Need a litlte help i have the pages doen but i need a way of when the person clicks the login buton it checks an sql database to see if its correct if it is it goes to the next page and sets $loggedin="yes";

how can i do that?

What part do you need help with/what code do you have so far?

i think he means he has all the pages he needs protected made but has no way of protecting them and needs a script that checks a database. so in otherwords he needs that login script u gave me forever ago except he needs it adapted for mysql.

EDIT: This Script: http://forums.webdeveloper.com/showthread.php?s=&threadid=9950&perpage=15&pagenumber=1

I was hopping he had some of it done, and wasn't just coming on looking for a complete script. If he was, yes, what I made for that thread would be a good place to start.

heya pyro, while we're on the subject of login scripts... how would one go about checking if the username supplied was at most 20 characters long? like if it was 21 characters long, it would echo "you cant login" or something.

With strlen() (http://us2.php.net/manual/en/function.strlen.php). :)

how would one slap that into an if statement?
if (strlen <= 20($username))?

if (strlen($username) > 20) {
echo "Username must be 20 characters or less.";
}

poo.

thanks for your help pyro!

No problem. :)

Originally posted by pyro
I was hopping he had some of it done, and wasn't just coming on looking for a complete script. If he was, yes, what I made for that thread would be a good place to start.


yes i had actually looked at that post before and the part I needed help with was the passwordreader.php
i need it to check a database of members :)

how would i go along to do that?

oooo MySQL database? I was actually just going to do the same thing. modify it so that it reads from a database... but i dont know where to begin! gonna go check out the functions at www.w3schools and then, if i cant find what im looking for, im going to check out the php documentation or whatever that giant list of functions is to see if i can figure out a way to do it. course if pyro tells u the answer before i find it, i'll just "borrow" the answer too :D

ok.. so far i got this. it returns an array but i've never used arrays so i dont know how to make it read the array right. but at least it makes the array.

<?PHP

mysql_connect("srry", "srry", "srry") or die("Could not connect: " . mysql_error());
mysql_select_db("srry");

$result = mysql_query("SELECT id, name FROM `Users`");
$row = mysql_fetch_array($result, MYSQL_BOTH);
$usernames = "'" . $row["name"] . "', ";
$passwords = "'" . $row["pass"] . "', ";

mysql_close();

$user = "$usernames";
$pass = "$passwords";

if $_POST['username'] == $user && $_POST['password'] == $pass) {
session_start();
$_SESSION['verified'] = true;
header ("Location:http://xaxei.subsilvernet.com/helloworld.php");
}
else
{
header ("Location:http://xaxei.subsilvernet.com");
}
?>

Alright, I decided to whip something up. It is very raw, but hopefully it'll be enough to get you guys going. I didn't even make a way to add/remove users, but it would be easy enough to do so. Make sure that any passwords you put into the DB are in their md5 format...

what is the point to having md5? because i'm afraid i can't have md5 in my database. i have to be able to see the username and password for editing.

Security. And why can you not have MD5 in your DB? :confused:

i can have it, but if i do then i wont be able to see their passwords and edit them and stuff.

That's half the idea... You probably should not be looking at their passowords anyway, and if you need to change it, you can still do so.

hmmm, well i guess u got a point...

hey pyro, i got the script to work. thanks a ton, but.. um.. what does this mean/do?

(ini_get("magic_quotes_gpc"))

trying to make this a learning experience, yano?

Yep, what that does is looks through for the stupid magic quotes, which will automatically add a \ before a ', ", or \ (and the NUL). If it is not automatically going to add the slashes, this is one of the few instances where we do want them, so, we add them, so that our script is a bit more hacker proof. I could have also used get_magic_quotes_gpc() (http://us2.php.net/get-magic-quotes-gpc), but I didn't. ;)

hey pyro, am just wondering.. how secure is this? like if someone logs in once and sees the cookie, can they fake a cookie another time to get in without having to login? (like if i changed passwords or something) reason im asking is because im making a game using this and was wondering if it was safe to transfer sessions like, $_SESSION['isanadmin'] and stuff.

Yes, that should be quite safe. The only real problem you might have with sessions (that I can think of off the top of my head) is if you do not use cookies, but pass the session through the URL. With this, I believe there are possible security implications if a user bookmarks a page, or if they were to send a link to a friend, that has the session info attached.

ok. thank you. just making sure yano. dont know much about cookies. im the if statement variable loving kinda guy.