[PHP] How can i make it so....
Hi, I have modified an authentication script to my own liking, but being new, don't know how to go about my next stage. Once the user has inserted the UN, and PW, it is campared against the MySQL database, nowm what i want to do is get rid of the login form which still appears, and is very annoying. I can't seem to see anything on this particular subject, but if their is any, can u point me in the right direction. It can be viewed at: http://www.stevewrightonline.co.uk/auth/auth.php UN: guest PW: guest Here's the code: P FORM ACTION=? echo $PHP_SELF; ? METHOD=POST PUserName:br input type=text name=PHP_AUTH_USER size=15 /p PPassword:br input type=password name=PHP_AUTH_PW size=15 /p input type=submit value=Log In /form /P ?php $auth = false; // user is not authenticated yet if (isset( $PHP_AUTH_USER ) isset($PHP_AUTH_PW)) { // Connect the MySQL Database mysql_connect( **.net', '**', '***' ) or die ( 'Unable to connect to server.' ); // Select database on MySQL server mysql_select_db( 'Demonstration' ) or die ( 'Unable to select database.' ); // the query $sql = SELECT * FROM users WHERE UserName = '$PHP_AUTH_USER' AND Password = '$PHP_AUTH_PW'; // Execute query and put results in $result $result = mysql_query( $sql ) or die ( 'Unable to execute query.' ); // Get number of rows in $result. $num = mysql_numrows( $result ); if ( $num != 0 ) { // matching row was found - user authenticated. $auth = true; } } if ( ! $auth ) { echo 'Sign In Required.'; exit; } else { echo 'pYou are Signed In!/p'; } ?
Re: [PHP] How can i make it so....
Steve, If you move your validation code to the top of the script you can use the header (Location: loggedin.php); exit; to go to the next page if the user is validated Chris Steve Wright wrote: Hi, I have modified an authentication script to my own liking, but being new, don't know how to go about my next stage. Once the user has inserted the UN, and PW, it is campared against the MySQL database, nowm what i want to do is get rid of the login form which still appears, and is very annoying. I can't seem to see anything on this particular subject, but if their is any, can u point me in the right direction. It can be viewed at: http://www.stevewrightonline.co.uk/auth/auth.php UN: guest PW: guest Here's the code: P FORM ACTION=? echo $PHP_SELF; ? METHOD=POST PUserName:br input type=text name=PHP_AUTH_USER size=15 /p PPassword:br input type=password name=PHP_AUTH_PW size=15 /p input type=submit value=Log In /form /P ?php $auth = false; // user is not authenticated yet if (isset( $PHP_AUTH_USER ) isset($PHP_AUTH_PW)) { // Connect the MySQL Database mysql_connect( **.net', '**', '***' ) or die ( 'Unable to connect to server.' ); // Select database on MySQL server mysql_select_db( 'Demonstration' ) or die ( 'Unable to select database.' ); // the query $sql = SELECT * FROM users WHERE UserName = '$PHP_AUTH_USER' AND Password = '$PHP_AUTH_PW'; // Execute query and put results in $result $result = mysql_query( $sql ) or die ( 'Unable to execute query.' ); // Get number of rows in $result. $num = mysql_numrows( $result ); if ( $num != 0 ) { // matching row was found - user authenticated. $auth = true; } } if ( ! $auth ) { echo 'Sign In Required.'; exit; } else { echo 'pYou are Signed In!/p'; } ? -- Chris Fry Quillsoft Pty Ltd Specialists in Secure Internet Services and E-Commerce Solutions 10 Gray Street Kogarah NSW 2217 Australia Phone: +61 2 9553 1691 Fax: +61 2 9553 1692 Mobile: 0419 414 323 eMail: [EMAIL PROTECTED] http://www.quillsoft.com.au You can download our Public CA Certificate from:- https://ca.secureanywhere.com/htdocs/cacert.crt ** This information contains confidential information intended only for the use of the authorised recipient. If you are not an authorised recipient of this e-mail, please contact Quillsoft Pty Ltd by return e-mail. In this case, you should not read, print, re-transmit, store or act in reliance on this e-mail or any attachments, and should destroy all copies of them. This e-mail and any attachments may also contain copyright material belonging to Quillsoft Pty Ltd. The views expressed in this e-mail or attachments are the views of the author and not the views of Quillsoft Pty Ltd. You should only deal with the material contained in this e-mail if you are authorised to do so. This notice should not be removed. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] How can i make it so.
Steve, The following should work:- ?php $auth = false; // user is not authenticated yet if (isset( $PHP_AUTH_USER ) isset($PHP_AUTH_PW)) { // Connect the MySQL Database mysql_connect( **.net', '**', '***' ) or die ( 'Unable to connect to server.' ); // Select database on MySQL server mysql_select_db( 'Demonstration' ) or die ( 'Unable to select database.' ); // the query $sql = SELECT * FROM users WHERE UserName = '$PHP_AUTH_USER' AND Password = '$PHP_AUTH_PW'; // Execute query and put results in $result $result = mysql_query( $sql ) or die ( 'Unable to execute query.' ); // Get number of rows in $result. $num = mysql_numrows( $result ); if ( $num != 0 ) { // matching row was found - user authenticated. $auth = true; } } if ( ! $auth ) { echo 'Sign In Required.'; } else { // you may need to pass the user id password here if you need it later on header (Location: loggedin.php); exit; } ? P FORM ACTION=? echo $PHP_SELF; ? METHOD=POST PUserName:br input type=text name=PHP_AUTH_USER size=15 /p PPassword:br input type=password name=PHP_AUTH_PW size=15 /p input type=submit value=Log In /form /P Regards Chris -- Chris Fry Quillsoft Pty Ltd Specialists in Secure Internet Services and E-Commerce Solutions 10 Gray Street Kogarah NSW 2217 Australia Phone: +61 2 9553 1691 Fax: +61 2 9553 1692 Mobile: 0419 414 323 eMail: [EMAIL PROTECTED] http://www.quillsoft.com.au You can download our Public CA Certificate from:- https://ca.secureanywhere.com/htdocs/cacert.crt ** This information contains confidential information intended only for the use of the authorised recipient. If you are not an authorised recipient of this e-mail, please contact Quillsoft Pty Ltd by return e-mail. In this case, you should not read, print, re-transmit, store or act in reliance on this e-mail or any attachments, and should destroy all copies of them. This e-mail and any attachments may also contain copyright material belonging to Quillsoft Pty Ltd. The views expressed in this e-mail or attachments are the views of the author and not the views of Quillsoft Pty Ltd. You should only deal with the material contained in this e-mail if you are authorised to do so. This notice should not be removed. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] How can i make it so....
The odd thing about PHP is sometimes you have to code backwards, That is your code is in a different order than the pages it produces. This is one of those times. You need to have the Successful login page first, and the login form second in an if statement. ie... ?php $auth = false; if (isset( $PHP_AUTH_USER ) isset($PHP_AUTH_PW)) /* Do MySQL Stuff */ $num = mysql_numrows( $result ); if ( $num != 0 ) echo 'pYou are Signed In!/p'; $auth = true; } else { echo 'Sign In Required.'; } } if ( ! $auth ) ? FORM ACTION=? echo $PHP_SELF; ? METHOD=POST !-- Rest of Form -- ?php } ? Hope that helps. Sheridan Saint-Michel Website Administrator FoxJet, an ITW Company www.foxjet.com - Original Message - From: Steve Wright [EMAIL PROTECTED] To: PHP List [EMAIL PROTECTED] Sent: Wednesday, August 01, 2001 4:37 AM Subject: [PHP] How can i make it so Hi, I have modified an authentication script to my own liking, but being new, don't know how to go about my next stage. Once the user has inserted the UN, and PW, it is campared against the MySQL database, nowm what i want to do is get rid of the login form which still appears, and is very annoying. I can't seem to see anything on this particular subject, but if their is any, can u point me in the right direction. It can be viewed at: http://www.stevewrightonline.co.uk/auth/auth.php UN: guest PW: guest Here's the code: P FORM ACTION=? echo $PHP_SELF; ? METHOD=POST PUserName:br input type=text name=PHP_AUTH_USER size=15 /p PPassword:br input type=password name=PHP_AUTH_PW size=15 /p input type=submit value=Log In /form /P ?php $auth = false; // user is not authenticated yet if (isset( $PHP_AUTH_USER ) isset($PHP_AUTH_PW)) // Connect the MySQL Database mysql_connect( **.net', '**', '***' ) or die ( 'Unable to connect to server.' ); // Select database on MySQL server mysql_select_db( 'Demonstration' ) or die ( 'Unable to select database.' ); // the query $sql = SELECT * FROM users WHERE UserName = '$PHP_AUTH_USER' AND Password = '$PHP_AUTH_PW'; // Execute query and put results in $result $result = mysql_query( $sql ) or die ( 'Unable to execute query.' ); // Get number of rows in $result. $num = mysql_numrows( $result ); if ( $num != 0 ) // matching row was found - user authenticated. $auth = true; } } if ( ! $auth ) echo 'Sign In Required.'; exit; } else echo 'pYou are Signed In!/p'; } ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] How can i make it so....
That way people can type in www.yoursite.com/loggedin.php and bypass the Authentication completely. Great! =P Sheridan Saint-Michel Website Administrator FoxJet, an ITW Company www.foxjet.com - Original Message - From: Chris Fry [EMAIL PROTECTED] To: Steve Wright [EMAIL PROTECTED] Cc: PHP List [EMAIL PROTECTED] Sent: Wednesday, August 01, 2001 5:07 AM Subject: Re: [PHP] How can i make it so Steve, If you move your validation code to the top of the script you can use the header (Location: loggedin.php); exit; to go to the next page if the user is validated Chris Steve Wright wrote: Hi, I have modified an authentication script to my own liking, but being new, don't know how to go about my next stage. Once the user has inserted the UN, and PW, it is campared against the MySQL database, nowm what i want to do is get rid of the login form which still appears, and is very annoying. I can't seem to see anything on this particular subject, but if their is any, can u point me in the right direction. It can be viewed at: http://www.stevewrightonline.co.uk/auth/auth.php UN: guest PW: guest Here's the code: P FORM ACTION=? echo $PHP_SELF; ? METHOD=POST PUserName:br input type=text name=PHP_AUTH_USER size=15 /p PPassword:br input type=password name=PHP_AUTH_PW size=15 /p input type=submit value=Log In /form /P ?php $auth = false; // user is not authenticated yet if (isset( $PHP_AUTH_USER ) isset($PHP_AUTH_PW)) { // Connect the MySQL Database mysql_connect( **.net', '**', '***' ) or die ( 'Unable to connect to server.' ); // Select database on MySQL server mysql_select_db( 'Demonstration' ) or die ( 'Unable to select database.' ); // the query $sql = SELECT * FROM users WHERE UserName = '$PHP_AUTH_USER' AND Password = '$PHP_AUTH_PW'; // Execute query and put results in $result $result = mysql_query( $sql ) or die ( 'Unable to execute query.' ); // Get number of rows in $result. $num = mysql_numrows( $result ); if ( $num != 0 ) { // matching row was found - user authenticated. $auth = true; } } if ( ! $auth ) { echo 'Sign In Required.'; exit; } else { echo 'pYou are Signed In!/p'; } ? -- Chris Fry Quillsoft Pty Ltd Specialists in Secure Internet Services and E-Commerce Solutions 10 Gray Street Kogarah NSW 2217 Australia Phone: +61 2 9553 1691 Fax: +61 2 9553 1692 Mobile: 0419 414 323 eMail: [EMAIL PROTECTED] http://www.quillsoft.com.au You can download our Public CA Certificate from:- https://ca.secureanywhere.com/htdocs/cacert.crt ** This information contains confidential information intended only for the use of the authorised recipient. If you are not an authorised recipient of this e-mail, please contact Quillsoft Pty Ltd by return e-mail. In this case, you should not read, print, re-transmit, store or act in reliance on this e-mail or any attachments, and should destroy all copies of them. This e-mail and any attachments may also contain copyright material belonging to Quillsoft Pty Ltd. The views expressed in this e-mail or attachments are the views of the author and not the views of Quillsoft Pty Ltd. You should only deal with the material contained in this e-mail if you are authorised to do so. This notice should not be removed. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]