danposs86 Posted April 10, 2007 Share Posted April 10, 2007 what i want to to is link a string to a field in a database. i currently have:$admin_user_name = "admin";but i want 'admin', which is the username, to actually be located on a table (to allow for multiple usernames). i have tried a few things but no idea what to do. the table is called 'site_admin_members' and the field is 'admin_name'.help me please Link to comment Share on other sites More sharing options...
danposs86 Posted April 10, 2007 Author Share Posted April 10, 2007 also i am using this scripting:http://www.phpbuddy.com/article.php?id=23 Link to comment Share on other sites More sharing options...
justsomeguy Posted April 10, 2007 Share Posted April 10, 2007 If you want to look up a user in a database, first you need to get the username and password that the user enters. I think the script you saw already does that. This is how you check a user's password from the database based on their name: $result = mysql_query("SELECT password FROM site_admin_members WHERE admin_name='" . mysql_real_escape_string($_POST['username']) . "'");if ($row = mysql_fetch_assoc($result)){ if ($row['password'] == $_POST['password']) $admin = true; else $admin = false;}else $admin = false; Link to comment Share on other sites More sharing options...
danposs86 Posted April 10, 2007 Author Share Posted April 10, 2007 how would i add your script into the coding i am using?sorry if i seem dumb, just never really ventured this far into php-dom lol Link to comment Share on other sites More sharing options...
justsomeguy Posted April 10, 2007 Share Posted April 10, 2007 Well, I guess you would either copy and paste, or type it. I couldn't say where without seeing your code. Link to comment Share on other sites More sharing options...
danposs86 Posted April 10, 2007 Author Share Posted April 10, 2007 its exactly the same as in the link in my second post: <?php# Simple password protection## (c) http://www.phpbuddy.com# Author: Ranjit Kumar# Feel free to use this script but keep this message intact!# # To protect a page include this file in your PHP pages!session_start();$admin_user_name = "admin";$admin_password = "pass";//you can change the username and password by changing the above two strings if (!isset($HTTP_SESSION_VARS['user'])) { if(isset($HTTP_POST_VARS['u_name'])) $u_name = $HTTP_POST_VARS['u_name']; if(isset($HTTP_POST_VARS['u_password'])) $u_password = $HTTP_POST_VARS['u_password']; if(!isset($u_name)) { ?> <HTML> <HEAD> <TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE> </HEAD> <BODY bgcolor=#ffffff> <table border=0 cellspacing=0 cellpadding=0 width=100%> <TR><TD> <font face=verdana size=2><B>(Access Restricted to Authorized Personnel)</b> </font></td> </tr></table> <P></P> <font face=verdana size=2> <center> <?php $form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]"; if(isset($HTTP_SERVER_VARS["QUERY_STRING"])) $form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"]; ?> <form method=post action=<?php echo $form_to; ?>> <table border=0 width=350> <TR> <TD><font face=verdana size=2><B>User Name</B></font></TD> <TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR> <TR> <TD><font face=verdana size=2><B>Password</B></font></TD> <TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD> </TR> </table> <input type=submit value=Login></form> </center> </font> </BODY> </HTML> <?php exit; } else { function login_error($host,$php_self) { echo "<HTML><HEAD> <TITLE>$host : Administration</TITLE> </HEAD><BODY bgcolor=#ffffff> <table border=0 cellspacing=0 cellpadding=0 width=100%> <TR><TD align=left> <font face=verdana size=2><B> You Need to log on to access this part of the site! </b> </font></td> </tr></table> <P></P> <font face=verdana size=2> <center>"; echo "Error: You are not authorized to access this part of the site! <B><a href=$php_self>Click here</a></b> to login again.<P> </center> </font> </BODY> </HTML>"; session_unregister("adb_password"); session_unregister("user"); exit; } $user_checked_passed = false; if(isset($HTTP_SESSION_VARS['adb_password'])) { $adb_session_password = $HTTP_SESSION_VARS['adb_password']; if($admin_password != $adb_session_password) login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); else { $user_checked_passed = true; } } if($user_checked_passed == false) { if(strlen($u_name)< 2) login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); if($admin_user_name != $u_name) //if username not correct login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); if(isset($admin_password)) { if($admin_password == $u_password) { session_register("adb_password"); session_register("user"); $adb_password = $admin_password; $user = $u_name; } else { //password in-correct login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); } } else { login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); } $page_location = $HTTP_SERVER_VARS['PHP_SELF']; if(isset($HTTP_SERVER_VARS["QUERY_STRING"])) $page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"]; header ("Location: ". $page_location); } }}?> where would i place your code? Link to comment Share on other sites More sharing options...
justsomeguy Posted April 10, 2007 Share Posted April 10, 2007 Find this part at the end: $user_checked_passed = false; if(isset($HTTP_SESSION_VARS['adb_password'])) { $adb_session_password = $HTTP_SESSION_VARS['adb_password']; if($admin_password != $adb_session_password) login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); else { $user_checked_passed = true; } } if($user_checked_passed == false) { if(strlen($u_name)< 2) login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); if($admin_user_name != $u_name) //if username not correct login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); if(isset($admin_password)) { if($admin_password == $u_password) { session_register("adb_password"); session_register("user"); $adb_password = $admin_password; $user = $u_name; } else { //password in-correct login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); } } else { login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); } $page_location = $HTTP_SERVER_VARS['PHP_SELF']; if(isset($HTTP_SERVER_VARS["QUERY_STRING"])) $page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"]; header ("Location: ". $page_location); } And replace it with this: $user_checked_passed = false; mysql_connect("localhost", "username", "password"); mysql_select_db("database name"); if(isset($HTTP_SESSION_VARS['adb_password']) && isset($HTTP_SESSION_VARS['user']) { $adb_session_password = $HTTP_SESSION_VARS['adb_password']; $session_user = $HTTP_SESSION_VARS['user']; $result = mysql_query("SELECT password FROM site_admin_members WHERE admin_name='" . mysql_real_escape_string($session_user) . "'"); if ($row = mysql_fetch_assoc($result)) { if ($row['password'] == $adb_session_password) $admin = true; else $admin = false; } else $admin = false; if (!$admin) login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); else { $user_checked_passed = true; } } if($user_checked_passed == false) { $result = mysql_query("SELECT password FROM site_admin_members WHERE admin_name='" . mysql_real_escape_string($u_name) . "'"); if ($row = mysql_fetch_assoc($result)) { if ($row['password'] == $u_password) $admin = true; else $admin = false; } else $admin = false; if (!$admin) login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); session_register("adb_password"); session_register("user"); $adb_password = $u_password; $user = $u_name; $page_location = $HTTP_SERVER_VARS['PHP_SELF']; if(isset($HTTP_SERVER_VARS["QUERY_STRING"])) $page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"]; header ("Location: ". $page_location); } Edit the mysql_connect and mysql_select_db lines with the information for your server, and if the database password field is not called "password", you'll need to change that in the code as well to whatever the field is called. Link to comment Share on other sites More sharing options...
danposs86 Posted April 11, 2007 Author Share Posted April 11, 2007 it didnt work, i couldn't work it out till i found that it was missing a closing braket on this line:if(isset($HTTP_SESSION_VARS['adb_password']) && isset($HTTP_SESSION_VARS['user']) {lol :)cheers for your help mate, legend! Link to comment Share on other sites More sharing options...
danposs86 Posted April 11, 2007 Author Share Posted April 11, 2007 Another question (sorry), but how would i create a message that welcomes the user that logged in, including their username?? Link to comment Share on other sites More sharing options...
Mr_CHISOL Posted April 11, 2007 Share Posted April 11, 2007 Welcome, <?php echo $_SESSION['user'] ?> Link to comment Share on other sites More sharing options...
danposs86 Posted April 11, 2007 Author Share Posted April 11, 2007 thank you Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now