Password to work?

[Muk108]

Im trying to get a login on my page im working on. I dont want to use the .htaccess because i am having people post news etc. But i have looked around at other scripts and tryed to understand how they work but i dont get it. Here is the for and sql I am using(dont have any php dont know how :]).

Code:

CREATE TABLE users (
  user_id int(25) NOT NULL auto_increment,
  users_first_name varchar(25) NOT NULL default '',
  users_last_name varchar(25) NOT NULL default '',
  users_email_address varchar(25) NOT NULL default '',
  users_nick varchar(25) NOT NULL default '',
  users_password varchar(255) NOT NULL default '',
  users_extra text NOT NULL,
  users_level enum('0','1','2','3','4','5','6') NOT NULL default '0',
  users_joindate datetime NOT NULL default '0000-00-00 00:00:00',
  users_last_login datetime NOT NULL default '0000-00-00 00:00:00',
  users_activated enum('0','1') NOT NULL default '0',
  icq varchar(20) NOT NULL default '',
  aim varchar(20) NOT NULL default '',
  yahoo varchar(20) NOT NULL default '',
  users_title varchar(250) NOT NULL default 'User',
  users_dirthday date NOT NULL default '0000-00-00',
  ipaddress varchar(20) NOT NULL default '',
  cookie varchar(32) binary NOT NULL default '',
  PRIMARY KEY  (user_id)
) TYPE=MyISAM COMMENT='Membership Information';

and here is the form

Code:

<FORM METHOD=post ACTION="<?echo $PHP_SELF?>">
<CENTER>Nick<BR>
<INPUT TYPE="text" VALUE="" NAME="username" SIZE="10" MAXLENGTH="25"><BR>
Password<BR>
<INPUT TYPE="password" VALUE="" NAME="password" SIZE="10" MAXLENGTH="20"><BR>
<INPUT TYPE="submit" NAME="login" VALUE="Login">
  </CENTER>
</FORM>

You think you could help me out. Thanks!

[phpman]

hmmm, not much of a try is it? well once the form is submitted you have to query the db for that user and password and find out what level they are at. once that is done you make double sure it is them and if so you give them the info they want depending on the level they have.

if you don't understand it, then I usggest you read the manaul at php.net because having us give you the code you will not learn anything.

[Muk108]

Ok this is what i have got so far. Now when I use the form and click Login it doesnt echo anything. From what I understand it should at least say 'Nope' if it doesnt work and 'Successfully Logged In!' if it works. Does this qualify for some help? Thanks.

oh and i changed my form this is what it looks like now

Code:

    <H2>
     User Login
    </H2>
    <FORM METHOD=post ACTION="login.php">
   </head>
  <BODY> 
   <B>
    <BR>
     Username
     <BR>
    </B>
    <INPUT TYPE=text SIZE=15 NAME="username">
     <BR>
  <B> Password </B> <BR>
    <INPUT TYPE=pasword SIZE=15 NAME="password">
    <BR>
    <INPUT TYPE=submit NAME=submit VALUE="Login">
    <INPUT TYPE=reset  NAME=reset  VALUE="Clear">
</FORM>

PHP Code:

<?

if ($submit = "Login") 
{
 
mysql_connect("localhost","","") or die("Unable to connect to SQL server"); 
        mysql_select_db("text-to-web-fw") or die("Unable to select database");


$result=mysql_query("select * from users") 
             or die ("cant do it"); 

while ($row=mysql_fetch_array($result)) { 
if ($row["users_nick"]==$username)
  {
     if ($row["password"]==$password ) 
      { 
        echo("Successfully Logged In!"); 
      }else{
        echo("Nope");
    
   }
  } else {
 echo("Incorrect User");
 }
}
}
?>

[phpman]

ok that is better, but you have some errors and some code changes. you cannot have this in the header tags

<H2>
User Login
</H2>
<FORM METHOD=post ACTION="login.php">

so your code is going to look like this

PHP Code:


   </head>
  <BODY>
<H2>
     User Login
    </H2>
    <FORM METHOD=post ACTION="login.php"> 
   <B>
    <BR>
     Username
     <BR>
    </B>
    <INPUT TYPE=text SIZE=15 NAME="username">
     <BR>
  <B> Password </B> <BR>
    <INPUT TYPE=pasword SIZE=15 NAME="password">
    <BR>
    <INPUT TYPE=submit NAME=submit VALUE="Login">
    <INPUT TYPE=reset  NAME=reset  VALUE="Clear">
</FORM>  
<?

if ($submit = "Login") 
{
 
mysql_connect("localhost","","") or die("Unable to connect to SQL server"); 
        mysql_select_db("text-to-web-fw") or die("Unable to select database");

$result=mysql_query("select * from users where user_nick = '$username' AND password = '$password'  ") or die ("cant do it"); 

if (!mysql_num_rows($result)){
    echo("Nope");
 
echo("Incorrect User");
exit;
} else {

while ($row=mysql_fetch_array($result)) { 
    // do what you like here
    }
 
    echo("Successfully Logged In!"); 
// do stuff for successfull login stuff here
}
?>

[Muk108]

I have tryed that code and when i put it in it just says 'NopeIncorrect User'. And i know i have the right user and password. I dont understand why its not findthing the correct username?

