The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
I'm currently just messing around with PHP, creating a login form to be exact (I'm having one of those 'create a template for use on future projects') days.
I'm just wondering, how do I get this whole "login" thing nailed properly? And I mean, I want it to
1. Check username and password against the database
2. If the user is there and his/her password is correct, login to next screen
3. Keep user logged in.
I've been reading up on sessions or something, I'm not exactly sure on how these work however, which is why I was wondering if any of you guys could give us a hand.
Cheers.
I'm just wondering, how do I get this whole "login" thing nailed properly? And I mean, I want it to
1. Check username and password against the database
2. If the user is there and his/her password is correct, login to next screen
3. Keep user logged in.
I've been reading up on sessions or something, I'm not exactly sure on how these work however, which is why I was wondering if any of you guys could give us a hand.
Cheers.
Page:
Right final question.
How do I make it so it logs out?
I have a button on the next page, just wondering what to do. Setting the session variable to false doesn't seem to do it :(
EDIT: Nevermind, managed to sort this.
Cheers people!
How do I make it so it logs out?
I have a button on the next page, just wondering what to do. Setting the session variable to false doesn't seem to do it :(
EDIT: Nevermind, managed to sort this.
Cheers people!
Ah, OK Cheers I seem to of got it to work now
I like hotscripts for php examples:
[URL]http://www.hotscripts.com/PHP/Scripts_and_Programs/index.html[/URL]
User Authentication is one of the sections.
[URL]http://www.hotscripts.com/PHP/Scripts_and_Programs/index.html[/URL]
User Authentication is one of the sections.
gamesfreak wrote:
> Warning: Cannot modify header information - headers already
> sent by (output started at /var/www/localhost/htdocs/test.php:21) in
> /var/www/localhost/htdocs/test.php on line 67
>
> The piece of code it is referring to is
>
> header("Location: http://localhost/accepttest.php")
>
> Any ideas?
That error is caused by something else being sent to the user first. You have to make sure that code is before any HTML or code which will show anything on the user's screen.
> Warning: Cannot modify header information - headers already
> sent by (output started at /var/www/localhost/htdocs/test.php:21) in
> /var/www/localhost/htdocs/test.php on line 67
>
> The piece of code it is referring to is
>
> header("Location: http://localhost/accepttest.php")
>
> Any ideas?
That error is caused by something else being sent to the user first. You have to make sure that code is before any HTML or code which will show anything on the user's screen.
Nimco wrote:
> Damn, I hate it when someone posts whilst you're typing! Lol, not to
> worry....
Lol, cheers Nimco, I might use some of your code with Aliboys code at a later date, just getting things working at the moment.
> Damn, I hate it when someone posts whilst you're typing! Lol, not to
> worry....
Lol, cheers Nimco, I might use some of your code with Aliboys code at a later date, just getting things working at the moment.
Excellent Aliboy, It is working perfectly.
Now I'm onto modifying the code itself by using a browser redirect, which is currently being extremely annoying...
When the user has been authenticated by the form, I want it so it redirects. So far my attempts have been hampered by an error which doesn't really explain anything....
Warning: Cannot modify header information - headers already sent by (output started at /var/www/localhost/htdocs/test.php:21) in /var/www/localhost/htdocs/test.php on line 67
The piece of code it is referring to is
header("Location: http://localhost/accepttest.php")
Any ideas?
Now I'm onto modifying the code itself by using a browser redirect, which is currently being extremely annoying...
When the user has been authenticated by the form, I want it so it redirects. So far my attempts have been hampered by an error which doesn't really explain anything....
Warning: Cannot modify header information - headers already sent by (output started at /var/www/localhost/htdocs/test.php:21) in /var/www/localhost/htdocs/test.php on line 67
The piece of code it is referring to is
header("Location: http://localhost/accepttest.php")
Any ideas?
Damn, I hate it when someone posts whilst you're typing! Lol, not to worry....
gamesfreak wrote:
> I'm currently just messing around with PHP, creating a login form to
> be exact (I'm having one of those 'create a template for use on
> future projects') days.
>
> I'm just wondering, how do I get this whole "login" thing
> nailed properly? And I mean, I want it to
>
> 1. Check username and password against the database
> 2. If the user is there and his/her password is correct, login to
> next screen
> 3. Keep user logged in.
>
> I've been reading up on sessions or something, I'm not exactly sure
> on how these work however, which is why I was wondering if any of you
> guys could give us a hand.
>
> Cheers.
OK, first things first, create a login form. For argument's sake, let's assume you have the following HTML code:
Once you have that, you need to create the page to check their details against a database. That page, defined by the form above, is called login.php
I'll assume that your database table has the following structure (I apologise it may not appear how I want it to, but that's cos the font in this input box is different to how it's displayed on the forum in general):
TABLE(users)
id | username | password
------------------------|--------------------|----------
int(11), auto_increment | varchar(20) unique | char(32)
This will give you a user ID for each user you have logged, and allows you to specify a user without their username. The username is the string they choose (with a defined limit of 20 - entirely up to you, I'm just using 20 characters as the limit for this example). The password will be MD5 encrypted for storage in the database, meaning that if someone should get unauthorised access to the database, they can't see peoples' passwords, only the encrypted string - the MD5 encryption process produces a 32 character string. This is only one way of setting up the database - plenty others are possible.
The login.php page now needs to reference the database and compare the username/password it is being sent to the database, e.g:
include("db_connect.php"); // Connects to the database and selects the right table
if (mysql_num_rows(mysql_query("SELECT * FROM users WHERE (username = '". mysql_real_escape_string($_POST['username']) ."' AND password = '".md5($_POST['password'])."');))>0)
{
// actions for if login is valid
}
else
{
// actions for if login is invalid
}
?>
It's up to you what to put in the sections above for if the login is valid or not. If the login is false, you may wish to redirect them to the previous page and display a message telling them the login was incorrect.
If the login was valid, I would use cookies to "log the user in". Some people don't like this approach, but I just set a session cookie and that makes things nice and simple. The code for this would look something like:
setcookie("username", mysql_real_escape_string($_POST['username']));
setcookie("password", md5($_POST['password']));
?>
This sets 2 cookies you can use to check the login is valid each time they visit a page, by putting some code at the top of each page, e.g.:
include("db_connect.php"); // Connects to the database and selects the right table
if (mysql_num_rows(mysql_query("SELECT * FROM users WHERE (username = '".$_COOKIE['username']."' AND password = '".$_COOKIE['password']."');))>0)
{
// actions for if login is valid
}
else
{
// actions for if login is invalid
}
?>
This is a fairly secure way of dealing with logins. It's probably not foolproof (I did this quite quickly so I may have missed some places where a user could use string injection to hack the login script or similar).
I'm sure people will point out any mistakes I've made in it. If there are any missing brackets or whatever, just correct them! Lol.
Hope that helps - if you need any more help, let me know.
> I'm currently just messing around with PHP, creating a login form to
> be exact (I'm having one of those 'create a template for use on
> future projects') days.
>
> I'm just wondering, how do I get this whole "login" thing
> nailed properly? And I mean, I want it to
>
> 1. Check username and password against the database
> 2. If the user is there and his/her password is correct, login to
> next screen
> 3. Keep user logged in.
>
> I've been reading up on sessions or something, I'm not exactly sure
> on how these work however, which is why I was wondering if any of you
> guys could give us a hand.
>
> Cheers.
OK, first things first, create a login form. For argument's sake, let's assume you have the following HTML code:
Once you have that, you need to create the page to check their details against a database. That page, defined by the form above, is called login.php
I'll assume that your database table has the following structure (I apologise it may not appear how I want it to, but that's cos the font in this input box is different to how it's displayed on the forum in general):
TABLE(users)
id | username | password
------------------------|--------------------|----------
int(11), auto_increment | varchar(20) unique | char(32)
This will give you a user ID for each user you have logged, and allows you to specify a user without their username. The username is the string they choose (with a defined limit of 20 - entirely up to you, I'm just using 20 characters as the limit for this example). The password will be MD5 encrypted for storage in the database, meaning that if someone should get unauthorised access to the database, they can't see peoples' passwords, only the encrypted string - the MD5 encryption process produces a 32 character string. This is only one way of setting up the database - plenty others are possible.
The login.php page now needs to reference the database and compare the username/password it is being sent to the database, e.g:
include("db_connect.php"); // Connects to the database and selects the right table
if (mysql_num_rows(mysql_query("SELECT * FROM users WHERE (username = '". mysql_real_escape_string($_POST['username']) ."' AND password = '".md5($_POST['password'])."');))>0)
{
// actions for if login is valid
}
else
{
// actions for if login is invalid
}
?>
It's up to you what to put in the sections above for if the login is valid or not. If the login is false, you may wish to redirect them to the previous page and display a message telling them the login was incorrect.
If the login was valid, I would use cookies to "log the user in". Some people don't like this approach, but I just set a session cookie and that makes things nice and simple. The code for this would look something like:
setcookie("username", mysql_real_escape_string($_POST['username']));
setcookie("password", md5($_POST['password']));
?>
This sets 2 cookies you can use to check the login is valid each time they visit a page, by putting some code at the top of each page, e.g.:
include("db_connect.php"); // Connects to the database and selects the right table
if (mysql_num_rows(mysql_query("SELECT * FROM users WHERE (username = '".$_COOKIE['username']."' AND password = '".$_COOKIE['password']."');))>0)
{
// actions for if login is valid
}
else
{
// actions for if login is invalid
}
?>
This is a fairly secure way of dealing with logins. It's probably not foolproof (I did this quite quickly so I may have missed some places where a user could use string injection to hack the login script or similar).
I'm sure people will point out any mistakes I've made in it. If there are any missing brackets or whatever, just correct them! Lol.
Hope that helps - if you need any more help, let me know.
Any troubles then give us a shout.
Should be able to get me on msnat somepoint as well if you get stuck - [email protected]
Should be able to get me on msnat somepoint as well if you get stuck - [email protected]
Wow, AliBoy!
Nice one for that!
Gonna give it a try now, I understand your explanation, it should work!
Nice one for that!
Gonna give it a try now, I understand your explanation, it should work!
Page: