You already have a thread relating to the same and we will have discussion relating to that there. [thread=3899]login with access database[/thread]
One problem that I found out when using this script, please see the yellow text: PHP: <?php function createsessions($username,$password) { //Add additional member to Session array as per requirement session_register(); $_SESSION["gdusername"] = $username; $_SESSION["gdpassword"] = md5($password); if(isset($_POST['remme'])) { //Add additional member to cookie array as per requirement setcookie("gdusername", $_SESSION['gdusername'], time()+60*60*24*100, "/"); setcookie("gdpassword", $_SESSION['gdpassword'], time()+60*60*24*100, "/"); //the cookie is stored improperly, and this should be $password instead of [URL=http://www.go4expert.com/articles/md5-tutorial-t319/]md5[/URL] coded password************************************* return; } } function clearsessionscookies() { unset($_SESSION['gdusername']); unset($_SESSION['gdpassword']); session_unset(); session_destroy(); setcookie ("gdusername", "",time()-60*60*24*100, "/"); setcookie ("gdpassword", "",time()-60*60*24*100, "/"); } function confirmUser($username,$password) { $md5pass = md5($password); //this causes problem when working with md5 coded password already. /* Validate from the database but as for now just demo username and password */ if($username == "demo" && $password = "demo") return true; else return false; } function checkLoggedin() { if(isset($_SESSION['gdusername']) AND isset($_SESSION['gdpassword'])) return true; elseif(isset($_COOKIE['gdusername']) && isset($_COOKIE['gdpassword'])) { if(confirmUser($_COOKIE['gdusername'],$_COOKIE['gdpassword'])) { createsessions($_COOKIE['gdusername'],$_COOKIE['gdpassword']); return true; } else { clearsessionscookies(); return false; } } else return false; } ?> Since cookie is already stored as md5, and you are encrypting it twice, therefore the passwords will not match with that from the db. I found this problem when using the script and thought it was the problem of my server. Please make this change if you are using it, and I have to admit, this is a nice login script, very neat and clean. Hope that helped. >> NetFriending.com << Ted
That was the same or similar mistake pointed out and as confirmUser is called always with encrypted password now we can safely remove that line. I am removed it. Thanks for pointing it out.
hello shabbir when i'm tring to use the code its giveing me an error of the header file already sent ... could u please help me
Hi all Great site. I have tried this script and it works great. I am a newbie to php and would like some pointers on how to validate username and password from the database. Thanks Gary
Thanks for this! It'll be a big help for me! I find it so much easier to understand when I step through the code logically and try to understand it.
question about the loginlogout.zip file. i downloaded the file and for some reason login.php won't run. keep getting a parse error in last line of file. makes me think that theres a missing } or ;... but everything looks good. when i comment out the switch function, the error disappears.. anyone else getting this? very confused
yes, same error with the code from article. i know enough about php to troubleshoot error's and correct most of them but this one has me stumped
the error outputted in localhost/login.php Parse error: parse error in FILE PATH HERE on line 81 login.php - line 81 being the very last line in this file Code: <?php ob_start(); session_start(); require_once ("functions.php"); $returnurl = urlencode(isset($_GET["returnurl"])?$_GET["returnurl"]:""); if($returnurl == "") $returnurl = urlencode(isset($_POST["returnurl"])?$_POST["returnurl"]:""); $do = isset($_GET["do"])?$_GET["do"]:""; $do = strtolower($do); switch($do) { case "": if (checkLoggedin()) { echo "<H1>You are already logged in - <A href = \"login.php?do=logout\">logout</A></h1>"; } else { ?> <form NAME="login1" ACTION="login.php?do=login" METHOD="POST" ONSUBMIT="return aValidator();"> <input TYPE="hidden" name="returnurl" value="<?$returnurl?>"> <TABLE cellspacing="3"> <TR> <TD>Username:</TD> <TD><input TYPE="TEXT" NAME="username"></TD> <TD>Password:</TD> <TD><input TYPE="PASSWORD" NAME="password"></TD> </TR> <TR> <TD colspan="4" ALIGN="center"><input TYPE="CHECKBOX" NAME="remme"> Remember me for the next time I visit</TD> </TR> <TR> <TD ALIGN="CENTER" COLSPAN="4"><input TYPE="SUBMIT" name="submit" value="Login"></TD> </TR> </form> </TABLE> <? } break; case "login": $username = isset($_POST["username"])?$_POST["username"]:""; $password = isset($_POST["password"])?$_POST["password"]:""; if ($username=="" or $password=="" ) { echo "<h1>Username or password is blank</h1>"; clearsessionscookies(); header("location: login.php?returnurl=$returnurl"); } else { if(confirmuser($username,md5($password))) // As pointed out by asgard2005 { createsessions($username,$password); if ($returnurl<>"") header("location: $returnurl"); else { header("Location: index.php"); } } else { echo "<h1>Invalid Username and/Or password</h1>"; clearsessionscookies(); header("location: login.php?returnurl=$returnurl"); } } break; case "logout": clearsessionscookies(); header("location: index.php"); break; } ?> functions.php Code: <?php function createsessions($username,$password) { //Add additional member to Session array as per requirement session_register(); $_SESSION["gdusername"] = $username; $_SESSION["gdpassword"] = md5($password); if(isset($_POST['remme'])) { //Add additional member to cookie array as per requirement setcookie("gdusername", $_SESSION['gdusername'], time()+60*60*24*100, "/"); setcookie("gdpassword", $_SESSION['gdpassword'], time()+60*60*24*100, "/"); return; } } function clearsessionscookies() { unset($_SESSION['gdusername']); unset($_SESSION['gdpassword']); session_unset(); session_destroy(); setcookie ("gdusername", "",time()-60*60*24*100, "/"); setcookie ("gdpassword", "",time()-60*60*24*100, "/"); } function confirmUser($username,$password) { // $md5pass = md5($password); // Not needed any more as pointed by ted_chou12 /* Validate from the database but as for now just demo username and password */ if($username == "demo" && $password = "demo") return true; else return false; } function checkLoggedin() { if(isset($_SESSION['gdusername']) AND isset($_SESSION['gdpassword'])) return true; elseif(isset($_COOKIE['gdusername']) && isset($_COOKIE['gdpassword'])) { if(confirmUser($_COOKIE['gdusername'],$_COOKIE['gdpassword'])) { createsessions($_COOKIE['gdusername'],$_COOKIE['gdpassword']); return true; } else { clearsessionscookies(); return false; } } else return false; } ?> index.php Code: <?php ob_start(); session_start(); require_once ("functions.php"); if (checkLoggedin()) echo "<H1>You are already logged in - <A href = \"login.php?do=logout\">logout</A></h1>"; else echo "<H1>You are not logged in - <A href = \"login.php\">login</A></h1></h1>"; ?> :thinking:
sorry double post.. could not edit could it have something to do with notepad++ as that is my text editor of choice... i will try a different editor now and if anything changes i'll update here
problem resolved :happy: curious as to why this happens though. it was the php start tag causing the error... Code: { ?> <form NAME="login1" ACTION="login.php?do=login" METHOD="POST" ONSUBMIT="return aValidator();"> <input TYPE="hidden" name="returnurl" value="<?$returnurl?>"> <TABLE cellspacing="3"> <TR> <TD>Username:</TD> <TD><input TYPE="TEXT" NAME="username"></TD> <TD>Password:</TD> <TD><input TYPE="PASSWORD" NAME="password"></TD> </TR> <TR> <TD colspan="4" ALIGN="center"><input TYPE="CHECKBOX" NAME="remme"> Remember me for the next time I visit</TD> </TR> <TR> <TD ALIGN="CENTER" COLSPAN="4"><input TYPE="SUBMIT" name="submit" value="Login"></TD> </TR> </form> </TABLE> [B]<?[/B] } changed to Code: </TABLE> [B]<?php[/B] } anyone have insight as to why the code posted in article works for everyone except myself?
Ohh !! Your server setting is such that it needs <?php and does not work with <? Are you using IIS because with Apache its not the case.