RenegadeFX Posted April 7, 2009 Share Posted April 7, 2009 ok so I've never really done this in php so I just need a little help with this heres the code I have so far :)Login.php <body><div align="center"> <div class="BannerLogo"> </div> <div class="Content"> <div class="NavBar"> <?php include("../Includes/Navigation.php"); ?> </div> <div class="ContentCol"> <form name="LoginForm" method="post" enctype="multipart/form-data" action="/Login/LoggingIn.php"> <label for="Email" class="Labels">Email:</label> <br /> <input type="text" name="Email" id="Email" class="Field" /> <br /> <label for="Password" class="Labels">Password</label> <br /> <input type="password" name="Password" id="Password" class="Field" /> <br /> <input type="submit" name="Login" value="Login" /> </form> </div> </div></div></body> and heres the other page :)LoggingIn.php <?php$Email = $_POST['Email'];$Pass = $_POST['Password'];$Conn = mysql_connect("server", "root", "");if (!$Conn) { die('Could not connect: ' . mysql_error());}mysql_select_db("Database", $Conn);$Results = mysql_query("SELECT UserId, Email, Password, FirstName, LastName FROM Users WHERE LOWER(Email) = '" . strtolower($Email) . "' AND Password = '" . $Pass . "'");if(mysql_num_rows($Results) == 0) { header("location: /Login/?Failed=true");}else { while($Row = mysql_fetch_array($Results)) { $Expires = time() + 60*60*24*30; setcookie('UserId', $Row['UserId'], $Expires); }}?> so what I want it to do is check to see if the email and password match an email and password in the database,if they do then create a cookie with the value of the UserId and then go to the Home Page and thats just the part that I can't get please Help. Link to comment Share on other sites More sharing options...
justsomeguy Posted April 7, 2009 Share Posted April 7, 2009 Is the script not working? It looks like you're checking the database and setting a cookie. If you only need to redirect you just send a location header and quit:header('Location: home.php');exit(); Link to comment Share on other sites More sharing options...
RenegadeFX Posted April 8, 2009 Author Share Posted April 8, 2009 Ok yeah that worked just fine but now the cookie isn't working (sorry I'm new to php )heres the home pageIndex.php <?php if(isset($_COOKIE['UserId']) && $_COOKIE['UserId'] != '') { echo 'Ok you are now Logged in as ' . $_COOKIE['UserId'] . ' :)';} else { echo "Nope your not logged in :(";} ?> Link to comment Share on other sites More sharing options...
justsomeguy Posted April 8, 2009 Share Posted April 8, 2009 Oh, right. If you're setting a cookie you shouldn't use a header redirect, you should use an HTML meta redirect instead. Some browsers will ignore the cookie header if they also get a location header. ...setcookie('UserId', $Row['UserId'], $Expires);echo <<<EOT<html><head><title>Thank You</title><meta http-equiv="refresh" content="2;URL=home.php"></head><body><a href="home.php">Redirecting...</a></body></html>EOT;exit(); You can style the HTML stuff if you want to center the message or change the text. Change the "2" in the meta tag if you want to change the number of seconds before it redirects. This is the type of "thanks for logging in" page you see on a lot of sites.Be careful when pasting that code, the EOT; line must not have any spaces before it, character 1 on that line should be the E. Link to comment Share on other sites More sharing options...
RenegadeFX Posted April 8, 2009 Author Share Posted April 8, 2009 Nope for some reason that doesn't work either Link to comment Share on other sites More sharing options...
s-p-n Posted April 8, 2009 Share Posted April 8, 2009 Those scripts look like they should work.I cleaned them up a little bit, a few things were a bit redundant. Also, you should use mysql_real_escape_string to prevent SQL injections. <?php$Email = mysql_real_escape_string($_POST['Email']);$Pass = mysql_real_escape_string($_POST['Password']);$Conn = mysql_connect('server', 'root', '');if (!$Conn) { die('Could not connect: ' . mysql_error());}mysql_select_db('Database', $Conn);$Results = mysql_query('SELECT UserId FROM Users WHERE LOWER(Email) = "' . strtolower($Email) . '" AND Password = "' . $Pass . '" LIMIT 1');if(mysql_num_rows($Results) == 0) { header('location: /Login/?Failed=true');}else { $Row = mysql_fetch_array($Results) $Expires = time() + 60*60*24*30; setcookie('UserId', $Row['UserId'], $Expires);?><html> <head> <title>Thank You</title> <meta http-equiv="refresh" content="2;URL=home.php"> </head> <body> <a href="home.php">Redirecting...</a> </body></html><?php}?> There's really no point in stressing that <html> is the VERY first thing the browser see's, it's good and all, but one line of white space won't hurt anything, so why not just use regular HTML for the message? The while loop isn't necessary for only one row.This should work for the checking process: <?php if(strlen($_COOKIE['UserId'])>0) { echo 'Ok you are now Logged in as ' . $_COOKIE['UserId'] . ' :)';} else { echo "Nope your not logged in :(";} ?> You only need to make sure that the length (strlen; string length) of userId is greater than 0. using (isset($str) && $str!='') will return the expected result, but it's easier to check a single thing.Take note that we only selected the UserID from the database because that's all we're using. We also want MySQL to stop looking for more values after it finds a match. It helps the SQL execute faster if we tell it to grab one row, from one column (id), rather then having it look through all of the rows for that matching email and password even after it finds a match.Later on you might run into a need for more complex checking, like ranks, groups, etc. In that case, a while loop is necessary and we can use the acronym(*;ALL) when selecting from the database. As for logging a user in simply to check later, you'll only need their ID.Hope that works & helps Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.