Basic Login Script with PHP, A rudimentary login script tutorial aimed at those looking to learn ho Options Rating

[myjunkb0x]

Are you trying to connect to the database from your home computer, using something like Xampp or Wampserver? If so, then yes, that's your problem. However, you may want to check with 1&1 if that's not the case.

I googled the error real quick, and it appears to be due to a configuration error. You may need to have 1&1 check the configuration.

Hope that helps.

I did contact 1&1 and they said that support for MySQL is beyond their support.
I also Googled the error too and found that it could be a server error of some kind such as resetting permissions, etc.
So I thought, I'll call 1&1 and ask them to help me with the phpmyadmin that they have provided me with. They said that it MUST be a script error on my behalf.

I'm so tired of this s--- (with PHP, login, code, etc.)
All I want to do is provide a login for my customers so that they can view their photos (I'm a photographer) on my website.
Thanks for your reply!

[akozlik]

All I want to do is provide a login for my customers so that they can view their photos (I'm a photographer) on my website.
Thanks for your reply!

Yeah, it's difficult to help you out without having direct access to everything. I have a feeling 1&1 may be giving you the run around, but I'd have to take a look for sure. For them to say that they don't handle MySQL is ridiculous. They provide web hosting so they have access to the servers.

If you're tired of playing around with it yourself, I'm a freelance programmer who has a slot open for some work. If you're interested, you can contact me on AIM at duke00785 or e-mail at akozlik ( a t ) gmail.com

Hope to hear from you.

Andrew

[ayman_mastermind]

@akozlik, your php tutorials are just great, i have read 3 of your php tutorials and they made learn lots of good stuff in php, i am new to php and your tutorials are helping me get what i want, thanks very much and keep up the good work

[akozlik]

conn.php contains the database connection info.

php

<?php
$username = 'your_username';
$password = 'your_password';
$host = 'your_host';
$db = 'your_database';

$conn = mysql_connect($host, $username, $password);

$db = mysql_select_db($db, $conn);

?>

[woodjom]

I know that in my 1&1 account, it mentions this:

FYI, 1&1 holds ALL their MySQL databases through a virtual connection environment. Therefore only those connections from within 1&1 servers will be able to attach to them via connection strings. I have spent months trying to get them to open the firewall for my databases but they wont. 1&1 is a great point to start learning web dev but i would suggest moving out of it when you get a chance and feel confortable flying out into the world on your own.

[kackah]

<form action="file:///C|/Users/shaun/Downloads/checkLogin.php" method="post">
<table>
<tr>
<td>Username: </td>
</td><input type="text" name="user"></td>
</tr>
<tr>
<td>Password: </td>
<td><input type="password" name="password"></td>
<input type="submit" value="Submit">
</tr>
</table>
</form>





<?php
// checkLogin.php


$username = "root";
$password = "";
$host = "localhost";

$database = "users";

$conn = mysql_connect($host, $username, $password) or die ( "Could not connect: " . mysql_error() );

$database = mysql_select_db($database, $conn) or die ("Could not select database: " . mysql_error() );




session_start(); // Start a new session
require('file:///C|/Users/shaun/Downloads/conn.php'); // Holds all of our database connection information

// Get the data passed from the form
$username = $_POST['user'];
$password = $_POST['password'];

// Do some basic sanitizing
$username = stripslashes($username);
$password = stripslashes($password);

$sql = "select * from users where username = '$username' and password = '$password'";
$result = mysql_query($sql) or die ( mysql_error() );

$count = 0;

while ($line = mysql_fetch_assoc($result)) {
$count++;
}

if ($count == 1) {
$_SESSION['loggedIn'] = "true";
header("Location: loginSuccess.php"); // This is wherever you want to redirect the user to
} else {
$_SESSION['loggedIn'] = "false";
header("Location: loginFailed.php"); // Wherever you want the user to go when they fail the login
}

?>



Please help me with this code.
What more can I do to get it to work properly?

<form action="file:///C|/Users/shaun/Downloads/checkLogin.php" method="post">
<table>
<tr>
<td>Username: </td>
</td><input type="text" name="user"></td>
</tr>
<tr>
<td>Password: </td>
<td><input type="password" name="password"></td>
<input type="submit" value="Submit">
</tr>
</table>
</form>





<?php
// checkLogin.php


$username = "root";
$password = "";
$host = "localhost";

$database = "users";

$conn = mysql_connect($host, $username, $password) or die ( "Could not connect: " . mysql_error() );

$database = mysql_select_db($database, $conn) or die ("Could not select database: " . mysql_error() );




session_start(); // Start a new session
require('file:///C|/Users/shaun/Downloads/conn.php'); // Holds all of our database connection information

// Get the data passed from the form
$username = $_POST['user'];
$password = $_POST['password'];

// Do some basic sanitizing
$username = stripslashes($username);
$password = stripslashes($password);

$sql = "select * from users where username = '$username' and password = '$password'";
$result = mysql_query($sql) or die ( mysql_error() );

$count = 0;

while ($line = mysql_fetch_assoc($result)) {
$count++;
}

if ($count == 1) {
$_SESSION['loggedIn'] = "true";
header("Location: loginSuccess.php"); // This is wherever you want to redirect the user to
} else {
$_SESSION['loggedIn'] = "false";
header("Location: loginFailed.php"); // Wherever you want the user to go when they fail the login
}

?>

[akozlik]

Please wrap your code in code tags. It's too hard to read.

[Spelmyst]

@kackah - This is an example of what I've done that is similar.

ConnVars.inc - is the connection variables for the LOGIN.PHP

CODE

<?php
    $auth_host = "localhost";
    $auth_user = "str_auth";  // what ever ID you want to use
    $auth_pass = "";
    $auth_dbase = "strikers";  // what ever DB you want to connect to with the above info
?>

The above $auth_user would be an account created specifically for use from the web. It should have ONLY select access, and your server should be setup not to allow access to the INC file type. That's my opinion.

LOGIN.PHP - actually processes my login.

CODE

<?php

    include "ConnVars.inc";

    $USERID = $_POST['CHARID'];
    $USERPW = $_POST['CHARPW'];

    $LookupCon = mysql_connect($auth_host,$auth_user,$auth_pass);
    $Lookupdb = mysql_select_db($auth_dbase,$LookupCon);

    $query = "SELECT * FROM account WHERE username='$USERID';";

    $LINKLIST = mysql_query($query) or die(mysql_error());
    $COUNTER = mysql_num_rows($LINKLIST);
    $LINKDATA = mysql_fetch_row($LINKLIST);

    if($COUNTER == 1)
    {
        if($LINKDATA[1] == $USERPW)
        {
            $response = "step01.html";
        }
        else
        {
            $response = "failed2.html";
        }
    }
    else
    {
        $response = "failed1.html";
    }

    header("Location: ".$response);

    mysql_close($LookupCon);

?>

I have setup other logins (just not this one) to catch whether I have MORE than one identical user name in the DB, by using the "$COUNTER = mysql_num_rows($LINKLIST);".

Which means "I" screwed up and didn't verify the account name during the creation process.

[paperclipmuffin]

I don't see why a lot of people are angry at this. If you need added protection, you can encrypt. But for normal people like me when a username and password isn't worth 3 hours of a hackers time, it's just fine. *scratches head*. It says its for beginners anyway. Good tut.

This post has been edited by paperclipmuffin: 27 Jul, 2009 - 01:36 AM

[kewlkreator]

A quick notice:
You'll definitely need to md5() the password to encrypt it. Otherwise, the login isn't secure.