KYKK Posted April 28, 2008 Share Posted April 28, 2008 Hi, so i know how to connect to the sql data table, and i know how to put login and password box, but how do i Lock it from ppl can not login, so they can't see the page ? Link to comment Share on other sites More sharing options...
justsomeguy Posted April 28, 2008 Share Posted April 28, 2008 You need to check on each page if the user has logged in. Most people use sessions to keep track of that. Link to comment Share on other sites More sharing options...
KYKK Posted April 28, 2008 Author Share Posted April 28, 2008 um.. ok now i find out a problem..i can even login with a username and password that not registered..so how do i say Username in some table have the same passwords like how do i check to see if they enter the username with the right password ?so i connect the sql <?php$con = mysql_connect("localhost","peter","abc123");if (!$con) { die('Could not connect: ' . mysql_error()); }// some codemysql_close($con);?> then i set ..do i set the sql database or the table name ? $result = mysql_query("SELECT * FROM mybb_user"); then im lost... idk how to ask for the username for the right password,... thanks Link to comment Share on other sites More sharing options...
justsomeguy Posted April 28, 2008 Share Posted April 28, 2008 $result = mysql_query("SELECT password FROM mybb_user WHERE username='{$user}'");Then check the password field of the result to make sure it matches what they submitted. You can also use mysql_num_rows to make sure that $result has at least 1 result, if it has 0 then the username wasn't found. Link to comment Share on other sites More sharing options...
KYKK Posted April 29, 2008 Author Share Posted April 29, 2008 wait i say userNameField$result = mysql_query("SELECT password FROM mybb_user WHERE username='{$user}'"); or just $result.....?and this my codeis it how i suppose to be? thanks you.. i load it to http://ksbsm.co.cc/Strategy/log.htm <?xml version="1.0" encoding="[CONTENT_ENCODING/]"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="[LANG_CODE/]" lang="[LANG_CODE/]" dir="[bASE_DIRECTION/]"><head><meta http-equiv="Content-Type" content="[CONTENT_TYPE/]" /><title>KS Chat</title><style type="text/css">body {padding:0;margin:0;}</style><!--[if lt IE 7]><link rel="stylesheet" type="text/css" href="css/ie5-6.css"/><![endif]--><script src="js/chat.js" type="text/javascript" charset="UTF-8"></script><script src="js/lang/[LANG_CODE/].js" type="text/javascript" charset="UTF-8"></script><script src="js/config.js" type="text/javascript" charset="UTF-8"></script><script type="text/javascript">// <![CDATA[function handleLogin() {var loginForm = document.getElementById('loginForm');var userNameField = document.getElementById('userNameField');var passwordField = document.getElementById('passwordField');var channelField = document.getElementById('channelField');var redirectField = document.getElementById('redirectField');if(passwordField.value.length == 0) {// IE fails to set the form action attribute if a form element with the name "action" exists,// so we just remove this element as a workaraound:var actionField = document.getElementById('actionField');actionField.parentNode.removeChild(actionField);loginForm.setAttribute('action', 'home.htm');userNameField.setAttribute('name', 'userName');} else {var regExp = /\?/;if(regExp.test(redirectField.value)) {redirectField.value += '&';} else {return true;}// ]]></script></head><?php$con = mysql_connect("localhost","ksbsm_ks","@@11@@oo");if (!$con) { die('Could not connect: ' . mysql_error()); }//mysql_close($con);$result = mysql_query("SELECT * FROM mybb_user");$result = mysql_query("SELECT password FROM mybb_user WHERE username='{$user}'");?><body onload="initializeLoginPage();"><div id="loginContent"><div id="loginHeadlineContainer"><h1>KS Chat</h1><h5></div><form id="loginForm" action="home.htm" method="post" enctype="application/x-www-form-urlencoded" onsubmit="return handleLogin();"><div id="loginFormContainer"><input type="hidden" name="action" id="actionField" value="do_login"/><input type="hidden" name="url" id="redirectField" value="home.htm"/><div><label for="userNameField">userName:</label><br /><input type="text" name="username" id="userNameField" maxlength="[uSER_NAME_MAX_LENGTH/]"/></div><div><label for="passwordField">password:</label><br /><input type="password" name="password" id="passwordField"/></div><div><input type="submit" name="submit" id="loginButton" value="login"/></div></form></div></body></html> Link to comment Share on other sites More sharing options...
