I'm looking for an example of a login system that has multiple fields
(2 to be exact) + password. e.g username, company name and password,
the user, company and password are checked against a mysql database. I
have it working with just the username field but I'm confused on how
to go about adding another field. I'm pretty new to PHP so don't beat
me up too much for this example code, I borrowed and hacked it
together in a very short period of time.
Code:
<?php
include 'db.php';
//Checks if there is a login cookie
if(isset($_COOKIE['ID_user']))
//if there is, it logs you in and directs you to the members page
//shopname is used to select the correct database
{
$shopname = $_COOKIE['ID_fitsheetshop'];
$username = $_COOKIE['ID_fitsheetuser'];
$pass = $_COOKIE['Key_fitsheet'];
$checkuser = mysql_query("SELECT * FROM users WHERE username =
'$username'")or die(mysql_error());
$checkshop = mysql_query("SELECT * FROM users WHERE shopname =
'$shopname'")or die(mysql_error());
while($info = mysql_fetch_array($checkuser))
{
if ($pass != $info['password'])
{
die('something is wrong');
}
else
{
header("Location: members.php");
}
}
while($info = mysql_fetch_array($checkshop))
{
if ($pass != $info['password'])
{
die('something is wrong');
}
else
{
header("Location: members.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['shopname'] | !$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
$_POST['shopname'] = addslashes($_POST['shopname']);
}
$checkuser = mysql_query("SELECT * FROM users WHERE username = '".
$_POST['username']."'")or die(mysql_error());
$checkshop = mysql_query("SELECT * FROM users WHERE shopname = '".
$_POST['shopname']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($checkuser);
if ($check2 == 0) {
die('Something is wrong');
}
$check3 = mysql_num_rows($checkshop);
if ($check3 == 0) {
die('Something is wrong');
}
while($info = mysql_fetch_array($checkuser))
while($info = mysql_fetch_array($checkshop))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Something is wrong');
}
else
{
// if login is ok then we add a cookie
$_POST['shopname'] = stripslashes($_POST['shopname']);
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_shop, $_POST['shopname'], $hour);
setcookie(ID_user, $_POST['username'], $hour);
setcookie(Key_shop, $_POST['pass'], $hour);
//then redirect them to the members area
header("Location: members.php");
}
}
}
else {
// if they are not logged in
//code removed for privacy
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Shop Name:</td><td>
<input type="text" name="shopname" size="60" maxlength="60">
<tr><td>Username:</td><td>
<input type="text" name="username" size="2" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
//code removed
<?php
}
?>
Each company will have its own database, once the user logs in I was
going to check their cookie for the company name and use that to
select the correct database. Does anyone have any better ideas?
Thanks for your time.
