PHP RSS PHP RSS

***** User Login problem *****

Thread Solved

Join Date: Aug 2007
Posts: 64
Reputation: nil_gh_80 is an unknown quantity at this point 
Solved Threads: 0
nil_gh_80's Avatar
nil_gh_80 nil_gh_80 is offline Offline
Junior Poster in Training

***** User Login problem *****

 
0
  #1
Dec 1st, 2008
Hello friends,

I've a user login system......user's name & password are saved in the database.......suppose i've an user "admin". At the time of login if he enters "admin" he can login also if enters "ADMIN" or "AdMiN" he can login too.....how can I stop this thing........PLZZZZZZZ show me the way......

thank you...
Reply With Quote Quick reply to this message  
Join Date: Sep 2007
Posts: 1,463
Reputation: cwarn23 has a spectacular aura about cwarn23 has a spectacular aura about cwarn23 has a spectacular aura about 
Solved Threads: 136
cwarn23's Avatar
cwarn23 cwarn23 is offline Offline
Nearly a Posting Virtuoso

Re: ***** User Login problem *****

 
0
  #2
Dec 1st, 2008
For that you could just convert both values to lower case with strtolower(); So try the following and I have included the form.
PHP Syntax (Toggle Plain Text) 
  1. <?
  2. //mysql connections
  3. $username='Admin'; //from mysql in your script
  4.  
  5. $username=strtolower($username);
  6. if (isset($_POST['username']))
  7.     {
  8.     $_POST['username']=strtolower($_POST['username']);
  9.     if ($_POST['username']==$username)
  10.         {
  11.         //login
  12.         }
  13.     }
  14. ?>
  15. <form method='post'>
  16. <input type='text' value='adMiN' name='username'>
  17. <input type='submit' value='submit'>
  18. </form>
Try not to bump 10 year old threads as it can be really annoying.
Like php then read my website at http://syntax.cwarn23.net/
Star-Trek-Atlantis - now that's what I call a movie ^_^
My favourite PC. - MacGyver Fan
Bad english note: dis-iz-2b4u
Reply With Quote Quick reply to this message  
Join Date: Aug 2007
Posts: 64
Reputation: nil_gh_80 is an unknown quantity at this point 
Solved Threads: 0
nil_gh_80's Avatar
nil_gh_80 nil_gh_80 is offline Offline
Junior Poster in Training

Re: ***** User Login problem *****

 
0
  #3
Dec 1st, 2008
sorry man this is not that i want ......actually i want to check the string insterted case sensitive way......
Reply With Quote Quick reply to this message  
Join Date: Sep 2007
Posts: 1,463
Reputation: cwarn23 has a spectacular aura about cwarn23 has a spectacular aura about cwarn23 has a spectacular aura about 
Solved Threads: 136
cwarn23's Avatar
cwarn23 cwarn23 is offline Offline
Nearly a Posting Virtuoso

Re: ***** User Login problem *****

 
0
  #4
Dec 1st, 2008
If you want it case sensitive then because php is case sensitive, just get php to check if the 2 values = each other. So use the following:
php Syntax (Toggle Plain Text) 
  1. <?
  2. //mysql connections
  3. $username='Admin'; //from mysql in your script
  4.  
  5. if (isset($_POST['username']) && $_POST['username']==$username)
  6.     {
  7.     //login
  8.     echo "test";
  9.     }
  10. ?>
  11. <form method='post'>
  12. <input type='text' value='adMiN' name='username'>
  13. <input type='submit' value='submit'>
  14. </form>
Try not to bump 10 year old threads as it can be really annoying.
Like php then read my website at http://syntax.cwarn23.net/
Star-Trek-Atlantis - now that's what I call a movie ^_^
My favourite PC. - MacGyver Fan
Bad english note: dis-iz-2b4u
Reply With Quote Quick reply to this message  
Join Date: Aug 2007
Posts: 64
Reputation: nil_gh_80 is an unknown quantity at this point 
Solved Threads: 0
nil_gh_80's Avatar
nil_gh_80 nil_gh_80 is offline Offline
Junior Poster in Training

Re: ***** User Login problem *****

 
0
  #5
Dec 1st, 2008
according to your solution if I have 1,00,00,000 user will I define those user in that number of veriables ?????????? is this thing feasible ?????????
Reply With Quote Quick reply to this message  
Join Date: Sep 2007
Posts: 1,463
Reputation: cwarn23 has a spectacular aura about cwarn23 has a spectacular aura about cwarn23 has a spectacular aura about 
Solved Threads: 136
cwarn23's Avatar
cwarn23 cwarn23 is offline Offline
Nearly a Posting Virtuoso

Re: ***** User Login problem *****

 
0
  #6
Dec 1st, 2008
Originally Posted by nil_gh_80 View Post
according to your solution if I have 1,00,00,000 user will I define those user in that number of veriables ?????????? is this thing feasible ?????????
Yes because all you need to do is check that the username (which should be unique from all the others) is correct and that at option, the password for security reasons is correct. So just to explain, I shall write a basic login system for you.

Below is login.php
php Syntax (Toggle Plain Text) 
  1. session_start();
  2. //mysql connect code
  3.  
  4. $result=mysql_query("SELECT * FROM `users` WHERE `username`='".$_POST['username']."' AND `password`='".$_POST['password']."'");
  5.  
  6. if (isset($_POST['username']) && mysql_num_rows($result)==1)
  7.     {
  8.     $row=mysql_fetch_array($result);
  9.     $_SESSION['username111']==$row['username'];
  10.     unset($row);
  11.     header('Location: index.php?login=true');
  12.     //there should be no browser output before this line.
  13.     }
  14. ?>
  15. <form method='post'>
  16. <input type='text' value='Admin' name='username'><br>
  17. <input type='text' value='password' name='password'>
  18. <input type='submit' value='submit'>
  19. </form>

index.php (at top)
php Syntax (Toggle Plain Text) 
  1. <?
  2. session_start();
  3. if ($_GET['login']=='true' && !isset($_SESSION['username111']))
  4.     {
  5.     echo "<h1>You need to be logged in to view this page!</h1>";
  6.     exit;
  7.     }
  8. //no browser output before this line.
Sorry if there is a small bug but that login system is from the top of my head and I have used simular ones in the past. Hope that example helps
Try not to bump 10 year old threads as it can be really annoying.
Like php then read my website at http://syntax.cwarn23.net/
Star-Trek-Atlantis - now that's what I call a movie ^_^
My favourite PC. - MacGyver Fan
Bad english note: dis-iz-2b4u
Reply With Quote Quick reply to this message  
Join Date: Nov 2008
Posts: 24
Reputation: xarz is an unknown quantity at this point 
Solved Threads: 1
xarz's Avatar
xarz xarz is offline Offline
Newbie Poster

Re: ***** User Login problem *****

 
0
  #7
Dec 1st, 2008
@cwarn23 yeah, I agree with your code also.. I use it the same way.. just add htmlentities to make sure that there will be no sql injections..
:: xarz ::
Reply With Quote Quick reply to this message  
Join Date: Apr 2008
Posts: 293
Reputation: Aamit has a little shameless behaviour in the past 
Solved Threads: 11
Aamit Aamit is offline Offline
Posting Whiz in Training

Re: ***** User Login problem *****

 
0
  #8
Dec 2nd, 2008
here you can use md5 encrypted password....
PHP Syntax (Toggle Plain Text) 
  1. when you use md5 you got this value in database
  2. admin= 21232f297a57a5a743894a0e4a801fc3
  3.  
  4. ADMIN= 73acd9a5972130b75066c82595a1fae3 
  5.  
  6. AdMiN= 2714cba6c6d58e587565cf4e6b275078


login.php
PHP Syntax (Toggle Plain Text) 
  1. $con = mysql_connect("localhost","root","");
  2. 	if (!$con)
  3. 	  {
  4. 	  die('Could not connect: ' . mysql_error());
  5. 	  }
  6. 	  else
  7. 	  {
  8. 	 // echo('Connected with Mysql');
  9. 	  }
  10. 		@mysql_select_db("db_login", $con);
  11. 		if (isset($_POST['Submit']))
  12. 		{
  13. 			$user_uname=$_POST["user_uname"];
  14. 			$user_pass=md5($_POST["user_pass"]);
  15.  
  16.  
  17. 			$sql=mysql_query("SELECT * FROM table WHERE user_uname='$user_uname' AND user_pass='$user_pass'");
  18.  
  19. 			if (mysql_num_rows($sql)==0 || mysql_num_rows($sql)>1)
  20. 			{	
  21. 				echo "<script>alert('Username/password pair is invalid.Please try again.')</script>";
  22.  
  23. 				echo"<script language='javascript'>window.location.href='login.php'</script>";
  24. 			}
  25. 			while($row = mysql_fetch_array($sql))
  26. 				  {
  27. 					if($user_pass==$row['user_pass'] and $user_uname==$row['user_uname'])
  28. 					{
  29. 						//here use go to your new page						echo"<script language='javascript'>window.location.href='newprofile.php'</script>";
  30. 						}
  31. 						else
  32. 						{
  33. 													echo"<script language='javascript'>window.location.href='login.php'</script>";
  34. 						}
  35. 					}
  36. 				  }
  37. 				  echo"<script language='javascript'>window.location.href='login.php'</script>";
  38. 		} 
  39. }

when use register or save data in mysql / databse
you have to insert data like...
$sql="INSERT INTO table ( user_uname, user_pass) VALUES('$_POST[user_uname]','md5($_POST[user_pass])')";
i think this solves your problem.......
Last edited by Aamit; Dec 2nd, 2008 at 6:11 am.
Reply With Quote Quick reply to this message  
Join Date: May 2006
Posts: 18
Reputation: BeachyUK is an unknown quantity at this point 
Solved Threads: 0
BeachyUK BeachyUK is offline Offline
Newbie Poster

Re: ***** User Login problem *****

 
0
  #9
Feb 8th, 2009
[QUOTE=Aamit;748686]here you can use md5 encrypted password....
PHP Syntax (Toggle Plain Text) 
  1. when you use md5 you got this value in database
  2. admin= 21232f297a57a5a743894a0e4a801fc3
  3.  
  4. ADMIN= 73acd9a5972130b75066c82595a1fae3 
  5.  
  6. AdMiN= 2714cba6c6d58e587565cf4e6b275078

This is very important, so good on Aamit for pointing this out... not sure if people have taken it onboard as there are no responses!

For security reasons you don't want to make the raw password available in your database, in-case a hacker gets in. An MD5 hash is a good method to ensure you can still verify the users identity without risking a security problem.

James
BeachyUK.com
BePing - Free Windows Ping Utility
Web Hosting from £5 per year (~$4pa) - Special Offer while we test our payment systems
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread has been marked solved.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the PHP Forum
Thread Tools Search this Thread



# 5.2.10 alexa apache api array beginner binary broken cakephp checkbox class clean clients cms code cron curl database date directory display dissertation dynamic echo echo$_get[x]changingitintovariable... email encode error fairness file files folder form forms function functions google href htaccess html image images include indentedsubcategory insert ip javascript joomla legislation limit link local login mail memberships menu mlm multiple multipletables mysql mysqlquery newsletters oop open paypal pdf persist php problem provider query radio random recursion remote rss script search server sessions simple sms sockets source space spam sql syntax system table tutorial update upload url validator variable video web youtube
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC