PDA

View Full Version : Login and password


mith_oliver
11-28-2005, 03:11 PM
I want to create a webpage with login and password with a popup windows so is there anyone who can help me please?

davidj
11-28-2005, 03:15 PM
yes but you need to be more specific

validating using javascript is like putting an ashtray on a motorbike so that leaves you with scripting solutions.

do you know anything about these (PHP,ASP,Coldfusion,Perl)

mith_oliver
11-28-2005, 04:00 PM
I know a little bit about PHP.

davidj
11-28-2005, 04:46 PM
PHP it is then

first what is the popup about?

part 1...
This grabs the password and userID from 2 form filelds named 'user_id' & 'password' and assigns the value to variables for validation

if (isset($_POST['user_id'])) {
$myUsername = $_POST['user_id'];
}

if (isset($_POST[password'])) {
$myPassword = $_POST['password'];
}


part 2...
now validate to see if the user exists within the db using a simple query

mysql_select_db($database_mydb, $mydb);
// Verify Login is correct
$query_rsLogin = sprintf("SELECT * FROM user WHERE user_id = '%s' AND user_password = '%s'", $myUsername,$myPassword);
$rsLogin = mysql_query($query_rsLogin, $hsbc) or die(mysql_error());
$row_rsLogin = mysql_fetch_assoc($rsLogin);
$totalRows_rsLogin = mysql_num_rows($rsLogin);



part 3...
you will need to assign the userID to a session variable so you can access it at any time through out your application (this will allow you to kick people out if they try to type a path to a restricted page.


// a simple IF condition will do nicely so just check if the recordset above comes back with a record which means that person exists.

if ($totalRows_rsLogin >0){
/* now set the session 'userID' (this will be available throughout the app*/
$_SESSION['userID'] = $myUsername;

/*now redirect to the LET_ME_IN.php page*/
header("location: let_me_in.php");
}
/* send user to a NOT_GETTING_IN.php page if the query fails*/
else
{
header("location: not_getting_in.php");
}

ok thats done

you will need to validate the user on each page to make sure he logged in properly and didnt use the path as a backdoor. To do this is really easy

part 4...
create a blank php file (no HTML) and add the following in php tags and call it something like security.php


//security.php
if(!(isset($_SESSION['userID'] ))){
header("location: kick_them_out.php");
}


part 5...
now in every page of your application just add the following at the top of every page.


session_start();
include('security.php');

mith_oliver
11-28-2005, 06:41 PM
when a user type URL address, before the page open popup a little windows wich you have to type login or password or both.

any way thanks a lot!

davidj
11-29-2005, 08:53 AM
let me know how you get on. Just come back if you have any problems

chriskq
12-01-2005, 09:46 AM
sorry to chime in on this Q, but it got me interested.
Im assuming the php security $query_rsLogin = sprintf("SELECT * FROM user WHERE user_id = '%s' AND user_password = '%s'", $myUsername,$myPassword); needs to be validated against data to verify user. Could you use a Access database file, as in just a table of users and password
Where should you link this in the function


i like the Die error msg, even better if it spammed ur screen in popboxes- :ph34r:
cheers yau'l

davidj
12-01-2005, 10:03 AM
the login script can be in the same page as your login form or you can set the action of the form to another page which holds the login script. I prefer to include the script on the same page and have a hidden field with a value of 1 then you can set the script to fire only when the form is submitted catching the hidden field value

$hiddenfield = $_POST['hiden field'];

if ($hiddenfield == 1){
fire login validation

}

this uses a mysql db but you can easily use any db. I am assuming your a windows man and therefore your chosen language is asp under IIS and access backend