justsomeguy Posted April 29, 2008 Share Posted April 29, 2008 First off, what are you doing with this Javascript function: function handleLogin() {var loginForm = document.getElementById('loginForm');var userNameField = document.getElementById('userNameField');var passwordField = document.getElementById('passwordField');var channelField = document.getElementById('channelField');var redirectField = document.getElementById('redirectField');if(passwordField.value.length == 0) {// IE fails to set the form action attribute if a form element with the name "action" exists,// so we just remove this element as a workaraound:var actionField = document.getElementById('actionField');actionField.parentNode.removeChild(actionField);loginForm.setAttribute('action', 'home.htm');userNameField.setAttribute('name', 'userName');} else {var regExp = /\?/;if(regExp.test(redirectField.value)) {redirectField.value += '&';} else {return true;} Look at what that function does. If the password field is blank then it removes a hidden form element, sets the action of the form to what it already is, and then sets the name of the username field to what it already is. If the password is not blank then it checks if the redirect field has a question mark in it and, if so, adds an ampersand to the end of it. I have no clue what the purpose of any of that is or why you have it there, it's not doing anything useful as far as I can tell.You put your PHP code right in the middle of the HTML code. It should probably go at the top. If the PHP code isn't running, you might need to rename the file to .php (unless the server is set up to send .htm files to PHP). Your PHP code connects to the database, then immediately closes the connection. Obviously that's not going to work, you need the connection to still be open if you're going to use the database. You can name the variable whatever you want (as long as it's a legal variable name), but you can use the line of code I gave you to get the password from the database for whatever the username was that was typed in. You should also read this thread for more information about processing forms and logging people in:http://w3schools.invisionzone.com/index.php?showtopic=12509 Link to comment Share on other sites More sharing options...
KYKK Posted April 29, 2008 Author Share Posted April 29, 2008 oop because i started this with a chat system.. so i copy it and edit...i was editing the form part forgot to edit the top part... .... ok i put the sql close tag behind the results.. then i delete the unusefull stuff. now where i do put if password match the username then jump to page...elsejump to login fail page..like that how do i put it and where ? under the submit button or under the results ?thanks Link to comment Share on other sites More sharing options...
justsomeguy Posted April 29, 2008 Share Posted April 29, 2008 Put the PHP code on the top of the page, before any HTML code. You want to check if they logged in and redirect before you show any of the page, the PHP goes on top. Link to comment Share on other sites More sharing options...
KYKK Posted April 30, 2008 Author Share Posted April 30, 2008 ook so i need to put the check on my page that links to the submit button....how do i check to see if they logged in? i don;t see anything in the tutorial....thanks Link to comment Share on other sites More sharing options...
Synook Posted April 30, 2008 Share Posted April 30, 2008 You can use a session variable. Link to comment Share on other sites More sharing options...
KYKK Posted April 30, 2008 Author Share Posted April 30, 2008 So i have a login page and the page i want to lock.. so this my login form <?php$con = mysql_connect("localhost","ksbsm_ks","@@11@@oo");if (!$con) { die('Could not connect: ' . mysql_error()); }$result = mysql_query("SELECT * FROM mybb_user");$result = mysql_query("SELECT password FROM mybb_user WHERE username='{$mybb_users}'");mysql_close($con);?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="[LANG_CODE/]" lang="[LANG_CODE/]" dir="[bASE_DIRECTION/]"><head><meta http-equiv="Content-Type" content="[CONTENT_TYPE/]" /></head><body onload="initializeLoginPage();"><div id="loginContent"><div id="loginHeadlineContainer"></div><form id="loginForm" action="home.htm" method="post" enctype="application/x-www-form-urlencoded" onsubmit="return handleLogin();"><div id="loginFormContainer"><input type="hidden" name="action" id="actionField" value="do_login"/><input type="hidden" name="url" id="redirectField" value="logs.htm"/><div><label for="userNameField">Username:</label><br /><input type="text" name="username" id="userNameField" maxlength="[uSER_NAME_MAX_LENGTH/]"/></div><div><label for="passwordField">Password:</label><br /><input type="password" name="password" id="passwordField"/></div><div><input type="submit" name="submit" id="loginButton" value="login"/></div></form></div></body></html> and this my page want to log.. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>無標題文件</title></head><body>You have login with username and password</body></html> and question is what sessions do i put in the locked page to check to see if login sucessful ?i think the form is all right but the locked one didn;t set to stop ppl without login..so here my guess..the cookie way..<?php session_start( PUT COOKIE ); ?> on the form page then say end cookie when leave the locked page <?php//retrieve session dataecho "Pageviews=". $_SESSION['views'];?> and say check to see if there cookie ???it say Storing a Session Variable in the w3school and is it saying storing cookie ? or ??....idk thanks for helping ^^ Link to comment Share on other sites More sharing options...
justsomeguy Posted April 30, 2008 Share Posted April 30, 2008 Check this thread, there's a post all about logging in and using the session:http://w3schools.invisionzone.com/index.php?showtopic=12509 Link to comment Share on other sites More sharing options...
KYKK Posted May 1, 2008 Author Share Posted May 1, 2008 ook cool i will read them... it very very long...oo i find a problem i used MyBB forums and it change the password into some code will be matter ? so my password is 6 letter and it chagne to 5bd913e4a9549e34d1e55c18fff1315a will it ""match"" the password like that ?so this the login.php like you said i change the e-mail to password <?phpsession_start();require_once 'db.php';$page_mode = isset($_POST['page_mode']) ? $_POST['page_mode'] : '';$error_string = '';if ($page_mode == 'login'){ $username = $_POST['username']; $password = $_POST['password']; if (trim($username) == '' || trim($password) == '') $error_string .= 'Please enter your username and password.<br>'; else { $result = db_query("SELECT username,password FROM mybb_users WHERE username='" . mysql_real_escape_string($username) . "'"); if (!($row = mysql_fetch_assoc($result))) $error_string .= 'The username was not found.<br>'; elseif ($row['password'] != sha1($password)) $error_string .= 'The password did not match.<br>'; else { $_SESSION['user_id'] = $row['id']; $_SESSION['username'] = $row['username']; $_SESSION['password'] = $row['password']; header('Location: index.php'); exit(); } }}?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html> <head> <title>Register</title> <style type="text/css"> .error_text { color: #FF0000; width: 400px; text-align: center; } .left_box { float: left; width: 150px; text-align: right; padding-right: 5px; } .right_box { clear: right; } </style> </head> <body> <div class="error_text"><?php echo $error_string; ?></div> <form action="login.php" method="post"> <input type="hidden" name="page_mode" value="login"> <div class="left_box">Username</div> <div class="right_box"><input type="text" name="username" size="30" maxlength="255" value="<?php if (isset($username)) echo $username; ?>"></div> <div class="left_box">Password</div> <div class="right_box"><input type="password" name="password" size="30"></div> <div class="left_box">Â </div> <div class="right_box"><input type="submit" value="Log In" size="30"></div> </form> </body></html> and this the index.. <?phpsession_start();?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html> <head> <title>Index</title> </head> <body> <?php if (isset($_SESSION['user_id'])) { ?> Hello, <?php echo $_SESSION['user_name']; ?>, what do you think you're doing? I'm sorry, <?php echo $_SESSION['user_name']; ?>, I can't let you do that. <br><br> <a href="logout.php">Log out</a> <?php } else { ?> Click <a href="register.php">here</a> to register or click <a href="login.php">here</a> to log in. <?php } ?> </body></html>logout.phpThe final part of this is the log out page, which is linked to if someone is logged in. All the page needs to do is unset everything that was previously set in the session, and redirect back to the index page.CODE<?phpsession_start();unset($_SESSION['user_id']);unset($_SESSION['password']);unset($_SESSION['username']);header('Location: index.php');exit();?> Link to comment Share on other sites More sharing options...
Synook Posted May 1, 2008 Share Posted May 1, 2008 logout.phpThe final part of this is the log out page, which is linked to if someone is logged in. All the page needs to do is unset everything that was previously set in the session, and redirect back to the index page.In that page it is cleaner and more permanent to call session_destroy() (which destroys the session and all its information).so my password is6 letter and it chagne to 5bd913e4a9549e34d1e55c18fff1315a will it ""match"" the password like that ?The passwords are stored as MD5 hashes in the myBB database. You will need to hash the user input as well to check for a match. You seem to be doing that already, however, though through the wrong hashing algorithm (use MD5)elseif ($row['password'] != sha1($password)) Link to comment Share on other sites More sharing options...
KYKK Posted May 1, 2008 Author Share Posted May 1, 2008 so how do i set it to match MD5 hashes codes ?? or hash the password input ? in the w3school it only say how to change some word into code and put code into word didn't say input form... Link to comment Share on other sites More sharing options...
justsomeguy Posted May 1, 2008 Share Posted May 1, 2008 It doesn't matter where the data comes from, it doesn't matter if it's a form or anything else. http://www.php.net/manual/en/function.md5.php Link to comment Share on other sites More sharing options...
