password login - validation

Codes here !

Moderators: macek, egami, gesf

php-punk
New php-forum User
New php-forum User
Posts: 60
Joined: Sun Feb 02, 2003 2:10 am
Location: Leeds, Uk
Contact:

password login - validation

Postby php-punk » Sat Jul 05, 2003 11:09 am

i have made a password login for my website, as tehre is only a few users to the site tat that log in, it uses a mysql backend and a switch function for different user areas, i am having a problem with the validation, at the moment anybody can log in:

Code: Select all

<html>
<head>
</head>
<body>
<center><iframe frameborder=0 src="http://to-j.com/ad2.htm" width="120"
height="60" target="_blank" scrolling="no"> </iframe></center>
</body>
</html>


<?
//first we check to see if a session is open!!!
//the if statement is exectued if there is NO session present
if(!session_id())
{
//starting a session
session_start();
//registering the variale "user" to the session
session_register("user");

}
?>

<html>
<head>
</head>
<body bgcolor="#000000">
<center><iframe frameborder=0 src="http://to-j.com/ad2.htm" width="120"
height="60" target="_blank" scrolling="no"> </iframe></center>

<table border="1" bordercolordark="#FFFFFF" bordercolorlight="#FFFFFF" bordercolor="#FFFFFF">
<tr><td><p><img src="..\images\logo.png" width="400" height="100"></p>
      <a href="..\index.php"><img src="..\images\news-button.png" width="185" height="49" border="0"></a><a href="..\reviews.php"><img src="..\images\reviews-button.png" width="182" height="49" border="0"></a><a href="..\feat.php"><img src="..\images\featured-button.png" width="180" height="49" border="0"></a><a href="..\profiles.php"><img src="..\images\profiles-button.png" width="180" height="49" border="0"></a><a href="..\http://punk-style.to-j.com/forum/phpBB2/"><img src="..\images\forums-button.png" width="180" height="49" border="0"></a><a href="..\links.php"><img src="..\images\Links-button.png" width="184" height="49" border="0"></a></p>
      <p>&</p>
      <?php

//connectiong to the database or if an error occers giving the reasons why..
$c=mysql_connect("localhost","","")  or die ("<font color=\"#FF00FF\">sorry unable to connect to database".mysql_error()."</font>");

//selecting the database:
$db=mysql_select_db("punk_style_to_j_com");

//setting the query: selecting all rows from users, where the user and pasword are the same as what the user entered
$query="SELECT * FROM `users` WHERE user='$_POST[user]' AND pw='$_POST[pw]'";

//running the query
$result=mysql_query($query) or die ("<font color=\"#FF00FF\">sorry unable to connect to database".mysql_error()."</font>");

//setting the variable login_check to the amount of rows that were affect during the last SQL statment, in case
//this variable should be one for the user to be able to log in
$login_check = mysql_num_rows($result);

//setting the results into an array for access later
$row=mysql_fetch_array($result);


//an IF statment that checks if loging_check is not greater or lower than 1
if(login_check == "1")
{
//switch statement, depending on what suer is logged in depends on what the page will do
   switch($_POST[user])
   {
      case paul:
      session_start();
      session_register("$user");
      $session=session_id();
      
      echo("<font color=\"#FF00FF\">");
      echo("$_POST[user] you are now logged in");
      echo("<BR>");
      echo("Please choose a Reviews option:");
      echo("<BR>");
      echo("<a href='../members/band-add.php?".$session."'>Add New Band Review</a>");
      echo("<BR>");
      echo("<a href='../members/gig-add.php?".$session."'>Add New Gig Review</a>");
      echo("<br>");
      echo("<a href='../members/pauls-blag-add.php?".$session."'Add New Paul\'s Blag Section</a>");
      echo("<br>");
      echo("<a href='../profiles/edit-form.php?user=paul&&".$session."'>Change and View Profile</a>");
      echo("</font>");
      break;
      
      case punkboii:
      session_start();
      session_register("$user");
      $session=session_id();
      
      echo("<font color=\"#FF00FF\">");
      echo("$_POST[user] you are now logged in");
      echo("<BR>");
      echo("Please choose a Reviews option:");
      echo("<BR>");
      echo("<a href='../members/band-add.php?".$session."'>Add New Band Review</a>");
      echo("<BR>");
      echo("<a href='../members/gig-add.php?".$session."'>Add New Gig Review</a>");
      echo("<br>");
      echo("<a href='../members/admin/news.php?".$session."'>New news posting</a>");
      echo("<br>");
      echo("<a href='../profiles/edit-form.php?change=yes&&user=stu&&".$session."'>Change and View Profile</a>");
      echo("</font>");
      break;
      
      default:
      session_start();
      session_register("$user");
      $session=session_id();
      
      echo("<font color=\"#FF00FF\">");
      echo("$_POST[user] you are now logged in");
      echo("<BR>");
      echo("Please choose a Reviews option:");
      echo("<BR>");
      echo("<a href='../members/band-add.php?".$session."'>Add New Band Review</a>");
      echo("<BR>");
      echo("<a href='../members/gig-add.php?".$session."'>Add New Gig Review</a>");
      
      echo("</font>");
      break;
      }
}
//if the login_check variable does not =1 the user can not log in
else
{
echo("<font color=\"#FFFFFF\">Sorry that user name and/or password are invalid!!</font>");
}
?>     <p>
       
    </td></tr>
</table>
</p>
All material is & Punk-Style 2003, All images are of Break the boarder are © Break The Boarder 2003. All images that are not of Break The Boarder are © there respective owners. All Band names are & there respective owners</p>
<a href="../login/logout.php">logout</a>
</body>
</html>


any help appreciated!!

