Login and Logout using Sessions and Cookies

Discussion in 'PHP' started by shabbir, Jun 15, 2005.

  1. wq321

    wq321 New Member

    Joined:
    Apr 16, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    how do i validate this log in code with an access database?
     
  2. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    You already have a thread relating to the same and we will have discussion relating to that there.

    [thread=3899]login with access database[/thread]
     
  3. ted_chou12

    ted_chou12 New Member

    Joined:
    Nov 21, 2006
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    0
    Home Page:
    http://netfriending.co.cc
    One problem that I found out when using this script, please see the yellow text:
    PHP:
    <?php 

    function createsessions($username,$password

        
    //Add additional member to Session array as per requirement 
        
    session_register(); 

        
    $_SESSION["gdusername"] = $username
        
    $_SESSION["gdpassword"] = md5($password); 
         
        if(isset(
    $_POST['remme'])) 
        { 
            
    //Add additional member to cookie array as per requirement 
            
    setcookie("gdusername"$_SESSION['gdusername'], time()+60*60*24*100"/"); 
            
    setcookie("gdpassword"$_SESSION['gdpassword'], time()+60*60*24*100"/"); //the cookie is stored improperly, and this should be $password instead of [URL=http://www.go4expert.com/articles/md5-tutorial-t319/]md5[/URL] coded password*************************************
            
    return; 
        } 


    function 
    clearsessionscookies() 

        unset(
    $_SESSION['gdusername']); 
        unset(
    $_SESSION['gdpassword']); 
         
        
    session_unset();     
        
    session_destroy(); 

        
    setcookie ("gdusername""",time()-60*60*24*100"/"); 
        
    setcookie ("gdpassword""",time()-60*60*24*100"/"); 


    function 
    confirmUser($username,$password

        
    $md5pass md5($password); //this causes problem when working with md5 coded password already.

        /* Validate from the database but as for now just demo username and password */ 
        
    if($username == "demo" && $password "demo"
            return 
    true
        else 
            return 
    false


    function 
    checkLoggedin() 

        if(isset(
    $_SESSION['gdusername']) AND isset($_SESSION['gdpassword'])) 
            return 
    true
        elseif(isset(
    $_COOKIE['gdusername']) && isset($_COOKIE['gdpassword'])) 
        { 
            if(
    confirmUser($_COOKIE['gdusername'],$_COOKIE['gdpassword'])) 
            { 
                
    createsessions($_COOKIE['gdusername'],$_COOKIE['gdpassword']); 
                return 
    true
            } 
            else 
            { 
                
    clearsessionscookies(); 
                return 
    false
            } 
        } 
        else 
            return 
    false

    ?> 
    Since cookie is already stored as md5, and you are encrypting it twice, therefore the passwords will not match with that from the db. I found this problem when using the script and thought it was the problem of my server. Please make this change if you are using it, and I have to admit, this is a nice login script, very neat and clean.
    Hope that helped. >> NetFriending.com <<
    Ted
     
  4. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    That was the same or similar mistake pointed out and as confirmUser is called always with encrypted password now we can safely remove that line. I am removed it. Thanks for pointing it out.
     
  5. ted_chou12

    ted_chou12 New Member

    Joined:
    Nov 21, 2006
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    0
    Home Page:
    http://netfriending.co.cc
    opps, is this mistake already being mentioned by somebody?
     
  6. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    The variable was anyway not needed but kept there.
     
  7. saimt

    saimt New Member

    Joined:
    Nov 13, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    IT
    Location:
    Eritrea
    hello shabbir when i'm tring to use the code its giveing me an error of
    the header file already sent ...

    could u please help me
     
  8. pradeep

    pradeep Team Leader

    Joined:
    Apr 4, 2005
    Messages:
    1,645
    Likes Received:
    87
    Trophy Points:
    0
    Occupation:
    Programmer
    Location:
    Kolkata, India
    Home Page:
    http://blog.pradeep.net.in
    Solution:
    At the starting of the file put this code
    PHP:
    ob_start();
     
  9. gary4s

    gary4s New Member

    Joined:
    Apr 13, 2008
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Hi all

    Great site. I have tried this script and it works great. I am a newbie to php and would like some pointers on how to validate username and password from the database.

    Thanks Gary
     
  10. pradeep

    pradeep Team Leader

    Joined:
    Apr 4, 2005
    Messages:
    1,645
    Likes Received:
    87
    Trophy Points:
    0
    Occupation:
    Programmer
    Location:
    Kolkata, India
    Home Page:
    http://blog.pradeep.net.in
    What database are you using??
     
  11. Tigerplug

    Tigerplug New Member

    Joined:
    Apr 18, 2008
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    0
    Thanks for this! It'll be a big help for me!
    I find it so much easier to understand when I step through the code logically and try to understand it.


    ;)
     
  12. new_en_it

    new_en_it New Member

    Joined:
    Nov 17, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    keep it up, very good.
     
  13. Ryzer

    Ryzer New Member

    Joined:
    Feb 15, 2009
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Pipeline Maintenance
    Location:
    Saskatchewan, Canada
    question about the loginlogout.zip file. i downloaded the file and for some reason login.php won't run. keep getting a parse error in last line of file. makes me think that theres a missing } or ;... but everything looks good. when i comment out the switch function, the error disappears.. anyone else getting this? very confused
     
  14. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    Do you get the same error when using the code posted in the Article ?
     
  15. Ryzer

    Ryzer New Member

    Joined:
    Feb 15, 2009
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Pipeline Maintenance
    Location:
    Saskatchewan, Canada
    yes, same error with the code from article. i know enough about php to troubleshoot error's and correct most of them but this one has me stumped
     
  16. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    The code works for me perfectly fine.
     
  17. Ryzer

    Ryzer New Member

    Joined:
    Feb 15, 2009
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Pipeline Maintenance
    Location:
    Saskatchewan, Canada
    the error outputted in localhost/login.php
    Parse error: parse error in FILE PATH HERE on line 81

    login.php - line 81 being the very last line in this file
    Code:
    <?php 
    
    ob_start(); 
    session_start(); 
    
    require_once ("functions.php"); 
    
    $returnurl = urlencode(isset($_GET["returnurl"])?$_GET["returnurl"]:""); 
    if($returnurl == "") 
        $returnurl = urlencode(isset($_POST["returnurl"])?$_POST["returnurl"]:""); 
    
    $do = isset($_GET["do"])?$_GET["do"]:""; 
    
    $do = strtolower($do); 
    
    switch($do) 
    { 
    case "": 
        if (checkLoggedin()) 
        { 
            echo "<H1>You are already logged in - <A href = \"login.php?do=logout\">logout</A></h1>"; 
        } 
        else 
        { 
            ?> 
            <form NAME="login1" ACTION="login.php?do=login" METHOD="POST" ONSUBMIT="return aValidator();"> 
            <input TYPE="hidden" name="returnurl" value="<?$returnurl?>"> 
            <TABLE cellspacing="3"> 
            <TR> 
                <TD>Username:</TD> 
                <TD><input TYPE="TEXT" NAME="username"></TD> 
                <TD>Password:</TD> 
                <TD><input TYPE="PASSWORD" NAME="password"></TD> 
            </TR> 
            <TR> 
                <TD colspan="4" ALIGN="center"><input TYPE="CHECKBOX" NAME="remme">&nbsp;Remember me for the next time I visit</TD> 
            </TR> 
            <TR> 
                <TD ALIGN="CENTER" COLSPAN="4"><input TYPE="SUBMIT" name="submit" value="Login"></TD> 
            </TR> 
            </form> 
            </TABLE> 
        <? 
        } 
        break; 
    case "login": 
        $username = isset($_POST["username"])?$_POST["username"]:""; 
        $password = isset($_POST["password"])?$_POST["password"]:""; 
    
        if ($username=="" or $password=="" ) 
        { 
            echo "<h1>Username or password is blank</h1>"; 
            clearsessionscookies(); 
            header("location: login.php?returnurl=$returnurl"); 
        } 
        else 
        { 
            if(confirmuser($username,md5($password))) // As pointed out by asgard2005 
            { 
                createsessions($username,$password); 
                if ($returnurl<>"") 
                    header("location: $returnurl"); 
                else 
                { 
                    header("Location: index.php"); 
                } 
            } 
            else 
            { 
                echo "<h1>Invalid Username and/Or password</h1>"; 
                clearsessionscookies(); 
                header("location: login.php?returnurl=$returnurl"); 
            } 
        } 
        break; 
    case "logout": 
        clearsessionscookies(); 
        header("location: index.php"); 
        break; 
    } 
    ?>
    
    functions.php
    Code:
    <?php 
    
    function createsessions($username,$password) 
    { 
        //Add additional member to Session array as per requirement 
        session_register(); 
    
        $_SESSION["gdusername"] = $username; 
        $_SESSION["gdpassword"] = md5($password); 
         
        if(isset($_POST['remme'])) 
        { 
            //Add additional member to cookie array as per requirement 
            setcookie("gdusername", $_SESSION['gdusername'], time()+60*60*24*100, "/"); 
            setcookie("gdpassword", $_SESSION['gdpassword'], time()+60*60*24*100, "/"); 
            return; 
        } 
    } 
    
    function clearsessionscookies() 
    { 
        unset($_SESSION['gdusername']); 
        unset($_SESSION['gdpassword']); 
         
        session_unset();     
        session_destroy();  
    
        setcookie ("gdusername", "",time()-60*60*24*100, "/"); 
        setcookie ("gdpassword", "",time()-60*60*24*100, "/"); 
    } 
    
    function confirmUser($username,$password) 
    { 
        // $md5pass = md5($password); // Not needed any more as pointed by ted_chou12 
    
        /* Validate from the database but as for now just demo username and password */ 
        if($username == "demo" && $password = "demo") 
            return true; 
        else 
            return false; 
    } 
    
    function checkLoggedin() 
    { 
        if(isset($_SESSION['gdusername']) AND isset($_SESSION['gdpassword'])) 
            return true; 
        elseif(isset($_COOKIE['gdusername']) && isset($_COOKIE['gdpassword'])) 
        { 
            if(confirmUser($_COOKIE['gdusername'],$_COOKIE['gdpassword'])) 
            { 
                createsessions($_COOKIE['gdusername'],$_COOKIE['gdpassword']); 
                return true; 
            } 
            else 
            { 
                clearsessionscookies(); 
                return false; 
            } 
        } 
        else 
            return false; 
    } 
    ?> 
    
    index.php
    Code:
    <?php 
    ob_start(); 
    session_start(); 
    
    require_once ("functions.php"); 
    
    if (checkLoggedin()) 
        echo "<H1>You are already logged in - <A href = \"login.php?do=logout\">logout</A></h1>"; 
    else 
        echo "<H1>You are not logged in - <A href = \"login.php\">login</A></h1></h1>"; 
    ?> 
    
    :thinking:
     

    Attached Files:

  18. Ryzer

    Ryzer New Member

    Joined:
    Feb 15, 2009
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Pipeline Maintenance
    Location:
    Saskatchewan, Canada
    sorry double post.. could not edit

    could it have something to do with notepad++ as that is my text editor of choice... i will try a different editor now and if anything changes i'll update here
     
  19. Ryzer

    Ryzer New Member

    Joined:
    Feb 15, 2009
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Pipeline Maintenance
    Location:
    Saskatchewan, Canada
    problem resolved :happy: curious as to why this happens though. it was the php start tag causing the error...

    Code:
        { 
            ?> 
            <form NAME="login1" ACTION="login.php?do=login" METHOD="POST" ONSUBMIT="return aValidator();"> 
            <input TYPE="hidden" name="returnurl" value="<?$returnurl?>"> 
            <TABLE cellspacing="3"> 
            <TR> 
                <TD>Username:</TD> 
                <TD><input TYPE="TEXT" NAME="username"></TD> 
                <TD>Password:</TD> 
                <TD><input TYPE="PASSWORD" NAME="password"></TD> 
            </TR> 
            <TR> 
                <TD colspan="4" ALIGN="center"><input TYPE="CHECKBOX" NAME="remme">&nbsp;Remember me for the next time I visit</TD> 
            </TR> 
            <TR> 
                <TD ALIGN="CENTER" COLSPAN="4"><input TYPE="SUBMIT" name="submit" value="Login"></TD> 
            </TR> 
            </form> 
            </TABLE> 
        [B]<?[/B] 
        } 
    
    changed to
    Code:
            </TABLE> 
        [B]<?php[/B] 
        } 
    
    anyone have insight as to why the code posted in article works for everyone except myself?
     
  20. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    Ohh !!

    Your server setting is such that it needs <?php and does not work with <?

    Are you using IIS because with Apache its not the case.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice