I'm looking for advice on creating a login script for a flat file database. I have a registration page, which writes new records in a CSV file in the format below:

first name, last name, email, password

I'm actually pretty proud of myself for setting up a PHP file, which creates the record seen above... Especially since my PHP experience has been limited in the past. I've used MS Access extensively, and know exactly what I would be doing to design a login page for that... I would just be querying the recordset, to find the record with both the username and password that they entered in a login page form (In this case, I'd like to use email addresses for users' logins). That should only return one record...

I guess I'm really babbling too much... Is there a simple code that I could implement into my site to only allow users to view pages only if they've logged-in? Actually, because different users will have different variables (Like their first and last names), I would like users to access pages which can spit out that information. So two different users (Sam and Joan) can visit the same page, but it will greet them by their respective names. (Hi, Sam! / Hi, Joan!)

What can I design? I've attempted taking and modifying others...

Thanks for any help you can give me.

Andrew

You can view my previous thread, in which I solve user authentication with Java, click here .

Look into the use of php sessions for handling login.
A login script works as follows:
1. Accept username and password from a form
2. Check file or database to see if password correct (usually with a hash like md5)
3. If correct, start a session, and set a variable in the $_SESSION array.

A session enabled page does this:
1. start a session (if no session exists, a 'guest' session with no variables is started - php does this for you.)
2. Check for the variable you set at login, and show the page if correct.

A tutorial on sessions can help you out with the exact mechanics of sessions. Feel free to pot back any questions.

Also, if you are familiar with databases, try using mySQL instead of flat files (if you have it available)

I do have mySQL available. I suppose I could give it a shot. I originally tried this, and ran into a problem connecting the to the database (There's a beginner's problem). I suppose it would be more secure this way anyway.

I managed to get stuck on this code:

$DBhost = "xxxxxxx"; //$DBhost = "localhost";
$DBuser = "xxxxx";
$DBpass = "xxxxxx";
$DBName = "xxxxxx";
$DBtable = "xxxxxx" ;

I think I correctly entered everything except DBhost. I'm not sure what put in. GoDaddy, my server, doesn't have any obvious place on their user account like "Click here to find out what to type for your Database Host!" ...

I'm contacting GoDaddy today to ask, but I have to go through some red tape first. Do you know if it would be something obvious, like FTP addresses often seem to be?

Thanks,

Andrew

If the script is on the server, and the database is on the same server, this should be 'localhost'. Once you've set all these variables, do you actually call mysql_connect()? Setting the variables does nothing until you actually attempt a connection:

PHP Code:

$db = mysql_connect($Dbhost,$Dbname,$Dbpass) or die ("Error connecting to database"); 


Quote:

If the script is on the server, and the database is on the same server, this should be 'localhost'. Once you've set all these variables, do you actually call mysql_connect()? Setting the variables does nothing until you actually attempt a connection:

It's likely that I have been, but I couldn't give you a yes/no answer because I've been using online tutorials' codes, and modifying them as they ask me to. But, if I build my own, simple code, would it look like this...Or am I misreading?

PHP Code:

HTML Code:

<?php

$DBhost = "localhost"; //$DBhost = "localhost";
$DBuser = "mysqlusername";
$DBpass = "mysqlpassword";
$DBName = "databasename";
$DBtable = "tablesname" ;


$db = mysql_connect($Dbhost,$Dbname,$Dbpass) or die ("Error connecting to database");

?>

This, assuming my username was "mysqlusername", my password was "mysqlpassword", etc.

Thanks,

Andrew

Yes, just watch the capitalisation of the variable names, I think I used a slightly diffeent on in my post.

If all goes to plan you should be able to load that page without seeing the error message.

So, what's wrong with this script, which I took and edited from this tutorial? Besides the fact that the password's been faked in this example (You know, in case you can't actually see the real password if you visit the php online) this code it identical to the code called "register.php" as called in the file "registration.html"

PHP Code:

<?php

//Database Information

$dbhost = "localhost";
$dbname = "asather";
$dbuser = "asather";
$dbpass = "password";

//Connect to database

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

$name = $_POST['name'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = md5($_POST['password']);

$checkuser = mysql_query("SELECT username FROM users WHERE username='$username'");

$username_exist = mysql_num_rows($checkuser);

if($username_exist > 0){
   echo "I'm sorry but the username you specified has already been taken.  Please pick another one.";
   unset($username);
   include 'register.html';
   exit();
}

$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
mysql_query($query) or die(mysql_error());
mysql_close();

echo "You have successfully Registered";

$yoursite = ‘www.blahblah.com’;
$webmaster = ‘yourname’;
$youremail = ‘youremail’;

$subject = "You have successfully registered at $yoursite...";
$message = "Dear $name, you are now registered at our web site.  
To login, simply go to our web page and enter in the following details in the login form:
Username: $username
Password: $password
   
Please print this information out and store it for future reference.
   
Thanks,
$webmaster";
   
mail($email, $subject, $message, "From: $yoursite <$youremail>\nX-Mailer:PHP/" . phpversion());

echo "Your information has been mailed to your email address.";

?>

When I fill out the form, and hit submit, I get the following junk from the above PHP code right in my browser window...Ugly stuff, really:

0){ echo "I'm sorry but the username you specified has already been taken. Please pick another one."; unset($username); include 'register.html'; exit(); } $query = "INSERT INTO users (name, email, username, password) VALUES('$name', '$email', '$username', '$password')"; mysql_query($query) or die(mysql_error()); mysql_close(); echo "You have successfully Registered"; $yoursite = ‘www.blahblah.com’; $webmaster = ‘yourname’; $youremail = ‘youremail’; $subject = "You have successfully registered at $yoursite..."; $message = "Dear $name, you are now registered at our web site. To login, simply go to our web page and enter in the following details in the login form: Username: $username Password: $password Please print this information out and store it for future reference. Thanks, $webmaster"; mail($email, $subject, $message, "From: $yoursite <$youremail>\nX-Mailer:PHP/" . phpversion()); echo "Your information has been mailed to your email address."; ?>

Andrew

Success! My code works. I pieced together the basic idea from three or four different sources, but it's there...

Andrew

Great!

What was the trouble with the code in your above post eventually? I couldn't spot anything wrong on a brief read through.

I'm actually not sure. ... I'm known for being stubborn....very stubborn. I finally got very frustrated with it, and called GoDaddy, who gave me a very nice online resource for PHP scripts.

I combined the one I posted with some of theirs. Below is the final code... I soon found out, after posting success, is that it isn't completely error-proof. Check out the code in action, on a "test" site here:
http://www.spiritaliveon65.org/stock...istration.html

You can submit information once, but when you go back and submit different information, it gets stuck with your previous data... Something's not clearing... Or something....

Andrew

PHP Code:

<?php

//Database Information

$dbhost = "localhost";
$dbname = "asather";
$dbuser = "asather";
$dbpass = "password";

//Connect to database

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

$name = $_POST['name'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = md5($_POST['password']);

$checkuser = mysql_query("SELECT username FROM users WHERE username='$username'");

$username_exist = mysql_num_rows($checkuser);

if($username_exist > 0){
   echo "I'm sorry but the username you specified has already been taken.  Please pick another one.";
   unset($username);
   include 'register.html';
   exit();
}

$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
mysql_query($query) or die(mysql_error());
mysql_close();

echo "You have successfully Registered";

?>

I seem to be posting needlessly. I've found and corrected the issue... Just a problem with my query... It didn't have criteria!!!

Andrew