MySQL and PHP simple login system

MySQL and PHP simple login system - Printable Version

+- Sinisterly (https://sinister.ly)
+-- Forum: Coding (https://sinister.ly/Forum-Coding)
+--- Forum: PHP (https://sinister.ly/Forum-PHP)
+--- Thread: MySQL and PHP simple login system (/Thread-MySQL-and-PHP-simple-login-system)

Pages: 1 2 3 4 5 6 7 8 9

RE: MySQL and PHP simple login system - TheDarkNight - 05-09-2013

No :facepalm: you should be using MySQLi functions as MySQL is deprecated but I guess it's good for beginners good work op.

RE: MySQL and PHP simple login system - noize - 05-09-2013

(05-08-2013, 08:45 PM)Feurex Wrote: I have found some syntax errors, I have corrected them and here is the complete edited code.

Code:
<?php require_once('connect.php'); // connects to the db mysql_select_db($dbname); if (isset($_POST['submit'])) { // this is executed when the user clicks on the submit button session_start(); $username = $_POST['user']; $password = $_POST['pass']; $conn = mysql_connect($dbhost,$dbuser,$dbpass) or die ('Error connecting to mysql'); mysql_select_db($dbname); $query = sprintf("SELECT COUNT(id) FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'", mysql_real_escape_string($username), mysql_real_escape_string(($password))); $result = mysql_query($query); list($count) = mysql_fetch_row($result); if($count == 1) { // if we found the user/pass combination $_SESSION['authenticated'] = true; $_SESSION['username'] = $username; mysql_real_escape_string($username); mysql_real_escape_string(($password)); mysql_query($query); $query = sprintf("SELECT is_admin FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'",mysql_real_escape_string($username),mysql_real_escape_string(($password))); $result = mysql_query($query); list($is_admin) = mysql_fetch_row($result); $query = sprintf("SELECT confirmed FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'",mysql_real_escape_string($username),mysql_real_escape_string(($password))); $result = mysql_query($query); list($confirmed) = mysql_fetch_row($result); if($is_admin == 0) { header('Location:user.php'); // is_admin = 0 } else { header('Location:admin/index.php'); // is_admin = 1, or at least not 0 } } else { // we didn't find the user/pass combination ?> <span style='color:red'> Error: username/password combination does not exist!<br> Forgot your password? You can <font color="blue" style="text-decoration: underline; cursor: pointer;" title="Lol, just kidding, you're fucked!">get a new one</font></a>. </span> <?php } } $query = sprintf("SELECT id FROM users WHERE UPPER(username) = UPPER('%s')", mysql_real_escape_string($_SESSION['username'])); $result = mysql_query($query); list($userID) = mysql_fetch_row($result); $username = $_SESSION['username']; // this way we get user's username in case he is already logged in if ($username != NULL) { echo 'You are logged in as ' , $username ,'.'; // if he's logged in we tell him } else { // or else we let him log in ?> <form method="post" action=""> <input type="text" name="user" /> <input type="password" name="pass" /> <input type="submit" value="Log in" /> <input type="hidden" name="submit" /> </form> <?php } ?>

You think you can remember the edits you apported and point them to me? I could actually find a redirect change to user.php only. Well, it wasn't an error in my code to redirect the user to index.php, but well it's no difference, I could actually use user.php too. The fact is I couldn't find the other changes.

(05-08-2013, 09:11 PM)1llusion Wrote: Nice tutorial

However, the mysql_query extension is deprecated and will be removed eventually from PHP making your script incompatible with new versions of PHP.
I suggest anybody, who wants to keep their script up-to-date to use either MySQLi or PDO extension => http://www.php.net/manual/en/mysqlinfo.api.choosing.php

(05-09-2013, 11:54 AM)TheDarkNight Wrote: No :facepalm: you should be using MySQLi functions as MySQL is deprecated but I guess it's good for beginners good work op.

Thanks, I had heard of mysql_query's deprecation, but, actually I couldn't stop using it. :lol:

I'll surely have a look at what will take place over it soon, I swear.

RE: MySQL and PHP simple login system - noize - 05-09-2013

(05-08-2013, 08:45 PM)Feurex Wrote: I have found some syntax errors, I have corrected them and here is the complete edited code.

Code:
<?php require_once('connect.php'); // connects to the db mysql_select_db($dbname); if (isset($_POST['submit'])) { // this is executed when the user clicks on the submit button session_start(); $username = $_POST['user']; $password = $_POST['pass']; $conn = mysql_connect($dbhost,$dbuser,$dbpass) or die ('Error connecting to mysql'); mysql_select_db($dbname); $query = sprintf("SELECT COUNT(id) FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'", mysql_real_escape_string($username), mysql_real_escape_string(($password))); $result = mysql_query($query); list($count) = mysql_fetch_row($result); if($count == 1) { // if we found the user/pass combination $_SESSION['authenticated'] = true; $_SESSION['username'] = $username; mysql_real_escape_string($username); mysql_real_escape_string(($password)); mysql_query($query); $query = sprintf("SELECT is_admin FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'",mysql_real_escape_string($username),mysql_real_escape_string(($password))); $result = mysql_query($query); list($is_admin) = mysql_fetch_row($result); $query = sprintf("SELECT confirmed FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'",mysql_real_escape_string($username),mysql_real_escape_string(($password))); $result = mysql_query($query); list($confirmed) = mysql_fetch_row($result); if($is_admin == 0) { header('Location:user.php'); // is_admin = 0 } else { header('Location:admin/index.php'); // is_admin = 1, or at least not 0 } } else { // we didn't find the user/pass combination ?> <span style='color:red'> Error: username/password combination does not exist!<br> Forgot your password? You can <font color="blue" style="text-decoration: underline; cursor: pointer;" title="Lol, just kidding, you're fucked!">get a new one</font></a>. </span> <?php } } $query = sprintf("SELECT id FROM users WHERE UPPER(username) = UPPER('%s')", mysql_real_escape_string($_SESSION['username'])); $result = mysql_query($query); list($userID) = mysql_fetch_row($result); $username = $_SESSION['username']; // this way we get user's username in case he is already logged in if ($username != NULL) { echo 'You are logged in as ' , $username ,'.'; // if he's logged in we tell him } else { // or else we let him log in ?> <form method="post" action=""> <input type="text" name="user" /> <input type="password" name="pass" /> <input type="submit" value="Log in" /> <input type="hidden" name="submit" /> </form> <?php } ?>

(05-08-2013, 09:11 PM)1llusion Wrote: Nice tutorial

However, the mysql_query extension is deprecated and will be removed eventually from PHP making your script incompatible with new versions of PHP.
I suggest anybody, who wants to keep their script up-to-date to use either MySQLi or PDO extension => http://www.php.net/manual/en/mysqlinfo.api.choosing.php

(05-09-2013, 11:54 AM)TheDarkNight Wrote: No :facepalm: you should be using MySQLi functions as MySQL is deprecated but I guess it's good for beginners good work op.

Thanks, I had heard of mysql_query's deprecation, but, actually I couldn't stop using it. :lol:

I'll surely have a look at what will take place over it soon, I swear.

RE: MySQL and PHP simple login system - TheDarkNight - 05-09-2013

(05-09-2013, 02:43 PM)noize Wrote:
(05-08-2013, 08:45 PM)Feurex Wrote: I have found some syntax errors, I have corrected them and here is the complete edited code.

Code:
<?php require_once('connect.php'); // connects to the db mysql_select_db($dbname); if (isset($_POST['submit'])) { // this is executed when the user clicks on the submit button session_start(); $username = $_POST['user']; $password = $_POST['pass']; $conn = mysql_connect($dbhost,$dbuser,$dbpass) or die ('Error connecting to mysql'); mysql_select_db($dbname); $query = sprintf("SELECT COUNT(id) FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'", mysql_real_escape_string($username), mysql_real_escape_string(($password))); $result = mysql_query($query); list($count) = mysql_fetch_row($result); if($count == 1) { // if we found the user/pass combination $_SESSION['authenticated'] = true; $_SESSION['username'] = $username; mysql_real_escape_string($username); mysql_real_escape_string(($password)); mysql_query($query); $query = sprintf("SELECT is_admin FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'",mysql_real_escape_string($username),mysql_real_escape_string(($password))); $result = mysql_query($query); list($is_admin) = mysql_fetch_row($result); $query = sprintf("SELECT confirmed FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'",mysql_real_escape_string($username),mysql_real_escape_string(($password))); $result = mysql_query($query); list($confirmed) = mysql_fetch_row($result); if($is_admin == 0) { header('Location:user.php'); // is_admin = 0 } else { header('Location:admin/index.php'); // is_admin = 1, or at least not 0 } } else { // we didn't find the user/pass combination ?> <span style='color:red'> Error: username/password combination does not exist!<br> Forgot your password? You can <font color="blue" style="text-decoration: underline; cursor: pointer;" title="Lol, just kidding, you're fucked!">get a new one</font></a>. </span> <?php } } $query = sprintf("SELECT id FROM users WHERE UPPER(username) = UPPER('%s')", mysql_real_escape_string($_SESSION['username'])); $result = mysql_query($query); list($userID) = mysql_fetch_row($result); $username = $_SESSION['username']; // this way we get user's username in case he is already logged in if ($username != NULL) { echo 'You are logged in as ' , $username ,'.'; // if he's logged in we tell him } else { // or else we let him log in ?> <form method="post" action=""> <input type="text" name="user" /> <input type="password" name="pass" /> <input type="submit" value="Log in" /> <input type="hidden" name="submit" /> </form> <?php } ?>

You think you can remember the edits you apported and point them to me? I could actually find a redirect change to user.php only. Well, it wasn't an error in my code to redirect the user to index.php, but well it's no difference, I could actually use user.php too. The fact is I couldn't find the other changes.

(05-08-2013, 09:11 PM)1llusion Wrote: Nice tutorial

However, the mysql_query extension is deprecated and will be removed eventually from PHP making your script incompatible with new versions of PHP.
I suggest anybody, who wants to keep their script up-to-date to use either MySQLi or PDO extension => http://www.php.net/manual/en/mysqlinfo.api.choosing.php

(05-09-2013, 11:54 AM)TheDarkNight Wrote: No :facepalm: you should be using MySQLi functions as MySQL is deprecated but I guess it's good for beginners good work op.

Thanks, I had heard of mysql_query's deprecation, but, actually I couldn't stop using it. :lol:

I'll surely have a look at what will take place over it soon, I swear.

This is the most explain tutorial that i learn't to use MySQLi idk if you will like it but it is http://www.phpknowhow.com/mysql/mysqli-procedural-functions/ Enjoy =D :thumbs:

RE: MySQL and PHP simple login system - TheDarkNight - 05-09-2013

(05-09-2013, 02:43 PM)noize Wrote:
(05-08-2013, 08:45 PM)Feurex Wrote: I have found some syntax errors, I have corrected them and here is the complete edited code.

Code:
<?php require_once('connect.php'); // connects to the db mysql_select_db($dbname); if (isset($_POST['submit'])) { // this is executed when the user clicks on the submit button session_start(); $username = $_POST['user']; $password = $_POST['pass']; $conn = mysql_connect($dbhost,$dbuser,$dbpass) or die ('Error connecting to mysql'); mysql_select_db($dbname); $query = sprintf("SELECT COUNT(id) FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'", mysql_real_escape_string($username), mysql_real_escape_string(($password))); $result = mysql_query($query); list($count) = mysql_fetch_row($result); if($count == 1) { // if we found the user/pass combination $_SESSION['authenticated'] = true; $_SESSION['username'] = $username; mysql_real_escape_string($username); mysql_real_escape_string(($password)); mysql_query($query); $query = sprintf("SELECT is_admin FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'",mysql_real_escape_string($username),mysql_real_escape_string(($password))); $result = mysql_query($query); list($is_admin) = mysql_fetch_row($result); $query = sprintf("SELECT confirmed FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'",mysql_real_escape_string($username),mysql_real_escape_string(($password))); $result = mysql_query($query); list($confirmed) = mysql_fetch_row($result); if($is_admin == 0) { header('Location:user.php'); // is_admin = 0 } else { header('Location:admin/index.php'); // is_admin = 1, or at least not 0 } } else { // we didn't find the user/pass combination ?> <span style='color:red'> Error: username/password combination does not exist!<br> Forgot your password? You can <font color="blue" style="text-decoration: underline; cursor: pointer;" title="Lol, just kidding, you're fucked!">get a new one</font></a>. </span> <?php } } $query = sprintf("SELECT id FROM users WHERE UPPER(username) = UPPER('%s')", mysql_real_escape_string($_SESSION['username'])); $result = mysql_query($query); list($userID) = mysql_fetch_row($result); $username = $_SESSION['username']; // this way we get user's username in case he is already logged in if ($username != NULL) { echo 'You are logged in as ' , $username ,'.'; // if he's logged in we tell him } else { // or else we let him log in ?> <form method="post" action=""> <input type="text" name="user" /> <input type="password" name="pass" /> <input type="submit" value="Log in" /> <input type="hidden" name="submit" /> </form> <?php } ?>

You think you can remember the edits you apported and point them to me? I could actually find a redirect change to user.php only. Well, it wasn't an error in my code to redirect the user to index.php, but well it's no difference, I could actually use user.php too. The fact is I couldn't find the other changes.

(05-08-2013, 09:11 PM)1llusion Wrote: Nice tutorial

However, the mysql_query extension is deprecated and will be removed eventually from PHP making your script incompatible with new versions of PHP.
I suggest anybody, who wants to keep their script up-to-date to use either MySQLi or PDO extension => http://www.php.net/manual/en/mysqlinfo.api.choosing.php

(05-09-2013, 11:54 AM)TheDarkNight Wrote: No :facepalm: you should be using MySQLi functions as MySQL is deprecated but I guess it's good for beginners good work op.

Thanks, I had heard of mysql_query's deprecation, but, actually I couldn't stop using it. :lol:

I'll surely have a look at what will take place over it soon, I swear.

This is the most explain tutorial that i learn't to use MySQLi idk if you will like it but it is http://www.phpknowhow.com/mysql/mysqli-procedural-functions/ Enjoy =D :thumbs:

RE: MySQL and PHP simple login system - sitehost - 08-06-2013

Thanks for the Script, The only thing I would change is Encoding the password and possibly the user name in SQL, with a private key.

Thanks!!!

Quote:This is the most explain tutorial that i learn't to use MySQLi idk if you will like it but it is http://www.phpknowhow.com/mysql/mysqli-procedural-functions/ Enjoy =D :thumbs:

I was reluctant to use mySQLi at first, and omg it has shorten my code so much and makes things so much more secure.!!!

RE: MySQL and PHP simple login system - xxterorxx - 08-16-2013

Thanks a lot Smile

RE: MySQL and PHP simple login system - 4th Dimension - 08-19-2013

Great tutorial, really helps. Thanks for sharing!

RE: MySQL and PHP simple login system - matsoglo - 08-21-2013

Thanks m8 for this tut!!!!!! Very Helpfull