Re: [PHP-DB] Re: Login Auth help?
I'd pull the addslashes() and use mysql_real_escape_string() instead. I'd also
echo the query that's being sent to the database and compare to make sure
it's doing what it should.
-Micah
On Thursday 10 November 2005 8:22 pm, JeRRy wrote:
> Hi,
>
> Well I tried this code but it fails, if I enter a correct User and Pass set
> in the db it just prompts for the user/pass again. The error message that
> should apply if wrong three times appears but the sucessful message I can't
> get regardless of correct user pass or not, any help please?
>
> function displayLogin() {
> header("WWW-Authenticate: Basic realm=\"My Website\"");
> header("HTTP/1.0 401 Unauthorized");
> echo "Authentication Failure";
> echo "The username and password provided did not work. Please reload this
> page and try again."; exit;
> }
> $db = mysql_connect('localhost','db_user',db_pass') or die("Couldn't
> connect to the database."); mysql_select_db('db_name') or die("Couldn't
> select the database"); if (!isset($PHP_AUTH_USER) || !isset($PHP_AUTH_PW))
> {
> // If username or password hasn't been set, display the login request.
> displayLogin();
> } else {
> // Escape both the password and username string to prevent users from
> inserting bogus data. $PHP_AUTH_USER = addslashes($PHP_AUTH_USER);
> $PHP_AUTH_PW = md5($PHP_AUTH_PW);
> // Check username and password agains the database.
> $result = mysql_query("SELECT count(id) FROM users WHERE
> password='$PHP_AUTH_PW' AND username='$PHP_AUTH_USER'") or die("Couldn't
> query the user-database."); $num = mysql_result($result, 0);
> if (!$num) {
> // If there were no matching users, show the login
> displayLogin();
> }
> }
> // All code/html below will only be displayed to authenticated users.
> echo "Congratulations! You're now authenticated.";
>
> ?>
>
>
> J
>
>
> -
> Do you Yahoo!?
> Yahoo! News: Get the latest news via video today!
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Login Auth help?
Hi,
Well I tried this code but it fails, if I enter a correct User and Pass set in
the db it just prompts for the user/pass again. The error message that should
apply if wrong three times appears but the sucessful message I can't get
regardless of correct user pass or not, any help please?
Authentication Failure";
echo "The username and password provided did not work. Please reload this page
and try again.";
exit;
}
$db = mysql_connect('localhost','db_user',db_pass') or die("Couldn't connect to
the database.");
mysql_select_db('db_name') or die("Couldn't select the database");
if (!isset($PHP_AUTH_USER) || !isset($PHP_AUTH_PW)) {
// If username or password hasn't been set, display the login request.
displayLogin();
} else {
// Escape both the password and username string to prevent users from inserting
bogus data.
$PHP_AUTH_USER = addslashes($PHP_AUTH_USER);
$PHP_AUTH_PW = md5($PHP_AUTH_PW);
// Check username and password agains the database.
$result = mysql_query("SELECT count(id) FROM users WHERE
password='$PHP_AUTH_PW' AND username='$PHP_AUTH_USER'") or die("Couldn't query
the user-database.");
$num = mysql_result($result, 0);
if (!$num) {
// If there were no matching users, show the login
displayLogin();
}
}
// All code/html below will only be displayed to authenticated users.
echo "Congratulations! You're now authenticated.";
?>
J
-
Do you Yahoo!?
Yahoo! News: Get the latest news via video today!
[PHP-DB] RE: login
If the variable $SCRIPT_NAME does not suit your needs, try the other environment variables here: http://www.php.net/manual/en/language.variables.predefined.php Adam -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] RE: login
I have not tested this but it should work... Adam this goes in the form area on login.php -Original Message- From: its me [mailto:[EMAIL PROTECTED]] Sent: Monday, March 11, 2002 4:27 PM To: [EMAIL PROTECTED] Subject: login there is a page that when user go to need to be looged in,so it automaticaly go back with him to loggin page but after login i want him to go back to the page he was in.how? using history()? and how. thanks guys Rehab M.Shouman - Express yourself with a super cool email address from BigMailBox.com. Hundreds of choices. It's free! http://www.bigmailbox.com - -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Login Help
Hi,
[...]
>Now, if i hit enter again it will say:
>"Please fill out all fields to proceed.
>Sorry, username is already taken, please choose another.
>There seems to be a problem with the database."
So this is the problem?
[...]
>Here is my code:
>
>
>Register
>
>
>
>Username:
>Password:size=10>
>Email:
>
>
>
>
>include'dbcon.inc';
>if(isset($submit)) {
>dbConnect('login');
>
>// Make sure all fields are filled out
>if ($username=="" or $password=="" or $email=="") {
>echo("Please fill out all fields to proceed.");
-->exit;
>}
You need to add an "exit;" to tell PHP to terminate the if-loop.
If oyu don't do so the rest of the script is executed and thus
the empty usrname and password are entered. That's why you
get "usrname already taken" after the second submit.
>
>// Make sure there is not the same name in the database
>$query = "SELECT COUNT(*) FROM user WHERE name = '$username'";
>$result = mysql_query($query);
>if (!$result) {
>echo("There seems to be a problem with the database.");
>}
>if (mysql_result($result,0,0)>0) {
>echo("Sorry, username is already taken, please choose another.");
-->exit;
>}
here again. but if your username is unique entering it to the DB won't
work anyway and you could leave it, but I think it is cleaner to put
it there.
You could also put the whole processing into a seperate script and then use
header(...)s to redirect back to the loginscreen.
hope it helps
Johannes
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] Re: login twice
> anyone knows how to avoid user to login twice in different computer > ? > for exam : User A login using computer D, and then A go to computer > E and A login again. how to restrict A to login using computer E > when he have another session in computer D ? If you have a user database and keep track of which user belongs to which session, then when a user logs in, you could simply check to see if a session that belongs to that user already exists. The question then is: Do you chunk the first session? Or do you refuse to let the user log in again? Also, this will not prevent session spoofing. If a malicious user can get the same cookies or GET parameters that the real user is using, the malicious user can use the exact same session without ever logging in. No reliable way to prevent this without some creative and burdensome authentication mechanisms. Dean Hall. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
