PHP admin log on thingy?

[Butters]

Yo!

Guys here have been great and I know I ask a lot sometimes so I'm breaking this down now for some help as this is my next challenge.

I have created a table called admin with three fields:

id
username
password

I have inserted a username and password into the database though phpmyadmin.

Now what I want to do is have a webpage that asks for the username and password, checks they are correct and redirects to another page (like an admin page).

Does that make sense?

TIA

 

[Butters]

Thanks Marc

Do I need to alter that slightly for:-

password (instead of pass)

and does that have the form built in to it?

what do I name it?

Sorry, still getting to grips with this

 

[Butters]

Sorry marc, I must be missing something.

Do I still need to create an HTML form which on submit calls this php code?

Where in the code does it link to the database?

 

[Butters]

bah, i give up. just tell me the table name and the column names and i'll do it. we'll be here for a thousand years otherwise.

lol teehee!

I love learning, but for me the best way to learn is really to see it already done and spend time with it.

OK, I want a table called 'admin' with 3 fields

id
username
password

this will sit in the MySQL database.

The admin of the site then opens a webpage, lets call it admin.php or login.php.

this is a web page with two fields that need to be filled in (username and password) and a submit button. The submit button then checks the MySQL database and if the username and password are right it re-directs them to another page.

 

[Butters]

Did you md5() the password before putting it in the database, as marc's script with be dependant on that.

No, is this feature available in phpmyadmin?

 

[Butters]

<?php
session_start();
if(!$_SESSION['username']) {
       //not logged in. redirect to login page
       header("Location: login.php");
       exit;
}
//admin page content
?>

Ahh, thats better!

One quick question, where you have the //admin page content in the line above, I take it I am adding the site content there. All before the ?>

Thanks again

EDIT: Oh btw! Your html coding leave a bit to be desired! Leaving out <'s like that! Scared me.....

 

[Butters]

where?

you mean in my original file? the form was fully functional. what's the point in wasting my time with useless fluff like html when chances are people already have their own layouts/html head/css sections.

as for before or after ?>, that depends if you're using php or not. if the rest of the page is html, then it goes afterwards. of course you can open or close php tags where ever you want. i've even done it in mine above...

Cool thanks


Here:

<body>
<form action"login.php" method="post" name="login">
<p>input type="text" name="username"></p>
<p>input type="password" name="password"></p>
<p>input type="submit" name="login" value="login"></p>
</form>

Should it not have been

<body>
<form action"login.php" method="post" name="login">
<p><input type="text" name="username"></p>
<p><input type="password" name="password"></p>
<p><input type="submit" name="login" value="login"></p>
</form>

 

[Butters]

there's no difference between those?

one major thing i've lost is the labels for the username/password boxes. don't know where they've gone. those will need adding.

edit: form action is missing an equals sign too. i put in all these mistakes to keep you on your toes...

Take a closer look!

the <p>input........... of yours and the <p><input.......... of mine

Yeah, I found the equals was missing.

Ooo, you can help me here, someone told me ages ago that its best practice to have the full path like action="http://mydomain.co.uk/admin.php" as opposed to just action="admin.php".

 

[Butters]

nonsense.

as this form is submitting to it's self you could even leave it blank....

action=""

Marc, when I hit submit the login page just reloads blank

 

[Butters]

I'm getting this

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/mark1e/public_html/login.php on line 16

??

 

[Butters]

Cool, thought i'd changed that but I hadnt saved before uploading.

Excuse me for being dumb but which of the 'username' and 'passwords' do I need to change?

 

[Butters]

eh?

<?php
session_start();

mysql_connect('localhost', 'mark1e', '*******');
mysql_select_db('mark1e);

function clean($value) {
	if(get_magic_quotes_gpc()) $value = stripslashes($value);
	return trim(mysql_real_escape_string($value));
}

if($_POST['login'] && $_POST['do i change this?'] && $_POST['do i change this]) {
        $username = clean($_POST['do i change this']);
        $password = md5($_POST['do i change this']);
        $result = mysql_query("SELECT username FROM admin WHERE username = '$username' AND password = '$password'");
        if(mysql_num_rows($result) == 1) {
                $_SESSION['do i change this'] = $username;
		header("Location: admin.php");
                exit;
        } else {
                $error = '<p>sorry, wrong username/password.</p>';
        }
}
?>

See above where I've written (do I change this). pls dont hate me!

 

[Butters]

no don't change those. they have to match the names they are given in the form

<input type="text" name="username"> corresponds with $_POST['username']
etc

i already told you the only thing you have to change is the table/column names in the sql query if it doesn't match your setup.

Cool,

one more and I think I'm done

What reference does the if($_POST['login'] have?

 

[Butters]

short memory? what did i just say about $_POST variables corresponding to an input name on the form?

The button?

 

[Butters]

Marc, how can I make it so that the password I enter in the HTML form appears as an Asterix (*)?

Thanks

 

[Butters]

have a gold star.



it already does.

Umm, it doesnt. I can clearly see what I'm typing as I type it

 

[Butters]

Sorted, found the problem.

Thanks Marc, you're a legend.