Jump to content

Login Count


Panta

Recommended Posts

friends please i need you to look into my script .what i need is a script that will count a user as the user logs in.And when the user logs in 3 times to the site he will not be able to log in again. The script

<?session_start();session_destroy();?><table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"><tr><form name="form1" method="post" action="checklogin.php"><td><table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"><tr><td colspan="3"><strong>Member Login </strong></td></tr><tr><td width="78">Username</td><td width="6">:</td><td width="294"><input name="username" type="text" id="username"></td></tr><tr><td>Password</td><td>:</td><td><input name="password" type="text" id="password"></td></tr><tr><td> </td><td> </td><td><input type="submit" name="Submit" value="Login"></td></tr></table></td></form></tr></table>checklogin.php<?php$host="localhost"; // Host name$username="root"; // Mysql username$password=""; // Mysql password$db_name="logins"; // Database name$tbl_name="logins"; // Table name// Connect to server and select databse.mysql_connect("$host", "$username", "$password")or die("cannot connect");mysql_select_db("$db_name")or die("cannot select DB");// username and password sent from form$username=$_POST['username'];$password=$_POST['password'];// To protect MySQL injection (more detail about MySQL injection)$username = stripslashes($username);$password = stripslashes($password);$username = mysql_real_escape_string($username);$password = mysql_real_escape_string($password);//$sql1="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";//$result1=mysql_query($sql1);// Mysql_num_row is counting table row//$count=mysql_num_rows($result1);// If result matched $myusername and $mypassword, table row must be 1 row$sql="SELECT username,password,logins FROM $tbl_name WHERE username='$username'and logins='$logins'";$query=mysql_query($sql);$result = MYSQL_QUERY($query);/* check the total number of logins */if($result['$logins']==3) {$TooManyLogins="Yes";}else {$sql2="UPDATE table SET $logins=$logins+1";mysql_query($sql2);}if($username===$result['username'] && $password===$result['password']) {if($TooManyLogins==="Yes") {echo "Your Logins have expired";exit();}else {if($logins==1){// Register $myusername, $mypassword and redirect to file "login_success.php"session_register("username");session_register("password");header("location:login_success.php");}else {echo "Wrong Username or Password";}}}?>

i think this is not working

Link to comment
Share on other sites

A few thoughts. Don't assume I've covered everything.$sql="SELECT username,password,logins FROM $tbl_name WHERE username='$username'and logins='$logins'";This will not work. $logins has no value at this point, so you're searching for a null value. I don't see why you want to match anything in the logins column anyway. If you match your user, you will learn what the value of logins is. Then you can assign that to $logins. This will fix some of the mistakes I note below:if($result['$logins']==3) {$logins still doesn't have a value. I think you mean $result['logins'], without the $ symbol.$sql2="UPDATE table SET $logins=$logins+1";Again, $logins has no value. The name of your column is `logins`. But also: notice that you have not specified a row. If you try it this way, I believe you will set the value of logins in every row to the same thing. This would be a costly mistake. Get a WHERE clause in there.if($logins==1){Yup. Same problem. This will work after you've given $logins a value.

Link to comment
Share on other sites

A few thoughts. Don't assume I've covered everything.$sql="SELECT username,password,logins FROM $tbl_name WHERE username='$username'and logins='$logins'";This will not work. $logins has no value at this point, so you're searching for a null value. I don't see why you want to match anything in the logins column anyway. If you match your user, you will learn what the value of logins is. Then you can assign that to $logins. This will fix some of the mistakes I note below:if($result['$logins']==3) {$logins still doesn't have a value. I think you mean $result['logins'], without the $ symbol.$sql2="UPDATE table SET $logins=$logins+1";Again, $logins has no value. The name of your column is `logins`. But also: notice that you have not specified a row. If you try it this way, I believe you will set the value of logins in every row to the same thing. This would be a costly mistake. Get a WHERE clause in there.if($logins==1){Yup. Same problem. This will work after you've given $logins a value.
<?php$host="localhost"; // Host name$username=""; // Mysql username$password=""; // Mysql password$db_name="school"; // Database name$tbl_name="logins"; // Table name// Connect to server and select databse.mysql_connect("$host", "$username", "$password")or die("cannot connect");mysql_select_db("$db_name")or die("cannot select DB");// username and password sent from form$submit=$_POST['form1'];$username = mysql_real_escape_string(strip_tags(htmlspecialchars($_POST['username'])));$password = md5($_POST['password']);//if submit button is pressedif ($submit){if((!$username) || (!$password) || ($username=='') || ($password=='')){header("Refresh: 2;".$_SERVER['HTTP_REFERER']);echo'<center>Please enter both - username and password!</center>';        }$result1=mysql_query("SELECT * FROM $tbl_name WHERE 'username'= '".$username."' AND `password`= '".$password."'") OR die(mysql_error());// Mysql_num_row is counting table row$count=mysql_num_rows($result1);if($count>0){$r=mysql_fetch_array($result1);/* check the total number of logins :: Removed the $ from logins below. Should be a string. Let's check to see if they're the right user before we do anything with logins... makes more sense. */if($result['logins']<=1)$sql2="UPDATE $tbl_name WHERE 'username'= '".$username."' AND `password`= '".$password."' SET $logins=$logins+1";mysql_query($sql2);session_register("username");session_register("password");header("location:login_success.php");/* If logins is greater than or = 3 is a bit safer. */else {if($result['logins']=3) {echo "Your Logins have expired";exit();}// Register $myusername, $mypassword and redirect to file "login_success.php"}}?>

thanks alot but please check my corrections hope this is what you meant
Link to comment
Share on other sites

I made some corrections to the problem area. As before, I don't know if this is everything you need. It would help a lot if you could indent your code. Please notice the kinds of changes I made.

$logins = $result['logins'];if ($logins <= 1) {	$logins++;	$sql2 = "UPDATE $tbl_name WHERE `username`='$username' AND `password`='$password' SET `logins`=$logins";	mysql_query($sql2);	$_SESSION['username'] = $username;	$_SESSION['password'] = $password;	header("location:login_success.php");	exit;} else {	echo "Your Logins have expired";	exit;}

Link to comment
Share on other sites

<?phpinclude'config.php';$submit=$_POST['login'];$username = mysql_real_escape_string(strip_tags(htmlspecialchars($_POST['username'])));$password = md5($_POST['password']);//if submit button is pressedif ($submit){if((!$username) || (!$password) || ($username=='') || ($password=='')){header("Refresh: 2;".$_SERVER['HTTP_REFERER']);echo'<center>Please enter both - username and password!</center>'; }//lets see if the user exists by making a query which selects//submitted username and password from the database//and the we use mysql_num_rows() to count the results returned//if there is a user with a username and password like that $c will be 1//as it will be counted otherwise it'll stay 0.$qry = mysql_query("SELECT logins FROM users WHERE username='$user'");$row = mysql_fetch_array($qry);$cnt = $row['logins'];if ($cnt != 3) { $cnt++; mysql_query("UPDATE users SET logins='$cnt' WHERE username='$user'"); echo "worked";}else { echo "Password was used three times.";}}?>[/code]this is the code but is not updating the login
Link to comment
Share on other sites

Try this. Notice that I've added error reporting and more error handling. Be sure to notice any errors that get reported. (With error reporting on, we need to test the value of POST variables before we start using them; otherwise, we can generate a warning if a variable is not set.) I've also added 1-2 exit statements to make sure the code terminates when you need it to.Also: are you certain that config.php does what it's supposed to do?

<?php	error_reporting(E_ALL);	ini_set('display_errors', 1);	include 'config.php';	$submit = isset($_POST['login']) ? $_POST['login'] : "";	$username = isset($_POST['username']) ? $_POST['username'] : "";	$username = mysql_real_escape_string(strip_tags(htmlspecialchars($username) ) );	$password = isset($_POST['password']) ? md5($_POST['password']) : "";	if ($submit){		if ((!$username) || (!$password) || ($username=='') || ($password=='') ) {			header("Refresh: 2;".$_SERVER['HTTP_REFERER']);			echo '<center>Please enter both - username and password!</center>';			exit;		}		$result = mysql_query("SELECT logins FROM users WHERE username='$user'");		if (!$result) {			echo mysql_error();			exit;		}		$row = mysql_fetch_array($result);		if (!$row) {			echo mysql_error();			exit;		}		$cnt = $row['logins'];		if ($cnt != 3) {			$cnt++;			$result = mysql_query("UPDATE users SET logins='$cnt' WHERE username='$user'");			if (!$result) {				echo mysql_error();				exit;			}			echo "worked";		}		else {			echo "Password was used three times.";		}	}	else {		echo "something";	}?>

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...