www.webdeveloper.com
Page 2 of 2 FirstFirst 12
Results 16 to 26 of 26

Thread: PHP Login and Redirection

  1. #16
    Join Date
    Mar 2008
    Posts
    59
    can i put a .php include in a .html file, or do they both have to be .php... oh and i did get some success lol...

    I used this to login
    PHP Code:
    $link mysql_connect('localhost''USER''PWD');
    if (!
    $link) {
        die(
    'Could not connect: ' mysql_error());
    }
    echo 
    'Connected successfully'
    and it came up with - Connected successfully on my page. so thats good.(i changed UN and PWD obviously)

    so i added your code.. i got this


    PHP Code:
    <?php

    $link 
    mysql_connect('localhost''USER''PWD');
    if (!
    $link) {
        die(
    'Could not connect: ' mysql_error());
    }
    echo 
    'Connected successfully';


    $username mysql_real_escape_string($_POST['username']); 
    $password md5($_POST['password']); 
    $rs mysql_query("SELECT * FROM `users` WHERE `uname`='{$uname}' AND `pword`='{$password}'"); 
    if(
    mysql_num_rows($rs)){// one or more rows 
      
    $userInfo mysql_fetch_assoc($rs); 
      
    $_SESSION['user'] = $userInfo['userId'];// get the users ID 
      
    echo "now logged in as {$userInfo['uname']}"
    }else{
    // no rows 
      
    echo "Username or password incorrect."


    mysql_close($link);

    ?>
    and that dosn't work. I need some learner stickers /!\

  2. #17
    Join Date
    Jun 2003
    Location
    here
    Posts
    4,551
    OK, going to bed soon, but I'll be on again in a few hours.

    For now I'll say you need a form:
    HTML Code:
    <form action='?' method='post'>
    <p>Username <input type='text' name='username' value=''></p>
    <p>Password <input type='password' name='password' value=''></p>
    <p><input type='submit' value='log in'></p>
    </form>
    And add this around your code so it doesn't bother connecting to the database unless there is a username or password to test:
    PHP Code:
    if(isset($_POST['username']) && isset($_POST['password'])){
    //.....


  3. #18
    Join Date
    Mar 2008
    Posts
    59
    you deserve your sleep lol...

    It looks good, a login screen, click login and it connects to the database, just getting the second issue,

    Code:
    Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/BLA/public_html/PODs/password_protect.php on line 15
    Username or password incorrect.
    But i think this is because i have not added the first bit of code you gave me.. working on it.

    NN Mate

  4. #19
    Join Date
    Jun 2003
    Location
    here
    Posts
    4,551
    PHP Code:
    // after this:
    $rs mysql_query("SELECT * FROM `users` WHERE `uname`='{$uname}' AND `pword`='{$password}'");
    // add this:
    echo mysql_error(); 
    Just to help us find the error.

  5. #20
    Join Date
    Mar 2008
    Posts
    59
    hmm.. weird, ok it said, database was not selected, so I chose the database i wanted using this code:

    PHP Code:
    // Select Database
    $db_selected mysql_select_db('PODa'$link);
    if (!
    $db_selected) {
        die (
    'Can\'t use PODa : ' mysql_error());
    }
    echo 
    'Connected To PODa'
    Which i found and edited from another one of my pages. so now when I log in, i get the following message:

    Code:
    Connected To Database
    Can't use PODa : Access denied for user 'thegould_pod'@'localhost' to database 'PODa'
    which is weird, as pod is added as a user for database PODa, this time Im really stumped lol...

  6. #21
    Join Date
    Jun 2003
    Location
    here
    Posts
    4,551
    OK, if you can log in under the root account, and just grant all rights to that database:
    Code:
    GRANT ALL ON DATABASE.* TO 'thegould_pod'@'localhost';
    You will only need to do this once.

  7. #22
    Join Date
    Jan 2009
    Location
    Insanity
    Posts
    1,131
    Here is an idea.

