-right: 5px;    }    .right_box {      clear: right;    }    </style>  </head>  <body>    <div class="error_text"><?php echo $error_string; ?></div>    <form action="login.php" method="post">    <input type="hidden" name="page_mode" value="login">    <div class="left_box">Username</div>    <div class="right_box"><input type="text" name="username" size="30" maxlength="255" value="<?php if (isset($username)) echo $username; ?>"></div>    <div class="left_box">Password</div>    <div class="right_box"><input type="password" name="password" size="30"></div>    <div class="left_box"> </div>    <div class="right_box"><input type="submit" value="Log In" size="30"></div>    </form>  </body></html>

and this my index.php

<?phpsession_start();?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>  <head>    <title>Index</title>  </head>  <body>    <?php    if (isset($_SESSION['user_id']))    {    ?>    Hello, <?php echo $_SESSION['user_name']; ?>, what do you think you're doing?  I'm sorry, <?php echo $_SESSION['user_name']; ?>, I can't let you do that.    <br><br>    <a href="logout.php">Log out</a>    <?php    }    else    {    ?>    Click <a href="register.php">here</a> to register or click <a href="login.php">here</a> to log in.    <?php    }    ?>  </body></html>logout.phpThe final part of this is the log out page, which is linked to if someone is logged in. All the page needs to do is unset everything that was previously set in the session, and redirect back to the index page.CODE<?phpsession_start();unset($_SESSION['user_id']);unset($_SESSION['password']);unset($_SESSION['username']);header('Location: index.php');exit();?>

it say password don't match.... username not found and username found it correct i test them but password don;t match still ....thanks

Link to comment
Share on other sites

Try echoing $row['password'] and md5($password).

Link to comment
Share on other sites

Wait does $row['password'] or md5($password) not echo?

Link to comment
Share on other sites

wait wait can you show me the code i don;t understand what you mean by echoi did elseif change to else echo.....i tried else if ($row['password'] != echo md5($password)) else if (echo $row['password'] != md5($password)) else if ($row[ echo 'password'] != md5($password))............

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...