[phpman]

well if register_globals are off then try it this way.

PHP Code:

</head>
  <BODY>
<H2>
     User Login
    </H2>
    <FORM METHOD=post ACTION="login.php"> 
   <B>
    <BR>
     Username
     <BR>
    </B>
    <INPUT TYPE=text SIZE=15 NAME="username">
     <BR>
  <B> Password </B> <BR>
    <INPUT TYPE=pasword SIZE=15 NAME="password">
    <BR>
    <INPUT TYPE=submit NAME=submit VALUE="Login">
    <INPUT TYPE=reset  NAME=reset  VALUE="Clear">
</FORM>  
<?

if ($_POST['submit'] = "Login") 
{
 
mysql_connect("localhost","","") or die("Unable to connect to SQL server"); 
        mysql_select_db("text-to-web-fw") or die("Unable to select database");

$result=mysql_query("select * from users where user_nick = '{$_POST['username']}' AND password = '{$_POST['password']}'  ") or die ("cant do it"); 

if (!mysql_num_rows($result)){
    echo("Nope");
 
echo("Incorrect User");
exit;
} else {

while ($row=mysql_fetch_array($result)) { 
    // do what you like here
    }
 
    echo("Successfully Logged In!"); 
// do stuff for successfull login stuff here
}
?>

[ricmitch]

I really need to learn how to use cookies and stuff, cause I've made a login thing before, but it sucked. I had a table with an MD5 hash for each IP. That was really kak.

[The Hobo]

I think you might want to change the first PHP line to this:

Code:

if ($_POST['submit'] == "Login")

Otherwise you're assigning (or attempting to, not sure if you can assign to a superglobal, but the point remains) to the variable, not checking it.

[Muk108]

Thanks hobo it works now!

[phpman]

Originally posted by phpman
well if register_globals are off then try it this way.

PHP Code:

</head>
  <BODY>
<H2>
     User Login
    </H2>
    <FORM METHOD=post ACTION="login.php"> 
   <B>
    <BR>
     Username
     <BR>
    </B>
    <INPUT TYPE=text SIZE=15 NAME="username">
     <BR>
  <B> Password </B> <BR>
    <INPUT TYPE=pasword SIZE=15 NAME="password">
    <BR>
    <INPUT TYPE=submit NAME=submit VALUE="Login">
    <INPUT TYPE=reset  NAME=reset  VALUE="Clear">
</FORM>  
<?

if ($_POST['submit'] == "Login") 
{
 
mysql_connect("localhost","","") or die("Unable to connect to SQL server"); 
        mysql_select_db("text-to-web-fw") or die("Unable to select database");

$result=mysql_query("select * from users where user_nick = '{$_POST['username']}' AND password = '{$_POST['password']}'  ") or die ("cant do it"); 

if (!mysql_num_rows($result)){
    echo("Nope");
 
echo("Incorrect User");
exit;
} else {

while ($row=mysql_fetch_array($result)) { 
    // do what you like here
    }
 
    echo("Successfully Logged In!"); 
// do stuff for successfull login stuff here
}
?>

ahem, I already suggested this

[Muk108]

Will the user stay loged in or will it not know them next time. And can you give me some clues to what i need to know to keep them loged in. Like what basic code i need to know. Or what i should look up on how to do this? thanks

[The Hobo]

Originally posted by phpman
ahem, I already suggested this

No you didn't.

[phpman]

yes I did, in my last post. notice the difference in my code and his....

[The Hobo]

Originally posted by phpman
yes I did, in my last post. notice the difference in my code and his....

Dude, in none of your posts, except for the one AFTER mine, do I see you suggesting ==...

[phpman]

the sixth post down, and it was way before yours. I did just copy his code and didn't see the = sign as it should be ==, but I did suggest just what you did. oh well, lost all my posts I might as well not take credit for anything else

[The Hobo]

Originally posted by phpman
the sixth post down, and it was way before yours. I did just copy his code and didn't see the = sign as it should be ==, but I did suggest just what you did. oh well, lost all my posts I might as well not take credit for anything else

The only thing I suggested was the ==...so I really have no idea what you're talking about, man.

[Muk108]

ok, well thanks for the help guys. one question tho, will that user stay loged in or does it just work when that page is loaded? if it is just when that page is loaded how can i get it to stay loged in while they are on the page? i think its something like 'sesions' but im not sure if thats it or not and i dont know the syntax of it, or even if thats the right name. thanks for the help.

[phpman]

PHP Code:

while ($row=mysql_fetch_array($result)) { 
    // do what you like here
$_SESSION['username'] = $row['username'];
    } 


do that will save thier name in the session. now you have to put sesion_start() at teh very top of the page right under <?. you have to have that on everypage you want to use sessions on. now just check for that session variable and if it is not set tehm jsut give them the form, if it is set then just log them in.

[Muk108]

ok thanks, ill work with that see what i can do if i run into anyproblems ill ask. thanks again!