KYKK Posted May 1, 2008 Author Share Posted May 1, 2008 umm ok it say string md5 ( string $str [, bool $raw_output ] ) but where do i put it in the form ? php ? can you like add it to my code plz im confuse,,, thanks Link to comment Share on other sites More sharing options...
justsomeguy Posted May 1, 2008 Share Posted May 1, 2008 You just replace sha1 in the line that Synook copied with md5. Link to comment Share on other sites More sharing options...
KYKK Posted May 1, 2008 Author Share Posted May 1, 2008 ok so i change elseif ($row['password'] != sha1($password)) elseif ($row['password'] != string md5 ( string $str [, bool $raw_output ] )($password)) and then it sayParse error: syntax error, unexpected T_STRING in /home/ksbsm/public_html/TESTING/login.php on line 23when i update it to my website y?.. Link to comment Share on other sites More sharing options...
justsomeguy Posted May 2, 2008 Share Posted May 2, 2008 Because you pasted the entire function definition in there.elseif ($row['password'] != md5($password)) Link to comment Share on other sites More sharing options...
KYKK Posted May 2, 2008 Author Share Posted May 2, 2008 ok.. so ... this getting me crazyso this my login.php <?phpsession_start();require_once 'db.php';$page_mode = isset($_POST['page_mode']) ? $_POST['page_mode'] : '';$error_string = '';if ($page_mode == 'login'){ $username = $_POST['username']; $password = $_POST['password']; if (trim($username) == '' || trim($password) == '') $error_string .= 'Please enter your username and password.<br>'; else { $result = db_query("SELECT username,password FROM mybb_users WHERE username='" . mysql_real_escape_string($username) . "'"); if (!($row = mysql_fetch_assoc($result))) $error_string .= 'The username was not found.<br>'; elseif ($row['password'] != md5($password)) $error_string .= 'The password did not match.<br>'; else { $_SESSION['user_id'] = $row['id']; $_SESSION['username'] = $row['username']; $_SESSION['password'] = $row['password']; header('Location: index.php'); exit(); } }}?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html> <head> <title>Register</title> <style type="text/css"> .error_text { color: #FF0000; width: 400px; text-align: center; } .left_box { float: left; width: 150px; text-align: right; padding-right: 5px; } .right_box { clear: right; } </style> </head> <body> <div class="error_text"><?php echo $error_string; ?></div> <form action="login.php" method="post"> <input type="hidden" name="page_mode" value="login"> <div class="left_box">Username</div> <div class="right_box"><input type="text" name="username" size="30" maxlength="255" value="<?php if (isset($username)) echo $username; ?>"></div> <div class="left_box">Password</div> <div class="right_box"><input type="password" name="password" size="30"></div> <div class="left_box">Â </div> <div class="right_box"><input type="submit" value="Log In" size="30"></div> </form> </body></html> and this my index.php <?phpsession_start();?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html> <head> <title>Index</title> </head> <body> <?php if (isset($_SESSION['user_id'])) { ?> Hello, <?php echo $_SESSION['user_name']; ?>, what do you think you're doing? I'm sorry, <?php echo $_SESSION['user_name']; ?>, I can't let you do that. <br><br> <a href="logout.php">Log out</a> <?php } else { ?> Click <a href="register.php">here</a> to register or click <a href="login.php">here</a> to log in. <?php } ?> </body></html>logout.phpThe final part of this is the log out page, which is linked to if someone is logged in. All the page needs to do is unset everything that was previously set in the session, and redirect back to the index page.CODE<?phpsession_start();unset($_SESSION['user_id']);unset($_SESSION['password']);unset($_SESSION['username']);header('Location: index.php');exit();?> it say password don't match.... username not found and username found it correct i test them but password don;t match still ....thanks Link to comment Share on other sites More sharing options...
Synook Posted May 2, 2008 Share Posted May 2, 2008 Try echoing $row['password'] and md5($password). Link to comment Share on other sites More sharing options...
KYKK Posted May 2, 2008 Author Share Posted May 2, 2008 umm that not work.... echo the password don;t work... so yyyyy....thanks very much ^^ Link to comment Share on other sites More sharing options...
Synook Posted May 2, 2008 Share Posted May 2, 2008 Wait does $row['password'] or md5($password) not echo? Link to comment Share on other sites More sharing options...
KYKK Posted May 2, 2008 Author Share Posted May 2, 2008 wait wait can you show me the code i don;t understand what you mean by echoi did elseif change to else echo.....i tried else if ($row['password'] != echo md5($password)) else if (echo $row['password'] != md5($password)) else if ($row[ echo 'password'] != md5($password))............ Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.