PDA

View Full Version : Create a user login form.


jacob1986
01-03-2016, 02:19 PM
Would it be feasible for someone to help me build a PHP login form? I would like to create a very, very simple user login form using PHP, I have to be able to add user(s) to my sql database.

edbr
01-03-2016, 11:57 PM
sure but frankly there are some very good ones around on the web, if you give me a while i will post a link or 2 . and help you set it up if needed. first day back in the office and just waking up :) happy new year btw

jacob1986
01-04-2016, 04:32 PM
To be truthful, hitherto I was finding it difficult to complete any of the tutorials from YouTube and the web. I guess that maybe - I need a little guidance on this subect?

edbr
01-05-2016, 12:07 AM
i can understand that , its not so simple as these days there is a definite need to look at security.
im a birt sore thid morning as i came back to work to find an old info site i made years ago to identify snakes had been hit by cross scripting and its home page replacesd and a mail from google warning of phishing!! (sorry just ranting)

here are two links with several options, i havent looked at them for a while but they are all secure and featurs heavy
pdo,salted, remember password etc.

have a look try one or two then lets see if we can help you.
1 Panique
simple ,advanced and huge.
dont know huge but this was easier to implement if i remember correctly
https://github.com/panique

2 http://subinsb.com/php-logsys

also a few options, i was a bit bewildered getting this from the explanation but the writer was 12 at the time , :) he is a crusty old 15 year old now so maybe it will be clearer.
having said that it is a very nice system when in place

jacob1986
01-06-2016, 10:06 PM
Foremost: my course instructed me to design 'two' login forms (one simple and another one more difficult), I say this - just in case you are thinking 'wth'?!!?

This is the one (register/login form) I'm using to build my 'simple' login form (https://github.com/panique) I'm nearly finished just a few errors to sort out.

I do have another question regarding my other form, I keep getting the message 'Warning PDOStatment::exucute():SQLSTATE[HY093]: invalid parameter number: number of bound variables does not match number of tokens in DB.PHP line 38'.

I think it's something to do with the PDO bound variables not being the same, but when I search for an error I cannot seem to find anything (I guess it would help to know what precisely I'm looking for - sorry).
I have uploaded the code to a GitHub repository, which can found at https://github.com/a...Register-System (https://github.com/aaron1986/OOP-Login-Register-System)

Somebody told me to echo $sql; and print_r($params); inside the ->query(....) method - but I don't know how to do this?

Any help would be most welcome.

edbr
01-07-2016, 12:24 AM
invalid parameter number: number of bound variables does not match number of tokens in DB.PHP line 38'.

This warning is telling you that your bindings dont match in number. Count the number of bindings and the number of ? in you statement , they have to be the same number



echo $sql; will print the 'hard code' of the query that you are supplying ( im assuming $sql is yur select statement, ie it will show if you are using/supplying the correct data to enable the query

print_r will output the returned array ie print_r($_POST); would output any $_POST variables that have been received on that page

jacob1986
01-08-2016, 08:54 PM
In regards to the bindings and question marks, I have made a note of three question marks (action, insert, update). Moreover, but I seem to have four bindings (action, insert, update and query). If I have correctly guessed the bindings in my code (to this I may be wrong in my definition of bindings - sorry)?

Please could you explain how to add a ? to the query [part of code], I have tried but to no avail thus far?

My [query] code:

public function query($sql, $params = array()) {
$this->_error = false;
if($this->_query = $this->_pdo->prepare($sql)) {
$x = 1;
if(count($params)) {
foreach($params as $param) {
$this->_query->bindValue($x, $param);
$x++;
}
}

if($this->_query->execute()) {
$this->_results = $this->_query->fetchAll(PDO::FETCH_OBJ);
$this->_count = $this->_query->rowCount();
}else{
$this->_error = true;
}
}

return $this;

}

edbr
01-09-2016, 12:58 AM
Im going out on a limb as i didnt see the whole class , im on a phone so i will check when im in my office sgain on monday but i would think $x is the numbet of bindings. I woll also try to explain bindings in a prepared statement with pdo then. Iight have already done it though have a look in the php forum. Sorry but im cooking this weekend , my other favourite pastime :)

jacob1986
01-12-2016, 04:51 PM
I have solved the [invalid parameter number:] problem albeit with more luck than skill. I was missing the following information (please see below). Moreover; would it be feasible for you to - try to explain bindings with pdo??

missing a = from line 52 now reads - === 3

if(count($fields)) {
} from line 82

$value = null; line 83

public function first() {
return $this->_results[0];
} line 129

edbr
01-15-2016, 01:43 AM
ok good. sorry i was away for a couple of days , i twisted my knee chasing a snake inm y house :) sad but true :)

Bindings are an important part of prepared statements. which in turn are one of the main advantages of PDO and mysqli. They are a guard against scl injections so offer an increased security.

I seem to have drifted more to mysqli lately but the premise is the same, you supply an array of values that are used in a select either as named paramaters .

Ill follow this with a couple of examples

edbr
01-15-2016, 01:48 AM
hers a pdo select form my local server

<?php
/*** mysql username ***/
$username = 'test';
/*** mysql password ***/
$password = 'pass';
// Create connection
$conn = new PDO('mysql:host=localhost;dbname=user', $username, $password);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " );
}
$_GET['gender']="Male";
$stmt = $conn->prepare("SELECT Gender, id FROM candidates where Gender = ?");
if ($stmt->execute(array($_GET['gender']))) {
while ($row = $stmt->fetch()) {
print_r($row);
}
}

?>
you see i return values with print_r($row); as you asked about before

edbr
01-15-2016, 01:55 AM
Here is a mysqli example with comments I have only bound the where clause but more is possible


$mysqli = (mysqli_connect($hostname ,$username ,$password ,$database) ) or trigger_error(mysqli_error(),E_USER_ERROR);

if(isset($_GET['id'])) {
$search = $_GET['id'];
}
else{$search=1; }

//create a prepared statement
$query = "SELECT id,name, text1, inventory, sleeps FROM camper1 WHERE id =?";
$statement = $mysqli->prepare($query);
$statement->bind_param('s', $search);//bind parameters for markers, where (s = string, i = integer, d = double, b = blob)

$statement->execute();//execute query

//bind result variables
$statement->bind_result($id, $name,$text1, $inventory,$sleeps);
$statement->fetch();?>