PHP admin log on thingy?

Butters

Butters

Butters

Permabanned
Joined
22 Apr 2007
Posts
1,805
Yo!

Guys here have been great and I know I ask a lot sometimes so I'm breaking this down now for some help as this is my next challenge.

I have created a table called admin with three fields:

id
username
password

I have inserted a username and password into the database though phpmyadmin.

Now what I want to do is have a webpage that asks for the username and password, checks they are correct and redirects to another page (like an admin page).

Does that make sense?

TIA
 
Thanks Marc

Do I need to alter that slightly for:-

password (instead of pass)

and does that have the form built in to it?

what do I name it?

Sorry, still getting to grips with this
 
ignore the function at the top of the script. but read through the rest. there are some basic comments there which should give you some idea how it works.....

the only thing you need to change is the table/column names in the SELECT query.
 
Sorry marc, I must be missing something.

Do I still need to create an HTML form which on submit calls this php code?

Where in the code does it link to the database?
 
bah, i give up. just tell me the table name and the column names and i'll do it. we'll be here for a thousand years otherwise. :p
 
marc2003 said:
bah, i give up. just tell me the table name and the column names and i'll do it. we'll be here for a thousand years otherwise. :p
Click to expand...

LOL :)

Just think, this is the easier part. There is more to come with sessions and protecting the appropriate pages :)

I think it would be best to post a full example if you have one.

If not - I shall create one.

I used to have a good tutorial for this but i seem to have lost the link :(.

Butters said:
I have inserted a username and password into the database though phpmyadmin.
Click to expand...

Did you md5() the password before putting it in the database, as marc's script with be dependant on that.
 
marc2003 said:
bah, i give up. just tell me the table name and the column names and i'll do it. we'll be here for a thousand years otherwise. :p
Click to expand...

lol :D teehee!

I love learning, but for me the best way to learn is really to see it already done and spend time with it.

OK, I want a table called 'admin' with 3 fields

id
username
password

this will sit in the MySQL database.

The admin of the site then opens a webpage, lets call it admin.php or login.php.

this is a web page with two fields that need to be filled in (username and password) and a submit button. The submit button then checks the MySQL database and if the username and password are right it re-directs them to another page.
 
Butters said:
lol :D teehee!

<snip>
Click to expand...

what i posted does all that. the form was there. how could you not see it? and it's obvious you had to enter the db connection details yourself. i put in a comment to say so. :D

here it is looking a little more user friendly (i've added a html head section :p)

login.php
Code: 
<?php
session_start();

mysql_connect('localhost', 'marc2003', '*******');
mysql_select_db('marc2003');

function clean($value) {
	if(get_magic_quotes_gpc()) $value = stripslashes($value);
	return trim(mysql_real_escape_string($value));
}

if($_POST['login'] && $_POST['username'] && $_POST['password']) {
        $username = clean($_POST['username']);
        $password = md5($_POST['password']);
        $result = mysql_query("SELECT username FROM table WHERE username = '$username' AND password = '$password'");
        if(mysql_num_rows($result) == 1) {
                $_SESSION['username'] = $username;
		header("Location: admin.php");
                exit;
        } else {
                $error = '<p>sorry, wrong username/password.</p>';
        }
}
?>
<html>
<head>
<title>login</title>
</head>
<body>
<form action"login.php" method="post" name="login">
<p>input type="text" name="username"></p>
<p>input type="password" name="password"></p>
<p>input type="submit" name="login" value="login"></p>
</form>
<?php
if($error) echo $error;
?>
</body>
</html>

now on admin.php we have to have a little code at the start...

Code: 
<?php
session_start();
if(!$_SESSION['username']) {
       //not logged in. redirect to login page
       header("Location: login.php");
       exit;
}
//admin page content
?>

edit: to get the md5 value for your password, just enter this as the first line in any php file temporarily and access it in a browser

die(md5('password goes here'));

that will output the md5 hash. store that in phpmyadmin. now my script will work with it.
 
Last edited:
marc2003 said:
Code: 
<?php
session_start();
if(!$_SESSION['username']) {
       //not logged in. redirect to login page
       header("Location: login.php");
       exit;
}
//admin page content
?>
Click to expand...


Ahh, thats better! ;)

One quick question, where you have the //admin page content in the line above, I take it I am adding the site content there. All before the ?>

Thanks again

EDIT: Oh btw! Your html coding leave a bit to be desired! Leaving out <'s like that! Scared me..... ;)
 
Last edited:
Butters said:
EDIT: Oh btw! Your html coding leave a bit to be desired! Leaving out <'s like that! Scared me..... ;)
Click to expand...

where? :confused:

you mean in my original file? the form was fully functional. what's the point in wasting my time with useless fluff like html when chances are people already have their own layouts/html head/css sections. :)

as for before or after ?>, that depends if you're using php or not. if the rest of the page is html, then it goes afterwards. of course you can open or close php tags where ever you want. i've even done it in mine above...
 
Last edited:
marc2003 said:
where? :confused:

you mean in my original file? the form was fully functional. what's the point in wasting my time with useless fluff like html when chances are people already have their own layouts/html head/css sections. :)

as for before or after ?>, that depends if you're using php or not. if the rest of the page is html, then it goes afterwards. of course you can open or close php tags where ever you want. i've even done it in mine above...
Click to expand...

Cool thanks


Here:
Code: 
<body>
<form action"login.php" method="post" name="login">
<p>input type="text" name="username"></p>
<p>input type="password" name="password"></p>
<p>input type="submit" name="login" value="login"></p>
</form>

Should it not have been
Code: 
<body>
<form action"login.php" method="post" name="login">
<p><input type="text" name="username"></p>
<p><input type="password" name="password"></p>
<p><input type="submit" name="login" value="login"></p>
</form>
 
there's no difference between those? :confused:

one major thing i've lost is the labels for the username/password boxes. don't know where they've gone. :o those will need adding. :p

edit: form action is missing an equals sign too. i put in all these mistakes to keep you on your toes... ;)
 
marc2003 said:
there's no difference between those? :confused:

one major thing i've lost is the labels for the username/password boxes. don't know where they've gone. :o those will need adding. :p

edit: form action is missing an equals sign too. i put in all these mistakes to keep you on your toes... ;)
Click to expand...

Take a closer look! ;)

the <p>input........... of yours and the <p><input.......... of mine ;)

Yeah, I found the equals was missing.

Ooo, you can help me here, someone told me ages ago that its best practice to have the full path like action="http://mydomain.co.uk/admin.php" as opposed to just action="admin.php".
 
I'm getting this

Code: 
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/mark1e/public_html/login.php on line 16

??
 
You must log in or register to reply here.
Back
Top Bottom