/    Sign up×
Community /Pin to ProfileBookmark

Extending my login

Copy linkTweet thisAlerts:
May 10.2010

I have a login script that is great and I want to expand on this but not sure where to place my new code I have written, I have placed it where I thought but keep getting errors for else and others when attempting to add this.

The code I am adding is not complete and will change, but I want to learn where I should be placing this within this code, it will stand me in good stead learning this as well. I thought by placing it after the if ($num_rows > 0) { section and it would perform the else request and execute my new code, but I get syntax and } kind of errors.

[code=php]
<?php
// Include the connections script to make a database connection.
include(“inc/connect.php”);

$username = “”;
$password = “”;
$errorMessage = “”;

function quote_smart($value, $handle) {

if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}

if (!is_numeric($value)) {
$value = “‘” . mysql_real_escape_string($value, $handle) . “‘”;
}
return $value;
}

if ($_SERVER[‘REQUEST_METHOD’] == ‘POST’){
$username = $_POST[‘username’];
$password = $_POST[‘password’];

$username = htmlspecialchars($username);
$password = htmlspecialchars($password);

$db_found = mysql_select_db($db, $connection);

if ($db_found) {

$username = quote_smart($username, $connection);
$password = quote_smart($password, $connection);

$SQL = “SELECT * FROM taablea WHERE username = $username AND password = ‘”.md5($_POST[‘password’]).”‘”;
$result = mysql_query($SQL);
$num_rows = mysql_num_rows($result);

if ($result) {
if ($num_rows > 0) {
session_start();
$_SESSION[‘username’] = “$_POST[username]”;
header (“Location: index.html”);
}

else {
$errorMessage = “Please check your username and/or password is correct”;
}
}
else {
$errorMessage = “Please check your username and/or password is correct”;
}

mysql_close($connection);

}

else {
$errorMessage = “Please check your username and/or password is correct”;
}

}
?>
[/code]

This is my additional code that I am trying to get working so I can write it better.

[code=php]

/* New Block*/

else {
session_start();
$_SESSION[‘attempts’] = “+1”;

# setup SQL statement
$SQL = ” INSERT INTO tablebtemp “;
$SQL = $SQL . ” (sid, username, password, attempts, ipaddress) VALUES “;
$SQL = $SQL . ” (‘$sid’, ‘$username’, ‘$password’, ‘$attempts’, ‘$_SERVER[REMOTE_ADDR]’) “;

#execute SQL statement
$result = mysql_db_query( *****,”$SQL”,$connection );

# check for error
if (!$result) {
echo(“ERROR: ” . mysql_error() . “n$SQLn”);
}
else {
# setup SQL statement 2
$SQL = “SELECT * FROM tablebtemp WHERE sid = $sid”;
$result = mysql_query($SQL);

if (mysql_num_rows($result) ==0) {
$errorMessage = “Please check your username and/or password is correct”;
}
else (mysql_num_rows($result) ==3) {
$errorMessage = “You are blocked, please contact us to get unblocked.”;
}
/* END */
[/code]

to post a comment
PHP

1 Comments(s)

Copy linkTweet thisAlerts:
@Wolfie0910Jun 03.2010 — Try this... as I am also new to php programming I am unsure if this will do what you want but it may help in some form or other. You will need to create a table for this that will store audit information which is checked when the form first initializes to ensure that the user ip has not been blocked. Let me know if you have any other questions.

[CODE]<?php
// Include the connections script to make a database connection.
include("inc/connect.php");

$username = "";
$password = "";
$errorMessage = "";

static $attempts = 0; //static as to remember value each time an attempt fails.
$ip_address = $_SERVER[REMOTE_ADDR];

function quote_smart($value, $handle) {

if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}

if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value, $handle) . "'";
}
return $value;
}

if (isset($_POST['submitted'])) { //Have a hidden field on form that sets value once form has been submitted.
$username = $_POST['username'];
$password = $_POST['password'];

$username = htmlspecialchars($username);
$password = htmlspecialchars($password);

$db_found = mysql_select_db($db, $connection);

if ($db_found) {
$sql = "SELECT ip_address WHERE ip_address = $ip_address";

$result = mysql_query($sql);

if(!$result)
{
$username = quote_smart($username, $connection);
$password = quote_smart($password, $connection);

$sql = "SELECT * FROM taablea WHERE username = $username AND password = '".md5($_POST['password'])."'";
$result = mysql_query($sql);
$num_rows = mysql_num_rows($result);

if ($result) {
if ($num_rows > 0) {
session_start();
$_SESSION['username'] = "$_POST[username]";
header ("Location: index.html");
}
else {
$attempts++;

/* the table should also have an id field as a primary key and a
* timestamp field to store timestamp that records when the attempt was made
*/

if ($attempts == 3) {
$sql = "INSERT INTO login_audit (account_name, ip_address)
VALUES ('$username', '$ip_address')";
}
}
}
}
else {
$errorMessage = "You are blocked, please contact us to get unblocked.";
}
}

mysql_close($connection);
}

?> [/CODE]
×

Success!

Help @zimmo spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 6.17,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @nearjob,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,
)...