i have been for ages trying to get a login script wokring but i cant seem to please can someone make/help me get a v.simple script this is all it needs to do.....


i have one file with lots of action=blahs in it all i need is a header file that checks a session whihc i need to make if the person is logged in, if they are not then they are taken to index.php?action=login, they can click register if they need also, i need to check the login stuff against the following mysql table........


id mediumint(9) auto_increment
username text
dusername text
password text
email text
msn text
yim text
aim text
icq text
age text
sig text
rank text
posts text
avatarurl text
mood text
warninglevel text

please can sombody help,

thanks a bunch, Luke

Did this not help you, then? http://forums.webdeveloper.com/showthread.php?s=&threadid=24192#post125897

Originally posted by pyro
Did this not help you, then? http://forums.webdeveloper.com/showthread.php?s=&threadid=24192#post125897


ah i thought that thread was deleted i searched and didnt find it looked at my posts and couldnt find it and looked throught 15-20 pages for it :D thanks PYRO! wo0t! hope it works :)

ah have a question on the authenticated and auth pages, now since i have a index.php?action=login where do i include the session check of auth? in the If action== or the header of the whole page?

i got it wokring but it doesnt seem to register me as a member when i click login?

here are the relative bits:



# top of index.php

$action = $_GET['action'];
if($action == "") {
} else if($action == "login") {
} else if($action == "register") {
} else if($action == "register2") {
} else {
require "auth.php";
}


# login page....

<?PHP

if (isset($_POST['submit'])) {
$sqluser = "shoutbox_admin";
$sqlpass = "admin";
mysql_connect("localhost", $username, $password);
mysql_select_db("shoutbox_000");

if (ini_get("magic_quotes_gpc")) {
$username = $_POST['username'];
$password = $_POST['password'];
}
else {
$username = addslashes($_POST['username']); # disallow users to execute SQL
$password = addslashes($_POST['password']); # disallow users to execute SQL
}

$sql = "SELECT * FROM `members` WHERE `username` = '$username'";
$results = mysql_query($sql);
$data = mysql_fetch_array($results);

if (mysql_num_rows($results) > 0) { # if a username was found
if ($data['password'] == $password) { # if password is correct
session_start();
$_SESSION['auth'] = true;
$_SESSION['user'] = $username;
header("Location:index.php");
}
else {
$msg = "Incorrect password";
}
}
else {
$msg = "Incorrect username.";
}
}
?>
<?PHP
if (isset($msg)) {
echo "<p>$msg</p>";
}
?>
<form action="<?PHP echo $_SERVER['PHP_SELF']; ?>" method="post">
<p><input type="text" name="username"><br>
<input type="password" name="password"><br>
<input type="submit" name="submit" value="Login"></p>
</form>







whats wrong with it?

sorry about the double post here is my auth.php






<?PHP
session_start();
if (!isset($_SESSION['auth'])) {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Access Denied</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<p>You must be <a href="index.php?action=login">logged in</a> to view this page.</p>
</body>
</html>
<?PHP
exit();
}
?>





and my header stuff in my last post is in <?php ?>

No, I didn't write any code to allow registration. The version I posted is incredibly basic, and simply checks against the database. You'd have to write your own registration function.

Originally posted by pyro
No, I didn't write any code to allow registration. The version I posted is incredibly basic, and simply checks against the database. You'd have to write your own registration function.


ah didnt mean registration, i meant login, it does allow me i created a row in the table and still nothing i believe it could be the login bit?

Did you add a username and password (password must be in MD5 format) to the database?