User Name and Password on my web page

Started by jalexduran, December 16, 2011, 05:19:50 AM


I like to add the user name and password on the index1.html page but is not working
I upload all script files to
and the regular html page to login is on:

what's the line codes to make it work ?

Thank you
J Alex


//first you'll need to create the mysql database

//make a file called dblogin
//your dblogin.php file should look like this:
//change the parameters to match your mysql authentication parameters.

//the following will make your mysql database.
//dblogin contains the mySQL login parameters.
require 'dblogin.php';
//variable to pass to functions for authentication with mysql
$db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or
   die ('Unable to connect. Check your connection parameters.');

require 'dblogin.php';

$query = 'CREATE DATABASE IF NOT EXISTS database';

mysql_query($query, $db) or die(mysql_error($db));

mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db));

//creating the usergroups table
$query = 'CREATE TABLE IF NOT EXISTS permission_levels
   permission_level      TINYINT      UNSIGNED   NOT NULL,
   access_name      VARCHAR(50)   NOT NULL,
   PRIMARY KEY (permission_level)
mysql_query($query, $db) or die(mysql_error($db));

//defining the usergroups
$query = 'INSERT IGNORE INTO permission_levels
      (permission_level, access_name)
      (1, "Administrator"),
      (2, "User")';
mysql_query($query, $db) or die(mysql_error($db));

//create the user table
$query = 'CREATE TABLE IF NOT EXISTS clients
   id                   INTEGER   UNSIGNED   NOT NULL   AUTO_INCREMENT      UNIQUE,
   email               VARCHAR(100)      NOT NULL   UNIQUE,
   username            VARCHAR(50)         NOT NULL   UNIQUE,
   password            CHAR(41)         NOT NULL,
   name               VARCHAR(100)      NOT NULL,
   permission_level      TINYINT UNSIGNED   NOT NULL   DEFAULT 2,
   date_joined            DATETIME         NOT NULL,
   last_login            DATETIME,
mysql_query($query, $db) or die(mysql_error($db));

//populate it with an admin
$query = 'INSERT IGNORE INTO clients
      (id, name, email, username, password, permission_level, date_joined, last_login)
      (1, "admin", "", "admin_name", PASSWORD("password"), 1, "' . date('Y-m-d H:i:s') . '", NULL)';

mysql_query($query, $db) or die(mysql_error($db));

   <title>DATABASE CREATED</title>
<h1>Administrator Alert</h1>
<p>The database has been created and the following tables have been populated: </p>
<p><a href="index.php">Go home?</a></p>


//once your table is ready, heres the meat and potatoes of your login box:

//get the mysql authentication information and select the table

require 'dblogin.php';
$db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or
   die ('Unable to connect. Check your connection parameters.');

mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db));

//strip everything down. spaces, etc.  make sure that any scripts contained in the field are passified so that users dont try to mess with your script.
$username = (isset($_POST['username'])) ? $_POST['username'] : '';
$password = (isset($_POST['password'])) ? $_POST['password'] : '';

$username = stripslashes($username);
$password = stripslashes($password);

$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

//incase you want to repopulate your username textbox with the username if someone logs out.
$tmpname = (isset($_SESSION['tmpname'])) ? $_SESSION['tmpname'] : '';
$tracker = 0;

//if the submit button is pushed, begin the following.  this is long.
if (isset($_POST['submit']))
   $tracker = 1;
   $tmpname = $username;
   $query = 'SELECT
               id, permission_level, name, last_login
               username = "' . $username . '" AND
               password = PASSWORD("' . $password . '")';
   $result = mysql_query($query, $db) or die(mysql_error($db));
   if($row = mysql_fetch_array($result))
      $_SESSION['user_id'] = $row['id'];
      $_SESSION['permission_level'] = $row['permission_level'];
      $_SESSION['name'] = $row['name'];
      $_SESSION['last_login'] = $row['last_login'];   
         $query =
            'UPDATE clients SET
               last_login = "' . date('Y-m-d H:i:s') . '"
               id = ' . $row['id'];      
      mysql_query($query, $db) or die (mysql_error($db));

   if (isset($_SESSION['name']))
      echo '<div id = "userset"><table cellspacing = "20px"><tr>';
      echo '<td>Welcome, ' . $_SESSION['name'] ;
      echo '</td><td>';
      echo '<a href = "logout.php">';
      echo "Log out " . $_SESSION['name'] . "</a>";
      if($_SESSION['permission_level'] == 1)
         echo ' | <a href = "admin.php">Admin</a>';
      echo ' | <a href = "profile.php">Profile</a>';
      echo '</td>';
   <form action = "search.php" method = "get">
         <td><input type = "text" id = "search" name = "keywords"  /></td>
         <td><input type = "submit" value = "search" /></td></tr>

      date_default_timezone_set ('America/Chicago');
      echo '<tr>';
      echo '<td></td><td>';
      echo date('F j');
      echo ', ';
      echo date('Y');
      echo '&nbsp;&nbsp;';
      echo date ('H:i');
      echo '</td></tr></table></div>';
    <form action = "homepage.php" method = "post">
    <table id = "loginbox" cellspacing = "20px">
      <th style = "color: #8af;">Please Log In</th>
      <input type = "text" id = "user" name = "username" maxlength = "20" size = "20" value = "<?php echo $tmpname; ?>" /></th>
      <input type = "password" id = "pass" name = "password" maxlength = "20" size = "20" /></th>
      <th><input type="submit" name = "submit" value = "" /></th>
      <th style = "color: #8af;">Or &nbsp;<a href = "register.php" title = "register">Register</a></th>
      <td colspan = "7" ><a href="forgot_password.php">Forgot your password?</a></td>
      <tr><td colspan = "7">
         if ($tracker == 1)
            echo 'You have enterened an invalid username and password combination.';
         echo '</td></tr><tr><td colspan = "7">';
         if ($tracker == 1)
            echo 'Please try again.';
         echo '</td></tr>';

<?php } ?>

//now for the sake of clearity, this file is suppose to be named "Homepage.php".  the input tables are designed to submit this information to this exact same page with updated parameters.