Member Avatar for Arianna

Just so you know, I'm a PHP beginner, so I won't understand complicated stuff or anything of the like. xP
I've started to make a part of my website (may I link to it, or should I just post the code) and I'm pretty happy with it. A user can paste or write a story into a text area, and then submit it. It shows the word count to them, and also adds it to a database, where, on a different page, people are able to view it, complete with their name and how many words the writing is.
However, I'm having a problem. I want to get a login script set up, so users are able to set stories to public/private, and also view all stories by them. They will also be able to have 'cash' for the stories that they post, based on the word count. Some features that I might try to implement would be editing/deleting stories, but I don't know if I will be able to implement that until I get a start on the actual code.
I have tried quite a few codes, some which are linked here.
http://hvassing.com/2007/simple-php-login-script-using-session-and-mysql/
http://php.about.com/od/finishedphp1/ss/php_login_code_7.htm
http://www.daniweb.com/forums/post951182.html#post951182
However, even with a bit of editing, I haven't been able to get them to work. This isn't good. xP
If it helps, here is the sql table that I have.

-- phpMyAdmin SQL Dump
-- version 2.11.9.5
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Nov 11, 2009 at 12:55 PM
-- Server version: 5.0.81
-- PHP Version: 5.2.6

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";

--
-- Database: `pixelpup_type`
--

-- --------------------------------------------------------

--
-- Table structure for table `type_users`
--

CREATE TABLE IF NOT EXISTS `type_users` (
  `uid` int(11) NOT NULL auto_increment,
  `username` varchar(20) default NULL,
  `password` varchar(100) default NULL,
  `email` varchar(60) default NULL,
  `usergroup` varchar(11) NOT NULL default '3',
  `cash` varchar(5) NOT NULL default '200',
  PRIMARY KEY  (`uid`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;

--
-- Dumping data for table `type_users`
--

I'm struggling with integrating the login scripts, could anyone give me any advice. I'm sorry if I sound vague, I just don't know where to start. :/
Arianna

  • 2 Contributors
  • 4 Replies
  • 278 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by Arianna
Member Avatar for Will Gresham

Post up the code you are using at the moment for specific information/help.

It is likely that the database queries are wrong, probably the script is looking for columns you do not have if you are using an example script.

Member Avatar for Arianna

Thank you. :D
I am able to create a user, yet when I get to this:

<?php
 
session_start(); //start session so we can login
 
require('includes/functions.php'); //include functions
require('includes/dbconnect.php'); //include database connection
 
$min_form_time = 5; //in seconds
$max_form_time = 30; //in seconds
 
$error = array(); //define $error to prevent error later in script.
if ( isset( $_POST['submit'] ) ) {
    $error = array();
    array_map( 'stripslashes',&$_POST ); //Strips slashes
    array_map( 'mysql_real_escape_string',&$_POST ); //Escapes data to protect against sql injection
    $user = $_POST['username'];
    $pass = $_POST['password'];
    $token = $_POST['token'];
    if ( $token !== $_SESSION['token'] ) {
        $error[] = 'Token is invalid';
    }
    else {
        if ( time() <= ( $_SESSION['time'] + $min_form_time ) ) {
            $error[] = 'Form submitted too quickly, please slow down and try again';
        }
        elseif ( time() >= ( $_SESSION['time'] + $max_form_time ) ) {
            $error[] = 'Form has expired';
        }
        else {
            if ( empty( $user ) ) { //check if username is blank
                $error[] = 'Username is blank';
            }
            elseif ( strlen( $user ) > 30 ) { //make sure the username is not longer than 30 chars
                $error[] = 'Username is longer than 30 characters';
            }
            if ( empty( $pass ) ) { //check if password is blank
                $error[] = 'Password is blank';
            }
            elseif ( strlen( $pass ) < 6 ) { //make sure password is longer than 8 characters
                $error[] = 'Password must be longer than 5 characters';
            }
            elseif ( !preg_match( "/^.*(?=.{3,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$/",$pass ) ) { //check to see if its a valid password
                $error[] = 'Password invalid - it must contain at least 1 number, 1 uppercase letter, 1 lowercase letter';
            }
            if ( count( $error ) == 0 ) { //if everything is ok so far, keep going (i do this because i don't want to hit the database if the username or password is blank)
                $query = mysql_query( "SELECT `id`,`password` FROM `type_users` WHERE `username` = '{$user}' LIMIT 1",$con );
                if ( mysql_num_rows( $query ) !== 1 ) { //checks to see if a row was found with username provided by user
                    $error[] = 'Username and/or Password incorrect'; //never be specific with errors, makes it hard to crack
                }
                else {
                    list( $id,$hash ) = mysql_fetch_row( $query ); //puts the id and password from result into $id and $pass variables
                    if ( !checkPassword( $pass,$hash ) ) { //check password from user against the hash in the database.
                        $error[] = 'Username and/or Password incorrect';
                    }
                    if ( count( $error ) == 0 ) { //if now errors found, then set session for login
                        $_SESSION['auth'] = $id;
                        header('Location: member.php'); //redirect to <strong class="highlight">secure</strong> area
                        exit; //exit script since we are redirecting anyway
                    }
                }
            }
        }
    }
}
 
$errmsg = '';
if ( count( $error ) > 0 ) { //if there are errors, build the error list to be displayed.
    $errmsg = '<div>Errors:<br /><ul>';
    foreach( $error as $err ) { //loop through errors and put then in the list
        $errmsg .= "<li>{$err}</li>";
    }
    $errmsg .= '</ul></div>';
}
 
$token = md5(uniqid(rand(),true));
$_SESSION['token'] = $token;
$_SESSION['time'] = time();
 
$html =<<<HTML
<html>
<head>
<title>Login</title>
</head>
<body>
    <h3>Member Login</h3>
    {$errmsg}
    <div>
        <form action="{$_SERVER['PHP_SELF']}" method="post">
            Username: <input type="text" name="username" /><br />
            Password: <input type="password" name="password" /><br />
            <input type="hidden" name="token" value="{$token}" />
            <input type="submit" name="submit" value="Login" />
        </form>
    </div>
</body>
</html>
HTML;
 
echo $html;
 
?>

For the login page, that's when I'm starting to have problems. It gives me the error message: Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/pixelpup/public_html/wordcount/login.php on line 47 and it tells me that the user/password are wrong, even though I have checked them (Username: User / Password: Password1) multiple times, and I have made sure that they are inserted into the database.
Thank you very much for helping. :D

Member Avatar for Arianna

My previous post is long and boring, but here it is.

Eep! I hate to doublepost, but hopefully this will be merged. I managed to get the code to work (selecting from a non-existent column: silly me!) but now I'm having a problem with member.php.
I've got this code, at this point.

<?php
 
session_start(); //start session so we can see if the user is logged in.
 
if ( !isset( $_SESSION['auth'] ) ) { // if auth is not in the $_SESSION array (meaning they haven't been to the login page where its set) redirect them to the login page
    header('Location: login.php');
    exit;
}
 
require('includes/dbconnect.php'); //include database connection
require('includes/functions.php'); //include database connection

$memid = $_SESSION['auth']; //set member id into $memid.
 
$query = mysql_query( "SELECT `username` FROM `type_users` WHERE 'uid' = {$memid}" ); //
$member = mysql_fetch_assoc( $query );
 
echo "Welcome, {$member['username']} <a href=\"logout.php\">Logout</a>";
 
?>

It's working OK - you've got to be logged on to see it, yet I'm finding a problem - this is what the page shows.

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/pixelpup/public_html/wordcount/member.php on line 16
Welcome, Logout

It's both got an error, and it's not showing the user's name. Could anyone help me? I'm not understanding the session_start() thing, and I'm not that sure about how I'm getting the user's name, as well as the error.
Thanks!

I've gotten a bit further. As is said in the spoiler, I managed to get to member.php. This is the modified code I'm using now.

<?php
 
session_start(); //start session so we can see if the user is logged in.
 
if ( !isset( $_SESSION['auth'] ) ) { // if auth is not in the $_SESSION array (meaning they haven't been to the login page where its set) redirect them to the login page
    header('Location: login.php');
    exit;
}
 
require('includes/dbconnect.php'); //include database connection
require('includes/functions.php'); //include database connection

$memid = $_SESSION['auth']; //set member id into $memid.
 
$query = "SELECT * FROM type_users WHERE uid = $memid";
$result = mysql_query ($query) or die(mysql_error());
$username=@mysql_result($result,$i,"username");
 
echo "Welcome, ".$username.". <a href=\"logout.php\">Logout</a>";
 
?>

However, it's telling me this: Unknown column 'User' in 'where clause' I haven't even got a column called user! What is happening?

Edited by Arianna because: n/a
Member Avatar for Arianna

Please ignore this post, I've solved it all. Thank you very much. Sometimes just posting seems to motivate me!

Edited by Arianna because: n/a
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.