954,561 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
3 Years Ago
0

very simple login script (checking 2 variables before writing cookie)

Hi all,

I have just put together a simple log in script from various tutorials on the web and at the moment it is only checking the username entered by the user against what is in my database.
I cant find any infromation about any kind of AND function or any other check the password as well as the username so thats what i need help with

here is what i have already:

<?php
// Connects to your Database
mysql_connect("", "", "") or die(mysql_error());
mysql_select_db("") or die(mysql_error());;

$uname = $_POST['uname'];
$pword = $_POST['pword'];
//gets username and password from uname and pword fields on previous page

$result = mysql_query("SELECT * FROM logins WHERE uname='$uname'");

if($row = mysql_fetch_array($result))
  {
  setcookie("loggedin", "$uname", time()+3600);
  echo "logged in as: ";
  echo $row['uname'];
  echo "and cookie written.";
  echo "";
  echo 'click <a href="cookie.php">here</a> to view cookie information.<br/><a href="login.php">Back to login page.</a>';
  }
else
{
echo "wrong login information";
}
?>


Thanks guyyys :D

Max

MaxMumford
Posting Whiz in Training
228 posts since Oct 2006
Reputation Points: 32
Solved Threads: 3
 
3 Years Ago
0

make sure sanatize your inputs to protect against sql injection.

as for the login, just change your query to:

SELECT * FROM logins WHERE uname='$uname' AND password='$pword'


also, a better way to do a login script is to see the number of results returned from the query.

ex.

//run query here
if (mysql_num_rows($result) == 1) {
  //then log the person in
}
else {
  //they have invalid credentials
}
kkeith29
Nearly a Posting Virtuoso
1,357 posts since Jun 2007
Reputation Points: 235
Solved Threads: 194
 
3 Years Ago
0

you can change your query like this to validate a username with its password.

(let us say pword is your password table in db...)

replace this:

$result = mysql_query("SELECT * FROM logins WHERE uname='$uname'");


with something like this:

$result = mysql_query("SELECT * FROM logins WHERE uname='$uname' and pword='$pword'");
ryan_vietnow
Posting Pro
578 posts since Aug 2007
Reputation Points: 28
Solved Threads: 71
 
3 Years Ago
0

Ahh! keith is faster than me;) :D

ryan_vietnow
Posting Pro
578 posts since Aug 2007
Reputation Points: 28
Solved Threads: 71
 
3 Years Ago
0

ha xD Thanks guys :) i swear i tried that :P

oh wells thanks for the help guys. and ill def. include the protection against mysql injection

now just to find out what it actually is..... :P

Thanks again.

MaxMumford
Posting Whiz in Training
228 posts since Oct 2006
Reputation Points: 32
Solved Threads: 3
 
3 Years Ago
0

May I ask related question in here?
I was just reading around, found this thread and remembered that I always wanted to know if it's possible to query database only once, at first visit, to confirm login/pwd is correct.

Basicaly, is there a way to let user browse protected area without checking the database on every page view? (saving id in cookies is not a way :) )

Spaiz
Newbie Poster
20 posts since May 2007
Reputation Points: 14
Solved Threads: 0
 
3 Years Ago
0

yes, use sessions.

kkeith29
Nearly a Posting Virtuoso
1,357 posts since Jun 2007
Reputation Points: 235
Solved Threads: 194
 
3 Years Ago
0

Well, yes, sessions, but is there way to save user identification for long time? (except session in database/files/cookies)

Maybe some new clever way? I know the ordinary one's.

Spaiz
Newbie Poster
20 posts since May 2007
Reputation Points: 14
Solved Threads: 0
 
3 Years Ago
0

Well, yes, sessions, but is there way to save user identification for long time? (except session in database/files/cookies)

Maybe some new clever way? I know the ordinary one's.

I don't think so..

nav33n
Purple hazed!
Moderator
4,465 posts since Nov 2007
Reputation Points: 524
Solved Threads: 356
 
3 Years Ago
0

Well, yes, sessions, but is there way to save user identification for long time? (except session in database/files/cookies)

Maybe some new clever way? I know the ordinary one's.

Try to store the ipaddress of the user and date into a new table then have a timeline for how many days/months etc. on how the id will be saved in that ipadd by subtracting current date from the stored date login...Just my idea...

ryan_vietnow
Posting Pro
578 posts since Aug 2007
Reputation Points: 28
Solved Threads: 71
 
3 Years Ago
0
Yes I do have one. Please pm to get the bulk coupon. Anybody interested in buying itechbids v7.0 @ 10% discount? Please use my reseller coupon: RES3215.

I wonder why the mods haven't banned you yet.

nav33n
Purple hazed!
Moderator
4,465 posts since Nov 2007
Reputation Points: 524
Solved Threads: 356
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed