Whats wrong with my php login code??? - Dev Articles

PHP Development

Forums: » Register « | User CP | Games | Calendar | Members | FAQs | Sitemap | Support |

User Name:

Password:

Remember me

		Dev Articles Community Forums > Programming > PHP Development
Whats wrong with my php login code??? Discuss Whats wrong with my php login code??? in the PHP Development forum on Dev Articles. Whats wrong with my php login code??? PHP Development forum to discuss anything related to developing applications in PHP. Topics include architecture, coding standards, and debugging methods.

Reply

Add This Thread To:

Del.icio.us

Digg

Google

Spurl

Blink

Furl

Simpy

Y! MyWeb

« Previous Thread | Next Thread »

Search this Thread

Unread

Dev Articles Community Forums Sponsor:

#1

Old

August 29th, 2003, 11:52 PM

velocityX is offline

Contributing User

Dev Articles Newbie (0 - 499 posts)

Join Date: Jun 2003

Posts: 72

Time spent in forums: 11 m 36 sec
Reputation Power: 6

Whats wrong with my php login code???

whats wrong???

PHP Code:


		
			
<?php

session_start();

header("Cache-control: private");

?>

<html>

<head>

<title>

Map Login

</title>

</head>



<?php





$username = $_POST['username'];

$password = $_POST['password'];



if ($username == "" || $password == "")

{

    echo "Error: Please fill in both text fields.";

    exit;

}

else

{

$DBhost = "localhost";

$DBuser = "***";

$DBpass = "***";

$DBName = "***";





$DB = mysql_connect($DBhost,$DBuser,$DBpass) or die("Unable to connect to database");

@mysql_select_db("$DBName") or die("Unable to select database $DBName"); 



$sql = "SELECT password FROM ibf_members where name = '" . $username . "'";



$result = mysql_query($sql,$DB); 







$authorized = 0;



while ($row = mysql_fetch_array($result))

{

    if (md5($password) == $row[0])

    {

session_register('username');

session_register('sid');

session_register('ipad');

$_SESSION['username'] = $username;

$_SESSION['sid'] = session_id();

$_SESSION['ipad'] = getenv(REMOTE_ADDR);

echo hi;

    }

else



{

    session_start();

    $_SESSION = array();

    session_destroy();

}



    ?>

<?

}

?>

#2

Old

August 30th, 2003, 01:05 PM

nicat23 is offline

Addicted to Chaos..

Dev Articles Novice (500 - 999 posts)

Join Date: Jan 2003

Location: Ft. Worth, TX

Posts: 653

Time spent in forums: 1 h 48 m 34 sec
Reputation Power: 0

Send a message via Yahoo to nicat23

First off, what's it doing or not doing? are you getting errors? if so what are they and where are the occouring?

From just glimpsing at your code I found this one...

PHP Code:


		
			
@mysql_select_db("$DBName") or die("Unable to select database $DBName");

needs to be

PHP Code:


		
			
@mysql_select_db($DBName) or die("Unable to select database $DBName");

with no quotes

And one recomendation

create another php file for database information, such as maybe dbinfo.php

and have it look like this

PHP Code:


		
			
<?

$DBhost = "localhost";

$DBuser = "myuser";

$DBpass = "mypass";

$DBName = "mydb_table_name";

?>

and where you have the db host and db user information, replace all of it with

PHP Code:


		
			
include("dbinfo.php");

that way your usernames and stuff arent in your main file if they get ahold of it

And one question, why do you have

PHP Code:


		
			
 ?>

<?

}

?>

?

Couldnt you make it just like this instead?

PHP Code:

}?>

instead of closing the php tags and redoing them?

#3

Old

August 30th, 2003, 02:34 PM

velocityX is offline

Contributing User

Dev Articles Newbie (0 - 499 posts)

Join Date: Jun 2003

Posts: 72

Time spent in forums: 11 m 36 sec
Reputation Power: 6

I have no idea...

Stick Out Tongue

, I'm new to PHP but I can only do limited of things. This is one of the scripts my last PHP coder did and I'm trying to edit it so the login will post to self if i use require once on my page.

#4

Old

August 30th, 2003, 02:57 PM

velocityX is offline

Contributing User

Dev Articles Newbie (0 - 499 posts)

Join Date: Jun 2003

Posts: 72

Time spent in forums: 11 m 36 sec
Reputation Power: 6

Ok I done your way and I modified it alittle too, My code is now,

PHP Code:


		
			
<html>

<head>

<title>

Map Login

</title>

</head>



<?php



include("dbinfo.php");



$username = $_POST['username'];

$password = $_POST['password'];



$DB = mysql_connect($DBhost,$DBuser,$DBpass) or die("Unable to connect to database");

@mysql_select_db($DBName) or die("Unable to select database $DBName");



$sql = "SELECT password FROM ibf_members where name = '" . $username . "'";



$result = mysql_query($sql,$DB); 







$authorized = 0;



while ($row = mysql_fetch_array($result))

{

    if (md5($password) == $row[0])

    {

    session_set_cookie_params(time()+7200);

    session_register('username');

    session_register('sid');

    session_register('ipad');

    $_SESSION['username'] = $username;

    $_SESSION['sid'] = session_id();

    $_SESSION['ipad'] = getenv(REMOTE_ADDR);

    echo hi;

    }

else



{

    session_start();

    $_SESSION = array();

    session_destroy();

    echo "too bad";

}

    }

?>

I want to make it post to $php_self. I tried to require it on a page and I get problems. Can you tell me how I can fix the problem?

#5

Old

August 30th, 2003, 05:58 PM

nicat23 is offline

Addicted to Chaos..

Dev Articles Novice (500 - 999 posts)

Join Date: Jan 2003

Location: Ft. Worth, TX

Posts: 653

Time spent in forums: 1 h 48 m 34 sec
Reputation Power: 0

Send a message via Yahoo to nicat23

You'll need to post what you have for me to be able to see it...

#6

Old

August 31st, 2003, 12:29 AM

velocityX is offline

Contributing User

Dev Articles Newbie (0 - 499 posts)

Join Date: Jun 2003

Posts: 72

Time spent in forums: 11 m 36 sec
Reputation Power: 6

AHH! nvm about that its ****** up,

I have a new one

PHP Code:


		
			
<?php

$DBhost = "localhost";

$DBuser = "";

$DBpass = "";

$DBName = "";

$user_logged_in = false;

$username     = isset($_POST['username'])       ? $_POST['username']          : null;

$userpassword = isset($_POST['userpassword'])   ? md5($_POST['userpassword']) : null;



if ($username and $userpassword)

{

  $DB = mysql_connect($DBhost,$DBuser,$DBpass) or die('Unable to connect to database.');

  @mysql_select_db($DBName) or die('Unable to select database: '.$DBName); 



  $result = mysql_query('SELECT id, admin_flags FROM ibf_members where name = \''.$username.'\' and password=\''.$userpassword.'\' ', $DB); 



  if ($row = mysql_fetch_array($result))

  {

    session_set_cookie_params(time()+7200);

    session_cache_limiter('private');

    session_start();

      session_register('username');

      session_register('permissions');

      session_register('aid');

      session_register('sid');

      session_register('ipad');

      $_SESSION['permissions'] = (int)$row[1];

      $_SESSION['username'] = $username;

      $_SESSION['aid'] = (int)$row[0];

      $_SESSION['sid'] = session_id();

      $_SESSION['ipad'] = $_SERVER['REMOTE_ADDR'];

    session_write_close();

  }

  else

  {

    session_start();

    $_SESSION = array();

    session_destroy();

  }

}



?>

I use this for http://www.csvelocity.com/private/design, but the problem in it is it wont get user permissions in it.

This is what I have for the page that uses login.php

PHP Code:


		
			
<?

require 'login.php';





$permissions = array('maps'      => 1,

                     'news'      => 2,

                     'superuser' => 4,

                     'high'      => 4);





function get_permissions($admin_flags)

{

  global $permissions;



  $tmp = $admin_flags;

  $permset = array();

  $s = $permissions['high'];



  while ($s >= 1) {

    $permset[$s] = (int)($tmp / $s);

    $tmp = $tmp % $s;

    $s = $s / 2;

  }



  return $permset;

}



session_start();

  $sess_user  = $_SESSION['username'];

  $sess_perms = $_SESSION['permissions'];

  $user_ip    = $_SESSION['ipad'];

session_write_close();



$user_perms = get_permissions($sess_perms);



foreach($_SESSION as $k=>$v) echo '"'. $k . '"=>"' . $v .'"<br>';

foreach($user_perms as $k=>$v) echo '"'. $k . '"=>"' . $v .'"<br>';



if (isset($user_ip) and ($user_ip != $_SERVER['REMOTE_ADDR'])) exit;



$user_login_state = 'Not logged in.';

$user_logged_in = false;

if (isset($sess_user))

{

  $user_login_state = 'Logged in as:<br>' . $username;

  $user_logged_in = true;

}



?>

Can you fix this?

#7

Old

August 31st, 2003, 01:27 PM

trystano is offline

Contributing User

Dev Articles Newbie (0 - 499 posts)

Join Date: Jul 2003

Posts: 45

Time spent in forums: < 1 sec
Reputation Power: 6

U say your new to PHP and that this code was given to you. It looks to have some complex pieces of code in it, and if your new UR not gonna really find out where the problem is.

UR best off starting a fresh PHP file and learning as U go along, at least U'll easily identify the errors that occur and can easily rectify them.

__________________
Tryst

#8

Old

August 31st, 2003, 04:12 PM

velocityX is offline

Contributing User

Dev Articles Newbie (0 - 499 posts)

Join Date: Jun 2003

Posts: 72

Time spent in forums: 11 m 36 sec
Reputation Power: 6

I already know what the problem is, Its just not getting the permissions.

#9

Old

August 31st, 2003, 10:19 PM

nicat23 is offline

Addicted to Chaos..

Dev Articles Novice (500 - 999 posts)

Join Date: Jan 2003

Location: Ft. Worth, TX

Posts: 653

Time spent in forums: 1 h 48 m 34 sec
Reputation Power: 0

Send a message via Yahoo to nicat23

What permissions are you talking about? File permissions? If so then you need to talk to your administrator to see about changing the file permissions for whichever file it's trying to access

#10

Old

September 1st, 2003, 02:15 AM

velocityX is offline

Contributing User

Dev Articles Newbie (0 - 499 posts)

Join Date: Jun 2003

Posts: 72

Time spent in forums: 11 m 36 sec
Reputation Power: 6

permissions for admin flags.....

Reply

Viewing: Dev Articles Community Forums > Programming > PHP Development > Whats wrong with my php login code???

« Previous Thread | Next Thread »

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread