954,561 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
3 Years Ago
0

***** User Login problem *****

Hello friends,

I've a user login system......user's name & password are saved in the database.......suppose i've an user "admin". At the time of login if he enters "admin" he can login also if enters "ADMIN" or "AdMiN" he can login too.....how can I stop this thing........PLZZZZZZZ show me the way......

thank you...

nil_gh_80
Junior Poster in Training
64 posts since Aug 2007
Reputation Points: 8
Solved Threads: 2
 
3 Years Ago
0

For that you could just convert both values to lower case with strtolower(); So try the following and I have included the form.

<?
//mysql connections
$username='Admin'; //from mysql in your script

$username=strtolower($username);
if (isset($_POST['username']))
    {
    $_POST['username']=strtolower($_POST['username']);
    if ($_POST['username']==$username)
        {
        //login
        }
    }
?>
<form method='post'>
<input type='text' value='adMiN' name='username'>
<input type='submit' value='submit'>
</form>
cwarn23
Occupation: Genius
Team Colleague
3,033 posts since Sep 2007
Reputation Points: 413
Solved Threads: 259
 
3 Years Ago
0

sorry man this is not that i want ......actually i want to check the string insterted case sensitive way......

nil_gh_80
Junior Poster in Training
64 posts since Aug 2007
Reputation Points: 8
Solved Threads: 2
 
3 Years Ago
0

If you want it case sensitive then because php is case sensitive, just get php to check if the 2 values = each other. So use the following:

<?
//mysql connections
$username='Admin'; //from mysql in your script

if (isset($_POST['username']) && $_POST['username']==$username)
    {
    //login
    echo "test";
    }
?>
<form method='post'>
<input type='text' value='adMiN' name='username'>
<input type='submit' value='submit'>
</form>
cwarn23
Occupation: Genius
Team Colleague
3,033 posts since Sep 2007
Reputation Points: 413
Solved Threads: 259
 
3 Years Ago
0

according to your solution if I have 1,00,00,000 user will I define those user in that number of veriables ?????????? is this thing feasible ?????????

nil_gh_80
Junior Poster in Training
64 posts since Aug 2007
Reputation Points: 8
Solved Threads: 2
 
3 Years Ago
0
according to your solution if I have 1,00,00,000 user will I define those user in that number of veriables ?????????? is this thing feasible ?????????


Yes because all you need to do is check that the username (which should be unique from all the others) is correct and that at option, the password for security reasons is correct. So just to explain, I shall write a basic login system for you.

Below is login.php

session_start();
//mysql connect code

$result=mysql_query("SELECT * FROM `users` WHERE `username`='".$_POST['username']."' AND `password`='".$_POST['password']."'");

if (isset($_POST['username']) && mysql_num_rows($result)==1)
    {
    $row=mysql_fetch_array($result);
    $_SESSION['username111']==$row['username'];
    unset($row);
    header('Location: index.php?login=true');
    //there should be no browser output before this line.
    }
?>
<form method='post'>
<input type='text' value='Admin' name='username'>
<input type='text' value='password' name='password'>
<input type='submit' value='submit'>
</form>


index.php (at top)

<?
session_start();
if ($_GET['login']=='true' && !isset($_SESSION['username111']))
    {
    echo "<h1>You need to be logged in to view this page!</h1>";
    exit;
    }
//no browser output before this line.

Sorry if there is a small bug but that login system is from the top of my head and I have used simular ones in the past. Hope that example helps

cwarn23
Occupation: Genius
Team Colleague
3,033 posts since Sep 2007
Reputation Points: 413
Solved Threads: 259
 
3 Years Ago
0

@cwarn23 yeah, I agree with your code also.. I use it the same way.. just add htmlentities to make sure that there will be no sql injections.. :P

xarz
Newbie Poster
24 posts since Nov 2008
Reputation Points: 10
Solved Threads: 1
 
3 Years Ago
0

here you can use md5 encrypted password....

when you use md5 you got this value in database
admin= 21232f297a57a5a743894a0e4a801fc3

ADMIN= 73acd9a5972130b75066c82595a1fae3 

AdMiN= 2714cba6c6d58e587565cf4e6b275078

login.php

$con = mysql_connect("localhost","root","");
	if (!$con)
	  {
	  die('Could not connect: ' . mysql_error());
	  }
	  else
	  {
	 // echo('Connected with Mysql');
	  }
		@mysql_select_db("db_login", $con);
		if (isset($_POST['Submit']))
		{
			$user_uname=$_POST["user_uname"];
			$user_pass=md5($_POST["user_pass"]);
											
			
			$sql=mysql_query("SELECT * FROM table WHERE user_uname='$user_uname' AND user_pass='$user_pass'");
			
			if (mysql_num_rows($sql)==0 || mysql_num_rows($sql)>1)
			{	
				echo "<script>alert('Username/password pair is invalid.Please try again.')</script>";
				
				echo"<script language='javascript'>window.location.href='login.php'</script>";
			}
			while($row = mysql_fetch_array($sql))
				  {
					if($user_pass==$row['user_pass'] and $user_uname==$row['user_uname'])
					{
						//here use go to your new page						echo"<script language='javascript'>window.location.href='newprofile.php'</script>";
						}
						else
						{
													echo"<script language='javascript'>window.location.href='login.php'</script>";
						}
					}
				  }
				  echo"<script language='javascript'>window.location.href='login.php'</script>";
		} 
}


when use register or save data in mysql / databse
you have to insert data like... $sql="INSERT INTO table ( user_uname, user_pass) VALUES('$_POST[user_uname]','md5($_POST[user_pass])')";

i think this solves your problem.......

Aamit
Posting Whiz
342 posts since Apr 2008
Reputation Points: 3
Solved Threads: 15
 
3 Years Ago
0

[QUOTE=Aamit;748686]here you can use md5 encrypted password....

when you use md5 you got this value in database
admin= 21232f297a57a5a743894a0e4a801fc3

ADMIN= 73acd9a5972130b75066c82595a1fae3 

AdMiN= 2714cba6c6d58e587565cf4e6b275078


This is very important, so good on Aamit for pointing this out... not sure if people have taken it onboard as there are no responses!

For security reasons you don't want to make the raw password available in your database, in-case a hacker gets in. An MD5 hash is a good method to ensure you can still verify the users identity without risking a security problem.

BeachyUK
Light Poster
38 posts since May 2006
Reputation Points: 10
Solved Threads: 1
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed