Pls i need your help.i have a pxroject that am working on…i dont know if u can help me with the one time password.thus so that if a student tried to access his/her result,he needs to enter a pin and his/her id number…and he can only use the pin 5 times…here is my script…am not that mfamiliar with php…thank u…

[php]include(‘admin/connection.php’);
include(‘sanitise.php’);
$student_id = sanitise($_POST[‘student_id’]);
$password = sanitise($_POST[‘password’]);

$qry = mysql_query(“SELECT * FROM register_staff WHERE student_id = ‘$student_id’ AND password = ‘$password’”);
$count = mysql_num_rows($qry);
if($count==1)

$RemoveRS__query=sprintf(“DELETE FROM register_staff WHERE username=’%s’ AND password=’%s’ LIMIT 1”,
get_magic_quotes_gpc()? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc()? $password : addslashes($password));

mysql_query($RemoveRS__query, $rsLogin.php) or die(mysql_error());

{
session_start();
$_SESSION[‘student_id’] = $student_id;
header(‘Location: student/index.php’);
}
else
{
echo “Invalid ID number or Username”;
}

?>[/php]

You will have to change your table structure. Add a new column to your table that will keep track of number of login attempts by a student. Increment that number on each login and then change the password or use another column to deactivate the account.

I think you can’t achieve this result with PHP only.

pls enlighten me more…cos am not that good on php…thank you so much

Here are your files.

onetime_pass.php
[php]<?php
// A Script by Tanzeel Niazi
// For More Information or Help
// Visit www.phphelp.com
// You can also email me at [email protected]

ob_start(); // Using this function will prevent "can't modify headers" error.
session_start();

// Ensuring data is received through POST and fields are not empty.
if ($_SERVER['REQUEST_METHOD'] == 'POST' &&
		!empty($_POST['student_name']) &&
		!empty($_POST['password'])
		){

		require_once('functions.inc.php');
		
		/* Sanitizing the data by calling "sanitizeData" function found in "functions.inc.php" file. */
		$student_name = sanitizeData($_POST['student_name']);
		$password = sanitizeData($_POST['password']);

		$query = "SELECT * FROM students
						WHERE name = '{$student_name}' AND
						password = '{$password}'
						LIMIT 1
				 ";

		$result = mysqli_query($conn, $query);
		
		/* The following IF stament will execute if only one row is returned back by the query result */
		if ($result && mysqli_affected_rows($conn) == 1){

			$student = mysqli_fetch_assoc($result);

			/* If login cout is less than 5 following IF Statment will run, hence updating the record too in the database */
			if ($student['login_count'] < 5){
				
				$query = "UPDATE students 
							SET login_count = login_count + 1
							WHERE name = '{$student['name']}'
							LIMIT 1
						";
				$result = mysqli_query($conn, $query);
				
				/*If the login count gets updated in the DB, one row will get affected. Therefore the following IF statment will execute. */
				if ($result && mysqli_affected_rows($conn) == 1){

					$_SESSION['name'] = $student['name'];
					redirectTo('result.php');
				}

			// If login count is greater than 5 then this else block will execute.
			} else {

				$_SESSION['message'] = 'You have completed Your five logins, you cant login now';

			}
		} else {

			$_SESSION['message'] = 'Invalid Login, Please Try again';
		}

	}

?>

Login Page <?php // If Session variable is set, following will run and then it will unset itself too. if (isset($_SESSION['message'])){ echo $_SESSION['message']; unset($_SESSION['message']); } ?>

<p>
	<label for="student_name">Name:</label>
	<input type="text" name="student_name" id="student_name" required>
</p>

<p>
	<label for="password">Password: </label>
	<input type="password" name="password" id="password" required>
</p>

<p><input type="submit" name="submit" value="Log In"></p>

<?php

//Closing the database connection (if any) and flushing the output buffer.
if (isset($conn)) 
	{mysqli_close($conn);}

ob_end_flush();

?>[/php]

db_connect.inc.php
[php]<?php

/* Change these values according to your database details */
define('DB_HOST', 'localhost');
define('DB_USER', 'tanzeelniazi');
define('DB_PASS', 'abc');
define('DB_INFO', 'phphelp');

$conn = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_INFO);

/* If any error is found, script will die, giving user information about the error. */
if (mysqli_connect_errno()){
	die (mysqli_connect_error());
}

?>[/php]

functions.inc.php
[php]<?php

require_once (‘db_connect.inc.php’);

// Use this function to redirect user (student) to a new location.
function redirectTo($new_location){

header('Location: ' . $new_location);
exit();

}

// Sanitizing Bad Input data by the users.
function sanitizeData($string){

	global $conn; // This variable is coming from "db_connect.inc.php" file.

	$string = strip_tags($string);
	$string = trim($string);
	$string = htmlspecialchars($string);
	$string = mysqli_real_escape_string($conn, $string);

	return $string;

}

?>[/php]

queries.sql

CREATE TABLE students( id INT(11) AUTO_INCREMENT, name VARCHAR(30) NOT NULL, password VARCHAR(60) NOT NULL, login_count INT(1) NOT NULL DEFAULT 0, PRIMARY KEY (id) );

result.php
[php]<?php session_start(); ?>

<? if (!isset($_SESSION['name'])){ header('Location: onetime_pass.php'); exit(); } ?> Result Page

Welcome <?php echo $_SESSION['name']; ?> To Your Result Page

[/php]

Alternatively You can also download all these files as a single ZIP. Please see the attachment. I hope It will make sense now. 8)

---

onetime_pass.zip (2.86 KB)

in the land of myth and the time of codings,the destiny of a great world rests on the shoulder of a great web coder…HIS name tanzeelniazi…THANKS…U,ve really made my day…

Pls i need you to help me look through this uploaded scripts and embed the codes for me…Pls i will really do appreciate it…Thanks a million BOX…

---

unimaidbus.zip (218 KB)

Thanks for the comments, I am also not an expert in PHP still in the learning phase.

I will try my best to incorporate it into your existing project but the script that you gave me, is it working or not? I’ve tried to access it but I think it’s broke.

ya…its working…i tested it on my local machine using wamp server…thanks

and again,i dont know if its possible that i will just give out password to different student inform of a pin.so that any student can log in with any pin from the database…and automatically recognises the students id with pin together…like an e pin…thanks

pls i havent heard from you…whats up

Please post a question so that someone else might be able to help you out

Please the problem in on php mysql…can you help me on that one…if yes,i can send you the whole stuff for you to check out.thanks

Start with writing down your spesific problem, what are you trying to do, what is happening (do you get any errors?)