Log in

View Full Version : Login and join up page


j123
08-05-2009, 02:12 PM
Can you help me i can't get this to work here's the php scripts


login.php:

<?php


// start session
session_start();

include("connect.php");
include("join.php");

function checkLogin()
{
// convert username and password from _GET to _SESSION
if($_GET){
$_SESSION['username']=$_GET["username"];
$_SESSION['passwort']=$_GET["passwort"];
}

$username = $_SESSION['username'];
$passwort = $_SESSION['passwort'];

$username = addslashes($username);
$passwort = addslashes($passwort);

$sql = "SELECT * FROM sys_user WHERE username = '$username' AND (passwort = '".md5($passwort)."' OR passwort = PASSWORD('$passwort'))";

$result=mysql_query($sql);
if (!$_SESSION['verified'])
{
if (( $num = mysql_num_rows($result) ) and ($passwort != ""))
{
if ($num != 0)
{
$_SESSION['ERROR'] = "";
$_SESSION['verified'] = 1;

// lets get their e-mail alias.
$sql = "SELECT user_email FROM isp_isp_user WHERE user_name='$username'";
$result = mysql_query($sql);
$_SESSION['email'] = mysql_result($result,0,"user_email");
}
}
else
{
$_SESSION['ERROR'] = "login is WRONG!!";
}
}

if ($_SESSION['verified'] != 1) $_SESSION['ERROR'] = "Login Failed. <br />";
}


//////////////////////////
// Main Bit Starts Here //
//////////////////////////
//
if ($_SESSION['verified'] != 1 and $_GET['action'] == "login")
checkLogin();

if ($_GET['action'] == "logout")
{
$_SESSION = array();
session_destroy();
$_SESSION['ERROR'] = "You have successfully logged out. <BR />";
}

if ($_SESSION['verified'] != 1)
{
// User is NOT logged in, so lets give him a login form...
echo("<!--Begin Login -->");
echo("<font color='red'>");
echo($_SESSION['ERROR']);
$_SESSION['ERROR'] = ""; // reset the error message if there is one.
echo("</font><br />");
echo("<form method=\"GET\" action=\"");
echo($_SERVER['PHP_SELF']);
echo("\">");
echo("Username: <br /><input type=\"text\" name=\"username\" size=\"15\" /><br />");
echo("Password: <br /><input type=\"password\" name=\"passwort\" size=\"15\" /><br />");
echo("<input type=\"hidden\" name=\"action\" value=\"login\" />");
echo("<p><input type=\"submit\" value=\"Login\" /></p>");
echo("</form>");
echo("<!--End Login -->");
} else {
// if the user IS logged in, give him options here.

// Javascript to make POST data submittable thru link...
// Web Admin Panel
echo("<script language='JavaScript' type='text/javascript'>\n");
echo("<!--\n");
echo("function submit()\n");
echo("{\n");
echo("document.loginform.submit();\n");
echo("}\n");
echo("-->\n");

// Mail
//echo("<script language='JavaScript' type='text/javascript'>\n");
echo("<!--\n");
echo("function submit1()\n");
echo("{\n");
echo("document.loginform1.submit();\n");
echo("}\n");
echo("-->\n");

// PhpMyAdmin
//echo("<script language='JavaScript' type='text/javascript'>\n");
echo("<!--\n");
echo("function submit2()\n");
echo("{\n");
echo("document.loginform2.submit();\n");
echo("}\n");
echo("-->\n");
echo("</script>\n");
////////////////////////////////////////////////////////////////////
// Note: Newlines are required, else it screws up the javascript //
////////////////////////////////////////////////////////////////////

echo("<B>Control Panel: </B><BR />");

echo("<form method='POST' target=_blank action='http://www.glorf.com:81/login/login.php' name='loginform'>\n");
echo("<input type=\"hidden\" name=\"username\" value=\"");
echo($_SESSION['username']);
echo("\"><input type=\"hidden\" name=\"passwort\" value=\"");
echo($_SESSION['passwort']);
echo("\">");
echo("</form>");
echo("<a href='javascript: submit()'>Website Admin Panel</a>\n");

echo("<form method='POST' target=_blank action='http://www.glorf.com:81/webmail/msglist.php' name='loginform1'>\n");
echo("<input type=\"hidden\" name=\"f_email\" value=\"");
echo($_SESSION['email']);
echo("@glorfy.com\"><input type=\"hidden\" name=\"f_pass\" value=\"");
echo($_SESSION['passwort']);
echo("\">");
echo("</form>");
echo("<a href='javascript: submit1()'>Web Mail</a><br />\n");


echo("<BR /><B>Databases: </B><BR />");

// Now lets get the database names...
// first that means we need to link the username to a web_id.
$email = $_SESSION['email'];
$sql = "SELECT web_id FROM isp_fakt_record WHERE notiz= '$email'";
$result = mysql_query($sql);
$_SESSION['web_id'] = mysql_result($result,0,"web_id");
$web_id = $_SESSION['web_id'];

// now we need to use that to grab all the DB names for displaying.
$sql = "SELECT datenbankuser FROM isp_isp_datenbank WHERE web_id = '$web_id'";
$result = mysql_query($sql);
// now lets loop the results and store them into an array for later display purposes.
global $dbs, $num_db;
$num_db = mysql_num_rows($result);
$dbs = array(30); // a user can't have more than 30 databases :)
for ($i=0; $i < $num_db; $i+=1)
{
$dbs[$i] = mysql_result($result,$i,"datenbankuser");
echo("<a href=\"http://");
echo($dbs[$i]);
echo(":");
echo($_SESSION['passwort']);
echo("@www.glorf.com:81/phpmyadmin/index.php");
echo("\">");
echo($dbs[$i]);
echo("</a><br />");
}

///////////////////////////////////////
echo("<hr />");
echo("<a href=\"");
echo($_SERVER['PHP_SELF']);
echo("?action=logout\">logout<br></a>");
}
mysql_close();
?>

connect.php:


<?php
// db info
$hostname="localhost";
$mysql_login="jarodco_lg1";
$mysql_password="lg1";
$database="jarodco_board";

if (!($db = mysql_connect($hostname, $mysql_login , $mysql_password))){
die("Can't connect to mysql.");
}else{
if (!(mysql_select_db("$database",$db))) {
die("Can't connect to db.");
}
}
?>

join.php:


<?php
include("connect.php");
?>
<html>
<head>
<title>Registration</title>
</head>
<body>
<form action="<?php $_SERVER['PHP_SELF']."?register=true" ?>" method="post">
Username: <input type="text" name="username">
Password: <input type="password" name="password">
<input type="submit" value="Register">
</form>
</body>
</html>


Please Help
traq
08-05-2009, 07:56 PM
which part are you having trouble with? can you describe what's not happening correctly, please?

related stuff: you should remove the comment and the whitespace from before your "session_start()" line, so nothing but the php tag comes before:


<?php
session_start();
// correct
?>

########################

<?php
//not correct!
//this will cause problems!


session_start();
?>

I would also avoid using $_GET for your login function. It is a security risk.
The way it's written now, you're taking the user input, assigning it a $_SESSION variable and plugging it straight into your database -without even looking at it first. You need to validate it first, or at least apply something like stripslashes().
j123
08-05-2009, 07:59 PM
The join.php page it does not create a new user can you help?
j123
08-05-2009, 08:04 PM
Is This Better



<?php
session_start();
include("connect.php");
include("join.php");

function checkLogin()
{
// convert username and password from _GET to _SESSION
if($_GET){
$_SESSION['username']=$_GET["username"];
$_SESSION['passwort']=$_GET["passwort"];
}

$username = $_SESSION['username'];
$passwort = $_SESSION['passwort'];

$username = addslashes($username);
$passwort = addslashes($passwort);

$sql = "SELECT * FROM sys_user WHERE username = '$username' AND (passwort = '".md5($passwort)."' OR passwort = PASSWORD('$passwort'))";

$result=mysql_query($sql);
if (!$_SESSION['verified'])
{
if (( $num = mysql_num_rows($result) ) and ($passwort != ""))
{
if ($num != 0)
{
$_SESSION['ERROR'] = "";
$_SESSION['verified'] = 1;

// lets get their e-mail alias.
$sql = "SELECT user_email FROM isp_isp_user WHERE user_name='$username'";
$result = mysql_query($sql);
$_SESSION['email'] = mysql_result($result,0,"user_email");
}
}
else
{
$_SESSION['ERROR'] = "login is WRONG!!";
}
}

if ($_SESSION['verified'] != 1) $_SESSION['ERROR'] = "Login Failed. <br />";
}
if ($_SESSION['verified'] != 1 and $_GET['action'] == "login")
checkLogin();

if ($_GET['action'] == "logout")
{
$_SESSION = array();
session_destroy();
$_SESSION['ERROR'] = "You have successfully logged out. <BR />";
}

if ($_SESSION['verified'] != 1)
{
// User is NOT logged in, so lets give him a login form...
echo("<!--Begin Login -->");
echo("<font color='red'>");
echo($_SESSION['ERROR']);
$_SESSION['ERROR'] = ""; // reset the error message if there is one.
echo("</font><br />");
echo("<form method=\"GET\" action=\"");
echo($_SERVER['PHP_SELF']);
echo("\">");
echo("Username: <br /><input type=\"text\" name=\"username\" size=\"15\" /><br />");
echo("Password: <br /><input type=\"password\" name=\"passwort\" size=\"15\" /><br />");
echo("<input type=\"hidden\" name=\"action\" value=\"login\" />");
echo("<p><input type=\"submit\" value=\"Login\" /></p>");
echo("</form>");
echo("<!--End Login -->");
} else {
echo("<script language='JavaScript' type='text/javascript'>\n");
echo("<!--\n");
echo("function submit()\n");
echo("{\n");
echo("document.loginform.submit();\n");
echo("}\n");
echo("-->\n");
echo("<script language='JavaScript' type='text/javascript'>\n");
echo("<!--\n");
echo("function submit1()\n");
echo("{\n");
echo("document.loginform1.submit();\n");
echo("}\n");
echo("-->\n");
echo("<script language='JavaScript' type='text/javascript'>\n");
echo("<!--\n");
echo("function submit2()\n");
echo("{\n");
echo("document.loginform2.submit();\n");
echo("}\n");
echo("-->\n");
echo("</script>\n");
echo("<B>Control Panel: </B><BR />");

echo("<form method='POST' target=_blank action='http://www.glorf.com:81/login/login.php' name='loginform'>\n");
echo("<input type=\"hidden\" name=\"username\" value=\"");
echo($_SESSION['username']);
echo("\"><input type=\"hidden\" name=\"passwort\" value=\"");
echo($_SESSION['passwort']);
echo("\">");
echo("</form>");
echo("<a href='javascript: submit()'>Website Admin Panel</a>\n");

echo("<form method='POST' target=_blank action='http://www.glorf.com:81/webmail/msglist.php' name='loginform1'>\n");
echo("<input type=\"hidden\" name=\"f_email\" value=\"");
echo($_SESSION['email']);
echo("@glorfy.com\"><input type=\"hidden\" name=\"f_pass\" value=\"");
echo($_SESSION['passwort']);
echo("\">");
echo("</form>");
echo("<a href='javascript: submit1()'>Web Mail</a><br />\n");


echo("<BR /><B>Databases: </B><BR />");
$email = $_SESSION['email'];
$sql = "SELECT web_id FROM isp_fakt_record WHERE notiz= '$email'";
$result = mysql_query($sql);
$_SESSION['web_id'] = mysql_result($result,0,"web_id");
$web_id = $_SESSION['web_id'];
$sql = "SELECT datenbankuser FROM isp_isp_datenbank WHERE web_id = '$web_id'";
$result = mysql_query($sql);
purposes.
global $dbs, $num_db;
$num_db = mysql_num_rows($result);
$dbs = array(30); // a user can't have more than 30 databases :)
for ($i=0; $i < $num_db; $i+=1)
{
$dbs[$i] = mysql_result($result,$i,"datenbankuser");
echo("<a href=\"http://");
echo($dbs[$i]);
echo(":");
echo($_SESSION['passwort']);
echo("@www.glorf.com:81/phpmyadmin/index.php");
echo("\">");
echo($dbs[$i]);
echo("</a><br />");
}
echo("<hr />");
echo("<a href=\"");
echo($_SERVER['PHP_SELF']);
echo("?action=logout\">logout<br></a>");
}
mysql_close();
?>
traq
08-05-2009, 08:06 PM
well, kind of related to the $_GET issue...

your join page form is using the POST method, but your login page is trying to get the information via GET. Change one or the other (preferably change GET to POST).
j123
08-05-2009, 08:20 PM
you try making a account then trying to login it does not work:

http://jarodco.me.uk/login/login.php
JShor
08-05-2009, 09:11 PM
I get the error Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/jarodco/public_html/login/login.php on line 30 when logging in.

I think what's happening is that you have an incorrect sql query syntax, causing mysql_num_rows(x); to have a null value.

You;re using $_SESSION to get a result, but if there's no session [via the conversion from GET to SESSION, it will have a null result of course.

Try replacing that area of code w/this:


// convert username and password from _GET to _SESSION
if($_POST){
$_SESSION['username']=$_POST["username"];
$_SESSION['passwort']=$_POST["passwort"];
}


Replace all GET with POST, that's basically it.

HTH :)
traq
08-06-2009, 01:16 AM
Have you tried it out?

Also,

// db info
$hostname="localhost";
$mysql_login="jarodco_lg1";
$mysql_password="lg1";
$database="jarodco_board";
it's best not to post your DB info in public. I'd recommend changing your details now (especially your password).
j123
08-06-2009, 12:42 PM
yes i did try it out
traq
08-06-2009, 08:17 PM
I'm not sure. Have you looked in your database and verified that the new users are being registered?

I'm not a MySQL buff, but the error message I get

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/jarodco/public_html/login/login.php on line 30
suggests that your query didn't return a valid result. This may be something as simple as a typo, or something worse. I'd suggest you try adding some error checking to your query and see where things go wrong.
JShor
08-06-2009, 09:21 PM
There are simpler ways to make a login/register form using $_SESSION ...
rm_dynamicdrive
08-07-2009, 07:21 AM
can you try to separate this?

here: if (( $num = mysql_num_rows($result) ) and ($passwort != ""))

allow $num to hold the arguments.
then apply this to an if condition

$num = mysql_num_rows($result);
if ( ( $num ) and ($passwort != "") )
j123
08-07-2009, 04:43 PM
I think i got something to do with Database


I get the error Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/jarodco/public_html/login/login.php on line 30 when logging in.

I think what's happening is that you have an incorrect sql query syntax, causing mysql_num_rows(x); to have a null value.

You;re using $_SESSION to get a result, but if there's no session [via the conversion from GET to SESSION, it will have a null result of course.

Try replacing that area of code w/this:


// convert username and password from _GET to _SESSION
if($_POST){
$_SESSION['username']=$_POST["username"];
$_SESSION['passwort']=$_POST["passwort"];
}


Replace all GET with POST, that's basically it.

HTH :)
j123
08-07-2009, 04:49 PM
I try that but i make it a bit more made



Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/jarodco/public_html/login/login.php on line 2

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/jarodco/public_html/login/join.php on line 3
Username: Password:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/jarodco/public_html/login/login.php on line 33
Login Failed.

Username:

Password:




can you try to separate this?

here: if (( $num = mysql_num_rows($result) ) and ($passwort != ""))

allow $num to hold the arguments.
then apply this to an if condition

$num = mysql_num_rows($result);
if ( ( $num ) and ($passwort != "") )
rm_dynamicdrive
08-08-2009, 12:30 AM
try this:

after this line you add:
$result=mysql_query($sql);
$num=mysql_num_rows($result);

if($num=0) {

} else { et.......


or check your query.

$sql = "SELECT * FROM sys_user WHERE username = '$username' AND passwort = '".md5($passwort)."' OR passwort = PASSWORD($passwort))";

how?

1. after that command put die($sql); okay.
2. when php reach the die command the query string appear on your screen.
3. use your mysql command line or any mysql software copy/paste the result and you will see what will happen.