[cebuy]

I am wanting to password protect a page for multiple users to edit their profile in my mysql database. I have this code but it really is just for one user and password.

PHP Code:

<?



$login = "user";

$password = "password";



function error ($error_message) {

    echo $error_message."<BR>";

    exit;

}



if ( (!isset($PHP_AUTH_USER)) || ! (($PHP_AUTH_USER == $login) && ( $PHP_AUTH_PW == "$password" )) ) {

    header("WWW-Authenticate: Basic enter=\"Secured Area\"");

    header("HTTP/1.0 401 Unauthorized");

    error("You are not authorized!");

}



?>

Ok, my question is this... How can I code this to have the username and password to be checked against each individual member of my database? Each member of the database has an auto id, and I give them the freedom to choose a password when they sign up. So in the table the data is like...

member | id | password
member2 | id2 | password2
member3 | id3 | password3

Any ideas? I Know there is probably an easy way to do this but I am new at this stuff. Thanks!

PS. No need for Fort Knox like security either. Simple is fine.

[infinitylimit]

this would work

Code:

<!-- login form -->
<form action="check.php" method="post>
Login<input type="text" name="login"><br>
Password<input type="password" name="password"><br>
<input type="submit" value="login">

PHP Code:

// check.php



$db = "your db";

$host = "yourhost"; // default is normally localhost

$uid = "login";

$pwd = "password";



//simple clean and grab

$login = mysql_escape_string($_POST['login']);

$password = mysql_escape_string($_POST['password']);



//normal connection routine

$link = mysql_connect($host,$uid,$pwd);

mysql_select_db($db);



//query db

$res = mysql_query('SELECT id WHERE login = ' .$login.' and password = '.$password);



//check if there is a match

if(mysql_num_rows($res) > 0){

        //grab the userid

        $line = mysql_fetch_array($res,MYSQL_NUM);

        //set a session for later use

        session_start();

        $_SESSION['uid'] = $line[0];

        

         // redirect them if you want

         header('location:users.php');

}

else{  // they screwed up

         echo 'Login error';

} 

any questions? I didn't run this I just typed it out quickly

[cebuy]

PRoblem trying to get this script to work.. Look at http://www.quotingloans.com/include/mcPass.php
I know I have the database info correct (for obvious reasons the login info has been changed), but I am still getting this error...

Parse error: parse error, unexpected T_STRING in /home/quoting/public_html/include/mcPass.php on line 26

PHP Code:

  <?php 

// check.php 



$db = "mydb"; 

$host = "localhost"; // default is normally localhost 

$uid = "myusername"; 

$pwd = "mypass"; 



//simple clean and grab 

$login = mysql_escape_string($_POST['login']); 

$password = mysql_escape_string($_POST['password']); 



//normal connection routine 

$link = mysql_connect($host,$uid,$pwd); 

mysql_select_db($db); 



//query db 

$res = mysql_query('SELECT id WHERE id = ' .$login.' and password = '.$password.'); 



//check if there is a match 

if(mysql_num_rows($res) > 0){ 

        //grab the userid 

        $line = mysql_fetch_array($res,MYSQL_NUM); 

        //set a session for later use 

        session_start(); 

        $_SESSION['uid'] = $line[0]; 

         

         // redirect them if you want 

         header('location:users.php'); 

} 

else{  // they screwed up 

         echo 'Login error'; 

} 

?>

[infinitylimit]

Your not familiar with programming are you?

//query db
$res = mysql_query('SELECT id WHERE id = ' .$login.' and password = '.$password.');

just need to be changed to

//query db
$res = mysql_query('SELECT id WHERE id = ' .$login.' and password = '.$password);

[cebuy]

I got the script to work somewhat but I do not see a login popup. IT only gives the scripted "login error" Here is what I have done. Any help is appreciated...

PHP Code:

<?php 

// check.php 



//normal connection routine 

$db=mysql_connect ("localhost", "user", "pass") or die ('I cannot connect to the database.');

mysql_select_db ("web_table",$db);



//simple clean and grab 

$login = mysql_escape_string($_POST['id']); 

$password = mysql_escape_string($_POST['password']); 





//query db 

$res = mysql_query("SELECT id FROM realtors WHERE id='.$login.' and password='.$password.'"); 





//check if there is a match 

if (mysql_num_rows($res)<0){ 

        //grab the userid 

        $line = mysql_fetch_array($res,MYSQL_NUM); 

        //set a session for later use 

        session_start(); 

        $_SESSION['uid'] = $line['0']; 

         

         // redirect them if you want 

         header('location:users.php'); 

} 

else{  // they screwed up 

         echo 'Login error'; 

} 

?>

[nivek]

you can go to bravenet and get a free password protected page easy.... I yous it on my site and it works good, you can also make othe people sighn up for it, so they can get there very own member page on your site. http://bravenet.com

please add your website to my site at http://linkfarm.TK

[cebuy]

Quote:

Originally Posted by infinitylimit

Your not familiar with programming are you?

//query db
$res = mysql_query('SELECT id WHERE id = ' .$login.' and password = '.$password.');

just need to be changed to

//query db
$res = mysql_query('SELECT id WHERE id = ' .$login.' and password = '.$password);

Sorry but that code just gets an error.

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/quoting/public_html/include/mcPass.php on line 18
Login error

I was under the impression that a proper mysql query requires a FROM statement aming the table as well.

[cebuy]

I rather not. Thanks anyway!

[<?Wille?>]

PHP Code:

$res = mysql_query("SELECT id FROM realtors WHERE id='$login' and password='$password'") or die(mysql_error());

# OR #

$res = mysql_query("SELECT id FROM realtors WHERE id='".$login."' and password='".$password."'") or die(mysql_error());