Jump to content
php.lv forumi

Recommended Posts

Posted

Šeit ir reģistrēšanās un ielogošanās sistēma, kurā ir daži "bugiņi", kā piemēram, ka nevar ielogoties [ :D ], un prasu jums, kā to varētu izlabot... Ceru, ka palīdzēsiet, jo viens pats to nevaru, jo ar PHP neesmu tik lielos draugos [ pagaidām ], tap\ec prasu jums... :) Kļūda ir tāda, ka ieejot /login.php, un savadot savus datus, izmet šādu kļūdu - There was an error: , please try again. !

 

MySQL ieraksts

CREATE TABLE `users` (
 `id` INT( 5 ) NOT NULL AUTO_INCREMENT,
 `username` VARCHAR( 20 ) NOT NULL,
 `password` VARCHAR( 32 ) NOT NULL,
 PRIMARY KEY ( `id` )
) TYPE=MyISAM;

 

/functions.php

<?php

function user_register($username, $password)
{
    // Now encrypt the password, using md5;
    $encrypted = md5($password);

    // Store the information in the database;
    $query = "INSERT INTO users (username, password) VALUES ('$username', '$encrypted')";
    mysql_query ($query) or die ('Could not create user!');
}

function user_login($username, $password)
{
    // Try and get the user using the username & encrypted pass
    $query = "SELECT id, username FROM users WHERE username='$username' and password='$password'";
    $result = mysql_query($query);
    $user = mysql_fetch_array($result);
    $numrows = mysql_num_rows($result);

    // Now encrypt the data to be stored in the session
    $encrypted_id = md5($user['id']);
    $encrypted_name = md5($user['username']);

    // Store the data in the session
    $_SESSION['id'] = $id;
    $_SESSION['username'] = $username;
    $_SESSION['encrypted_id'] = $encrypted_id;
    $_SESSION['encrypted_name'] = $encrypted_name;

   if ($numrows == 1)
   {
       return 'Correct';
   }
   else
   {
       return false;
   }
}

function user_logout()
{
    // End the session and unset all vars
    session_unset ();
    session_destroy ();
}

function is_authed()
{
    // Check if the encrypted username is the same
    // as the unencrypted one, if it is, it hasn't been changed
    if (isset($_SESSION['username']) && (md5($_SESSION['username']) == $_SESSION['encrypted_name']))
    {
         return true;
    }
    else
    {
         return false;
    }
}

?>

 

/init.php

<?php

// Start the session
session_start();

// MySQL Settings
$db_host = 'localhost';
$db_user = 'root';
$db_pass = '';
$db_database = 'db';

// Connect to the database
mysql_connect ($db_host, $db_user, $db_pass) or die ('Could not connect to the database.');
mysql_selectdb ($db_database) or die ('Could not select database.');

// Seed the random number generator
srand();

// Include functions
include 'functions.php';

?>

 

/register.php

<?php

// Include init file
include 'init.php';

if (!isset($_POST['submit']))
{
    // Show the form
    include 'register_form.inc.php';
    exit;
}
else
{
    // Check if any of the fields are missing
    if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['confirmpass']))
    {
         // Reshow the form with an error
         $reg_error = 'One or more fields missing';
         include 'register_form.inc.php';
         exit;
    }

    // Check if the passwords match
    if ($_POST['password'] != $_POST['confirmpass'])
    {
         // Reshow the form with an error
         $reg_error = 'Your passwords do not match';
         include 'register_form.inc.php';
         exit;
    }

    // Everything is ok, register
    user_register ($_POST['username'], md5($_POST['password']));

    echo 'Thank you for registering on our site, <a href="index.php">click here</a> to go back.';

}

?>

 

/register_form.inc.php

<?php if (isset($reg_error)) { ?>
There was an error: <?php echo $reg_error; ?>, please try again.
<?php } ?>
<form action="register.php" method="post">

<b>Username:</b> <input type="text" size="20" maxlength="20" name="username"
<?php if (isset($_POST['username'])) { ?> value="<?php echo $_POST['username']; ?>" <?php } ?>/><br />

<b>Password:</b> <input type="password" size="20" maxlength="10" name="password" /><br />

<b>Confirm Password:</b> <input type="password" size="20" maxlength="10" name="confirmpass" /><br />

<input type="submit" name="submit" value="Register!" />
</form>

 

/login.php

<?php

// Include init file
include 'init.php';

if (!isset($_POST['submit']))
{
    // Show the form
    include 'login_form.inc.php';
    exit;
}
else
{
    // Try and login with the given username & pass
    $result = user_login($_POST['username'], $_POST['password']);

    if ($result != 'Correct')
    {
         // Reshow the form with the error
         $login_error = $result;
         include 'login_form.inc.php';
    }
    else
    {
         echo 'Thank you for logging in, <a href="index.php">click here</a> to go back.';
    }
}

?>

 

/login_form.inc.php

<?php if (isset($reg_error)) { ?>
There was an error: <?php echo $reg_error; ?>, please try again.
<?php } ?>
<form action="register.php" method="post">

<b>Username:</b> <input type="text" size="20" maxlength="20" name="username"
<?php if (isset($_POST['username'])) { ?> value="<?php echo $_POST['username']; ?>" <?php } ?>/><br />

<b>Password:</b> <input type="password" size="20" maxlength="10" name="password" /><br />

<b>Confirm Password:</b> <input type="password" size="20" maxlength="10" name="confirmpass" /><br />

<input type="submit" name="submit" value="Register!" />
</form>

 

/index.php

<?php

include 'init.php';

if (!is_authed())
{
    die ('You are not permitted to view this page!');
}

?>

All works!

 

Ceru, ka palīdzēsiet... ;)

  • 3 weeks later...
Posted

Problēma ir tajā, ka no login.php tiek izsaukts:

$result = user_login($_POST['username'], $_POST['password']);

bet DB tiek glabāts md5 no paroles, tādēļ vajadzētu sākt ar šo:

$result = user_login($_POST['username'], md5($_POST['password']));

  • 7 months later...
×
×
  • Create New...