Jump to content
php.lv forumi

Ķibele ar manu "login" sistēmu... :(


daGrevis

Recommended Posts

Labdien! PHP un MySQL tikai mācos, tapēc noteikti tur ir pilns ar kļūdām un citām sliktām lietām, bet vēlējos tomēr novērst šo ķibeli... :) Viss ar piereģistrēšanos strādā, bet ielogošanās gan nē... Par to atbild fails "take_login.php"... Kas tur par vainu? P.S. Tas nav mans kods, atradu kautkur netā, un centos pielabot...

 

SQL

CREATE TABLE `users` (
 `id` int(25) NOT NULL auto_increment,
 `nick` varchar(25) NOT NULL default '',
 `pass` varchar(255) NOT NULL default '',
 `email` varchar(255) NOT NULL default '',
 PRIMARY KEY (id),
 UNIQUE KEY nick (nick)
) TYPE=MyISAM;

 

signup.php

<?php

require "includes/core.php";

stdhead("Reģistrācija");

?>

<form name="login" method="post" action="take_signup.php">
<table border="0" width="225" align="center">
   <tr>
       <td width="219" bgcolor="#999999">
           <p align="center"><font color="white"><span style="font-size:12pt;"><b>Registration</b></span></font></p>
       </td>
   </tr>
   <tr>
       <td width="219">
           <table border="0" width="282" align="center">
                   <tr>
                       <td width="116"><span style="font-size:10pt;">Email:</span></td>
                       <td width="156"><input type="text" name="email" maxlength="100"></td>
                   </tr>
               <tr>
                   <td width="116"><span style="font-size:10pt;">Username:</span></td>
                   <td width="156"><input type="text" name="nick"></td>
               </tr>
               <tr>
                   <td width="116"><span style="font-size:10pt;">Password:</span></td>
                   <td width="156"><input type="password" name="pass"></td>
               </tr>
               <tr>
                   <td width="116"> </td>
                       <td width="156">
                           <p align="right"><input type="submit" name="submit" value="Submit"></p>
                       </td>
               </tr>
           </table>
       </td>
   </tr>
   <tr>
       <td width="219" bgcolor="#999999"> </td>
   </tr>
</table>
</form>

<?php

stdfoot();

?>

 

take_signup.php

<?php

$dbhost = "localhost";
$dbname = "mysource";
$dbuser = "root";
$dbpass = "";

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Nevarēja piekonektēties: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

$email = $_POST['email'];    
$nick = $_POST['nick'];
$pass = $_POST['pass'];

$checkuser = mysql_query("SELECT nick FROM users WHERE nick='$nick'");

$nick_exist = mysql_num_rows($checkuser);

if($nick_exist > 0){
   echo "Piedod, bet lietotājvārds, kuru tu izvēlējies jau ir lietošanā. Izvēlies citu!";
   unset($nick);
   include 'register.html';
   exit();
}

$query = "INSERT INTO users (email, nick, pass)
VALUES('$email', '$nick', '$pass')";
mysql_query($query) or die(mysql_error());
mysql_close();

echo "Tu esi veiksmīgi reģistrējies!";

?>

 

login.php

<?php

require "includes/core.php";

stdhead("Ielogošanās");

?>

<form name="login" method="post" action="take_login.php">
<table border="0" width="225" align="center">
<tr>
<td width="219" bgcolor="#999999">
<p align="center"><font color="white"><span style="font-size:12pt;"><b>Login</b></span></font></p>
</td>
</tr>
<tr>
<td width="219">
<table border="0" width="220" align="center">
<tr>
<td width="71"><span style="font-size:10pt;">Nick:</span></td>
<td width="139"><input type="text" name="nick"></td>
</tr>
<tr>
<td width="71"><span style="font-size:10pt;">Pass:</span></td>
<td width="139"><input type="password" name="pass"></td>
</tr>
<tr>
<td width="71"> </td>
<td width="139"><p align="right"><input type="submit" name="submit" value="Submit"></p></td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="219" bgcolor="#999999"><font color="white">Not Registered? </font><a href="signup.php" target="_self"><font color="white">Register</font></a><font color="white"> </font><b><i><font color="white">Now!</font></i></b></td>
</tr>
</table>
</form>

<?php

stdfoot();

?>

 

take_login.php

<?php

$dbhost = "localhost";
$dbname = "mysource";
$dbuser = "root";
$dbpass = "";

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Nevarēja piekonektēties: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

session_start();
$nick = $_POST['nick'];
$pass = md5($_POST['pass']);

$query = "select * from users where nick='$nick' and pass='$pass'";

$result = mysql_query($query);

if (mysql_num_rows($result) != 1) {
 echo "Nepareiza info!";
}
else {
 $_SESSION['nick'] = "$nick";
 include "index.php";
}

?>

 

Lūdzu izskaidrojiet man... :)

Link to comment
Share on other sites

Jā.

