I am pretty new to php (mostly don't do web development at all actually) and, have gotten into it lately. I am trying to make a login page that redirects users after login to a unique URL linked to the user. So I wanted to have say 4 columns in the database: id, username, password, and redirect. And after a successful login to have the URL redirect to the redirect column in the db that is storing the user URL. The problem is the code that I have been working off of. To make a login I cant seem to have it redirect to the db column using the header("location:) line. Here is my code maybe you guys can kindly help me:
<?php
$host="sql1om"; // Host name
$username="b33_1033"; // Mysql username
$password="b33_1033"; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
So I can't figure out how to add a db column variable to output the url from the redirect column in the
header("location:login_success.php);
Every time I try a variable in that line nothing happens
Any help would be appreciated. Please thoroughly explain I am a newbie at php. Thank-you!
Here is edited code that I got working (with help):
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file"login_success.php"
$_SESSION['username'] = $myusername;
$_SESSION['password'] = $mypassword;
$result = mysql_query("SELECT redirect FROM members");
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
header("Location: " . $row['redirect']);
}
exit();
}
else {
echo "Wrong Username or Password";
}
?>
You need to fetch your results into an associative array:
$row = mysql_fetch_assoc($result)
Then simply use header("Location: $row['redirect']");
Enclosing a string in double quotes enable you to insert a variable in there.
Alternatively, you can also concatentate: header("Location: " . $row['redirect']);
Your SQL results will be stored in an associatively array called $row. To access the redirect column, use $row['redirect']. Of course, $row will only be populated if a row or rows are found.
Finally, it is good practice to have an exit() to immediate stop script execution if you are redirecting.
Your code would look like:
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['username'] = $myusername;
$_SESSION['password'] = $mypassword;
$row = mysql_fetch_assoc($result);
header("Location: $row['redirect']");
exit();
}else {
echo "Wrong Username or Password";
}
Related
So I've been trying to Get my Validation script for my login to Work.
Here's The Code:
<?php
ob_start();
$host="localhost"; // Host name
$username="***"; // Mysql username
$password="***"; // Mysql password
$db_name="**"; // Database name
$tbl_name="**"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['username'];
$mypassword=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
echo "Welcome $myusername";
header("location:../htdocs/home.php");
exit();
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
What's weird is that if I entered credentials not in My Database it does return that they are incorrect. But If they are correct it doesn't redirect me to home.php
The code is very bad, would suggest you dont use it. As for the problem the SQL function you are using is wrokg.
replace $result=mysql_query($sql); with $result=mysql_fetch_array($sql);
as for the if($count==1){ change to if($result){
That should resolve your issue, also at the end of the SQL statement add LIMIT 1
Halo everyone, I got a question for how to check the permission when the user login and send the user to the page where they suppose to be. But I just can't make it. Can anyone help?
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="123456789"; // Mysql password
$db_name="hospital_db"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
$permissionssql="SELECT permissions FROM $tbl_name WHERE permissions";
$permissionssqlresult=mysql_query($permissionssql);
if(permissions==admin){
header("location:admin.php");
if(permissions==employees){
header("location:employees.php");
if(permissions==employees){
header("location:otherstaff.php");
}
}
}
}
else{
echo "Wrong username or password!";
}
?>
I create a permissions on my table and it is vachar.
The permission have admin/employees/otherstaff.
I'm just trying to let the system send the user to the correct page but it always doesnt work.
I'm really appreciate if there's an answer.
thanks
I have managed to make a cookie with the username from the login form, but how can I add the user id from the db query into the cookie too ?
This is what I've got now
<?php
include 'connection.php';
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
setcookie("user", $myusername, time()+3600);
header("location:index.php");
}
else {
echo "Wrong Username or Password";
}
?>
try this .
<?php
ob_start();
include 'connection.php';
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
$users = mysql_fetch_array($result);
# pass the user ID column name as array key of `$users`
setcookie("userID", $users['user_id'], time()+3600);
header("location:index.php");
ob_clean();
}
else {
echo "Wrong Username or Password";
}
?>
it's easier to do it with $_SESSION.
Add session_start(); on the top of every page you want to use the session variables on. After that, you can set and get session variables like with any normal array. example:
<?php
session_start();
$_SESSION['loggedIn'] = true;
$_SESSION['userId'] = 5;
?>
on a different page:
<?php
session_start();
echo $_SESSION['loggedIn']; //will contain true
echo $_SESSION['userId'] = 5; //will contain 5
?>
$Rows=mysql_fetch_array($result);
// Assuming that the column name in the DB is user_id then you can get the user_id using : $Rows['user_id']
// so you can store the cookie in this way:
setcookie("user_id", $Rows['user_id'], time()+3600);
Hi at the moment I am trying to create a login system but I am hitting a problem with setting privileges for the users this is the MySql statement that i am using to find out the username and password from phpMyAdmin database.
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
I was wondering if someone could help me edit this code so that I can echo or print the account_type to the page so i can use it within a PHP if statement to restrict what the users see.
I have tried
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword' and account_type ='myaccount'";
$result=mysql_query($sql);
this is the full pages code
<?php
ob_start();
$host="127.0.0.0"; // Host name
$username="username"; // Mysql username
$password="password"; // Mysql password
$db_name="dbname"; // Database name
$tbl_name="table"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$row = mysql_fetch_array($result);
print_r($row);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_start();
$_SESSION['username'] = $myusername;
$_SESSION['password'] = $mypassword;
//session_register("myusername");
//session_register("mypassword");
//echo "correct";
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
You are missing mysql_fetch_array() call.
$sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
After that you can access $row array; to see its contents use:
print_r($row);
To access specific field, use $row['fieldname']
You need to fetch that array from sql.
See the PHP manual
I have the following in my code
session_register("myusername");
session_register("mypassword");
within
<?php
ob_start();
$host="ClubEvents.db.9606426.hostedresource.com"; // Host name
$username="ClubEventsRead"; // Mysql username
$password="Pa55word!"; // Mysql password
$db_name="ClubEvents"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
What is it to be replace by, now that the php function has been deprecated?
I have been reading http://php.net/manual/en/function.session-register.php but am a little confused, been battling with this all day.
Thanks
Henry
Just place the values you want in the $_SESSION array, like:
$_SESSION['myusername'] = "xxx";
I'm not seeing you session_start on your code. Don't forget it.
I think you want to save your username and the password in the session :
First, usijng "login", "username", "password" in your code is no longer safe, some malicious script try to find these words in your code and play around.
session_start();
$_SESSION['myuse'] = $myuse;
$_SESSION['mypas'] = $mypas;