Help me finish this php please? Having some trouble with it.

General PHP Help
#1

This is just a simple site to log someone in and out of a secured page and im having troble making it work. I have put comments in the php code what should happen but what I cant make work. Can someone please help me with it.
If you need to test it I included the SQL. Username: test Password: test
index.php
[php]

<?php //If you are logged in then echo 'Super secret stuff!' else echo 'You are not logged in!' and show a button called 'Login' that on submit goes to the 'login.php' file. //And when you are logged in then show a button called 'Logout' that on submit runs the 'logout.php' file. ?>

[/php]

login.php
[php]

<?php include_once('auth.php'); if(isset($_POST['submit'])){ $username = $_POST['username']; $password = hash('sha512', $_POST['password']); $object = new auth(); $object->verify($username, $password); } ?>

<!doctype html>

Login

Login

Username:
Password:
[/php]

auth.php
[php]

<?php include_once('config.php'); class auth{ private $db; public function __construct(){ $this->db = new connection(); $this->db = $this->db->dbConnect(); } public function verify($username, $password){ if(!empty($username) && !empty($password)){ $st = $this->db->prepare('SELECT * FROM `accounts` WHERE username=? AND password=?'); $st->bindParam(1, $username); $st->bindParam(2, $password); $st->execute(); if($st->rowCount() == 1){ echo 'Found record!'; //Creates a session then echo 'Logged in!' redirects to 'index.php' after 3 seconds. }else{ echo 'Incorret username or password!'; } }else{ echo 'Please enter username and password!'; } } } ?>

[/php]

config.php
[php]

<?php class connection{ public function dbConnect(){ return new PDO("mysql:host=localhost; dbname=login", "root", "*****"); } } ?>

[/php]

logout.php
[php]

<?php //Destorys the session and echos 'Logged out!' and redirects to the 'index.php' after 3 seconds. ?>

[/php]

accounts.sql

CREATE TABLE IF NOT EXISTS `accounts` (
  `id` int(11) NOT NULL AUTO_INCREMENT COMMENT 'ID',
  `username` varchar(32) NOT NULL COMMENT 'Username',
  `password` char(128) NOT NULL COMMENT 'Password',
  PRIMARY KEY (`id`),
  UNIQUE KEY `username` (`username`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;

INSERT INTO `accounts` (`id`, `username`, `password`) VALUES
(1, 'test', 'ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff');
#2

will take a look in 3 hours when i get home

#3

index.php
[php]

<?php session_start(); if ((isset($_SESSION['username'])) && (isset($_SESSION['id']))) { echo 'super secret stuff
'; echo "Log out"; }else { echo "you are not log in:
Login Now"; } ?>

[/php]

login.php
[php]

<?php include_once('auth.php'); if(isset($_POST['submit'])){ $username = $_POST['username']; $password = hash('sha512', $_POST['password']); $object = new auth(); $object->verify($username, $password); } ?>

<!doctype html>

Login

Login

Username:
Password:
[/php]

auth.php
[php]

<?php <?php session_start(); include_once('config.php'); class auth{ private $db; // public function __construct(){ // $this->db = new connection(); // $this->db = $this->db->dbConnect(); // } public function verify($username, $password){ if(!empty($username) && !empty($password)){ // $st = $this->db->prepare('SELECT * FROM `accounts` WHERE username=? AND password=?'); // $st->bindParam(1, $username); // $st->bindParam(2, $password); // $st->execute(); // if($st->rowCount() == 1){ $query = "SELECT * FROM `accounts` WHERE username= '$username' AND password = '$password'"; $result = mysql_query($query) or die("Query didnt success ".mysql_error()); if (mysql_num_rows($result) == 1) { $row = mysql_fetch_assoc($result); //echo 'Found record!'; //Creates a session then echo 'Logged in!' redirects to 'index.php' after 3 seconds. $_SESSION['username'] = $row['username']; $_SESSION['id'] = $row['id']; echo 'you will be redireted in 3 secocods, if not click Here'; header( "refresh:3;url=index.php" ); }else{ echo 'Incorret username or password!'; } }else{ echo 'Please enter username and password!'; } } } ?>

[/php]

config.php
[php]

<?php $host = 'localhost'; $user = 'root'; $pass = 'root'; $db = 'login'; $conn = mysql_connect($host,$user,$pass) or die("cant open a connection for $db Database: ".mysql_error()); mysql_select_db($db) or die("could not select db ".mysql_error()); // class connection{ // public function dbConnect(){ // return new PDO("mysql:host=localhost; dbname=phphelp", "PHPuSeR", "A9Pqj2Ejf26hZN7E"); // } // } ?>

[/php]

logout.php
[php]

<?php session_start(); session_destroy(); header('location: index.php'); ?>

[/php]

#4

It is silly to replace his existing PDO code with out-dated functions. The mysql_* functions should really never be used. See:

http://www.php.net/manual/en/faq.databases.php#faq.databases.mysql.deprecated

#5

I was having trouble making a work, so i decided to make it work the way i know.

Thanks for the link i will take a look.

#6

I would certainly recommend learning PDO and using it exclusively. What do you use for your localhost development? I personally use WampServer (http://www.wampserver.com/en/)

If using this, you can simply click the system tray icon, go to PHP, go to PHP extensions, and click on php_pdo_mysql to add the PDO extension.

#7

I use xamp

#8

I download xampp and it came with the php_pdo_mysql extension enabled. If you can’t get it to work, check your php.ini file and make sure this line isn’t commented out.

extension=php_pdo_mysql.dll

PDO tutorial: http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/

#9

thank you will do that.

#10

But i dont wanna :stuck_out_tongue: @ m@tt
It took me this long to learn mysql_ I want to be stubborn for just a little bit longer :smiley:

#11

Thanks for your help wilson382, I had a look at the code you wrote and I was able to get it working and still use PDO. I also took the time to register on the forms. Thanks again.

#12

I’m glad you figured it out JRowe95. If you can post your code here to maybe help others learn I could potentially give some advice to improve the code.

#13

Sure here you go.

auth.php
[php]

<?php session_start(); include_once('config.php'); class auth{ private $db; public function __construct(){ $this->db = new connection(); $this->db = $this->db->dbConnect(); } public function verify($username, $password){ if(!empty($username) && !empty($password)){ $st = $this->db->prepare('SELECT `username`, `password` FROM `accounts` WHERE username=? AND password=?'); $st->bindParam(1, $username); $st->bindParam(2, $password); $st->execute(); if($st->rowCount() == 1){ $username_array = implode(array_slice($st->fetch(PDO::FETCH_ASSOC), 0, 1)); $_SESSION['username'] = $username_array; echo 'Logged in! You will be redirected in 3 seconds, if not click Here'; header("refresh:3;url=index.php"); }else{ echo 'Incorret username or password!'; } }else{ echo 'Please enter username and password!'; } } } ?>

[/php]

config.php
[php]

<?php class connection{ public function dbConnect(){ return new PDO("mysql:host=localhost; dbname=login", "root", "root"); } } ?>

[/php]

index.php
[php]

<?php session_start(); if(isset($_SESSION['username'])){ echo 'Hello ' . $_SESSION['username'] . '!
'; echo "Logout"; }else{ echo "You are not logged in!
Login Now"; } ?>

[/php]

login.php
[php]

<?php include_once('auth.php'); if(isset($_POST['submit'])){ $username = $_POST['username']; $password = hash('sha512', $_POST['password']); $object = new auth(); $object->verify($username, $password); } ?>

<!doctype html>

Login

Login

Username:
Password:
[/php]

logout.php
[php]

<?php session_start(); session_destroy(); header('location: index.php'); ?>

[/php]

login.sql

CREATE TABLE IF NOT EXISTS `accounts` (
  `id` int(11) NOT NULL AUTO_INCREMENT COMMENT 'ID',
  `username` varchar(32) NOT NULL COMMENT 'Username',
  `password` char(128) NOT NULL COMMENT 'Password',
  PRIMARY KEY (`id`),
  UNIQUE KEY `username` (`username`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
#14

This doesn’t look bad. I would only recommend authenticating the session as well. There are many ways you could do this. Read this page to learn a bit about session hijacking and how you can prevent it

http://phpsec.org/projects/guide/4.html

Sponsor our Newsletter | Privacy Policy | Terms of Service