php-punk
New php-forum User
New php-forum User
Posts: 60
Joined: Sun Feb 02, 2003 2:10 am
Location: Leeds, Uk
Contact:

Re: password login - validation

Postby php-punk » Sat Jul 05, 2003 11:31 am

i have made a password login for my website, as there is only a few users at the site that can log in, it uses a mysql backend and a switch function for different user areas, i am having a problem with the validation, at the moment anybody help:

Code: Select all

<html>
<head>
</head>
<body>
<center><iframe frameborder=0 src="http://to-j.com/ad2.htm" width="120"
height="60" target="_blank" scrolling="no"> </iframe></center>
</body>
</html>


<?
//first we check to see if a session is open!!!
//the if statement is exectued if there is NO session present
if(!session_id())
{
//starting a session
session_start();
//registering the variale "user" to the session
session_register("user");

}
?>

<html>
<head>
</head>
<body bgcolor="#000000">
<center><iframe frameborder=0 src="http://to-j.com/ad2.htm" width="120"
height="60" target="_blank" scrolling="no"> </iframe></center>

<table border="1" bordercolordark="#FFFFFF" bordercolorlight="#FFFFFF" bordercolor="#FFFFFF">
<tr><td><p><img src="..\images\logo.png" width="400" height="100"></p>
      <a href="..\index.php"><img src="..\images\news-button.png" width="185" height="49" border="0"></a><a href="..\reviews.php"><img src="..\images\reviews-button.png" width="182" height="49" border="0"></a><a href="..\feat.php"><img src="..\images\featured-button.png" width="180" height="49" border="0"></a><a href="..\profiles.php"><img src="..\images\profiles-button.png" width="180" height="49" border="0"></a><a href="..\http://punk-style.to-j.com/forum/phpBB2/"><img src="..\images\forums-button.png" width="180" height="49" border="0"></a><a href="..\links.php"><img src="..\images\Links-button.png" width="184" height="49" border="0"></a></p>
      <p>&</p>
      <?php

//connectiong to the database or if an error occers giving the reasons why..
$c=mysql_connect("localhost","","")  or die ("<font color=\"#FF00FF\">sorry unable to connect to database".mysql_error()."</font>");

//selecting the database:
$db=mysql_select_db("punk_style_to_j_com");

//setting the query: selecting all rows from users, where the user and pasword are the same as what the user entered
$query="SELECT * FROM `users` WHERE user='$_POST[user]' AND pw='$_POST[pw]'";

//running the query
$result=mysql_query($query) or die ("<font color=\"#FF00FF\">sorry unable to connect to database".mysql_error()."</font>");

//setting the variable login_check to the amount of rows that were affect during the last SQL statment, in case
//this variable should be one for the user to be able to log in
$login_check = mysql_num_rows($result);

//setting the results into an array for access later
$row=mysql_fetch_array($result);


//an IF statment that checks if loging_check is not greater or lower than 1
if(login_check == "1")
{
//switch statement, depending on what suer is logged in depends on what the page will do
   switch($_POST[user])
   {
      case paul:
      session_start();
      session_register("$user");
      $session=session_id();
      
      echo("<font color=\"#FF00FF\">");
      echo("$_POST[user] you are now logged in");
      echo("<BR>");
      echo("Please choose a Reviews option:");
      echo("<BR>");
      echo("<a href='../members/band-add.php?".$session."'>Add New Band Review</a>");
      echo("<BR>");
      echo("<a href='../members/gig-add.php?".$session."'>Add New Gig Review</a>");
      echo("<br>");
      echo("<a href='../members/pauls-blag-add.php?".$session."'Add New Paul\'s Blag Section</a>");
      echo("<br>");
      echo("<a href='../profiles/edit-form.php?user=paul&&".$session."'>Change and View Profile</a>");
      echo("</font>");
      break;
      
      case punkboii:
      session_start();
      session_register("$user");
      $session=session_id();
      
      echo("<font color=\"#FF00FF\">");
      echo("$_POST[user] you are now logged in");
      echo("<BR>");
      echo("Please choose a Reviews option:");
      echo("<BR>");
      echo("<a href='../members/band-add.php?".$session."'>Add New Band Review</a>");
      echo("<BR>");
      echo("<a href='../members/gig-add.php?".$session."'>Add New Gig Review</a>");
      echo("<br>");
      echo("<a href='../members/admin/news.php?".$session."'>New news posting</a>");
      echo("<br>");
      echo("<a href='../profiles/edit-form.php?change=yes&&user=stu&&".$session."'>Change and View Profile</a>");
      echo("</font>");
      break;
      
      default:
      session_start();
      session_register("$user");
      $session=session_id();
      
      echo("<font color=\"#FF00FF\">");
      echo("$_POST[user] you are now logged in");
      echo("<BR>");
      echo("Please choose a Reviews option:");
      echo("<BR>");
      echo("<a href='../members/band-add.php?".$session."'>Add New Band Review</a>");
      echo("<BR>");
      echo("<a href='../members/gig-add.php?".$session."'>Add New Gig Review</a>");
      
      echo("</font>");
      break;
      }
}
//if the login_check variable does not =1 the user can not log in
else
{
echo("<font color=\"#FFFFFF\">Sorry that user name and/or password are invalid!!</font>");
}
?>     <p>
       
    </td></tr>
</table>
</p>
All material is & Punk-Style 2003, All images are of Break the boarder are © Break The Boarder 2003. All images that are not of Break The Boarder are © there respective owners. All Band names are & there respective owners</p>
<a href="../login/logout.php">logout</a>
</body>
</html>


any help appreciated!![/quote]


Return to “mySQL & php coding”

Who is online

Users browsing this forum: Baidu [Spider] and 1 guest

cron