Login Pomoc!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Potreban mi je na sajtu login msm ja radim sajt nekom liku ali ne znam da uradim da se mogu registrovat i ulogovat :S ! Kako to da napravim?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ova tema treba da ide u php ali nema veze kada moderatori ne rade svoj posao.



mysql_connect("localhost", "root", "password") or die(mysql_error()); ovo su postavke u localhostu
mysql_select_db("new") or die(mysql_error());

localhost - ime vaseg hosta
root - vas username
password - vas password
new - ime vase baze



add.php
<?php // Connects to your Database mysql_connect("localhost", "root", "") or die(mysql_error()); mysql_select_db("new") or die(mysql_error()); //This code runs if the form has been submitted if (isset($_POST['submit'])) { //This makes sure they did not leave any fields blank if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) { die('You did not complete all of the required fields'); } // checks if the username is in use if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { die('Sorry, the username '.$_POST['username'].' is already in use.'); } // this makes sure both passwords entered match if ($_POST['pass'] != $_POST['pass2']) { die('Your passwords did not match. '); } // here we encrypt the password and add slashes if needed $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['username'] = addslashes($_POST['username']); } // now we insert it into the database $insert = "INSERT INTO users (username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')"; $add_member = mysql_query($insert); ?> <h1>Registered</h1> <p>Thank you, you have registered - you may now login</a>.</p> <?php } else { ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table border="0"> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="60"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="10"> </td></tr> <tr><td>Confirm Password:</td><td> <input type="password" name="pass2" maxlength="10"> </td></tr> <tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table> </form> <?php } ?>


login.php
<?php // Connects to your Database mysql_connect("localhost", "root", "") or die(mysql_error()); mysql_select_db("new") or die(mysql_error()); //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: members.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: members.php"); } } } else { // if they are not logged in ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?>

members.php
<?php // Connects to your Database mysql_connect("localhost", "root", "") or die(mysql_error()); mysql_select_db("new") or die(mysql_error()); //checks cookies to make sure they are logged in if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { //if the cookie has the wrong password, they are taken to the login page if ($pass != $info['password']) { header("Location: login.php"); } //otherwise they are shown the admin area else { echo "Admin Area<p>"; echo "Your Content<p>"; echo "<a href=logout.php>Logout</a>"; } } } else //if the cookie does not exist, they are taken to the login screen { header("Location: login.php"); } ?>

logout.php
<?php $past = time() - 100; //this makes the time in the past to destroy the cookie setcookie(ID_my_site, gone, $past); setcookie(Key_my_site, gone, $past); header("Location: login.php"); ?>

Za ovo ti treba baza podataka.
Inace ove stvari mozes naci svuda na netu.
PozzZzzZZZzzZzzz

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

[quote="Kole888"]Ova tema treba da ide u php ali nema veze kada moderatori ne rade svoj posao.


E brate sve je ovo OK samo gdje da ja ovo ubacim u INDEX???

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 02 Mar 2010 22:49

lol, ovo je dobro

Dopuna: 02 Mar 2010 23:06

Dobra je ovo forma, samo ne znam sta ti znaci ovaj deo sa mailom kad njega ne unosis u bazu preko forme u bazu koju si napravio.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ovaj kod ima na 2 mesta:
//Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
ne zaboravite da korisnici mogu da edituju svoje cookie-je i time moze doci do sql injection napada.
preporucio bih koriscenje sesija a ne cookie-ja, ili bar filtriranje sadrzaja cookie-ja:
$username = mysql_real_escape_string($_COOKIE['ID_my_site']);

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

A men jos uvek zanima ovo za mail

Jos me zanima prilikom koriscenja ove funkcije "mysql_real_escape_string" prilikom upisa u bazu, evo recimo ovde, kako bi to izgledalo sintaksno?Jel moze da se napise ovako?Kladim se da sam nesto uprskao sa ovim " ' )

$insert = "INSERT INTO users (username, password) VALUES (mysql_real_escape_string('".$_POST['username']."'), mysql_real_escape_string('".$_POST['pass']."'))"; $add_member = mysql_query($insert);

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ti mozes dodati i polje za mail u bazu ako ga nema

A ovo drugo... mozes napisati recimo ovako
$insert = "INSERT INTO users (username, password) VALUES (".mysql_real_escape_string($_POST['username']).", ".mysql_real_escape_string($_POST['pass']).")"; $add_member = mysql_query($insert);

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne bi da se mesam ali bih samo da napomenem da pogledate milosev odgovor...

Citat:ne zaboravite da korisnici mogu da edituju svoje cookie-je i time moze doci do sql injection napada.
preporucio bih koriscenje sesija a ne cookie-ja, ili bar filtriranje sadrzaja cookie-ja:

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Aha hvala na odgovoru.Ja sam recimo uradio ovo i uspeo sam da upisem u bazu sifru koja je kriptovana.

$username=$_POST['username']; $password=$_POST['password']; $username=mysql_real_escape_string($username); $password=mysql_real_escape_string($password); $insert = "INSERT INTO users (username, password) VALUES ('".$username."', '".$password."')"; $add_member = mysql_query($insert);

Medjutim mislim da ovo nije dobro resenje posto posle md5 enkripcije ja opet uzimam username i pass iz forme!? !Ako moze neko da prokomentarise ovo.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Citat:Medjutim mislim da ovo nije dobro resenje posto posle md5 enkripcije ja opet uzimam username i pass iz forme!

Cekaj pojasni malo ovo???