GetDotted Domains

Viewing Thread:
"PHP/MySQL question"

The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.

Sat 15/01/05 at 16:35
Regular
Posts: 10,364
I'm currently just messing around with PHP, creating a login form to be exact (I'm having one of those 'create a template for use on future projects') days.

I'm just wondering, how do I get this whole "login" thing nailed properly? And I mean, I want it to

1. Check username and password against the database
2. If the user is there and his/her password is correct, login to next screen
3. Keep user logged in.

I've been reading up on sessions or something, I'm not exactly sure on how these work however, which is why I was wondering if any of you guys could give us a hand.

Cheers.
Sat 15/01/05 at 18:45
Regular
Posts: 10,364
Right final question.

How do I make it so it logs out?

I have a button on the next page, just wondering what to do. Setting the session variable to false doesn't seem to do it :(

EDIT: Nevermind, managed to sort this.

Cheers people!
Sat 15/01/05 at 18:27
Regular
Posts: 10,364
Ah, OK Cheers I seem to of got it to work now
Sat 15/01/05 at 18:14
Regular
"Party like its 2005"
Posts: 452
I like hotscripts for php examples:
[URL]http://www.hotscripts.com/PHP/Scripts_and_Programs/index.html[/URL]
User Authentication is one of the sections.
Sat 15/01/05 at 17:46
Regular
"NULL"
Posts: 1,384
gamesfreak wrote:
> Warning: Cannot modify header information - headers already
> sent by (output started at /var/www/localhost/htdocs/test.php:21) in
> /var/www/localhost/htdocs/test.php on line 67

>
> The piece of code it is referring to is
>
> header("Location: http://localhost/accepttest.php")
>
> Any ideas?

That error is caused by something else being sent to the user first. You have to make sure that code is before any HTML or code which will show anything on the user's screen.
Sat 15/01/05 at 17:22
Regular
Posts: 10,364
Nimco wrote:
> Damn, I hate it when someone posts whilst you're typing! Lol, not to
> worry....

Lol, cheers Nimco, I might use some of your code with Aliboys code at a later date, just getting things working at the moment.
Sat 15/01/05 at 17:20
Regular
Posts: 10,364
Excellent Aliboy, It is working perfectly.

Now I'm onto modifying the code itself by using a browser redirect, which is currently being extremely annoying...

When the user has been authenticated by the form, I want it so it redirects. So far my attempts have been hampered by an error which doesn't really explain anything....

Warning: Cannot modify header information - headers already sent by (output started at /var/www/localhost/htdocs/test.php:21) in /var/www/localhost/htdocs/test.php on line 67

The piece of code it is referring to is

header("Location: http://localhost/accepttest.php")

Any ideas?
Sat 15/01/05 at 17:03
Regular
"NULL"
Posts: 1,384
Damn, I hate it when someone posts whilst you're typing! Lol, not to worry....
Sat 15/01/05 at 17:02
Regular
"NULL"
Posts: 1,384
gamesfreak wrote:
> I'm currently just messing around with PHP, creating a login form to
> be exact (I'm having one of those 'create a template for use on
> future projects') days.
>
> I'm just wondering, how do I get this whole "login" thing
> nailed properly? And I mean, I want it to
>
> 1. Check username and password against the database
> 2. If the user is there and his/her password is correct, login to
> next screen
> 3. Keep user logged in.
>
> I've been reading up on sessions or something, I'm not exactly sure
> on how these work however, which is why I was wondering if any of you
> guys could give us a hand.
>
> Cheers.

OK, first things first, create a login form. For argument's sake, let's assume you have the following HTML code:






Once you have that, you need to create the page to check their details against a database. That page, defined by the form above, is called login.php

I'll assume that your database table has the following structure (I apologise it may not appear how I want it to, but that's cos the font in this input box is different to how it's displayed on the forum in general):

TABLE(users)

id | username | password
------------------------|--------------------|----------
int(11), auto_increment | varchar(20) unique | char(32)

This will give you a user ID for each user you have logged, and allows you to specify a user without their username. The username is the string they choose (with a defined limit of 20 - entirely up to you, I'm just using 20 characters as the limit for this example). The password will be MD5 encrypted for storage in the database, meaning that if someone should get unauthorised access to the database, they can't see peoples' passwords, only the encrypted string - the MD5 encryption process produces a 32 character string. This is only one way of setting up the database - plenty others are possible.

The login.php page now needs to reference the database and compare the username/password it is being sent to the database, e.g:


include("db_connect.php"); // Connects to the database and selects the right table

if (mysql_num_rows(mysql_query("SELECT * FROM users WHERE (username = '". mysql_real_escape_string($_POST['username']) ."' AND password = '".md5($_POST['password'])."');))>0)
{
// actions for if login is valid
}
else
{
// actions for if login is invalid
}

?>

It's up to you what to put in the sections above for if the login is valid or not. If the login is false, you may wish to redirect them to the previous page and display a message telling them the login was incorrect.

If the login was valid, I would use cookies to "log the user in". Some people don't like this approach, but I just set a session cookie and that makes things nice and simple. The code for this would look something like:


setcookie("username", mysql_real_escape_string($_POST['username']));
setcookie("password", md5($_POST['password']));

?>

This sets 2 cookies you can use to check the login is valid each time they visit a page, by putting some code at the top of each page, e.g.:


include("db_connect.php"); // Connects to the database and selects the right table

if (mysql_num_rows(mysql_query("SELECT * FROM users WHERE (username = '".$_COOKIE['username']."' AND password = '".$_COOKIE['password']."');))>0)
{
// actions for if login is valid
}
else
{
// actions for if login is invalid
}

?>

This is a fairly secure way of dealing with logins. It's probably not foolproof (I did this quite quickly so I may have missed some places where a user could use string injection to hack the login script or similar).

I'm sure people will point out any mistakes I've made in it. If there are any missing brackets or whatever, just correct them! Lol.

Hope that helps - if you need any more help, let me know.
Sat 15/01/05 at 16:57
Regular
"Picking a winner!"
Posts: 8,502
Any troubles then give us a shout.

Should be able to get me on msnat somepoint as well if you get stuck - [email protected]
Sat 15/01/05 at 16:55
Regular
Posts: 10,364
Wow, AliBoy!

Nice one for that!

Gonna give it a try now, I understand your explanation, it should work!

Freeola & GetDotted are rated 5 Stars

Check out some of our customer reviews below:

Impressive control panel
I have to say that I'm impressed with the features available having logged on... Loads of info - excellent.
Phil
Excellent support service!
I have always found the support staff to provide an excellent service on every occasion I've called.
Ben

View More Reviews

Need some help? Give us a call on 01376 55 60 60

Go to Support Centre
Feedback Close Feedback

It appears you are using an old browser, as such, some parts of the Freeola and Getdotted site will not work as intended. Using the latest version of your browser, or another browser such as Google Chrome, Mozilla Firefox, or Opera will provide a better, safer browsing experience for you.