    I came across a script
    PHP Code:
    <?php
    class updated_utility_1 extends utility {
    /**
    * Returns true if .htaccess and .htpasswd files generated.
    * NOTE: This function generates .htaccess and .htpasswd files to protect files or complete folder.
    * using fopen, fwrite(), crypt()
    *
    * @param $folderPathForSecureFiles; path relative to root for secure files like "mysite/secureddata",
    * $folderPathForPasswordFile; path relative to root where .htpasswd file will be stored like "mysite",
    * $secureFileNamesCommaSeperated; files to be secured use comma to seperate multiple files, leave blank if want to secure complete folder,
    * $username; username used to login into secured area,
    * $password; password used to login into secured area
    *
    * @access public
    *
    * @return creates .htaccess and .htpasswd file and if successfully created returns true
    */

        
    function am_generateHtaccessHtpasswdFile($folderPathForSecureFiles=''$folderPathForPasswordFile=''$secureFileNamesCommaSeperated=''$username$password)
        {
            if(
    $folderPathForSecureFiles!='') {
                
    $folderPathForSecureFiles ereg_replace('[/]$'''ereg_replace('^[/]'''$folderPathForSecureFiles));
                
    $folderPathForSecureFiles .= '/';
            }
            
    $htaccessFile $_SERVER['DOCUMENT_ROOT'] . '/' $folderPathForSecureFiles '.htaccess';

            if(
    $folderPathForPasswordFile!='') {
                
    $folderPathForPasswordFile ereg_replace('[/]$'''ereg_replace('^[/]'''$folderPathForPasswordFile));
                
    $folderPathForPasswordFile .= '/';
            }
            
    $authUserFile $_SERVER['DOCUMENT_ROOT'] . '/' $folderPathForPasswordFile '.htpasswd';
            
    $htpasswdFile $authUserFile;

            
    // Generating .htaccess file
            
    $fh_acc fopen($htaccessFile'w+');
            if(
    $fh_acc){
                
    fwrite($fh_acc,'AuthName "Restricted Area"\r\n');
                
    fwrite($fh_acc,'AuthType Basic\r\n');
                
    fwrite($fh_acc,"AuthUserFile $htpasswdFile\r\n");
                
    fwrite($fh_acc,'AuthGroupFile /dev/null\r\n');
                if(
    $secureFileNamesCommaSeperated!='') {
                    
    $filesArr split(",",$secureFileNamesCommaSeperated);
                    foreach (
    $filesArr As $val) {
                        
    fwrite($fh_acc,"\r\n");
                        
    fwrite($fh_acc,'require valid-user\r\n');
                        
    fwrite($fh_acc,'\r\n');
                    }
                } else {
                    
    fwrite($fh_acc,'require valid-user\r\n');
                }
                
    fclose($fh_acc);
            }
        
    // Generating .htaccess file ends

        // Generating .htpasswd file
        
    $fh_pwd fopen($htpasswdFile'w+');
        if(
    $fh_pwd){
            
    $encPassword crypt($password);
            
    fwrite($fh_pwd"$username:$encPassword\r\n");
            
    fclose($fh_pwd);
        }
        
    // Generating .htpasswd file ends
        
        
    return true;

        } 
    // end func am_generateHtaccessHtpasswdFile
    // End of Class 
    ?>
    If you have a server that can use .htaccess then it is very likely that the .htpasswd and .htgroups will also be supported.

    This means that you can use a simple php script to add a set of login credentials in the .htpasswd and groups files and have the server provide that level of security for you.

    The password protected folder would only allow the authorised users and the authetication infomation provided to the server will be available in PHP variables which you can use to test if needed.

    This means that you can relax a bit on providing secure login pages as this task is now in the hands of the server.

  8. #23
    Join Date
    Mar 2008
    Posts
    59
    Thanx JunkMale for your idea, I had thought of something like that, however, I have to add 10,000 users to the database, which are already in a spread sheet, so I can just transfer them across.

    But in your example, I would need to individually create a folder username and password for each of themů lol I think id die hehe.

  9. #24
    Join Date
    Mar 2008
    Posts
    59
    Hi scragar

    I typed this in

    Code:
    GRANT ALL ON thegould_DATABASE.* TO 'thegould_pod'@'localhost';
    and got this message

    Code:
    #1044 - Access denied for user 'thegould'@'localhost' to database 'thegould_PODa'
    Does this mean I dont have access to change the user privliges on the MySQL?

  10. #25
    Join Date
    Jun 2003
    Location
    here
    Posts
    4,551
    Quote Originally Posted by Kirtangl View Post
    Hi scragar

    I typed this in

    Code:
    GRANT ALL ON thegould_DATABASE.* TO 'thegould_pod'@'localhost';
    and got this message

    Code:
    #1044 - Access denied for user 'thegould'@'localhost' to database 'thegould_PODa'
    Does this mean I dont have access to change the user privliges on the MySQL?
    You need to log in as the user 'root', that is the root account, and should have every perm imaginable.

  11. #26
    Join Date
    Mar 2008
    Posts
    59
    Hmm ok, i think im doing somthing wrong, do i need to log into SQLadmin using the root login... and if so how would i do this, cos it auto logs me in when i open it.

    sorry

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles