0

Just so you know, I'm a PHP beginner, so I won't understand complicated stuff or anything of the like. xP
I've started to make a part of my website (may I link to it, or should I just post the code) and I'm pretty happy with it. A user can paste or write a story into a text area, and then submit it. It shows the word count to them, and also adds it to a database, where, on a different page, people are able to view it, complete with their name and how many words the writing is.
However, I'm having a problem. I want to get a login script set up, so users are able to set stories to public/private, and also view all stories by them. They will also be able to have 'cash' for the stories that they post, based on the word count. Some features that I might try to implement would be editing/deleting stories, but I don't know if I will be able to implement that until I get a start on the actual code.
I have tried quite a few codes, some which are linked here.
http://hvassing.com/2007/simple-php-login-script-using-session-and-mysql/
http://php.about.com/od/finishedphp1/ss/php_login_code_7.htm
http://www.daniweb.com/forums/post951182.html#post951182
However, even with a bit of editing, I haven't been able to get them to work. This isn't good. xP
If it helps, here is the sql table that I have.

-- phpMyAdmin SQL Dump
-- version 2.11.9.5
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Nov 11, 2009 at 12:55 PM
-- Server version: 5.0.81
-- PHP Version: 5.2.6

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";

--
-- Database: `pixelpup_type`
--

-- --------------------------------------------------------

--
-- Table structure for table `type_users`
--

CREATE TABLE IF NOT EXISTS `type_users` (
  `uid` int(11) NOT NULL auto_increment,
  `username` varchar(20) default NULL,
  `password` varchar(100) default NULL,
  `email` varchar(60) default NULL,
  `usergroup` varchar(11) NOT NULL default '3',
  `cash` varchar(5) NOT NULL default '200',
  PRIMARY KEY  (`uid`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;

--
-- Dumping data for table `type_users`
--

I'm struggling with integrating the login scripts, could anyone give me any advice. I'm sorry if I sound vague, I just don't know where to start. :/
Arianna

2
Contributors
4
Replies
6
Views
7 Years
Discussion Span
Last Post by Arianna
0

Post up the code you are using at the moment for specific information/help.

It is likely that the database queries are wrong, probably the script is looking for columns you do not have if you are using an example script.

0

Thank you. :D
I am able to create a user, yet when I get to this:

<?php
 
session_start(); //start session so we can login
 
require('includes/functions.php'); //include functions
require('includes/dbconnect.php'); //include database connection
 
$min_form_time = 5; //in seconds
$max_form_time = 30; //in seconds
 
$error = array(); //define $error to prevent error later in script.
if ( isset( $_POST['submit'] ) ) {
    $error = array();
    array_map( 'stripslashes',&$_POST ); //Strips slashes
    array_map( 'mysql_real_escape_string',&$_POST ); //Escapes data to protect against sql injection
    $user = $_POST['username'];
    $pass = $_POST['password'];
    $token = $_POST['token'];
    if ( $token !== $_SESSION['token'] ) {
        $error[] = 'Token is invalid';
    }
    else {
        if ( time() <= ( $_SESSION['time'] + $min_form_time ) ) {
            $error[] = 'Form submitted too quickly, please slow down and try again';
        }
        elseif ( time() >= ( $_SESSION['time'] + $max_form_time ) ) {
            $error[] = 'Form has expired';
        }
        else {
            if ( empty( $user ) ) { //check if username is blank
                $error[] = 'Username is blank';
            }
            elseif ( strlen( $user ) > 30 ) { //make sure the username is not longer than 30 chars
                $error[] = 'Username is longer than 30 characters';
            }
            if ( empty( $pass ) ) { //check if password is blank
                $error[] = 'Password is blank';
            }
            elseif ( strlen( $pass ) < 6 ) { //make sure password is longer than 8 characters
                $error[] = 'Password must be longer than 5 characters';
            }
            elseif ( !preg_match( "/^.*(?=.{3,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$/",$pass ) ) { //check to see if its a valid password
                $error[] = 'Password invalid - it must contain at least 1 number, 1 uppercase letter, 1 lowercase letter';
            }
            if ( count( $error ) == 0 ) { //if everything is ok so far, keep going (i do this because i don't want to hit the database if the username or password is blank)
                $query = mysql_query( "SELECT `id`,`password` FROM `type_users` WHERE `username` = '{$user}' LIMIT 1",$con );
                if ( mysql_num_rows( $query ) !== 1 ) { //checks to see if a row was found with username provided by user
                    $error[] = 'Username and/or Password incorrect'; //never be specific with errors, makes it hard to crack
                }
                else {
                    list( $id,$hash ) = mysql_fetch_row( $query ); //puts the id and password from result into $id and $pass variables
                    if ( !checkPassword( $pass,$hash ) ) { //check password from user against the hash in the database.
                        $error[] = 'Username and/or Password incorrect';
                    }
                    if ( count( $error ) == 0 ) { //if now errors found, then set session for login
                        $_SESSION['auth'] = $id;
                        header('Location: member.php'); //redirect to <strong class="highlight">secure</strong> area
                        exit; //exit script since we are redirecting anyway
                    }
                }
            }
        }
    }
}
 
$errmsg = '';
if ( count( $error ) > 0 ) { //if there are errors, build the error list to be displayed.
    $errmsg = '<div>Errors:<br /><ul>';
    foreach( $error as $err ) { //loop through errors and put then in the list
        $errmsg .= "<li>{$err}</li>";
    }
    $errmsg .= '</ul></div>';
}
 
$token = md5(uniqid(rand(),true));
$_SESSION['token'] = $token;
$_SESSION['time'] = time();
 
$html =<<<HTML
<html>
<head>
<title>Login</title>
</head>
<body>
    <h3>Member Login</h3>
    {$errmsg}
    <div>
        <form action="{$_SERVER['PHP_SELF']}" method="post">
            Username: <input type="text" name="username" /><br />
            Password: <input type="password" name="password" /><br />
            <input type="hidden" name="token" value="{$token}" />
            <input type="submit" name="submit" value="Login" />
        </form>
    </div>
</body>
</html>
HTML;
 
echo $html;
 
?>

For the login page, that's when I'm starting to have problems. It gives me the error message: Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/pixelpup/public_html/wordcount/login.php on line 47 and it tells me that the user/password are wrong, even though I have checked them (Username: User / Password: Password1) multiple times, and I have made sure that they are inserted into the database.
Thank you very much for helping. :D

0

My previous post is long and boring, but here it is.

Eep! I hate to doublepost, but hopefully this will be merged. I managed to get the code to work (selecting from a non-existent column: silly me!) but now I'm having a problem with member.php.
I've got this code, at this point.

<?php
 
session_start(); //start session so we can see if the user is logged in.
 
if ( !isset( $_SESSION['auth'] ) ) { // if auth is not in the $_SESSION array (meaning they haven't been to the login page where its set) redirect them to the login page
    header('Location: login.php');
    exit;
}
 
require('includes/dbconnect.php'); //include database connection
require('includes/functions.php'); //include database connection

$memid = $_SESSION['auth']; //set member id into $memid.
 
$query = mysql_query( "SELECT `username` FROM `type_users` WHERE 'uid' = {$memid}" ); //
$member = mysql_fetch_assoc( $query );
 
echo "Welcome, {$member['username']} <a href=\"logout.php\">Logout</a>";
 
?>

It's working OK - you've got to be logged on to see it, yet I'm finding a problem - this is what the page shows.

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/pixelpup/public_html/wordcount/member.php on line 16
Welcome, Logout

It's both got an error, and it's not showing the user's name. Could anyone help me? I'm not understanding the session_start() thing, and I'm not that sure about how I'm getting the user's name, as well as the error.
Thanks!

I've gotten a bit further. As is said in the spoiler, I managed to get to member.php. This is the modified code I'm using now.

<?php
 
session_start(); //start session so we can see if the user is logged in.
 
if ( !isset( $_SESSION['auth'] ) ) { // if auth is not in the $_SESSION array (meaning they haven't been to the login page where its set) redirect them to the login page
    header('Location: login.php');
    exit;
}
 
require('includes/dbconnect.php'); //include database connection
require('includes/functions.php'); //include database connection

$memid = $_SESSION['auth']; //set member id into $memid.
 
$query = "SELECT * FROM type_users WHERE uid = $memid";
$result = mysql_query ($query) or die(mysql_error());
$username=@mysql_result($result,$i,"username");
 
echo "Welcome, ".$username.". <a href=\"logout.php\">Logout</a>";
 
?>

However, it's telling me this: Unknown column 'User' in 'where clause' I haven't even got a column called user! What is happening?

Edited by Arianna: n/a

0

Please ignore this post, I've solved it all. Thank you very much. Sometimes just posting seems to motivate me!

Edited by Arianna: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.