User Authentication system

Discussion in 'PHP' started by simnorwebdesign, Feb 7, 2008.

  1. #1
    Hi, I am currently working on a site at the moment where the user has to log in, I am working with code from here: http://www.php-mysql-tutorial.com/user-authentication/database.php


    <?php
    session_start();
    
    $errorMessage = '';
    if (isset($_POST['username']) && isset($_POST['password'])) {
    include 'mysql_connect.php';
    
       $userId = $_POST['username'];
       $password = $_POST['password'];
    
      
       $sql = "SELECT username FROM profile WHERE username = '$userId' AND password = PASSWORD('$password')";
    
       $result = mysql_query($sql)
                 or die('Query failed. ' . mysql_error());
    
       if (mysql_num_rows($result) == 1) {
          $_SESSION['db_is_logged_in'] = true;
          header('Location: memberhome.php');
          exit;
       } else {
          $errorMessage = 'Sorry, wrong user id / password';
       }
    
       mysql_close($conn);
    }
    ?>
    
    <html>
    <head>
    <title>Basic Login</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    </head>
    
    <body>
    <?php include 'header.php'; ?>
    	
    	
    		<div id="contentarea">
    			<div id="advert"><a href="#"><img src="images/ad.png" alt="advertisement" /></a></div>	
    			<div id="contentarea_padding">	
    				<div class="content">
    				
    				<?php if ($errorMessage != '') { ?>
    				<?php echo $errorMessage; ?>
    				<?php } ?>
    				
    				<div class="bannertitles">				
    				<font color="#b7fd3d">log</font><font color="#fded36">in</font>
    				</div><br/><br/>
    				
    				<form method="post" name="frmLogin" id="frmLogin">
    				<div class="inputcontainer">
    				<div class="label">Username:</div><input type="text" name="username" size="60" maxlength="60" /> </div>
    				<div class="inputcontainer">
    				<div class="label">Password:</div><input type="password" name="password" size="60" maxlength="60" /> </div>
    				<br/><br/>
    				<div class="inputcontainer"><div align="right">
    					<input type="submit" name="btnLogin" value="Login"></div></div>
    				</form>
    
    
    			</div>
    		</div></div>
    		
    <?php include 'sidebar.php'; ?>
    <?php include 'footer.php'; ?>
    </body>
    </html>
    Code (markup):
    and the memberhome.php:

    <?php
    session_start();
    
    if (!isset($_SESSION['db_is_logged_in'])
       || $_SESSION['db_is_logged_in'] !== true) {
    
       header('Location: login.php');
       exit;
    }
    
    ?>
    
    <?php include 'header.php'; ?>
    	
    	
    		<div id="contentarea">
    			<div id="advert"><a href="#"><img src="images/ad.png" alt="advertisement" /></a></div>	
    			<div id="contentarea_padding">	
    				<div class="content">
    				success
    			</div>
    		</div></div>
    		
    		<?php include 'sidebar.php'; ?>
    		<?php include 'footer.php'; ?>
    	
    Code (markup):
    The code all looks fine to me, only it doesn't go to memberhome.php when I put in the correct log in details. Is there something I need to change? Any help will be greatly appreciated.

    Thanks

    Simon
     
    simnorwebdesign, Feb 7, 2008 IP
  2. CreativeClans

    CreativeClans Peon

    Messages:
    128
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #2
    CreativeClans, Feb 7, 2008 IP
  3. simnorwebdesign

    simnorwebdesign Peon

    Messages:
    595
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    0
    #3
    I set the action to login.php which is the page with the php and form code, however I still get the same problem. If i set the action to memberhome.php it just goes to that page whatever values I put in.
     
    simnorwebdesign, Feb 7, 2008 IP
  4. Alley Cat

    Alley Cat Peon

    Messages:
    41
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #4
    This is the code that I have on my site to redirect a member after they have logged in,
    
    							
    			// Start defining the URL.
    			$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
    			// Check for a trailing slash.
    			if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
    				$url = substr ($url, 0, -1); // Chop off the slash.
    			}
    			// Add the page.
    			$url .= '/index.php';
    
    Code (markup):
    This I then follow up with what should happen if login is not successful.
    			
    			ob_end_clean(); // Delete the buffer.
    			header("Location: $url");
    			exit(); // Quit the script.
    				
    		} else { // No match was made.
    			echo '<p>Either the email address and password entered do not match those on file or you have not yet activated your account.</p>'; 
    		}
    		
    	} else { // If everything wasn't OK.
    		echo '<p>Please try again.</p>';		
    	}
    	
    	mysql_close(); // Close the database connection.
    
    Code (markup):
    I hope you find this useful.
     
    Alley Cat, Feb 7, 2008 IP
  5. simnorwebdesign

    simnorwebdesign Peon

    Messages:
    595
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    0
    #5
    I dont want to be changing the whole code and the code I have looks fine when I read through it, any ideas???
     
    simnorwebdesign, Feb 7, 2008 IP
  6. simnorwebdesign

    simnorwebdesign Peon

    Messages:
    595
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Hi, I am now following this script here: http://www.phpeasystep.com/workshopview.php?id=6

    However it only allows me to recognise a password written in text format

    <input type="text">
    Code (markup):
    rather than

    <input type="password">
    Code (markup):
    Which obviously isnt the right thing to do on a site, so does anybody know how I get the php/mysql to recognise the text of the password.

    Thanks
     
    simnorwebdesign, Feb 8, 2008 IP
  7. simnorwebdesign

    simnorwebdesign Peon

    Messages:
    595
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    0
    #7
    No matter, I sorted it, I didnt set the action to the right page. Thanks
     
    simnorwebdesign, Feb 8, 2008 IP