Login system

[Mgccl]

This is an mod... for people who uses PHPfreechat and want to have an login system...

THIS IS UNFINISHED ARTICLE... I WILL UPDATE IT WHEN I HAVE TIME(like tomorrow)

This is the main idea of a login system(and some code) for noobies to understand
first... you got to make 2 new php files...
login.php
check.php
login.php have a form, which have a place to put username and password and POST to check.php..

You must first make a database for phpfree chat...

session making

Code: Select all

<?php
session_start();
$_SESSION['username'] = $_POST['username']
$_SESSION['password'] = $_POST['password']
?>

SQL connect
if you understand PHP you know you have to change some of this part to suit your need

Code: Select all

<?php
$sql = mysql_connect("localhost", "mysqluser", "mysqlpass") or die(mysql_error());
mysql_select_db("phpfreechat") or die(mysql_error());
?>

SQL Query

Code: Select all

<?php
$query = "SELECT pass " .
"FROM user " .
"WHERE name='$_SESSION['username']"
mysql_select_db("phpfreechat") or die(mysql_error());

$result = mysql_query($query) or die (mysql_error());

$read = mysql_fetch_array($result);
extract ($read);

if $pass=$_SESSION['password']
{
"echo <a href=chat.php>click here to continual</a>";
}
else
{echo "Wrong password";
}
?>

Let the chat.php must recive $_SESSION['username'], or it will just not work(I will post it up later)

ok.. that's the 1st php code I have ever used involved Mysql

[Munk]

some things:

you shouldn't set the session vars until you've validated the username/password combination, else someone could set those via POST and then just manually go to chat.php and be logged in. At least you should unset $_SESSION if the passwords don't match.

your query:
$query = "SELECT pass " .
"FROM user " .
"WHERE name='$_SESSION['username']"

should be:
$query = "SELECT pass " .
"FROM user " .
"WHERE name='$_SESSION['username']'";

(note additional single-quote and semicolon. what you have should parse error.)

[Mgccl]

good.... you currected some of my errors...
I'm just an amature PHPer so I might make lots of mistakes

[Tribalx]

A couple of things:

Code: Select all

<?php
session_start();
$_SESSION['username'] = $_POST['username']
$_SESSION['password'] = $_POST['password']
?>

Should be:

Code: Select all

<?php
session_start();
$_SESSION['username'] = addslashes($_POST['username']);
$_SESSION['password'] = addslashes($_POST['password']);
// you dont want any sql injections so you should add slashes in your globals (this is needed at all global (POST,GET,SESSION etc)

// you also need to crypt(md5/sha1/crypt etc) your pass becaus you DONT want to see peoples password! (security issue)
?>

Code: Select all

<?php
$query = "SELECT pass " .
"FROM user " .
"WHERE name='$_SESSION['username']"
mysql_select_db("phpfreechat") or die(mysql_error());

$result = mysql_query($query) or die (mysql_error());

$read = mysql_fetch_array($result);
extract ($read);

if $pass=$_SESSION['password']
{
"echo <a href=chat.php>click here to continual</a>";
}
else
{echo "Wrong password";
}
?>

Should be:

Code: Select all

<?php
mysql_select_db("phpfreechat");
$query = mysql_query("SELECT * FROM user WHERE name='".$_SESSION['username']."' AND pass = '".$_SESSION['password']."' ) or die(mysql_error());
$read = mysql_num_rows($query); // a less complicated query wich saves some time

if ($read == 1) // check if query has a match and contineu
{
echo '<a href=chat.php>click here to continual</a>';
}
else // else unset the session, and send them back to the login page
{
echo "Wrong password";
$_SESSION['username'] = '';
$_SESSION['password'] = '';
header ("Location: login.php");
exit;
}
?>

comments are in the modified codes.

[serge_]

Hello!!!

I've tried to implement this one, but the chat always took the first login "guest.." and dont change it when i pass the new parameter,

i've used

$params["nick"] = $username;
$params["nick"] = "$username";
$params["nick"] = "$_SESSION('username')";
$params["nick"] = $_SESSION('username');

i've tried to pass

a href=chat.php?username.....

but none works.. please help me!!!

[gamary]

Je ne comprend pas grand chose a l'installation ce système de login...
Est ce que quelqu'un pourrai m'expliquer plus en détail ?