943,793 Members | Top Members by Rank

Web Development > PHP > ***** User Login problem *****
Ad:
  • PHP Discussion Thread
  • Marked Solved
  • Views: 1105
  • PHP RSS
Permalink
Dec 1st, 2008
0

***** User Login problem *****

Expand Post »
Hello friends,

I've a user login system......user's name & password are saved in the database.......suppose i've an user "admin". At the time of login if he enters "admin" he can login also if enters "ADMIN" or "AdMiN" he can login too.....how can I stop this thing........PLZZZZZZZ show me the way......

thank you...
Similar Threads
Reputation Points: 8
Solved Threads: 2
Junior Poster in Training
nil_gh_80 is offline Offline
64 posts
since Aug 2007
Permalink
Dec 1st, 2008
0

Re: ***** User Login problem *****

For that you could just convert both values to lower case with strtolower(); So try the following and I have included the form.
PHP Syntax (Toggle Plain Text)
  1. <?
  2. //mysql connections
  3. $username='Admin'; //from mysql in your script
  4.  
  5. $username=strtolower($username);
  6. if (isset($_POST['username']))
  7.     {
  8.     $_POST['username']=strtolower($_POST['username']);
  9.     if ($_POST['username']==$username)
  10.         {
  11.         //login
  12.         }
  13.     }
  14. ?>
  15. <form method='post'>
  16. <input type='text' value='adMiN' name='username'>
  17. <input type='submit' value='submit'>
  18. </form>
Sponsor
Featured Poster
Reputation Points: 410
Solved Threads: 258
Occupation: Genius
cwarn23 is offline Offline
3,004 posts
since Sep 2007
Permalink
Dec 1st, 2008
0

Re: ***** User Login problem *****

sorry man this is not that i want ......actually i want to check the string insterted case sensitive way......
Reputation Points: 8
Solved Threads: 2
Junior Poster in Training
nil_gh_80 is offline Offline
64 posts
since Aug 2007
Permalink
Dec 1st, 2008
0

Re: ***** User Login problem *****

If you want it case sensitive then because php is case sensitive, just get php to check if the 2 values = each other. So use the following:
php Syntax (Toggle Plain Text)
  1. <?
  2. //mysql connections
  3. $username='Admin'; //from mysql in your script
  4.  
  5. if (isset($_POST['username']) && $_POST['username']==$username)
  6.     {
  7.     //login
  8.     echo "test";
  9.     }
  10. ?>
  11. <form method='post'>
  12. <input type='text' value='adMiN' name='username'>
  13. <input type='submit' value='submit'>
  14. </form>
Sponsor
Featured Poster
Reputation Points: 410
Solved Threads: 258
Occupation: Genius
cwarn23 is offline Offline
3,004 posts
since Sep 2007
Permalink
Dec 1st, 2008
0

Re: ***** User Login problem *****

according to your solution if I have 1,00,00,000 user will I define those user in that number of veriables ?????????? is this thing feasible ?????????
Reputation Points: 8
Solved Threads: 2
Junior Poster in Training
nil_gh_80 is offline Offline
64 posts
since Aug 2007
Permalink
Dec 1st, 2008
0

Re: ***** User Login problem *****

Click to Expand / Collapse  Quote originally posted by nil_gh_80 ...
according to your solution if I have 1,00,00,000 user will I define those user in that number of veriables ?????????? is this thing feasible ?????????
Yes because all you need to do is check that the username (which should be unique from all the others) is correct and that at option, the password for security reasons is correct. So just to explain, I shall write a basic login system for you.

Below is login.php
php Syntax (Toggle Plain Text)
  1. session_start();
  2. //mysql connect code
  3.  
  4. $result=mysql_query("SELECT * FROM `users` WHERE `username`='".$_POST['username']."' AND `password`='".$_POST['password']."'");
  5.  
  6. if (isset($_POST['username']) && mysql_num_rows($result)==1)
  7.     {
  8.     $row=mysql_fetch_array($result);
  9.     $_SESSION['username111']==$row['username'];
  10.     unset($row);
  11.     header('Location: index.php?login=true');
  12.     //there should be no browser output before this line.
  13.     }
  14. ?>
  15. <form method='post'>
  16. <input type='text' value='Admin' name='username'><br>
  17. <input type='text' value='password' name='password'>
  18. <input type='submit' value='submit'>
  19. </form>

index.php (at top)
php Syntax (Toggle Plain Text)
  1. <?
  2. session_start();
  3. if ($_GET['login']=='true' && !isset($_SESSION['username111']))
  4.     {
  5.     echo "<h1>You need to be logged in to view this page!</h1>";
  6.     exit;
  7.     }
  8. //no browser output before this line.
Sorry if there is a small bug but that login system is from the top of my head and I have used simular ones in the past. Hope that example helps
Sponsor
Featured Poster
Reputation Points: 410
Solved Threads: 258
Occupation: Genius
cwarn23 is offline Offline
3,004 posts
since Sep 2007
Permalink
Dec 1st, 2008
0

Re: ***** User Login problem *****

@cwarn23 yeah, I agree with your code also.. I use it the same way.. just add htmlentities to make sure that there will be no sql injections..
Reputation Points: 10
Solved Threads: 1
Newbie Poster
xarz is offline Offline
24 posts
since Nov 2008
Permalink
Dec 2nd, 2008
0

Re: ***** User Login problem *****

here you can use md5 encrypted password....
PHP Syntax (Toggle Plain Text)
  1. when you use md5 you got this value in database
  2. admin= 21232f297a57a5a743894a0e4a801fc3
  3.  
  4. ADMIN= 73acd9a5972130b75066c82595a1fae3 
  5.  
  6. AdMiN= 2714cba6c6d58e587565cf4e6b275078


login.php
PHP Syntax (Toggle Plain Text)
  1. $con = mysql_connect("localhost","root","");
  2. 	if (!$con)
  3. 	  {
  4. 	  die('Could not connect: ' . mysql_error());
  5. 	  }
  6. 	  else
  7. 	  {
  8. 	 // echo('Connected with Mysql');
  9. 	  }
  10. 		@mysql_select_db("db_login", $con);
  11. 		if (isset($_POST['Submit']))
  12. 		{
  13. 			$user_uname=$_POST["user_uname"];
  14. 			$user_pass=md5($_POST["user_pass"]);
  15.  
  16.  
  17. 			$sql=mysql_query("SELECT * FROM table WHERE user_uname='$user_uname' AND user_pass='$user_pass'");
  18.  
  19. 			if (mysql_num_rows($sql)==0 || mysql_num_rows($sql)>1)
  20. 			{	
  21. 				echo "<script>alert('Username/password pair is invalid.Please try again.')</script>";
  22.  
  23. 				echo"<script language='javascript'>window.location.href='login.php'</script>";
  24. 			}
  25. 			while($row = mysql_fetch_array($sql))
  26. 				  {
  27. 					if($user_pass==$row['user_pass'] and $user_uname==$row['user_uname'])
  28. 					{
  29. 						//here use go to your new page						echo"<script language='javascript'>window.location.href='newprofile.php'</script>";
  30. 						}
  31. 						else
  32. 						{
  33. 													echo"<script language='javascript'>window.location.href='login.php'</script>";
  34. 						}
  35. 					}
  36. 				  }
  37. 				  echo"<script language='javascript'>window.location.href='login.php'</script>";
  38. 		} 
  39. }

when use register or save data in mysql / databse
you have to insert data like...
$sql="INSERT INTO table ( user_uname, user_pass) VALUES('$_POST[user_uname]','md5($_POST[user_pass])')";
i think this solves your problem.......
Last edited by Aamit; Dec 2nd, 2008 at 6:11 am.
Reputation Points: 3
Solved Threads: 15
Posting Whiz
Aamit is offline Offline
341 posts
since Apr 2008
Permalink
Feb 8th, 2009
0

Re: ***** User Login problem *****

[QUOTE=Aamit;748686]here you can use md5 encrypted password....
PHP Syntax (Toggle Plain Text)
  1. when you use md5 you got this value in database
  2. admin= 21232f297a57a5a743894a0e4a801fc3
  3.  
  4. ADMIN= 73acd9a5972130b75066c82595a1fae3 
  5.  
  6. AdMiN= 2714cba6c6d58e587565cf4e6b275078

This is very important, so good on Aamit for pointing this out... not sure if people have taken it onboard as there are no responses!

For security reasons you don't want to make the raw password available in your database, in-case a hacker gets in. An MD5 hash is a good method to ensure you can still verify the users identity without risking a security problem.
Reputation Points: 10
Solved Threads: 1
Light Poster
BeachyUK is offline Offline
32 posts
since May 2006

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in PHP Forum Timeline: About language translotor??
Next Thread in PHP Forum Timeline: Please Help with parse error: syntax error





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC