Jump to content

Login script

vytas

By vytas
in PHP

 Share

Recommended Posts

vytas Member

vytas

Posted
Posted

I want to make a login script but i don't know how.I already got this.

<?php$con = mysql_connect("localhost","mypass","lol");if (!$con){echo "there has been a error logging in";}mysql_select_db("vytas_forum", $con);if ($_POST['user']==mysql_query("select User from Admins")){echo "u have been succesfully logged in";}if ($_POST['user']!=mysql_query("select User from Admins")){echo "So u want to hack this person ur acount has been banned !". mysql_error();}mysql_close($con);?>I already got it connected to my database , and have a a table called vytas_form.With the rows ID , User , Pass.Can some1 help me make the script ?
Link to comment
Share on other sites
MrAdam Member

MrAdam

Posted
Posted

you got the basic idea.. but you don't seem to understand parts of it...

if ($_POST['user']==mysql_query("select User from Admins")){echo "u have been succesfully logged in";}

You don't seem to be using POST right. If you are wanting to send the sql string in the POST method (which i wouldn't recommend - big security risk!) you would have to send just the string and not "mysql_query(..)" - then run the sql after returning the string.But, i don't think that's what you are trying to do .. i'd use:

// include all your connection code$query = mysql_query("SELECT * FROM vytas_form WHERE User = '{$_POST['username']}' AND Pass = '{md5($_POST['password'])}'");if ($query) {   $_SESSION['username'] = $_POST['username'];   $_SESSION['password'] = md5($_POST['password']);   print "You have been logged in...";} else {   print "Your username or password are wrong...";}

Broken down:The first 2 lines are to query the database, the sql string means: "select everything from the vytas_form table where the 'User' field and the 'Pass' field are equal to the values the user entered." The md5() function calculate the md5 hash of a string - an irreversible code basically.The next part is an 'if' to check if the query was successful. IF it was, the username is stored within a session - for future use - and some information printed to the user and now the user is effectively "logged in". IF the query was unsuccessful, this means the user does not exist in the database and so an error message is printed to the user.To use this script, you'll need to create a login form with the inputs named "username" and "password" - though you can change the POST name ($_POST['__name__'] ) within the script.

Link to comment
Share on other sites
vytas Member

vytas

Posted
  • Author
Posted

Yea i quite understand more now.But still got problems with PHP MySQL but every day i learn more :)

Link to comment
Share on other sites
Matpatnik Member

Matpatnik

Posted
Posted

Hi guys, I found this script somewhere on the net few month ago and it was working fine but a soon as I try to include_once() in my page it keep asking the login every time that I send the login informationthis is the code:

$username =  this;$password =  is_me;function authenticate() {  Header( "WWW-authenticate: basic realm=\"Protected\"");  Header( "HTTP/1.0 401 Unauthorized");  echo   "You must enter a valid login ID and password!";  exit;}function CheckPwd($user,$pass) {  global $username,$password;  return ($user != $username || $pass != $password) ? false : true;}if(!isset($PHP_AUTH_USER)) {  authenticate();}elseif(!CheckPwd($PHP_AUTH_USER,$PHP_AUTH_PW)) {  authenticate();}

I was using this code on every page and decide to include it from a different page.is the pulpfiction link code is better for an administration panel?

Link to comment
Share on other sites
vytas Member

vytas

Posted
  • Author
Posted

Ok i need some help now.I am going to make a online game with some of my friends,And i am getting to the PHP part of the thing.I want to register the users.here's the code ( i already gathered the info threw POST )

<?php$con = mysql_connect("localhost","vytas_php","gerald");if (!$con){echo "error:". mysql_error();}mysql_select_db("vytas_forum",$con);$query = mysql_query ("insert into Admins (User,Pass,ID) values  ('{$_POST['user']}','{$_POST['pass']}','{$_POST['2']}');if ($query){echo "u have been succesfully registered.";}else{echo "there whas an error";}?>

Link to comment
Share on other sites
Anders Moen Invested Member

Anders Moen

Posted
Posted

Okay, here's my updated post with the login script :)

<?phpsession_start(); // use this code on top of all pages.?><html><head><title>Login</title></head><body><?php$db=mysql_connect("lcoalhost", "username", "password");mysql_select_db("database_name", $db);	$username = htmlentities($_POST['username']);	$password = htmlentities($_POST['password']);		$username = mysql_real_escape_string($username);	$password = mysql_real_escape_string($password);	$query = mysql_query("SELECT username, password FROM medlemmer WHERE username = '$username' AND password = '$password'");		if(mysql_num_rows($query) == 1 OR $_SESSION['online'] == true ) {	$_SESSION['online'] = true;	echo "Welcome $username!		  ";	}	else {   echo "<form action=\"\" method=\"post\"><p>Brukernavn</p><input type=\"text\" name=\"username\" /><br /><p>Passord:</p><input type=\"password\" name=\"password\" /><br /><br /><input type=\"submit\" value=\"Logg inn\" /></form>	";	}mysql_close($db);?></body></html>

If something's not right, tell me :)

Link to comment
Share on other sites
vytas Member

vytas

Posted
  • Author
Posted

Ok , i tryd to make sense of it but it's still hard.And the register code, i still dont get how to use the $_POST[''] in the mysql_query.

Link to comment
Share on other sites
Anders Moen Invested Member

Anders Moen

Posted
Posted

That's not a register code, that one's a login code.But I have a registration code too :)

register.php:<html><head><title>Register</title></head><body><?php if($_POST['submit']) { $mysql_host = "localhost";$mysql_user = "username";$mysql_pass = "password";$mysql_db = "database_name";$mysql_tabell = "table_the_registered_should_be_laid"; // I'd recommend the same as the login code uses because then they can logg in immidietely$mysql_link = mysql_connect ($mysql_host, $mysql_user, $mysql_pass) or die ("ERROR!"); mysql_select_db ($mysql_db) or die ("ERROR!"); $name = htmlspecialchars(strip_tags($_POST['name']));$email = htmlspecialchars(strip_tags($_POST['email']));$username = htmlspecialchars(strip_tags($_POST['username']));$password = htmlspecialchars(strip_tags($_POST['password'])); $mysql_query = "INSERT INTO $mysql_tabell (name, email, username, password) VALUES ('$name', '$email', '$username', '$password')";if(mysql_query($mysql_query)) { echo("<strong>You wrote:</strong><br />Name: $name<br />Email: $email<br />Username: $username <br />Password: *hidden*"); } else { echo("An error occured. Check your script, mate."); } } else { echo(" <form action=\"\" method=\"post\"> <p>Name:<br /><input type=\"text\" size=\"40\" name=\"name\" /></p><p>Email<br /><input type=\"text\" size=\"40\" name=\"email\" /></p> <p>Username<br /><input type=\"text\" size=\"40\" name=\"username\" /></p><p>Password:<br /><input type=\"password\" size=\"40\" name=\"password\" /></p> <p><input type=\"submit\" value=\" Register me now!!! \" name=\"submit\" /></p> </form> "); }?></body></html>

Link to comment
Share on other sites
vytas Member

vytas

Posted
  • Author
Posted

I ques i am just a nooby at this kinda stuff.

you got the basic idea.. but you don't seem to understand parts of it...
if ($_POST['user']==mysql_query("select User from Admins")){echo "u have been succesfully logged in";}

You don't seem to be using POST right. If you are wanting to send the sql string in the POST method (which i wouldn't recommend - big security risk!) you would have to send just the string and not "mysql_query(..)" - then run the sql after returning the string.But, i don't think that's what you are trying to do .. i'd use:

// include all your connection code$query = mysql_query("SELECT * FROM vytas_form WHERE User = '{$_POST['username']}' AND Pass = '{md5($_POST['password'])}'");if ($query) {   $_SESSION['username'] = $_POST['username'];   $_SESSION['password'] = md5($_POST['password']);   print "You have been logged in...";} else {   print "Your username or password are wrong...";}

Broken down:The first 2 lines are to query the database, the sql string means: "select everything from the vytas_form table where the 'User' field and the 'Pass' field are equal to the values the user entered." The md5() function calculate the md5 hash of a string - an irreversible code basically.The next part is an 'if' to check if the query was successful. IF it was, the username is stored within a session - for future use - and some information printed to the user and now the user is effectively "logged in". IF the query was unsuccessful, this means the user does not exist in the database and so an error message is printed to the user.To use this script, you'll need to create a login form with the inputs named "username" and "password" - though you can change the POST name ($_POST['__name__'] ) within the script.

I get a parse error when i input this code.... It says:Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING
Link to comment
Share on other sites
vytas Member

vytas

Posted
  • Author
Posted
Haha okay. But I can help you if you want to.Either PM or add me to MSN; anders_sm(at)hotmail.com
Ok i am going to add u :)I realy need help on this subject
Link to comment
Share on other sites
MrAdam Member

MrAdam

Posted
Posted
Ok i need some help now.I am going to make a online game with some of my friends,And i am getting to the PHP part of the thing.I want to register the users.here's the code ( i already gathered the info threw POST )
<?php$con = mysql_connect("localhost","vytas_php","gerald");if (!$con){echo "error:". mysql_error();}mysql_select_db("vytas_forum",$con);$query = mysql_query ("insert into Admins (User,Pass,ID) values  ('{$_POST['user']}','{$_POST['pass']}','{$_POST['2']}');if ($query){echo "u have been succesfully registered.";}else{echo "there whas an error";}?>

try this instead:
$query = mysql_query("insert into Admins (User,Pass,ID) values  ('{$_POST['user']}','{$_POST['pass']}','{$_POST['2']}')");

.. you didn't close the function... and the code i gave you before I didn't test it so there could be an error or two. try this:

$query = mysql_query("SELECT * FROM vytas_form WHERE User='{$_POST['username']}' AND Pass='{md5($_POST['password'])}'");

Link to comment
Share on other sites
Anders Moen Invested Member

Anders Moen

Posted
Posted
Cool thx andersmoen,Do I have to write only the <?php session_start(); ?> at the beginning of each page or I have to write all the way to the if statement?
Yep, that's correct Matpatnik.If anyone need a loginscript and registration code (PHP) from me, just add me to MSN (anders_sm(at)hotmail.com). Then I'll send it to you :)They're database driven just so you know
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...