12 replies to this topic

[wilkesy]

hey guys, i writing a script, to check if there is any data supplied in the database.

so ive went with this

<?php 

- Connect to database -

then ive added this line,

if(username=="")
{
include('userinput.php');
}

?>

now if there is no data in the username field, will it detect that, or do i need to but some quotes around the username part??

Thanks!

[Jaymz]

This

if (!isset($username)) { /*Do whatever if no username set */ }
elseif (isset($username)) { /* Do whatever if username is set */ }

Would work

[wilkesy]

so that will check from my database!?

[Jaymz]

I don't fully understand what you need, and my php is basic, so I'll leave this for rc69

[wilkesy]

lol! ill explain myself...

even if your wrong, its still some useful php to know thanks!

wat i want to do, is check a field in my database to makesure it contains a value, if it doesnt, it will display the input page, which will allow the user to input a value.

this will only be used when the files are 1st opened, as you wont beable to go any further without inputting a username....

[softLearner]

So something like this:

<?php
session_start();
include 'dbconnection.php'; // include your database file that connects and selects teh database to use.

if(isset($_POST['submit']) && $_POST['user'] != "" && $_POST['pass'] != "")
	{
  $username =  htmlentities(trim($_POST['user']), ENT_QUOTES); // Puts any HTML entities into their ascii value ie: < become &lt; and also put any quootes in to ascii value too. Search for these functions at php.net. Also the trim just removes any spaces that is at the start and end of the string.

  $password = md5($_POST['pass']);
  
  $users = "SELECT username, password FROM usrrs WHERE username='$username' AND password='$password' AND admin='Y'";
  $get_users = mysql_query($users, $con); // $con is the variable for your database connection.
  
  if(mysql_num_rows($get_users) == 1)
  {
 	 $_SESSION['username'] = $username;
 	 $_SESSION['logged_in'] = 1;
 	 header("Location: admin.php"); // change admin.php to the actuall page you want the user to be sent to.
  }
  else
  {
 	 $error = "<span style=\"color: red\";>Login information invalid!</span><br/>";
  }
	}
?>

Okay, so the above script checks wheather the buttton named submit has been passed and checks wheather the username and password arn't blank, else it'll activate the error.

Now it'll put the $_POST variables in to suitable variables to deal with. Next we prepare the MySQL query ready. The query is straight forward, It selects the username and password fields form the users table and checks whether the username and password submited matches aswell as the user is an Admin, which the value has to be Y.

Next we create another variable for the actully MySQL query to get the users. If there is a match with the username and password and is equal to 1 one, meaning one positive match. So if we do have one positive matych then we'll set up our sessions, which is username and is_logged. AN then send the user the admin section.

Now if the username isn't equal to one, either MySQL found now results or more results it'll through the error message.

I hope you got that.

Now the form:

<form actiom="<?=$_SERVER['PHP_SELF'];?>" method="post">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
  <tr>
    <div style="padding:5px 0px 10px 0px;">
      <?php if(isset($error)) echo $error; ?> <!-- Checks wether the variable $error has been set, otherwise it wont display. -->
      Please login to access the AdminCP</div>
  </tr>
  <tr style="height:25px">
    <td width="33%" align="right" valign="middle">Username: &nbsp; </td>
    <td width="67%" align="left">
      <input name="user" type="text" size="25" maxlength="30" />
    </td>
  </tr>
  <tr style="height:25px">
    <td align="right" valign="middle">Password: &nbsp; </td>
    <td align="left">
      <input name="pass" type="password" size="25" maxlength="30" />
    </td>
  </tr>
  <tr style="height:25px" align="left">
    <td>&nbsp;</td>
    <td>
      <input type="submit" name="submit" value="Login" class="submit" />
    </td>
  </tr>
</table>
</form>

The form code is pretty starte forward and self explanitary. Remeber the PHP script has checks whether the submit button has been submitteed, notice it has a name as submit and a value is what is set for the login precess to be triggered.

NOTE: The above script is for an actuall project I am doing now. SO you're lucky! You may have to change the MySQL query to suit your needs, aswell as the form.

Also yes this script is for logging into an Administration Page.

Also on every page you want protected apply this code:

<?php
	session_start();
	if(!isset($_SESSION['logged_in']) || isset($_SESSION['logged_in']) != 1)
	{
                session_destroy();
  header("Location: ./index.php");
  exit;
	}
	
	if(isset($_GET['logout']) == 1)
	{
  session_destroy();
  header("Location: ./index.php");
	}
?>

Basically this checks whether the session logged_in is still set and is set to one else it'll destroy the session and send them back to the index page which has the lolgin form on the page. Also this code:

if(isset($_GET['logout']) == 1)
	{
  session_destroy();
  header("Location: ./index.php");
	}

Chekcs whether the variable logged out is true, which do by using this HTML code:

<a href="?logout=1">Logout</a>

Okay I hope you understand what this script does and how to check if values are set etc.

Also if ou don't knwo what some of the functions in the code do hop over to php.net to check them out.

Edited by softLearner, 27 July 2005 - 04:51 AM.

[wilkesy]

thanks dude! very thorough! ill hav 2 get my self to PHP.net to check out some of the functions like you said, but im slowly but surely starting to understand this php stuff!

[softLearner]

ha! Thats alright man! I feel genrous today, dunno why thou!

[wilkesy]

lol! ill let u no if i have anymore problems then

[rc69]

Jaymz, on Jul 26 2005, 04:44 PM, said:

I don't fully understand what you need, and my php is basic, so I'll leave this for rc69

Bah, php's not that hard

p.s. for future reference, you may want to look at This
From the sounds of things, it may help you just a little bit (hopefully).

Quote

ill hav 2 get my self to PHP.net to check out some of the functions...

At least you're already starting to learn

[adam123]

rc69, on Jul 27 2005, 09:52 PM, said:

p.s. for future reference, you may want to look at This
From the sounds of things, it may help you just a little bit

hmm, a bit of site plugging there rc69

[dEcade]

Try this

<?php
require ('YOUR PAGE THAT CONNECTS TO DATABASE.php');
$sql =  mysql_query("SELECT TABLE NAME FROM accounts ");
$check = mysql_num_rows($sql);
if($check > 0)
{
echo 'No Rows';
}
else
{
echo 'there are rows';
}
?>

Hope that helped.

dEcade

Edited by dEcade, 27 July 2005 - 08:45 PM.

[rc69]

adam123, on Jul 27 2005, 02:23 PM, said:

rc69, on Jul 27 2005, 09:52 PM, said:

p.s. for future reference, you may want to look at This
From the sounds of things, it may help you just a little bit

hmm, a bit of site plugging there rc69

No, no, the site plugging is in my sig. That's just a useful link that i "stumbled" upon

p.s.DEcade, you do know that the problem was solved right?