General Programming Help
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
 
User Name:
Password:
Remember me
 



Go Back   Dev Articles Community ForumsProgrammingGeneral Programming Help

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Thread Tools Search this Thread Display Modes
 
Unread Dev Articles Community Forums Sponsor:
  #31  
Old January 19th, 2003, 09:29 PM
FrankieShakes FrankieShakes is offline
Frank The Tank!
Dev Articles Beginner (1000 - 1499 posts)
 
Join Date: Jun 2002
Location: Toronto, Canada
Posts: 1,240 FrankieShakes User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 17
Send a message via ICQ to FrankieShakes Send a message via MSN to FrankieShakes
Quote:
Originally posted by sara_lauren
Hi all!
Ok basically I'm storing the passwords in the mysql table as plain text...what can I do then?


Sara_lauren,

That's the reason you're not able to authorize any user. Because your passwords are stored as text and you're verifying using the PASSWORD() function, you will never have two identical strings. I would take ramz advice and use the PASSWORD() function for both INSERT and SELECT queries.
__________________
____________________________________________
Developer Shed Weekly Writer | DevArticles Forum Moderator
Build Your Own KlipFolio Klip With PHP
FrankManno.com - Under Construction
Design Interactive Group - Under Construction

Reply With Quote
  #32  
Old January 19th, 2003, 10:59 PM
MadCowDzz's Avatar
MadCowDzz MadCowDzz is offline
I'm Internet Famous
Dev Articles Frequenter (2500 - 2999 posts)
 
Join Date: Jan 2003
Location: Toronto, Canada
Posts: 2,886 MadCowDzz User rank is Lance Corporal (50 - 100 Reputation Level)MadCowDzz User rank is Lance Corporal (50 - 100 Reputation Level)MadCowDzz User rank is Lance Corporal (50 - 100 Reputation Level) 
Time spent in forums: 1 Week 16 h 19 m 35 sec
Reputation Power: 18
Sara_Laren,

i've noticed all the scripts you've posted include this:

$connection = @mysql_connect("localhost", "root", "") or die(mysql_error());

can i recommend not using the root account for regular access to the database? root access has a lot of privileges that the average php page probably doesn't need, and thus is a HUGE security risk.

Speaking of HUGE security risks, I'd also recommend added a password to the root account. From the sounds of it, you're not entirely confident with MySQL, to be honest I'm not either. But there's many good references to adding alternate users, and changing passwords.

How to make SQL secure against crackers:
http://www.mysql.com/doc/en/Security.html

Try this for adding new users (from the MySQL manual):
http://www.mysql.com/doc/en/Adding_users.html

My two cents.

Reply With Quote
  #33  
Old January 23rd, 2003, 07:12 AM
sara_lauren sara_lauren is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jan 2003
Location: UK
Posts: 32 sara_lauren User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
Wink

Hi all! I finished the login and it's working properly as well!
Now I just need to edit it so that when someone logs in they can go to their 'personal' page. I think I just need to put in like some sort of headers to the specific pages.I'll figure it out anyway...hehe hopefully

Thanks a lot
__________________

Reply With Quote
  #34  
Old January 23rd, 2003, 08:35 AM
vlasblom vlasblom is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Oct 2002
Location: Netherlands
Posts: 14 vlasblom User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 8 m 45 sec
Reputation Power: 0
Lightbulb

sara_lauren,

Try this:

PHP Code:
<?php
function REDIRECT(){
    global 
$REMOTE_USER// Variable, username is stored after login
                         // Could also be passed as parameter

    
switch (strtoupper($REMOTE_USER))
    {
        case 
"USER_1"
        { 
             
header("Location: user_1/index.php");
             break;
        }

        case 
"USER_2":
        {
             
header("Location: user_2/index.php");
             break;
        }

        default:
        {
            
header("Location: ../index.html");
            break;
        }
    }
}

//----------
// Put here your login functionality
//----------

// When succesfull login, call REDIRECT
REDIRECT();

?>

Please note that the usernames and pages are fictive.
A better solution would be to store the page, the user has to be directed to, in the user database as well. This realy pays off when you have to deal with a lot of users.

Good luck,

Last edited by vlasblom : January 23rd, 2003 at 08:40 AM.

Reply With Quote
  #35  
Old January 26th, 2003, 08:56 AM
nicat23's Avatar
nicat23 nicat23 is offline
Addicted to Chaos..
Dev Articles Novice (500 - 999 posts)
 
Join Date: Jan 2003
Location: Ft. Worth, TX
Posts: 650 nicat23 User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 h 48 m 34 sec
Reputation Power: 0
Send a message via AIM to nicat23 Send a message via Yahoo to nicat23
Or, you could modify the index file to dynamically regenerate itself based on the userlevel of the person logging in, and you can also put a switch statement in to generate the content based on either the login name or userid, whichever you are using

That's what I'm planning for my site, it's not up and running yet because I have basically no time right now with work and school.. but it's getting there..

Dynamic pages are alot more fun to write IMHO than static ones

And as for the headers, sara_lauren, you could build a custom header and then at the start of your page use a conditional statement depending on what page they are viewing to load that include file.. for example, some code from my site:

PHP Code:
<?
$pmethod 
$_GET['pageMethod'];
switch (
$pmethod){
case 
"mail":
    include(
'mailhead.php');
    break;
case 
"feedback":
    include(
'feedhead.php');
    break;
case default:
    include(
'incdef.php');
}
?>


Something like that at the top of your page could do the trick, it would let you set independent banners <the html code is in the include files for the banners> for each page, and give the illusion of being on different pages when they are truely on the main index page.. the pageMethod could be passed like this:

http://www.yoururl.com/?pageMethod=feedback

just another option you have

- Justin

Reply With Quote
  #36  
Old February 2nd, 2003, 07:16 PM
sara_lauren sara_lauren is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jan 2003
Location: UK
Posts: 32 sara_lauren User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
Question

Hi all!

I've decided to use cookies for the personal pages of those who login.

I've tried this code from a book and guess what?....it's not working!

Please tell me what's wrong with it:

<?php

if ($_COOKIE[auth] == "ok") {

$msg = "<P>Welcome to secret page A, authorized user!</p>";

} else {

header( "Location: http://localhost/PatientsFront.html");
exit;
}

?>

<HTML>
<HEAD>
<TITLE>Secret Page A</TITLE>
</HEAD>
<BODY>

<? echo "$msg"; ?>

</BODY>
</HTML>


This is where I set the cookie values:

if ($num != 0) {
$cookie_name ="auth";
$cookie_value ="ok";
$cookie_expire ="0";
$cookie_domain ="localhost";

setcookie($cookie_name,$cookie_value,$cookie_expir e,"/", $cookie_domain,0);

$display_block ="
<p><strong>Secret Menu:</strong></p>
<ul>
<li><a href=\"secretA.php\">secret page A</a>
<li><a href=\"secretB.php\">secret page B</a>
</ul>";
}.....


I don't know where the problem is...When I click the "secretA.php" link after being authorised it takes me back to the login page again. Are the cookie values not being recorded?

PLEASE help me out

Reply With Quote
  #37  
Old February 3rd, 2003, 04:17 AM
vlasblom vlasblom is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Oct 2002
Location: Netherlands
Posts: 14 vlasblom User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 8 m 45 sec
Reputation Power: 0
sara_lauren,

Setting 'cookies' must be done before outputting any information to the browser, like with the 'headers'.

See also http://www.php.net/manual/en/function.setcookie.php for additional information

Tip: Start this question as a new thread.

Regards,
Arjon

Reply With Quote
Reply

Viewing: Dev Articles Community ForumsProgrammingGeneral Programming Help > Login page help


Developer Shed Advertisers and Affiliates


Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 


Powered by: vBulletin Version 3.0.5
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.

© 2003-2018 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap