PHP Login and Redirection

[Kirtangl]

can i put a .php include in a .html file, or do they both have to be .php... oh and i did get some success lol...

I used this to login

PHP Code:

$link = mysql_connect('localhost', 'USER', 'PWD');
if (!$link) {
    die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully'; 


and it came up with - Connected successfully on my page. so thats good.(i changed UN and PWD obviously)

so i added your code.. i got this

PHP Code:

<?php

$link = mysql_connect('localhost', 'USER', 'PWD');
if (!$link) {
    die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';


$username = mysql_real_escape_string($_POST['username']); 
$password = md5($_POST['password']); 
$rs = mysql_query("SELECT * FROM `users` WHERE `uname`='{$uname}' AND `pword`='{$password}'"); 
if(mysql_num_rows($rs)){// one or more rows 
  $userInfo = mysql_fetch_assoc($rs); 
  $_SESSION['user'] = $userInfo['userId'];// get the users ID 
  echo "now logged in as {$userInfo['uname']}"; 
}else{// no rows 
  echo "Username or password incorrect."; 
} 

mysql_close($link);

?>

and that dosn't work. I need some learner stickers /!\

[scragar]

OK, going to bed soon, but I'll be on again in a few hours.

For now I'll say you need a form:

HTML Code:

<form action='?' method='post'>
<p>Username <input type='text' name='username' value=''></p>
<p>Password <input type='password' name='password' value=''></p>
<p><input type='submit' value='log in'></p>
</form>

And add this around your code so it doesn't bother connecting to the database unless there is a username or password to test:

PHP Code:

if(isset($_POST['username']) && isset($_POST['password'])){
//.....
} 


[Kirtangl]

you deserve your sleep lol...

It looks good, a login screen, click login and it connects to the database, just getting the second issue,

Code:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/BLA/public_html/PODs/password_protect.php on line 15
Username or password incorrect.

But i think this is because i have not added the first bit of code you gave me.. working on it.

NN Mate

[scragar]

PHP Code:

// after this:
$rs = mysql_query("SELECT * FROM `users` WHERE `uname`='{$uname}' AND `pword`='{$password}'");
// add this:
echo mysql_error(); 


Just to help us find the error.

[Kirtangl]

hmm.. weird, ok it said, database was not selected, so I chose the database i wanted using this code:

PHP Code:

// Select Database
$db_selected = mysql_select_db('PODa', $link);
if (!$db_selected) {
    die ('Can\'t use PODa : ' . mysql_error());
}
echo 'Connected To PODa'; 


Which i found and edited from another one of my pages. so now when I log in, i get the following message:

Code:

Connected To Database
Can't use PODa : Access denied for user 'thegould_pod'@'localhost' to database 'PODa'

which is weird, as pod is added as a user for database PODa, this time Im really stumped lol...

[scragar]

OK, if you can log in under the root account, and just grant all rights to that database:

Code:

GRANT ALL ON DATABASE.* TO 'thegould_pod'@'localhost';

You will only need to do this once.

[JunkMale]

Here is an idea.

I came across a script

PHP Code:

<?php
class updated_utility_1 extends utility {
/**
* Returns true if .htaccess and .htpasswd files generated.
* NOTE: This function generates .htaccess and .htpasswd files to protect files or complete folder.
* using fopen, fwrite(), crypt()
*
* @param $folderPathForSecureFiles; path relative to root for secure files like "mysite/secureddata",
* $folderPathForPasswordFile; path relative to root where .htpasswd file will be stored like "mysite",
* $secureFileNamesCommaSeperated; files to be secured use comma to seperate multiple files, leave blank if want to secure complete folder,
* $username; username used to login into secured area,
* $password; password used to login into secured area
*
* @access public
*
* @return creates .htaccess and .htpasswd file and if successfully created returns true
*/

    function am_generateHtaccessHtpasswdFile($folderPathForSecureFiles='', $folderPathForPasswordFile='', $secureFileNamesCommaSeperated='', $username, $password)
    {
        if($folderPathForSecureFiles!='') {
            $folderPathForSecureFiles = ereg_replace('[/]$', '', ereg_replace('^[/]', '', $folderPathForSecureFiles));
            $folderPathForSecureFiles .= '/';
        }
        $htaccessFile = $_SERVER['DOCUMENT_ROOT'] . '/' . $folderPathForSecureFiles . '.htaccess';

        if($folderPathForPasswordFile!='') {
            $folderPathForPasswordFile = ereg_replace('[/]$', '', ereg_replace('^[/]', '', $folderPathForPasswordFile));
            $folderPathForPasswordFile .= '/';
        }
        $authUserFile = $_SERVER['DOCUMENT_ROOT'] . '/' . $folderPathForPasswordFile . '.htpasswd';
        $htpasswdFile = $authUserFile;

        // Generating .htaccess file
        $fh_acc = fopen($htaccessFile, 'w+');
        if($fh_acc){
            fwrite($fh_acc,'AuthName "Restricted Area"\r\n');
            fwrite($fh_acc,'AuthType Basic\r\n');
            fwrite($fh_acc,"AuthUserFile $htpasswdFile\r\n");
            fwrite($fh_acc,'AuthGroupFile /dev/null\r\n');
            if($secureFileNamesCommaSeperated!='') {
                $filesArr = split(",",$secureFileNamesCommaSeperated);
                foreach ($filesArr As $val) {
                    fwrite($fh_acc,"\r\n");
                    fwrite($fh_acc,'require valid-user\r\n');
                    fwrite($fh_acc,'\r\n');
                }
            } else {
                fwrite($fh_acc,'require valid-user\r\n');
            }
            fclose($fh_acc);
        }
    // Generating .htaccess file ends

    // Generating .htpasswd file
    $fh_pwd = fopen($htpasswdFile, 'w+');
    if($fh_pwd){
        $encPassword = crypt($password);
        fwrite($fh_pwd, "$username:$encPassword\r\n");
        fclose($fh_pwd);
    }
    // Generating .htpasswd file ends
    
    return true;

    } // end func am_generateHtaccessHtpasswdFile
} // End of Class 
?>

If you have a server that can use .htaccess then it is very likely that the .htpasswd and .htgroups will also be supported.

This means that you can use a simple php script to add a set of login credentials in the .htpasswd and groups files and have the server provide that level of security for you.

The password protected folder would only allow the authorised users and the authetication infomation provided to the server will be available in PHP variables which you can use to test if needed.

This means that you can relax a bit on providing secure login pages as this task is now in the hands of the server.

[Kirtangl]

Thanx JunkMale for your idea, I had thought of something like that, however, I have to add 10,000 users to the database, which are already in a spread sheet, so I can just transfer them across.

But in your example, I would need to individually create a folder username and password for each of them… lol I think id die hehe.

[Kirtangl]

Hi scragar

I typed this in

Code:

GRANT ALL ON thegould_DATABASE.* TO 'thegould_pod'@'localhost';

and got this message

Code:

#1044 - Access denied for user 'thegould'@'localhost' to database 'thegould_PODa'

Does this mean I dont have access to change the user privliges on the MySQL?

[scragar]

Hi scragar

I typed this in

Code:

GRANT ALL ON thegould_DATABASE.* TO 'thegould_pod'@'localhost';

and got this message

Code:

#1044 - Access denied for user 'thegould'@'localhost' to database 'thegould_PODa'

Does this mean I dont have access to change the user privliges on the MySQL?

You need to log in as the user 'root', that is the root account, and should have every perm imaginable.

[Kirtangl]

Hmm ok, i think im doing somthing wrong, do i need to log into SQLadmin using the root login... and if so how would i do this, cos it auto logs me in when i open it.

sorry