[PHP] Hoping for a hand with a login script
Hey guys,This is a simple issue I'm sure, however I'm having one hell of a time seeing my way clear of it. I appreciate any support you guys could throw my way. So I'm trying to set up a small website that includes a store ( www.rareintaglio.com), i have all of my HTML hammed out and now I'm working on creating an admin login for the sites owner to input data from a back end. I have it set up so that he goes to /adminlogin.php, enters his info and gains access to the back end of the website using Session variables (valid vs. invalid) however i keep getting this reply when i try to run the script: Results: SELECT * FROM adminlog WHARE username = 'gourmet28e' AND password = '***' Query failed: Query was empty here's the /adminlogin script: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN html ?php session_start ; ? head link rel=stylesheet type=text/css href=intaglio.css / title/title meta http-equiv=content-type content=text/html;charset=UTF-8 / /head bodycenter div id=body div id=header/div div id=navbody div id=nav ul lia href=/index.htmlHome/a/li lia href=/shop.htmlStore/a/li lia href=/about.htmlAbout/a/li /ul /div /div div id=cbody ?php if ($_SESSION['user'] == invalid) { echo 'Invalid Username or Password, please try again'; } if ($_SESSION['user'] == valid) { header (Location: http://www.rareintaglio.com/member.php;); } ? form method=post action=/session.php table border=0 trtdAdmin Name: /td/tr trtdinput type=text name=username size=30 maxlength=20/ /td/tr trtdPassword:/td/tr trtdinput type=password name=password size=30 maxlength=20/ /td/tr trtdinput type=submit value=Login / /td/tr /table /div div id=footerpAll Pages and Images Copyright @ 2009, Devour.tv Ltd. All Rights Reserved/p/div /body /html and /session.php goes a little like: ?php $host=Rareintag.db.4159106.hostedresource.com; // Host name $username=Rareintag; // Mysql username $password=**; // Mysql password $db_name=Rareintag; // Database name $tbl_name=adminlog; // Table name // Connect to server and select databse. mysql_connect($host, $username, $password)or die(cannot connect); mysql_select_db($db_name)or die(cannot select DB); // username and password sent from form $username=$_POST['username']; $password=$_POST['password']; $qury = SELECT * FROM adminlog WHARE username = '$username' AND password = '$password'; echo 'br /'; echo Query: . $query; echo 'br /'; echo Results: . $result; echo $qury; echo 'br /'; $result = mysql_query($query) or die('Query failed: ' . mysql_error()); if($result == 0){ $_SESSION['user'] = invalid ; header(Location: http://www.rareintaglio.com/adminlogin.php;); } else { $_SESSION['user'] = valid ; header(Location: http://www.rareintaglio.com/members.php;); } ? However as I mentioned above i keep getting an error, does anyone know where I took a wrong turn? Thanks, Watson
Re: [PHP] Hoping for a hand with a login script
--- On Thu, 9/10/09, Watson Blair bestudios...@gmail.com wrote: From: Watson Blair bestudios...@gmail.com Subject: [PHP] Hoping for a hand with a login script To: php-general@lists.php.net Date: Thursday, September 10, 2009, 4:06 AM Hey guys,This is a simple issue I'm sure, however I'm having one hell of a time seeing my way clear of it. I appreciate any support you guys could throw my way. So I'm trying to set up a small website that includes a store ( www.rareintaglio.com), i have all of my HTML hammed out and now I'm working on creating an admin login for the sites owner to input data from a back end. I have it set up so that he goes to /adminlogin.php, enters his info and gains access to the back end of the website using Session variables (valid vs. invalid) however i keep getting this reply when i try to run the script: Results: SELECT * FROM adminlog WHARE username = 'gourmet28e' AND password = '***' Query failed: Query was empty here's the /adminlogin script: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN html ?php session_start ; ? head link rel=stylesheet type=text/css href=intaglio.css / title/title meta http-equiv=content-type content=text/html;charset=UTF-8 / /head bodycenter div id=body div id=header/div div id=navbody div id=nav ul lia href=/index.htmlHome/a/li lia href=/shop.htmlStore/a/li lia href=/about.htmlAbout/a/li /ul /div /div div id=cbody ?php if ($_SESSION['user'] == invalid) { echo 'Invalid Username or Password, please try again'; } if ($_SESSION['user'] == valid) { header (Location: http://www.rareintaglio.com/member.php;); } ? form method=post action=/session.php table border=0 trtdAdmin Name: /td/tr trtdinput type=text name=username size=30 maxlength=20/ /td/tr trtdPassword:/td/tr trtdinput type=password name=password size=30 maxlength=20/ /td/tr trtdinput type=submit value=Login / /td/tr /table /div div id=footerpAll Pages and Images Copyright @ 2009, Devour.tv Ltd. All Rights Reserved/p/div /body /html and /session.php goes a little like: ?php $host=Rareintag.db.4159106.hostedresource.com; // Host name $username=Rareintag; // Mysql username $password=**; // Mysql password $db_name=Rareintag; // Database name $tbl_name=adminlog; // Table name // Connect to server and select databse. mysql_connect($host, $username, $password)or die(cannot connect); mysql_select_db($db_name)or die(cannot select DB); You need to read the manual more carefully. http://www.php.net/manual/en/function.mysql-connect.php // username and password sent from form $username=$_POST['username']; $password=$_POST['password']; $qury = SELECT * FROM adminlog WHARE username = '$username' AND password = '$password'; echo 'br /'; echo Query: . $query; echo 'br /'; echo Results: . $result; http://www.php.net/manual/en/function.mysql-query.php echo $qury; echo 'br /'; $result = mysql_query($query) or die('Query failed: ' . mysql_error()); if($result == 0){ $_SESSION['user'] = invalid ; header(Location: http://www.rareintaglio.com/adminlogin.php;); } else { $_SESSION['user'] = valid ; header(Location: http://www.rareintaglio.com/members.php;); } ? However as I mentioned above i keep getting an error, does anyone know where I took a wrong turn? Thanks, Watson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hoping for a hand with a login script
--- On Thu, 9/10/09, Tommy Pham tommy...@yahoo.com wrote: From: Tommy Pham tommy...@yahoo.com Subject: Re: [PHP] Hoping for a hand with a login script To: php-general@lists.php.net Date: Thursday, September 10, 2009, 4:13 AM --- On Thu, 9/10/09, Watson Blair bestudios...@gmail.com wrote: From: Watson Blair bestudios...@gmail.com Subject: [PHP] Hoping for a hand with a login script To: php-general@lists.php.net Date: Thursday, September 10, 2009, 4:06 AM Hey guys,This is a simple issue I'm sure, however I'm having one hell of a time seeing my way clear of it. I appreciate any support you guys could throw my way. So I'm trying to set up a small website that includes a store ( www.rareintaglio.com), i have all of my HTML hammed out and now I'm working on creating an admin login for the sites owner to input data from a back end. I have it set up so that he goes to /adminlogin.php, enters his info and gains access to the back end of the website using Session variables (valid vs. invalid) however i keep getting this reply when i try to run the script: Results: SELECT * FROM adminlog WHARE username = 'gourmet28e' AND password = '***' Query failed: Query was empty here's the /adminlogin script: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN html ?php session_start ; ? head link rel=stylesheet type=text/css href=intaglio.css / title/title meta http-equiv=content-type content=text/html;charset=UTF-8 / /head bodycenter div id=body div id=header/div div id=navbody div id=nav ul lia href=/index.htmlHome/a/li lia href=/shop.htmlStore/a/li lia href=/about.htmlAbout/a/li /ul /div /div div id=cbody ?php if ($_SESSION['user'] == invalid) { echo 'Invalid Username or Password, please try again'; } if ($_SESSION['user'] == valid) { header (Location: http://www.rareintaglio.com/member.php;); } ? form method=post action=/session.php table border=0 trtdAdmin Name: /td/tr trtdinput type=text name=username size=30 maxlength=20/ /td/tr trtdPassword:/td/tr trtdinput type=password name=password size=30 maxlength=20/ /td/tr trtdinput type=submit value=Login / /td/tr /table /div div id=footerpAll Pages and Images Copyright @ 2009, Devour.tv Ltd. All Rights Reserved/p/div /body /html and /session.php goes a little like: ?php $host=Rareintag.db.4159106.hostedresource.com; // Host name $username=Rareintag; // Mysql username $password=**; // Mysql password $db_name=Rareintag; // Database name $tbl_name=adminlog; // Table name // Connect to server and select databse. mysql_connect($host, $username, $password)or die(cannot connect); mysql_select_db($db_name)or die(cannot select DB); You need to read the manual more carefully. http://www.php.net/manual/en/function.mysql-connect.php // username and password sent from form $username=$_POST['username']; $password=$_POST['password']; $qury = SELECT * FROM adminlog WHARE username = '$username' AND password = '$password'; You might want to learn the basics of SQL syntax. echo 'br /'; echo Query: . $query; echo 'br /'; echo Results: . $result; http://www.php.net/manual/en/function.mysql-query.php echo $qury; echo 'br /'; $result = mysql_query($query) or die('Query failed: ' . mysql_error()); if($result == 0){ $_SESSION['user'] = invalid ; header(Location: http://www.rareintaglio.com/adminlogin.php;); } else { $_SESSION['user'] = valid ; header(Location: http://www.rareintaglio.com/members.php;); } ? However as I mentioned above i keep getting an error, does anyone know where I took a wrong turn? Thanks, Watson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hoping for a hand with a login script
Hey Tommy,Thanks for the link, I found a few typos in my variables, and Query. but now it's returning: Results: Resource id #2 *Warning*: Cannot modify header information - headers already sent by (output started at /home/content/i/n/t/intag/html/session.php:16) in * /home/content/i/n/t/intag/html/session.php* on line *29* * * *line 29 reads:* *header(Location: http://www.rareintaglio.com/members.php;);* * * so ya, I'm a little confused... I'm more than willing to do the reading necessary, could you point me in the correct direction? Ive looked at a fair amount of documentation on Resources id#2, but I'm having some trouble making heads or tails of it as it applies to my script. Thanks for the pointers, Watson * * * *
Re: [PHP] Hoping for a hand with a login script
-- On Thu, 9/10/09, Watson Blair bestudios...@gmail.com wrote: From: Watson Blair bestudios...@gmail.com Subject: Re: [PHP] Hoping for a hand with a login script To: Tommy Pham tommy...@yahoo.com Cc: php-general@lists.php.net Date: Thursday, September 10, 2009, 4:31 AM Hey Tommy,Thanks for the link, I found a few typos in my variables, and Query. but now it's returning: Results: Resource id #2 Warning: Cannot modify header information - headers already sent by (output started at /home/content/i/n/t/intag/html/session.php:16) in /home/content/i/n/t/intag/html/session.php on line 29 line 29 reads: header(Location: http://www.rareintaglio.com/members.php;); so ya, I'm a little confused... I'm more than willing to do the reading necessary, could you point me in the correct direction? Ive looked at a fair amount of documentation on Resources id#2, but I'm having some trouble making heads or tails of it as it applies to my script. Thanks for the pointers,Watson Read the entire thread of Include files in HTML: http://marc.info/?l=php-generalw=2r=1s=include+files+in+htmlq=b -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hoping for a hand with a login script
So I'm trying to set up a small website that includes a store ( www.rareintaglio.com), i have all of my HTML hammed out and now I'm working on creating an admin login for the sites owner to input data from a back I would really strongly advise against building your own authentication system. I'm currently regretting the fact that I did the same, a few years ago, for a couple of systems I still support. There are just too many things that can go wrong, especially if you're new to PHP and MySQL in general. Just to begin with, the code you posted currently suffers from a really basic SQL injection vulnerability and your database is likely be compromised within hours of your site getting any kind of significant traffic. That's completely distinct from the more basic syntax trouble. Perhaps paradoxically, the more experience you gain with these things, the less inclined you will be, most likely, to try to roll your own AAA. There are lots of open-source PHP frameworks out there that should be able to take care of authentication and access-control for you -- CodeIgniter, Zend Framework, and Solar come immediately to mind as packages that I've either heard good things about, or suspect are solid because of the authors involved. I'm sure there are several other good ones also. http://codeigniter.com/ http://framework.zend.com/ http://www.solarphp.com/ Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hoping for a hand with a login script
Ben Dunlap wrote: So I'm trying to set up a small website that includes a store ( www.rareintaglio.com), i have all of my HTML hammed out and now I'm working on creating an admin login for the sites owner to input data from a back I would really strongly advise against building your own authentication system. I'm currently regretting the fact that I did the same, a few years ago, for a couple of systems I still support. There are just too many things that can go wrong, especially if you're new to PHP and MySQL in general. Just to begin with, the code you posted currently suffers from a really basic SQL injection vulnerability and your database is likely be compromised within hours of your site getting any kind of significant traffic. That's completely distinct from the more basic syntax trouble. Perhaps paradoxically, the more experience you gain with these things, the less inclined you will be, most likely, to try to roll your own AAA. There are lots of open-source PHP frameworks out there that should be able to take care of authentication and access-control for you -- CodeIgniter, Zend Framework, and Solar come immediately to mind as packages that I've either heard good things about, or suspect are solid because of the authors involved. I'm sure there are several other good ones also. I find the more experienced I get, the more I have to wrap/plug into various authentication systems with custom authentication (MediaWiki, WordPress, PHPMyAdmin, Mantis, SquirrelMail, etc, etc). In some cases it's a straight up plugin process, in others it's wrapping with my own AccessControls management system. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Hoping for a hand with a login script
From: Ben Dunlap So I'm trying to set up a small website that includes a store ( www.rareintaglio.com), i have all of my HTML hammed out and now I'm working on creating an admin login for the sites owner to input data from a back I would really strongly advise against building your own authentication system. I'm currently regretting the fact that I did the same, a few years ago, for a couple of systems I still support. There are just too many things that can go wrong, especially if you're new to PHP and MySQL in general. Just to begin with, the code you posted currently suffers from a really basic SQL injection vulnerability and your database is likely be compromised within hours of your site getting any kind of significant traffic. That's completely distinct from the more basic syntax trouble. Perhaps paradoxically, the more experience you gain with these things, the less inclined you will be, most likely, to try to roll your own AAA. There are lots of open-source PHP frameworks out there that should be able to take care of authentication and access-control for you -- CodeIgniter, Zend Framework, and Solar come immediately to mind as packages that I've either heard good things about, or suspect are solid because of the authors involved. I'm sure there are several other good ones also. http://codeigniter.com/ http://framework.zend.com/ http://www.solarphp.com/ While I have not looked at the last two, there is one thing that bothers me about your recommendation of codeigniter. Authentication is a basic function that should be used for any web site with interactive features. There is such a universal need for this function that there should be several packages available to provide it. But I believe that telling someone to adopt a complete portal system like CI just to get basic authentication is gross overkill. There has to be a better way to provide this core functionality without installing a monster package that will be 95% superfluous to their needs. Yes, I have installed codeigniter. I am still trying to figure out why I would want to use it. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hoping for a hand with a login script
On Thu, Sep 10, 2009 at 12:21 PM, Ben Dunlap bdun...@agentintellect.com wrote: So I'm trying to set up a small website that includes a store ( www.rareintaglio.com), i have all of my HTML hammed out and now I'm working on creating an admin login for the sites owner to input data from a back simple folder protection should work well and be very simple to implement -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hoping for a hand with a login script
several packages available to provide it. But I believe that telling someone to adopt a complete portal system like CI just to get basic authentication is gross overkill. There has to be a better way to provide this core functionality without installing a monster package that will be 95% superfluous to their needs. I mentioned CI because it got the second-most votes on a very popular Stack Overflow question asking for PHP-framework recommendations. The most-upvoted answer discussed Zend Framework, although it's hard to tell whether it was a good review of ZF, or a negative one, on balance: http://stackoverflow.com/questions/2648/what-php-framework-would-you-choose-for-a-new-application-and-why Without knowing more about the OP's requirements, it's hard to say whether CI's other functionality would be largely superfluous. You might be right, though, and I guess my point was just to recommend that the OP look at existing, mature, free, open-source solutions before possibly reinventing the wheel. I would recommend this to anyone looking to build any sort of web app. Could be that nothing out there will end up serving your purposes, but just the experience of looking at existing frameworks, seeing how they're structured, reviewing some of their code, etc., is still likely to be valuable. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hoping for a hand with a login script
I would recommend this to anyone looking to build any sort of web app. Could be that nothing out there will end up serving your purposes, but ... and, on further investigation, it looks like CI, surprisingly enough, doesn't actually have pre-built authentication and access control (although it does do session management). Solar and ZF do seem to have their own auth/access-control, though. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hoping for a hand with a login script
On Thu, Sep 10, 2009 at 01:00:19PM -0400, Bob McConnell wrote: From: Ben Dunlap snip http://codeigniter.com/ http://framework.zend.com/ http://www.solarphp.com/ While I have not looked at the last two, there is one thing that bothers me about your recommendation of codeigniter. Authentication is a basic function that should be used for any web site with interactive features. There is such a universal need for this function that there should be several packages available to provide it. But I believe that telling someone to adopt a complete portal system like CI just to get basic authentication is gross overkill. There has to be a better way to provide this core functionality without installing a monster package that will be 95% superfluous to their needs. Yes, I have installed codeigniter. I am still trying to figure out why I would want to use it. Moreover, I'm using CI right now, and as far as I know, it does *no* user authentication. I had to write my own routines, using their session class to save the user data. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php