 

Piemēram signup.php

 

<?php

require "includes/core.php";

stdhead("Reģistrācija");


if (isset($_GET['d']) and $_GET['d'] == "ok")
{

$dbhost = "localhost";
$dbname = "mysource";
$dbuser = "root";
$dbpass = "";

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Nevarēja piekonektēties: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

$email = $_POST['email'];
$nick = $_POST['nick'];
$pass = $_POST['pass'];

$checkuser = mysql_query("SELECT nick FROM users WHERE nick='$nick'");

$nick_exist = mysql_num_rows($checkuser);

if($nick_exist > 0){
echo "Piedod, bet lietotājvārds, kuru tu izvēlējies jau ir lietošanā. Izvēlies citu!";
unset($nick);
include 'register.html';
exit();
}

$query = "INSERT INTO users (email, nick, pass)
VALUES('$email', '$nick', '$pass')";
mysql_query($query) or die(mysql_error());
mysql_close();

echo "Tu esi veiksmīgi reģistrējies!";

}



?>

<form name="login" method="post" action="signup.php?d=ok">
<table border="0" width="225" align="center">
<tr>
<td width="219" bgcolor="#999999">
<p align="center"><font color="white"><span style="font-size:12pt;"><b>Registration</b></span></font></p>
</td>
</tr>
<tr>
<td width="219">
<table border="0" width="282" align="center">
<tr>
<td width="116"><span style="font-size:10pt;">Email:</span></td>
<td width="156"><input type="text" name="email" maxlength="100"></td>
</tr>
<tr>
<td width="116"><span style="font-size:10pt;">Username:</span></td>
<td width="156"><input type="text" name="nick"></td>
</tr>
<tr>
<td width="116"><span style="font-size:10pt;">Password:</span></td>
<td width="156"><input type="password" name="pass"></td>
</tr>
<tr>
<td width="116"> </td>
<td width="156">
<p align="right"><input type="submit" name="submit" value="Submit"></p>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="219" bgcolor="#999999"> </td>
</tr>
</table>
</form>

<?php

stdfoot();

?>

 

Šķiet, ka pareizi uzrakstīju.

Link to comment
Share on other sites

Divi jautājumiņi...

 

P.S. zekils, tavs kods strādāja - paldies... :)

 

1) Ko es failā login.php uzrakstīju nepareizi, ka man met arā "erroru", lai gan viss pārējais strādā... ;)

 

login.php

<?php

require "includes/core.php";

stdhead("Ielogošanās");

if (isset($_GET['d']) and $_GET['d'] == "ok")
{

$dbhost = "localhost";
$dbname = "mysource";
$dbuser = "root";
$dbpass = "";

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Nevarēja piekonektēties: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

session_start();
$nick = $_POST['nick'];
$pass = md5($_POST['pass']);

$query = "select * from users where nick='$nick' and pass='$pass'";

$result = mysql_query($query);

if (mysql_num_rows($result) != 1) {
 echo "Nepareiza info!";
}
else {
 $_SESSION['nick'] = "$nick";
 echo "Veiksmīgi!";
}

}

?>

<form name="login" method="post" action="login.php?d=ok">
<table border="0" width="225" align="center">
<tr>
<td width="219" bgcolor="#999999">
<p align="center"><font color="white"><span style="font-size:12pt;"><b>Login</b></span></font></p>
</td>
</tr>
<tr>
<td width="219">
<table border="0" width="220" align="center">
<tr>
<td width="71"><span style="font-size:10pt;">Nick:</span></td>
<td width="139"><input type="text" name="nick"></td>
</tr>
<tr>
<td width="71"><span style="font-size:10pt;">Pass:</span></td>
<td width="139"><input type="password" name="pass"></td>
</tr>
<tr>
<td width="71"> </td>
<td width="139"><p align="right"><input type="submit" name="submit" value="Submit"></p></td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="219" bgcolor="#999999"><font color="white">Not Registered? </font><a href="signup.php" target="_self"><font color="white">Register</font></a><font color="white"> </font><b><i><font color="white">Now!</font></i></b></td>
</tr>
</table>
</form>

<?php

stdfoot();

?>

 

Met ārā šo...

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at D:\xampp\htdocs\includes\core.php:59) in D:\xampp\htdocs\login.php on line 18

 

core.php - 59 line...

<title><?php echo $title; ?></title>

 

2) Vai varu darīt šādi, un vai tas nekaitēs drošībai?

 

Tajās vietās kur ir dati par savienošanos ar db, izdarīt šādi...

 

require "includes/secrets.php"

 

P.S. Man inludes mapei ir htaccess, ka nevar tā pat piekļūt... ;)

Link to comment
Share on other sites

×
×
  • Create New...