[PHP-DB] Login query
I am wondering what others do for a login query. I think there could be two results: correct e-mail password; correct e-mail wrong password So far my login query is: SELECT * FROM `member` WHERE `email` = '$my_email' AND `pass` LIKE BINARY '$my_password' LIMIT 1 This wouldn't tell me if the user has the wrong password. Is there a better way to do this? Ron
Re: [PHP-DB] Login query
On Thu, Feb 18, 2010 at 4:40 PM, Ron Piggott ron@actsministries.org wrote: I am wondering what others do for a login query. I think there could be two results: correct e-mail password; correct e-mail wrong password So far my login query is: SELECT * FROM `member` WHERE `email` = '$my_email' AND `pass` LIKE BINARY '$my_password' LIMIT 1 This wouldn't tell me if the user has the wrong password. Is there a better way to do this? Ron bad bad bad! never do a like on a password. If there are two passwords that are close, the unauthorized user might get in when they shouldn't. There are two usual approaches: 1. Select the user (providing that the user is distinct) and compare the password in PHP. On a match, allow access. 2. Select the user and password and see if the results return a row. If no row is returned, then access is not granted. If there is a row, then access is granted. HTH -- Bastien Cat, the other other white meat -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Login query
Bastien Koert wrote: On Thu, Feb 18, 2010 at 4:40 PM, Ron Piggott ron@actsministries.org wrote: I am wondering what others do for a login query. I think there could be two results: correct e-mail password; correct e-mail wrong password So far my login query is: SELECT * FROM `member` WHERE `email` = '$my_email' AND `pass` LIKE BINARY '$my_password' LIMIT 1 This wouldn't tell me if the user has the wrong password. Is there a better way to do this? Ron bad bad bad! never do a like on a password. If there are two passwords that are close, the unauthorized user might get in when they shouldn't. There are two usual approaches: 1. Select the user (providing that the user is distinct) and compare the password in PHP. On a match, allow access. 2. Select the user and password and see if the results return a row. If no row is returned, then access is not granted. If there is a row, then access is granted. I'd also suggest that you don't distinguish between a correct username but wrong password and a correct username and right password. If you say You got the right username but wrong password, a bad guy now has a point of attack .. If you say your username or password are incorrect you don't get that. Check gmail or yahoo or even sourceforge for how they word such attempts. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Login script help
Thanks Miles. That works nicely. Regards -Original Message- From: Miles Thompson [mailto:[EMAIL PROTECTED] Sent: Thursday, December 21, 2006 10:29 PM To: php-db@lists.php.net Subject: RE: [PHP-DB] Login script help When user has authenticated successfully, start a session with an authentication key - almost anything you want. After that, any page you want to protect you just put one line at the top to check for the presence of this value; redirect to login page if it's not there. Regards - Miles At 11:19 PM 12/21/2006, Haig Dedeyan wrote: Thanks. If I do it that way, can't someone get into the index page if they link directly to it without having to log in? -Original Message- From: Bastien Koert [mailto:[EMAIL PROTECTED] Sent: Thursday, December 21, 2006 7:36 PM To: Haig Dedeyan; php-db@lists.php.net Subject: RE: [PHP-DB] Login script help why not just create a simple single logon page and not include itthen on sucessful login, redirect the user to the index page? bastien From: Haig Dedeyan [EMAIL PROTECTED] To: php-db@lists.php.net Subject: [PHP-DB] Login script help Date: Thu, 21 Dec 2006 16:36:11 -0500 Hi everyone, My 1st attempt at creating a login script isn't going so good, so hopefully someone can help me out. The login script itself works fine but when I include it into a web page, the login.php script shows up but the entire index.html page also shows up. I just want people to log in before they get to index.html. Index.html starts off with: ?php session_start(); include(database.php); include(login.php); ? I'm using php5. Thanks Haig -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Off to school, going on a trip, or moving? Windows Live (MSN) Messenger lets you stay in touch with friends and family wherever you go. Click here to find out how to sign up! http://www.telusmobility.com/msnxbox/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.15.26/594 - Release Date: 12/20/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Login script help
Hi everyone, My 1st attempt at creating a login script isn't going so good, so hopefully someone can help me out. The login script itself works fine but when I include it into a web page, the login.php script shows up but the entire index.html page also shows up. I just want people to log in before they get to index.html. Index.html starts off with: ?php session_start(); include(database.php); include(login.php); ? I'm using php5. Thanks Haig -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Login script help
why not just create a simple single logon page and not include itthen on sucessful login, redirect the user to the index page? bastien From: Haig Dedeyan [EMAIL PROTECTED] To: php-db@lists.php.net Subject: [PHP-DB] Login script help Date: Thu, 21 Dec 2006 16:36:11 -0500 Hi everyone, My 1st attempt at creating a login script isn't going so good, so hopefully someone can help me out. The login script itself works fine but when I include it into a web page, the login.php script shows up but the entire index.html page also shows up. I just want people to log in before they get to index.html. Index.html starts off with: ?php session_start(); include(database.php); include(login.php); ? I'm using php5. Thanks Haig -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Off to school, going on a trip, or moving? Windows Live (MSN) Messenger lets you stay in touch with friends and family wherever you go. Click here to find out how to sign up! http://www.telusmobility.com/msnxbox/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Login script help
Thanks. If I do it that way, can't someone get into the index page if they link directly to it without having to log in? -Original Message- From: Bastien Koert [mailto:[EMAIL PROTECTED] Sent: Thursday, December 21, 2006 7:36 PM To: Haig Dedeyan; php-db@lists.php.net Subject: RE: [PHP-DB] Login script help why not just create a simple single logon page and not include itthen on sucessful login, redirect the user to the index page? bastien From: Haig Dedeyan [EMAIL PROTECTED] To: php-db@lists.php.net Subject: [PHP-DB] Login script help Date: Thu, 21 Dec 2006 16:36:11 -0500 Hi everyone, My 1st attempt at creating a login script isn't going so good, so hopefully someone can help me out. The login script itself works fine but when I include it into a web page, the login.php script shows up but the entire index.html page also shows up. I just want people to log in before they get to index.html. Index.html starts off with: ?php session_start(); include(database.php); include(login.php); ? I'm using php5. Thanks Haig -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Off to school, going on a trip, or moving? Windows Live (MSN) Messenger lets you stay in touch with friends and family wherever you go. Click here to find out how to sign up! http://www.telusmobility.com/msnxbox/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Login script help
When user has authenticated successfully, start a session with an authentication key - almost anything you want. After that, any page you want to protect you just put one line at the top to check for the presence of this value; redirect to login page if it's not there. Regards - Miles At 11:19 PM 12/21/2006, Haig Dedeyan wrote: Thanks. If I do it that way, can't someone get into the index page if they link directly to it without having to log in? -Original Message- From: Bastien Koert [mailto:[EMAIL PROTECTED] Sent: Thursday, December 21, 2006 7:36 PM To: Haig Dedeyan; php-db@lists.php.net Subject: RE: [PHP-DB] Login script help why not just create a simple single logon page and not include itthen on sucessful login, redirect the user to the index page? bastien From: Haig Dedeyan [EMAIL PROTECTED] To: php-db@lists.php.net Subject: [PHP-DB] Login script help Date: Thu, 21 Dec 2006 16:36:11 -0500 Hi everyone, My 1st attempt at creating a login script isn't going so good, so hopefully someone can help me out. The login script itself works fine but when I include it into a web page, the login.php script shows up but the entire index.html page also shows up. I just want people to log in before they get to index.html. Index.html starts off with: ?php session_start(); include(database.php); include(login.php); ? I'm using php5. Thanks Haig -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Off to school, going on a trip, or moving? Windows Live (MSN) Messenger lets you stay in touch with friends and family wherever you go. Click here to find out how to sign up! http://www.telusmobility.com/msnxbox/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.15.26/594 - Release Date: 12/20/2006 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Login Auth help? | Handling pages help? (2 questions)
On Nov 10, 2005, at 7:21 AM, [EMAIL PROTECTED] wrote: Need some ideas/opinions on a project I have. The project is for a Radio Station (online one) where DJ's can login to the site and do stuff and listeners can listen in live to the live feeds. Now I downloaded a password protected code that uses MySQL to store the info but it fails each time. It wont sucessfully login despite setting the database up correctly etc. So instead of posting the code here I would like to know peoples ideas/links on a method of login. What I'd prefer to set is not a HTML login but more the traditional popup box login. Like used on CPANEL. The username/ password (details) will be stored to a database. Any suggestions on fully working code? If it's failing all the time I do suspect you don't have it set up correctly but never mind. The good news is what you want is pretty straight forward. You will set up a table in your DB I've called it 'Person' and it has the login_name and login_password fields (I'm sure you'll want it to have other fields too but these are the only ones you need to login). Now in PHP you will make the browser display the login box by sending it the 401 header; you must do this first before you send any text. Now the browser will send the name and password every time it tries to view this page. In PHP you can get the name and passwords in the server variables $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] You run a query to verity this name and password match if so go in with the page, if not return the 401 again. I find it's best to put all this in a function and call that function first on each page you want to be secure. I'll send you a specific example but it's a bit long to post here. Also each DJ will have a webpage within a database. So updates to their pages will be made on the database, as I am not really good at writing to a text file from PHP from a webpage. Never learnt it to be honest, what would be easiest/best? Writing to a database or a text file directly? either way they each have their own advantages; is it harder to say $link = fopen(bigrick.html, w); fwrite($link,$_POST['pageText']); or $myQuery = insert into Page (dj, pageText) values($dj, ' . mysql_real_escape_string ( POST['pageText'] ) . '); mysql_query($myQuery); The real issue here is what is the text you are saving? Are you expecting the DJ's to write all the HTML themselves? The first example will require the person entering the form to enter all of the HTML tags; the second example you could put the text between the body /body tags and maybe you could have some unifying style items on the top and bottom of the page. This would give you some unity of style across the DJ pages. You will also have to deal with the HTML in the text, you can make carriage returns into br or p tags but there are dozens of others you'll have to deal with. But this has nothing to do with where you store the text - in a file or the DB. Now if db I need each dj to have their own page like domain.com/djs/ DJNAME.ext ... I know there is a way to get the url written into the database and not exactly have the file in the www but reads from the database but I am not sure the PHP/MySQL code to use to handle it. Any help is mostly appreciated? How many DJ's are you talking about? And how often do they change? Our local college station has new DJ's every week. There are two ways to do this easily. First have a page - domain.com/djs.php and this will look up the DJ's text if you pass it in one. So http:// domain.com/djs.php gives you a list of all the DJ's and http:// domain.com/djs.php?dj=bigrick gives you Big Rick's page. This is very easy but the URL is a bit awkward to read over the air. The other way to do this is to write a special 404 page (this is the page that gets returned when the server cannot find the page you asked for) and have this page look at it's url, parse it and figure out which DJ's page to show. You can also handle other pages that may not be there (http:/mysql.com/ is like this - type anything after that URL and it will go to that page if it finds it or it will go to the generic search page). You've got a lot of work in front of you, Good Luck, Frank
[PHP-DB] Login Auth help? | Handling pages help? (2 questions)
Hi, Need some ideas/opinions on a project I have. The project is for a Radio Station (online one) where DJ's can login to the site and do stuff and listeners can listen in live to the live feeds. Now I downloaded a password protected code that uses MySQL to store the info but it fails each time. It wont sucessfully login despite setting the database up correctly etc. So instead of posting the code here I would like to know peoples ideas/links on a method of login. What I'd prefer to set is not a HTML login but more the traditional popup box login. Like used on CPANEL. The username/password (details) will be stored to a database. Any suggestions on fully working code? Also each DJ will have a webpage within a database. So updates to their pages will be made on the database, as I am not really good at writing to a text file from PHP from a webpage. Never learnt it to be honest, what would be easiest/best? Writing to a database or a text file directly? Now if db I need each dj to have their own page like domain.com/djs/DJNAME.ext ... I know there is a way to get the url written into the database and not exactly have the file in the www but reads from the database but I am not sure the PHP/MySQL code to use to handle it. Any help is mostly appreciated? That is it for now, if anyone is interested in the station itself to listen to or see progress please feel free to reply and I'll post the url. Thanks! J - - Do you Yahoo!? Never miss an Instant Message - Yahoo! Messenger for SMS
[PHP-DB] Login Auth help? | Handling pages help? (2 questions)
Hi, Need some ideas/opinions on a project I have. The project is for a Radio Station (online one) where DJ's can login to the site and do stuff and listeners can listen in live to the live feeds. Now I downloaded a password protected code that uses MySQL to store the info but it fails each time. It wont sucessfully login despite setting the database up correctly etc. So instead of posting the code here I would like to know peoples ideas/links on a method of login. What I'd prefer to set is not a HTML login but more the traditional popup box login. Like used on CPANEL. The username/password (details) will be stored to a database. Any suggestions on fully working code? Also each DJ will have a webpage within a database. So updates to their pages will be made on the database, as I am not really good at writing to a text file from PHP from a webpage. Never learnt it to be honest, what would be easiest/best? Writing to a database or a text file directly? Now if db I need each dj to have their own page like domain.com/djs/DJNAME.ext ... I know there is a way to get the url written into the database and not exactly have the file in the www but reads from the database but I am not sure the PHP/MySQL code to use to handle it. Any help is mostly appreciated? That is it for now, if anyone is interested in the station itself to listen to or see progress please feel free to reply and I'll post the url. Thanks! J - Do you Yahoo!? Find a local business fast with Yahoo! Local Search
Re: [PHP-DB] login script
Here you go:
Table:
ID Login PW Admin
1 admin abc123 1
2 normal bcd234 0
3 normal2 cde345 0
PHP:
[BOF]
?php
if($_POST['login']) {
$result = mysql_query(select * from users where login = ' .
$_POST['login'] . ') or die(mysql_error());
if (mysql_num_rows($result)) {
$data = mysql_fetch_array($result);
if ($data[2] == $_POST['pw']) {
$_SESSION['login'] = $data[1];
if ($data[3]) {
$_SESSION['admin'] = true;
}
header(Location: logged_in.php);
exit;
} else {
$error = Wrong password;
}
} else {
$error = No such user!;
}
}
if ($error) {
echo span class=\loginError\$error/spanbr /;
}
?
html
head
titleLogin Script by [EMAIL PROTECTED]/title
style
!--
.error {
color: #ff;
}
--
/style
head
body bgcolor=#FF
form action=login.php method=post
Login name: input type=text name=login value=?php echo
$_POST['login'] ? /br /
Password: input type=password name=pw /br /
input type=submit value=Login /br /
/form
/body
/html
[EOF]
In your admin system, just check for the variable $_SESSION['admin'].
If true, the user is admin and can do cool stuff.. ;)
I don't care about just having given you a lot of script, since I write
at least 3 of these per week.
And, make sure there is nothing echoed either by PHP or HTML before the
login script (or else the redirecting upon successful login won't work)
Regards, Mike
On Apr 27, 2004, at 01:15, andy amol wrote:
hi,
does anyone have a login script which will take data from the table
and decide whether the given user is a admin or a normal user.
thanks in advance.
Also if there is some help on session variable I would like to know.
-
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] login script
Err...
As usual I forgot the most important part...
Add
session_start()
just above the
if($_POST['login']) {
row, or it won't work at all.. ;)
Or rather, it'll work, but no sessions will be saved.
Mike
On Apr 27, 2004, at 08:48, Mikael Grön wrote:
Here you go:
Table:
ID Login PW Admin
1 admin abc123 1
2 normal bcd234 0
3 normal2 cde345 0
PHP:
[BOF]
?php
if($_POST['login']) {
$result = mysql_query(select * from users where login = ' .
$_POST['login'] . ') or die(mysql_error());
if (mysql_num_rows($result)) {
$data = mysql_fetch_array($result);
if ($data[2] == $_POST['pw']) {
$_SESSION['login'] = $data[1];
if ($data[3]) {
$_SESSION['admin'] = true;
}
header(Location: logged_in.php);
exit;
} else {
$error = Wrong password;
}
} else {
$error = No such user!;
}
}
if ($error) {
echo span class=\loginError\$error/spanbr /;
}
?
html
head
titleLogin Script by [EMAIL PROTECTED]/title
style
!--
.error {
color: #ff;
}
--
/style
head
body bgcolor=#FF
form action=login.php method=post
Login name: input type=text name=login value=?php echo
$_POST['login'] ? /br /
Password: input type=password name=pw /br /
input type=submit value=Login /br /
/form
/body
/html
[EOF]
In your admin system, just check for the variable $_SESSION['admin'].
If true, the user is admin and can do cool stuff.. ;)
I don't care about just having given you a lot of script, since I
write at least 3 of these per week.
And, make sure there is nothing echoed either by PHP or HTML before
the login script (or else the redirecting upon successful login won't
work)
Regards, Mike
On Apr 27, 2004, at 01:15, andy amol wrote:
hi,
does anyone have a login script which will take data from the table
and decide whether the given user is a admin or a normal user.
thanks in advance.
Also if there is some help on session variable I would like to know.
-
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] login script
hi, does anyone have a login script which will take data from the table and decide whether the given user is a admin or a normal user. thanks in advance. Also if there is some help on session variable I would like to know. - Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs
Re: [PHP-DB] login script
This is kind of a big thing. Email me and I'll give you instructions/tips on making it. - Original message - From: andy amol [EMAIL PROTECTED] To: php php [EMAIL PROTECTED] Date: Mon, 26 Apr 2004 17:15:27 -0700 (PDT) Subject: [PHP-DB] login script hi, does anyone have a login script which will take data from the table and decide whether the given user is a admin or a normal user. thanks in advance. Also if there is some help on session variable I would like to know. - Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs -- Marcjon -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Login session - browser/computer? problem
My boss can't seem to login at all through his laptop to my website.
The login process is as follows: from the index.php the person login goes to
handler/login.php which checks with the databae, if the user is authorized then put a
session variable called loginid and redirect the website to a page in.php with a
welcome display.
The in.php checks whether the session loginid is empty or exists to identify whether
the user has logged in.
It works fine in all the desktops in my office but one of my bosses tried to access it
with his laptop and it keeps saying wrong password.
Our IE version and OS is the same. (XP and IE 7.10)
Code for login
$sql = SELECT * from Login where loginname='$loginname' and
loginpass=ENCODE('$password','');
$result = mysql_query($sql);
if ($myrow = mysql_fetch_array($result))
{
session_start();
$_SESSION[loginid] = $loginname;
header(blabla);
}
?
My boss's problem is when he logged in the page got to in.php but in.php says he is
not logged in yet. Which means he is authorized, but the session data could not be
retrieved by in.php in his computer.
I checked and the cache timeout is 180 (default) cache limiter is empty and domain is
empty
Regards,
Dewi
Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
http://login.mail.lycos.com/r/referral?aid=27005
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Login session - browser/computer? problem
If it works for everyone else but not your boss, guess where the problem is?
His security settings probably have something to do with it.
Edward Dudlik
Becoming Digital
www.becomingdigital.com
- Original Message -
From: Dewi Wahyuni [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, 12 June, 2003 03:20
Subject: [PHP-DB] Login session - browser/computer? problem
My boss can't seem to login at all through his laptop to my website.
The login process is as follows: from the index.php the person login goes to
handler/login.php which checks with the databae, if the user is authorized then
put a session variable called loginid and redirect the website to a page
in.php with a welcome display.
The in.php checks whether the session loginid is empty or exists to identify
whether the user has logged in.
It works fine in all the desktops in my office but one of my bosses tried to
access it with his laptop and it keeps saying wrong password.
Our IE version and OS is the same. (XP and IE 7.10)
Code for login
$sql = SELECT * from Login where loginname='$loginname' and
loginpass=ENCODE('$password','');
$result = mysql_query($sql);
if ($myrow = mysql_fetch_array($result))
{
session_start();
$_SESSION[loginid] = $loginname;
header(blabla);
}
?
My boss's problem is when he logged in the page got to in.php but in.php says he
is not logged in yet. Which means he is authorized, but the session data could
not be retrieved by in.php in his computer.
I checked and the cache timeout is 180 (default) cache limiter is empty and
domain is empty
Regards,
Dewi
Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
http://login.mail.lycos.com/r/referral?aid=27005
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] ?? Login problems ??
Hi, This message is regarding my original post of the following subject/topic: [PHP-DB] ?? Login problems ?? I wish to say that the problem has been fixed. Thankyou to those people that helped me with the problem via this message board and direct email. I no longer require help on this topic. Thankyou again. Jerry http://mobile.yahoo.com.au - Yahoo! Mobile - Check compose your email via SMS on your Telstra or Vodafone mobile. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] ?? Login problems ??
Hi,
I have this script that logs people into a website
using cookies. On my linux web server it works fine
but when I downloaded the Windows version of mysql for
my personal PC to do offline work I get an error with
the identical file.
The error is on line 86 undefined username
But on my linux server I don't get it. But with the
error I can't test things offline.
I have included the file that is producing the error.
?php
$dblink = mysql_pconnect(localhost,usr,pass);
mysql_select_db(mydb);
$headers=0;
if ( !isset($redirect))
{
$redirect = tip.php;
}
if (isset($Username) isset($Password)) {
$query = select * from tipping where nickname =
\$Username\ and password = \$Password\;
if ( !($dbq = mysql_query($query, $dblink))) {
echo Unable to query database. Please Contact a
href=\[EMAIL PROTECTED]mailto:[EMAIL PROTECTED]/a.\n;
exit;
}
$lim = mysql_num_rows( $dbq );
if ($lim != 1) {
$headers=1;
echo HTMLHEADTITLELogin
Page/TITLE/HEADBODY;
echo Bcenterfont color=redInvalid User ID or
Password. Please Try again/BBR/font/center;
}
if ($lim == 1) {
$timer = md5(time());
$sid = $Username . + . $timer;
SetCookie(login,$sid,time()+3600);
$query = update tipping set sid=\$timer\ where
nickname=\$Username\;
if( !($dbq = mysql_query( $query, $dblink))) {
echo Unable to update database. Please contact
a
href=\[EMAIL PROTECTED]mailto:[EMAIL PROTECTED]/a.\n;
exit;
}
header(Location: $redirect);
exit;
}
if (isset($login)) {
$headers=1;
$sidarray = explode(+, $login);
$query = select * from tipping where nickname =
\$sidarray[0]\ and sid = \$sidarray[1]\;
if ( !($dbq = mysql_query($query, $dblink))) {
echo Unable to find database. Please Contact a
href=\mailto:[EMAIL PROTECTED][EMAIL PROTECTED]/a.\n;
exit;
}
if (mysql_num_rows( $dbq ) == 1) {
echo HTMLHEADTITLELogin
Page/TITLE/HEADBODY;
echo centerYou are already logged in as
$sidarray[0].BR;
echo You may logon as another user or simply
begin using our services with your current
session.BR;
echo Click A
Href=\http://www.tassiedemononline.org.au/tiplogin.php\;Here/A
to return to our homepage./center;
}
}
if ($headers == 0) {
echo ;
}
}
echo Form Action=\tiplogin.php\ METHOD=POST;
echo H2User Name/H2;
echo Input TYPE=\text\ Name=\Username\;
echo BR;
echo H2Password/H2;
echo Input TYPE=\password\ Name=\Password\;
echo BR;
echo Input Type=\submit\ Value=\Submit\;
echo Input Type=\hidden\ Name=\redirect\
Value=\tip.php\;
echo /FORM;
?
Any ideas?
Thanks!
Jerry
http://mobile.yahoo.com.au - Yahoo! Mobile
- Check compose your email via SMS on your Telstra or Vodafone mobile.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] ?? Login problems ??
I have this script that logs people into a website using cookies. On my linux web server it works fine but when I downloaded the Windows version of mysql for my personal PC to do offline work I get an error with the identical file. The error is on line 86 undefined username But on my linux server I don't get it. But with the error I can't test things offline. I have included the file that is producing the error. [way to many lines of code snipped] Try again. Post the exact error you're getting (what you're getting is most likely just a Warning) and a _FEW_ lines around where the error is at. For the likely problem causing your error read the manual page on error reporting. http://us2.php.net/error_reporting ---John W. Holmes... Amazon Wishlist: http://www.amazon.com/o/registry/3BEXC84AB3A5E PHP Architect - A monthly magazine for PHP Professionals. Get your copy today. http://www.phparch.com/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Login and link back...
I am curious about what you guys may have along the lines of best practices for forwarding from a URL to a login, and then jumping back to the original URL automatically. I have several separate applications that all need to utilize the same login mechanism. I want the user to be able to enter the URL for the application and if they are not logged in it redirects them to a login screen. I already have the sessions junk setup and understand all of that portion. I am mainly interested in how people are handling the return to a URL after successful login. I have done some research on this, and discovered the $HTTP_REFERER variable however the PHP site discourages using this. I have also thought of adding code to each page to export an origin variable to be passed to the login page such that it can be used to return the user. I thought of this method, but I am not real clear on how to manage this. Does anyone have any suggestion on implementing this, or another alternative that I have not touched on yet? Thanks in advance. Scott Nipp Phone: (214) 858-1289 E-mail: [EMAIL PROTECTED] Web: http:\\ldsa.sbcld.sbc.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Login and link back...
Have you thought about using BASIC AUTH in Apache? That way, you don't even
need to build a login page, just authenticate each page. Here's what we use:
Note that some of the functions used in this script are not included, and
need to be commented out or a function written for them. It's rather
self-explanatory.
We also create a .htaccess file with all the username/passwords in a central
location. You'll need to modify tour httpd.conf file to look in that central
location for all the pages.
## Function: check_auth()
## Description: Checks authentication against the mysql user info database
and
##verifies the password. This function is absolutely critical.
##If it's not right, you could be letting people into the website
##unintentionally. Always make sure that login failure occurs
##unless you have a positive ID!!!
## Additionally it determines if the user has read and digitally
accepted
##IEI's liability statement by calling liability_statment_check().
## Arguments: none
## Returns: success- returns true
##failure- exits via auth_header()
function check_auth() {
global
$conn_id,$PHP_AUTH_USER,$PHP_AUTH_PW,$PHP_AUTH_REALM,$REQUEST_URI,$sid;
global $WEBUSER_TABLE,$WEBAUTH_TABLE;
global $redirect;
# The only way out of this function is:
# 1) A recursive call to auth_header()
# 2) A TRUE return to the caller
# Is USER and PASS set?
if( !isset($PHP_AUTH_USER) || !isset($PHP_AUTH_PW)) {
if ($redirect=='y'){
log_it(LOG_DEBUG,caught redirect);
auth_header($PHP_AUTH_REALM);
} else {
log_it(LOG_DEBUG,redirecting);
Header(Location: /index.php?redirect=y);
exit();
}
}
# Does USER have trailing whitespace? BAD MYSQL!
if (ereg(' +$',$PHP_AUTH_USER)){
auth_header($PHP_AUTH_REALM);
}
# Is USER known to the system?
$sql = SELECT * FROM $WEBUSER_TABLE WHERE
web_user_id='$PHP_AUTH_USER' AND web_password='$PHP_AUTH_PW';
$row = get_row($conn_id,$sql);
if($row is_array($row)) {
# Yes, so...
# See if they've been disabled
if($row['web_access_level'] == 'D'){
## Start the Auth over again
## auth_header($PHP_AUTH_REALM);
## include('/error_disabled.php');
Header(Location: /error_disabled.php);
exit();
}
# Check logged_in state
$sql = SELECT logged_in FROM $WEBAUTH_TABLE WHERE
web_user_id='$PHP_AUTH_USER';
$row = get_row($conn_id,$sql);
if(!$row || !is_array($row)) {
# First time login for USER, let him through
authorize_user($PHP_AUTH_USER);
return(TRUE);
} else {
# RETURN POINT FROM FUNCTION
# USER's logged_in status is something other than 'N' which is
acceptable
# for access
if ($row['logged_in'] != 'Y'){
update_logged_in_status($PHP_AUTH_USER,'Y');
if ($redirect!='y') auth_header($PHP_AUTH_REALM);
} else {
log_it(LOG_INFO,checkauth() SUCCESS: user=$PHP_AUTH_USER
pass=NO-SOUP-FOR-YOU-TOO);
# update_logged_in_status($PHP_AUTH_USER,'Y');
}
}
liability_statement_check();
return(TRUE);
} else {
# USER NOT KNOWN
auth_header($PHP_AUTH_REALM);
}
}
Gary Every
Sr. UNIX Administrator
Ingram Entertainment
(615) 287-4876
Pay It Forward
mailto:[EMAIL PROTECTED]
http://accessingram.com
-Original Message-
From: NIPP, SCOTT V (SBCSI) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 19, 2003 10:39 AM
To: '[EMAIL PROTECTED]'
Subject: [PHP-DB] Login and link back...
I am curious about what you guys may have along the
lines of best
practices for forwarding from a URL to a login, and then
jumping back to the
original URL automatically. I have several separate
applications that all
need to utilize the same login mechanism. I want the user to
be able to
enter the URL for the application and if they are not logged
in it redirects
them to a login screen. I already have the sessions junk setup and
understand all of that portion. I am mainly interested in
how people are
handling the return to a URL after successful login.
I have done some research on this, and discovered the
$HTTP_REFERER
variable however the PHP site discourages using this. I have
also thought
of adding code to each page to export an origin variable to
be passed to
the login page such that it can be used to return the user.
I thought of
this method, but I am not real clear on how to manage this.
Does anyone
have any suggestion on implementing this, or another
alternative that I have
not touched on yet? Thanks in advance.
Scott Nipp
Phone: (214) 858
RE: [PHP-DB] Login and link back...
I am curious about what you guys may have along the lines of best practices for forwarding from a URL to a login, and then jumping back to the original URL automatically. I have several separate applications that all need to utilize the same login mechanism. I want the user to be able to enter the URL for the application and if they are not logged in it redirects them to a login screen. I already have the sessions junk setup and understand all of that portion. I am mainly interested in how people are handling the return to a URL after successful login. I have done some research on this, and discovered the $HTTP_REFERER variable however the PHP site discourages using this. I have also thought of adding code to each page to export an origin variable to be passed to the login page such that it can be used to return the user. I thought of this method, but I am not real clear on how to manage this. Does anyone have any suggestion on implementing this, or another alternative that I have not touched on yet? Thanks in advance. I use a method like this. When you go to a page, an include file is going to check for a valid session. If a certain session variable does not exist (even though a session is always there), then it re-creates the current request using $_SERVER['SERVER_NAME'], $_SERVER['PHP_SELF'], and $_SERVER['QUERY_STRING'] and saves that in the session. When the login is validated, the processing script looks in the session to see if one of these URLs are set. If it is, it redirects to it using header(). To the end user, it's pretty much transparent. I will not deal with POST requests, though, but hopefully that's not a problem. ---John W. Holmes... PHP Architect - A monthly magazine for PHP Professionals. Get your copy today. http://www.phparch.com/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] login script
Hi, need some help. i will try to explain my self. I have a sendmail in GNU/linux, and a radiator GNU/Linux with Mysql. I have to give a diferente user for de dialup login and the sendmail, cause i can't or i dont know a way to change the user and pass for the user in the two servers. Like this, the user to make a dialup conection has a user and a pass and for the sendmail has another, and, if there is any changes, when the user changes de user or pass from one can't at the same time change the user/pass from the other. can someone help me Cumprimentos Bruno Pereira [EMAIL PROTECTED] -Original Message- From: SELPH,JASON (HP-Richardson,ex1) [mailto:[EMAIL PROTECTED]] Sent: sexta-feira, 31 de Janeiro de 2003 17:52 To: Matt; [EMAIL PROTECTED] Subject: RE: [PHP-DB] login script try: http://www.hotscripts.com/PHP/Scripts_and_Programs/User_Authentication/ there are loads of pre done scripts you can reference. Cheers Jason -Original Message- From: Matt [mailto:[EMAIL PROTECTED]] Sent: Friday, January 31, 2003 11:48 AM To: [EMAIL PROTECTED] Subject: [PHP-DB] login script Anyone have any suggestions on how to go about creating a solid login script? I have a MySQL database with a field called LoggedIn that is by default NO but I want it to turn to YES when the user logs in, and I want it to turn back to NO when the user either logs out, or a certain amount of time goes by and they timeout. I was just wondering if anyone had any suggestions for me on how to go about this process. Thanks a lot. Matt -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] login script
Anyone have any suggestions on how to go about creating a solid login script? I have a MySQL database with a field called LoggedIn that is by default NO but I want it to turn to YES when the user logs in, and I want it to turn back to NO when the user either logs out, or a certain amount of time goes by and they timeout. I was just wondering if anyone had any suggestions for me on how to go about this process. Thanks a lot. Matt -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] login script
try: http://www.hotscripts.com/PHP/Scripts_and_Programs/User_Authentication/ there are loads of pre done scripts you can reference. Cheers Jason -Original Message- From: Matt [mailto:[EMAIL PROTECTED]] Sent: Friday, January 31, 2003 11:48 AM To: [EMAIL PROTECTED] Subject: [PHP-DB] login script Anyone have any suggestions on how to go about creating a solid login script? I have a MySQL database with a field called LoggedIn that is by default NO but I want it to turn to YES when the user logs in, and I want it to turn back to NO when the user either logs out, or a certain amount of time goes by and they timeout. I was just wondering if anyone had any suggestions for me on how to go about this process. Thanks a lot. Matt -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] login script
Hi, is like this, i will try to explain my self. I have a sendmail in GNU/linux, and a radiator GNU/Linux with Mysql. I have to give a diferente user for de dialup login and the sendmail, cause i can't or i dont know a way to change the user and pass for the user in the two servers. Like this, the user to make a dialup conection has a user and a pass and for the sendmail has another, and, if there is any changes, when the user changes de user or pass from one can't at the same time change the user/pass from the other. can someone help me Cumprimentos Bruno Pereira [EMAIL PROTECTED] -Original Message- From: SELPH,JASON (HP-Richardson,ex1) [mailto:[EMAIL PROTECTED]] Sent: sexta-feira, 31 de Janeiro de 2003 17:52 To: Matt; [EMAIL PROTECTED] Subject: RE: [PHP-DB] login script try: http://www.hotscripts.com/PHP/Scripts_and_Programs/User_Authentication/ there are loads of pre done scripts you can reference. Cheers Jason -Original Message- From: Matt [mailto:[EMAIL PROTECTED]] Sent: Friday, January 31, 2003 11:48 AM To: [EMAIL PROTECTED] Subject: [PHP-DB] login script Anyone have any suggestions on how to go about creating a solid login script? I have a MySQL database with a field called LoggedIn that is by default NO but I want it to turn to YES when the user logs in, and I want it to turn back to NO when the user either logs out, or a certain amount of time goes by and they timeout. I was just wondering if anyone had any suggestions for me on how to go about this process. Thanks a lot. Matt -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] login won't log in, HELP
On Tuesday 17 December 2002 14:42, David wrote: Hello, I am pretty new to PHP and I am trying to create a admin login page so my client can view thier product line and orders. I have MySQL set-up properly and have data in it and I am able to view information from the db with no problem. I do all my testing on my local machine before I blast it to the main web server. I am using 2000XP Pro, Apache/1.3.23 (Win32) and PHP Ver. 4.2.3. The main webserver is a Unix system. The problem I am having is I created a login.php and a include page called admin.inc.php. I tried to log-in but the login.php reloads and the login fields are blank. It should go to the admin.php or give me some type of error. I get no errors message. I was getting errors earlier but I forgot to put a ; on one line. If you've set error reporting to maximum (error_reporting = E_ALL) and you're still not getting any errors then it must be some faulty logic in your code. I going to copy my login.php and admin.inc.php code hoping that someone could help my and point out what am I over looking. I put a #pound sign in front of the code, I hope this is ok. Rather than debug your code for you, here are a couple of pointers: 1) Bypass the login page, hardcode the login details and see whether that gets you logged in. 2) Use print_r() on your major variables in strategic places in your code to see what's happening to them as they pass through your code. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* Wish not to seem, but to be, the best. -- Aeschylus */ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] login won't log in, HELP
Thank You Jason for replying back.
I am still new to this and sometimes it is hard to ask question because I
don't know all the terms or how to word my problem.
Ok I switch my php.ini to error reporting to maximum (error_reporting =
E_ALL) and write off the bat I got this error message.
Notice: Undefined index: Submit in c:\program files\apache
group\apache\htdocs\sunwestsilver\admin\tmp3hdt979rwz.php on line 5
My code at that line is:
#// This section is only run when the form has been submitted
#if($HTTP_POST_VARS['Submit']=='Login') (This is line 5)
# {
#session_start();
#// Check whether the login details are correct, and put
# // the user status into a session variable.
# $statusCheck = check_login($HTTP_POST_VARS);
# if ($statusCheck == Admin || $statusCheck == Staff)
# {
# session_register(statusCheck);
# header(Location: menu.php);
# }
# }
Rather than debug your code for you, here are a couple of pointers:
1) Bypass the login page, hardcode the login details and see whether that
gets
you logged in.
This make sense. I will try this. I got the code from Dreamweaver MX: PHP
web Dev book and I double checked to make sure everything was type right,
I good. I can't write code out right from the head yet. Remember I still
new to this and I am learning by reading code and try to visualize what is
going on and now learning to troubleshoot. ;-)
2) Use print_r() on your major variables in strategic places in your code
to
see what's happening to them as they pass through your code.
Thx I will try this. It will be my first time using it.
ThX for your help. Could you help me with my error or see if this was
written it wrong.
ThX Jason
David
Jason Wong [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
On Tuesday 17 December 2002 14:42, David wrote:
Hello,
I am pretty new to PHP and I am trying to create a admin login page so
my
client can view thier product line and orders. I have MySQL set-up
properly and have data in it and I am able to view information from the
db
with no problem. I do all my testing on my local machine before I blast
it
to the main web server. I am using 2000XP Pro, Apache/1.3.23 (Win32)
and
PHP Ver. 4.2.3. The main webserver is a Unix system.
The problem I am having is I created a login.php and a include page
called
admin.inc.php. I tried to log-in but the login.php reloads and the
login
fields are blank. It should go to the admin.php or give me some type of
error. I get no errors message. I was getting errors earlier but I
forgot
to put a ; on one line.
If you've set error reporting to maximum (error_reporting = E_ALL) and
you're still not getting any errors then it must be some faulty logic in
your
code.
I going to copy my login.php and admin.inc.php code hoping that someone
could help my and point out what am I over looking. I put a #pound sign
in
front of the code, I hope this is ok.
Rather than debug your code for you, here are a couple of pointers:
1) Bypass the login page, hardcode the login details and see whether that
gets
you logged in.
2) Use print_r() on your major variables in strategic places in your code
to
see what's happening to them as they pass through your code.
--
Jason Wong - Gremlins Associates - www.gremlins.biz
Open Source Software Systems Integrators
* Web Design Hosting * Internet Intranet Applications Development *
/*
Wish not to seem, but to be, the best.
-- Aeschylus
*/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] login won't log in, HELP
Hello,
I am pretty new to PHP and I am trying to create a admin login page so my
client can view thier product line and orders. I have MySQL set-up properly
and have data in it and I am able to view information from the db with no
problem. I do all my testing on my local machine before I blast it to the
main web server. I am using 2000XP Pro, Apache/1.3.23 (Win32) and PHP Ver.
4.2.3. The main webserver is a Unix system.
The problem I am having is I created a login.php and a include page called
admin.inc.php. I tried to log-in but the login.php reloads and the login
fields are blank. It should go to the admin.php or give me some type of
error. I get no errors message. I was getting errors earlier but I forgot
to put a ; on one line.
I going to copy my login.php and admin.inc.php code hoping that someone
could help my and point out what am I over looking. I put a #pound sign in
front of the code, I hope this is ok.
LOGIN CODE
#?php include(../classes/admin.inc.php); ?
#?php
#
# // Main Code - Verifies the form data, and inserts into
# // the users table in the Database
# if($HTTP_POST_VARS['Submit']=='Create User'){
# $error = verify_data($HTTP_POST_VARS);
# if ($error == )
# $success = User inserted successfully;
# }
#?
#?php
#function verify_data($formdata) {
# // This function uses the functions in the include file,
# // and uses them to validate various aspects of the form.
# // If validation fails, it returns $error, the appropriate error message
# // If validation suceeds, return true
# $error = ;
# $form_data = trim_data($formdata);
# $user = $form_data['username'];
#
# // check all form fields are filled in
# if (!check_form($form_data)) {
# $error=All Form Fields must be filled in;
# return($error); }
#
# // check password and confirmation password match
# if (!confirm_password($form_data, 'password', 'confirmpassword')) {
# $error = Password and Confirm Password do not match;
# return($error); }
#
# // check length of password
# if (!check_password_length($form_data, 'password', 6)) {
# $error = Password should be 6 characters or more;
# return($error); }
#
# // check that username is unique
# $check = check_unique($user, 'sunwestsilver', 'localhost' , 'blade',
'123456', 'access_level', 'username');
# if ($check != true) {
# $error = Username is already in user, select another;
# return($error); }
#
# // if validated successfully, insert data into table
# $insert_check = insert_data($formdata);
#
# // if error with insertion, return error
# if ($insert_check != true)
# return($insert_check);
#
# // form validated and record inserted successfully
# return();
#}
#
#function insert_data($formdata) {
# // Insert Data into users table
# // $formdata = form array
#
# // setup database connection variables, insert as correct for your server
# $error = ;
# $myhost = localhost;
# $myuser = blade;
# $mypass = 123456;
# $mydb = sunwestsilver;
#
# // setup data to insert
# $firstName = $formdata['firstName'];
# $lastName = $formdata['lastName'];
# $username = $formdata['username'];
# $password = $formdata['password'];
# $status = $formdata['status'];
#
# // encrypt the password using the key 123456
# $password = crypt($password,123456);
#
# // connect to mySQL server
# $mysql = mysql_connect($myhost, $myuser, $mypass);
# if (!$mysql) {
# $error = Cannot connect to mySQL server;
# return($error);
# }
# // Connect to Database
# $mysqldb = mysql_select_db($mydb, $mysql);
# if (!$mysqldb) {
# $error = Cannot open Database;
# return($error);
# }
# // Insert Data
# $myquery = INSERT INTO access_level ( firstName, lastName, username,
password, status) VALUES ('$firstName', '$lastName', '$username',
'$password', #'$status');
# $result = mysql_query($myquery, $mysql);
# if (!$result) {
#$error = Cannot run Query;
#return $error;
#}
#// Return True if record written successfully
#return(true);
#}
#?
INCLUDE ADMIN.INC CODE (admin.inc.php)
#?php
##
## admin.inc.php include file ##
##
#function trim_data($formdata)
#{
# // Trim any leading or trailing spaces
# // $formdata = Form Data Array
# foreach($formdata as $key = $value)
#{
# $key = trim($key);
# $value = trim($value);
#}
# return $formdata;
#}
#
#function check_form($formdata)
#{
# // Check all fields are filled in
# // $formdata = Form Data Array
# foreach ($formdata as $key = $value)
# {
# if (!isset($key) || $value == )
# return false;
# }
# return true;
#}
#
#function check_password_length($formdata, $password, $minlen)
#{
# // Check that password is required length
# // $formdata = Form Data Array
# // $password = Name of password field
# // $minlen = Minimum number of password characters
# if (strlen($formdata[$password]) $minlen)
#return false;
# else
# return true;
#}
#
#function confirm_password($formdata, $password1, $password2)
#{
# // Check that two passwords given match
# // $formdata = Form Data
[PHP-DB] login won't work for Internet Explorer
Hi there, I am experiencing a peculiar problem. I have recently moved a PHP / MySQL driven website I have been developing from my linux box on to a live host. Everything seemed to go smoothly apart from one peculiar problem. When I access the site using Internet Explorer (so far I have tried 5.0 and 5.5), I am unable to log into the members' section of the site. Instead I receive the following error: Warning: Unable to jump to row 0 on MySQL result index 2 in [pathdir]/member_login_check.php on line 12 Warning: Unable to jump to row 0 on MySQL result index 2 in [pathdir]/member_login_check.php on line 13 Warning: Unable to jump to row 0 on MySQL result index 2 in [pathdir]/member_login_check.php on line 14 The peculiarity is that when I log in using Mozilla, I have no problem. Why should the choice of browser have any effect on a set of processes which are all server-side? Or am I completely wrong about that? All suggestions and help appreciated. Thanks, Ben -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] login won't work for Internet Explorer
View the source in mozilla, it might just be suppressing the output for whatever reason. Adam On Wed, 28 Aug 2002 [EMAIL PROTECTED] wrote: Hi there, I am experiencing a peculiar problem. I have recently moved a PHP / MySQL driven website I have been developing from my linux box on to a live host. Everything seemed to go smoothly apart from one peculiar problem. When I access the site using Internet Explorer (so far I have tried 5.0 and 5.5), I am unable to log into the members' section of the site. Instead I receive the following error: Warning: Unable to jump to row 0 on MySQL result index 2 in [pathdir]/member_login_check.php on line 12 Warning: Unable to jump to row 0 on MySQL result index 2 in [pathdir]/member_login_check.php on line 13 Warning: Unable to jump to row 0 on MySQL result index 2 in [pathdir]/member_login_check.php on line 14 The peculiarity is that when I log in using Mozilla, I have no problem. Why should the choice of browser have any effect on a set of processes which are all server-side? Or am I completely wrong about that? All suggestions and help appreciated. Thanks, Ben -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] login problem wasn't solved
i have sell.php page which requires loggin so i put in it:
?
session_start();
if(!(session_is_registered(valusername)))
{
$page=$PHP_SELF;
session_register(page);
header(Location:http://$HTTP_HOST/auction/login.php;);
exit();
}
?
then in login.php i have;
$sql = SELECT * FROM registration WHERE username = '$username' and
password='$password';
$result = mysql_query($sql,$conn);
if(mysql_num_rows($result) 0)
{
$row = mysql_fetch_array($result);
$valusername=$row[username];
session_register(valusername);
mysql_close($conn);
if(session_is_registered(page))
{
header(location:http://$HTTP_HOST/.$page);
session_unregister(page);
}
else
header(location:http://$HTTP_HOST/auction/index.php;);
exit();
}
else
{
echo p align='center'font face='Comic Sans MS' size='6'
color='#FF'Sorry!!/font/p
p align='center'font color='#80' size='4'You entered either a wrong username or
password.bra href='login.php'try again/a/font/p;
}
and yes it goes to sell.php page but the url is:
http://localhost//php/php.exe/auction/seller/sell.php
and i tried instead:
if(session_is_registered(page))
{
header(location:http://$HTTP_HOST/.$$HTTP_REFERRER);
session_unregister(page);
}
but it goes to
http://localhost
anyhelp?
Rehab M.Shouman
-
Express yourself with a super cool email address from BigMailBox.com.
Hundreds of choices. It's free!
http://www.bigmailbox.com
-
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] login
there is a page that when user go to need to be looged in,so it automaticaly go back with him to loggin page but after login i want him to go back to the page he was in.how? using history()? and how. thanks guys Rehab M.Shouman - Express yourself with a super cool email address from BigMailBox.com. Hundreds of choices. It's free! http://www.bigmailbox.com - -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] login
try header(Location : http://the.page.where.you.want.to.return ); (search in phpmanual) its me a écrit : there is a page that when user go to need to be looged in,so it automaticaly go back with him to loggin page but after login i want him to go back to the page he was in.how? using history()? and how. thanks guys Rehab M.Shouman - Express yourself with a super cool email address from BigMailBox.com. Hundreds of choices. It's free! http://www.bigmailbox.com - -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Marius Ursache (3563 || 3494) \|/ \|/ '/ ,. \` /_| \__/ |_\ \__U_/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Login Script please?
I have a server that doesn't allow external connections. They say its to protect the data for me and my customers (even though I don't actually have any). Anyway, I've tried everything, and I'm going to start learning PHP later this year, but I'm in a hurry here: I've configured my database with PHPmyAdmin, and I've got UltraDev 4 with PHAkt. Not forgetting all the other stuff I downloaded, like mySQL MAX 4.0 and OmniCron HTTPd Pro. I've got a connection set-up with all the correct details by just entering the connection details in PHAkt connection settings, and I've made the System DSN. But when I click test or try to define a log-in server behaviour (where it then tries to connect and aquire a list of tables and fields) It comes up with an unknown host message. I contaced my host and they said its because they don't allow external connections. So does anyone have a solution? Or should I just modify a working PHP Log-in page and replace it with my values and variables? Thanks W3bDev£ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Login Script please?
If they don't allow external connections then you won't be able to connect directly from UltraDev, only from uploaded scripts. Learn php, write them and run them! Alternatively switch to a host which allows external connections? No quick answers. Peter -Original Message- From: W3bDevil [mailto:[EMAIL PROTECTED]] Sent: 11 November 2001 10:52 To: [EMAIL PROTECTED] Subject: [PHP-DB] Login Script please? I have a server that doesn't allow external connections. They say its to protect the data for me and my customers (even though I don't actually have any). Anyway, I've tried everything, and I'm going to start learning PHP later this year, but I'm in a hurry here: I've configured my database with PHPmyAdmin, and I've got UltraDev 4 with PHAkt. Not forgetting all the other stuff I downloaded, like mySQL MAX 4.0 and OmniCron HTTPd Pro. I've got a connection set-up with all the correct details by just entering the connection details in PHAkt connection settings, and I've made the System DSN. But when I click test or try to define a log-in server behaviour (where it then tries to connect and aquire a list of tables and fields) It comes up with an unknown host message. I contaced my host and they said its because they don't allow external connections. So does anyone have a solution? Or should I just modify a working PHP Log-in page and replace it with my values and variables? Thanks W3bDev£ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] Login Help
Hello all,
I seem to be missing something with my login script,
I have a couple of issues:
1) When you do not enter any informaton, it will say:
Please fill out all fields to proceed.
There seems to be a problem with the database.
Now, if i hit enter again it will say:
Please fill out all fields to proceed.
Sorry, username is already taken, please choose another.
There seems to be a problem with the database.
and if you enter information into all hte fields it will give you what it is
suppose to:
Thank you for registering, You may go here to login link here
What am I missing? if you find any other bugs, please let me know
Thanks for any help.
Kevin
Here is my code:
htmlhead
titleRegister/title/head
body
form method=post action=? echo $PHP_SELF; ?
table cellpadding=2 cellspacing=0 border=0
tdUsername:/tdtdinput type=text name=username size=10/tdtr
tdPassword:/tdtdinput type=password name=password
size=10/tdtr
tdEmail:/tdtdinput type=text name=email size=15/tdtr
td /tdtdinput type=submit name=submit value=register/td
/table/form
/body
/html
?php
include'dbcon.inc';
if(isset($submit)) {
dbConnect('login');
// Make sure all fields are filled out
if ($username== or $password== or $email==) {
echo(Please fill out all fields to proceed.br);
}
// Make sure there is not the same name in the database
$query = SELECT COUNT(*) FROM user WHERE name = '$username';
$result = mysql_query($query);
if (!$result) {
echo(There seems to be a problem with the database.br);
}
if (mysql_result($result,0,0)0) {
echo(Sorry, username is already taken, please choose another.br);
}
//Insert info into databse
$query2=INSERT INTO user (name, password, email) VALUES ('$username',
'$password', '$email');
$result2 = mysql_query($query2);
if (!$result2) {
echo(There seems to be a problem with the database.br);
} else {
echo'Thank you for registering, You may go here to login link here';
}
}
?
[PHP-DB] login twice
Hello php-db, anyone knows how to avoid user to login twice in different computer ? for exam : User A login using computer D, and then A go to computer E and A login again. how to restrict A to login using computer E when he have another session in computer D ? ,,, (@-@) +==---o00(_)00o-==+ It is better to be defeated on principle than to win on lies. --Arthur Calwell -- Best regards, andRie -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] login twice
could you set up a STATUS field to hold 0 for not logged in and 1 for logged in? Then Login script would update the STATUS field. likewise the logoff would as well. [You would need a way to timeout a user as well]. I am sure this is not the best way, but seems simple. -Original Message- From: andRie Is [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 05, 2001 9:13 AM To: [EMAIL PROTECTED] Subject: [PHP-DB] login twice Hello php-db, anyone knows how to avoid user to login twice in different computer ? for exam : User A login using computer D, and then A go to computer E and A login again. how to restrict A to login using computer E when he have another session in computer D ? ,,, (@-@) +==---o00(_)00o-==+ It is better to be defeated on principle than to win on lies. --Arthur Calwell -- Best regards, andRie -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Login System with access levels
At 02:00 PM 3/16/2001 -0600, you wrote:
First, I would NOT store passwords in a database. Rather, I'd store a hash
based upon the password and username. Storing a password is dangerous as
regards security.
Just to be a little picky and *not* to start an argument (discussion yes),
this really depends on the application don't you think? If you are not
using a secure web server and you are not doing anything particularly
sensitive, I do not see a problem with plain text passwords. Hashing them
means you have to come up with alternative system for dealing with lost
passwords which is probably just as likely to be a problem as having plain
text passwords in the first place. If you are not using a secure server
you are still transmitting plain text values over the net so at best this
seems a false sense of security.
If this is an e-commerce setup then I agree, go for the "hash" but if it is
just a little community site or something, is the loss of usability (i.e.
easy password recovery) worth the hassle for users and admins? I have been
wrestling with this a lot lately and am still not convinced that for a
simple application this is justified. Can you suggest a reason why I should
rethink this?
Finally, as far as a query:
SELECT * FROM mytable WHERE access = $level;
Now this is just nitpicking but the above query could lead someone to
create a security problem (since that is what we are concerned about
here). I think a better example would be something like:
$query=sprintf("SELECT table.cola,table.colb,table.colc FROM mytable WHERE
access = %d",$level);
This way, nothing can be slipped into the query via "$level".
Cheers
-
Island Net AMT Solutions Group Inc. Telephone: 250 383-0096
1412 Quadra Toll Free:1 800 331-3055
Victoria, B.C. Fax:250 383-6698
V8W 2L1 E-Mail:[EMAIL PROTECTED]
Canada WWW: http://www.islandnet.com/
-
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] Re: [PHP] RE: [PHP-DB] Login System with access levels
Just a note...you can hash the password in the database. Rick Emery wrote: First, I would NOT store passwords in a database. Rather, I'd store a hash based upon the password and username. Storing a password is dangerous as regards security. Second, if you're asking for syntax on how to add the security level column: ALTER TABLE mytable ADD access tinyint unsigned not null default "0"; This will allow you to assigned security levels from 0 to 255. You would set 0 as the lowest level and 255 (admin) as the highest. While you're at it, add the has security hash entry (discussed above): ALTER TABLE mytable ADD md5hash char(32) not null default ""; Hashes are always 32 characters. Finally, as far as a query: SELECT * FROM mytable WHERE access = $level; This will permit the searcher to locate anything whereby the level is at $level or lower. -Original Message- From: Jordan Elver [mailto:[EMAIL PROTECTED]] Sent: Friday, March 16, 2001 1:28 PM To: PHP General Mailing List; PHP DB Mailing List Subject: [PHP-DB] Login System with access levels Hi, I've got a db with a username and password in it. I can let people log in, like SELECT * FROM table WHERE username = username AND password = password. But how can I add an access level column so that I can have different levels of security. So admin's can read everything, but users can only read certain sections. How could I add to my db and structure a query? Any ideas would be good, Cheers, Jord -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- ___ Jack Sasportas Innovative Internet Solutions Phone 305.665.2500 Fax 305.665.2551 www.innovativeinternet.com www.web56.net -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Login System with access levels
First, I would NOT store passwords in a database. Rather, I'd store a hash based upon the password and username. Storing a password is dangerous as regards security. Second, if you're asking for syntax on how to add the security level column: ALTER TABLE mytable ADD access tinyint unsigned not null default "0"; This will allow you to assigned security levels from 0 to 255. You would set 0 as the lowest level and 255 (admin) as the highest. While you're at it, add the has security hash entry (discussed above): ALTER TABLE mytable ADD md5hash char(32) not null default ""; Hashes are always 32 characters. Finally, as far as a query: SELECT * FROM mytable WHERE access = $level; This will permit the searcher to locate anything whereby the level is at $level or lower. -Original Message- From: Jordan Elver [mailto:[EMAIL PROTECTED]] Sent: Friday, March 16, 2001 1:28 PM To: PHP General Mailing List; PHP DB Mailing List Subject: [PHP-DB] Login System with access levels Hi, I've got a db with a username and password in it. I can let people log in, like SELECT * FROM table WHERE username = username AND password = password. But how can I add an access level column so that I can have different levels of security. So admin's can read everything, but users can only read certain sections. How could I add to my db and structure a query? Any ideas would be good, Cheers, Jord -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
