PHP Login

Jack Franklin · #1 (**permalink**) Oct 7th, 2007, 13:54

Hey all. Following this tutorial:
http://www.phpeasystep.com/workshopview.php?id=6

1. Am I using PHP 4 or PHP 5? How can I find out?
2. Try going here: http://www.jackfranklin.co.uk/PHP%20...main_login.php
and use the username john and the password 1234.

I get lots of errors! The code for the check_login.php is:

PHP: Select all


<?php
$host="localhost"; // Host name 
$username="jackfran_admin"; // Mysql username 
$password="<my password>"; // Mysql password 
$db_name="jackfran_webdatabase"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

And the page with the form looks like this:

Code: Select all

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>

Any help welcome

Thanks

Jack

alexgeek · #2 (**permalink**) Oct 7th, 2007, 15:51

What are the errors mate? They can help a lot in the debugging process.

c010depunkk · #3 (**permalink**) Oct 7th, 2007, 16:03

There are no errors in the PHP script. HTML is also OK. Check the SQL login data....

Otherwise I can't see any problems.

Jack Franklin · #4 (**permalink**) Oct 7th, 2007, 16:26

The warnings I get are:

Warning: session_register() [function.session-register]: Cannot send session cookie - headers already sent by (output started at /home/jackfran/public_html/PHP Stuff/PHPLogin/checklogin.php:9) in /home/jackfran/public_html/PHP Stuff/PHPLogin/checklogin.php on line 35

Warning: session_register() [function.session-register]: Cannot send session cache limiter - headers already sent (output started at /home/jackfran/public_html/PHP Stuff/PHPLogin/checklogin.php:9) in /home/jackfran/public_html/PHP Stuff/PHPLogin/checklogin.php on line 35

Warning: Cannot modify header information - headers already sent by (output started at /home/jackfran/public_html/PHP Stuff/PHPLogin/checklogin.php:9) in /home/jackfran/public_html/PHP Stuff/PHPLogin/checklogin.php on line 37

Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0

alexgeek · #5 (**permalink**) Oct 7th, 2007, 16:27

I'd just like to suggest filtering the input, otherwise this script is vulnerable to SQL Injection i think changing the post part to the following should work:

PHP: Select all


 $myusername=addlashes(htmlentities($_POST['myusername']));  $mypassword=addlashes(htmlentities($_POST['mypassword']));

c010depunkk · #6 (**permalink**) Oct 7th, 2007, 18:24

OK, I got it:

Your problem is here:

PHP: Select all


session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");

You can't output anything before you try to set header information or start a session.

simonb · #7 (**permalink**) Oct 8th, 2007, 06:33

Would it next

PHP: Select all


 session_start()

At the Top

Jack Franklin · #8 (**permalink**) Oct 8th, 2007, 16:14

Thanks for the help guys. What can I do to correct it? simon- I dont quite understand what you are saying?

Cheers
Jack

simonb · #9 (**permalink**) Oct 8th, 2007, 16:27

Thats how you start a session

Marc · #10 (**permalink**) Oct 8th, 2007, 16:34

I think Simon means put this in:

PHP: Select all


session_start();
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");

c010depunkk · #11 (**permalink**) Oct 8th, 2007, 17:50

OK, Let me explain in what I hope is "normal person" english:

The headers of a HTML page get sent before ANY of the content. So, if you want to set any information in the header using PHP (ex: using the header() function or the session_*() functions), you have to do it before you output anything to the page (using echo() or print() or normal HTML output). So, when you try to start a session and change the header, PHP throws an error, because the header has already been sent to the client and the server can't make any more changes.

Hope that makes at least a bit of sense, feel free to throw down some more ?'s....

Jack Franklin · #12 (**permalink**) Oct 8th, 2007, 18:51

I think I get it. So would I put the code Marc posted at the very very top of my page, before any other code? or would I move all the code before the <html....?

Thanks for the help!

Jack

c010depunkk · #13 (**permalink**) Oct 8th, 2007, 19:48

that's it! you catch on fast...

Jack Franklin · #14 (**permalink**) Oct 8th, 2007, 20:16

Great Thanks, I'll try it when I get the chance and report back...

alexgeek · #15 (**permalink**) Oct 8th, 2007, 21:18

Might I just say, it would be a lot easier to put Marc's code in file and "include()" it in every page.
That way, if you need to add or change something, you simply change one file.

simonb · #16 (**permalink**) Oct 8th, 2007, 21:20

All the php on my sites is include

Jack Franklin · #17 (**permalink**) Oct 9th, 2007, 19:25

Yay it works. Thanks. Try going to http://www.jackfranklin.co.uk/PHP%20...main_login.php
Use a username: John
password: 1234

Ok, but I now have a query. If I add another row in the table with another username and password, will it still work, or do I need to change the code? And also, how would the following work:

1. I have a page/directory/area in my site which I only want logged in users to be able to access. EG, users.php is a page only those logged in can view. How would I make it so that only logged in people could view, but if you typed in www.address.com/users.php it would not work?

Sorry for the crappy explanation, hope you understand! Thanks for the help so far guys

Jack

EDIT - I tried entering another row and it works

But I now have more: How would I create a button that would say 'Log Off' and log the user off the system?
Is there a way to make a small piece of text saying 'x users online'? I did find a tutorial but it has confused me

http://www.phpeasystep.com/phptu/9.html
I don't get that at all - where did those values in the tables come from?

Thanks
Jack

AdRock · #18 (**permalink**) Oct 9th, 2007, 21:55

Quote:

Originally Posted by jackfranklin

Yay it works. Thanks. Try going to http://www.jackfranklin.co.uk/PHP%20...main_login.php
Use a username: John
password: 1234

Ok, but I now have a query. If I add another row in the table with another username and password, will it still work, or do I need to change the code? And also, how would the following work:

If you are adding your details to the database it should work...it should work for any user. What you might want to do is have an extra field called user_level and you can give each user a level so they can only access certain parts of the site. You could have a user level of 5 which gives access to admin (if there is one) and a basic user could be 1

Quote:

Originally Posted by jackfranklin

1. I have a page/directory/area in my site which I only want logged in users to be able to access. EG, users.php is a page only those logged in can view. How would I make it so that only logged in people could view, but if you typed in www.address.com/users.php it would not work?

You would need to register a session when the user logs in and on the page where you want only logged in users to go, you check if a session has been registered and if they haven't, don't let them in other display the page.

You might want to check out this link for a membership system http://www.devarticles.com/c/a/PHP/C...ship-System/1/

alexgeek · #19 (**permalink**) Oct 9th, 2007, 21:57

To logout, put a link to "logout.php"
and have the page contain:

PHP: Select all


<?php 
session_destroy();
?>

as simple as that

You might want to add some text etc.

AdRock · #20 (**permalink**) Oct 9th, 2007, 22:01

Here is an example how you could check to see if a user is logged in

On you protected page you could put something like this. This would check to see if the user has logged in (if they have a session would have been registered) and if not it displays the login page

PHP: Select all


<?php
function is_authed_user()
{
     if (isset($_SESSION['username']))
     {
          return true;
     }
     else
     {
          return false;
     }
}
 
    if (!is_authed_user()) 
    {
 print ('You need to login to view this page, <a href="/login">click here</a> to login.');
 include('login.php');
    }
    else
    {
         //do the rest of the code
    }
?>

		Webforumz.com > Main Forums > Program Your Website > PHP Forum
PHP Login