By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,795 Members | 1,251 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,795 IT Pros & Developers. It's quick & easy.

Multiple field login and a related question

P: n/a
I'm looking for an example of a login system that has multiple fields
(2 to be exact) + password. e.g username, company name and password,
the user, company and password are checked against a mysql database. I
have it working with just the username field but I'm confused on how
to go about adding another field. I'm pretty new to PHP so don't beat
me up too much for this example code, I borrowed and hacked it
together in a very short period of time.

Code:

<?php
include 'db.php';
//Checks if there is a login cookie

if(isset($_COOKIE['ID_user']))
//if there is, it logs you in and directs you to the members page
//shopname is used to select the correct database
{
$shopname = $_COOKIE['ID_fitsheetshop'];
$username = $_COOKIE['ID_fitsheetuser'];
$pass = $_COOKIE['Key_fitsheet'];

$checkuser = mysql_query("SELECT * FROM users WHERE username =
'$username'")or die(mysql_error());
$checkshop = mysql_query("SELECT * FROM users WHERE shopname =
'$shopname'")or die(mysql_error());
while($info = mysql_fetch_array($checkuser))
{

if ($pass != $info['password'])
{
die('something is wrong');
}

else
{
header("Location: members.php");
}

}

while($info = mysql_fetch_array($checkshop))
{

if ($pass != $info['password'])
{
die('something is wrong');
}

else
{
header("Location: members.php");

}

}

}
//if the login form is submitted

if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in

if(!$_POST['shopname'] | !$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}

// checks it against the database

if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
$_POST['shopname'] = addslashes($_POST['shopname']);
}

$checkuser = mysql_query("SELECT * FROM users WHERE username = '".
$_POST['username']."'")or die(mysql_error());
$checkshop = mysql_query("SELECT * FROM users WHERE shopname = '".
$_POST['shopname']."'")or die(mysql_error());

//Gives error if user dosen't exist

$check2 = mysql_num_rows($checkuser);
if ($check2 == 0) {
die('Something is wrong');
}

$check3 = mysql_num_rows($checkshop);
if ($check3 == 0) {
die('Something is wrong');
}

while($info = mysql_fetch_array($checkuser))
while($info = mysql_fetch_array($checkshop))
{

$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong

if ($_POST['pass'] != $info['password']) {
die('Something is wrong');
}

else
{
// if login is ok then we add a cookie
$_POST['shopname'] = stripslashes($_POST['shopname']);
$_POST['username'] = stripslashes($_POST['username']);

$hour = time() + 3600;
setcookie(ID_shop, $_POST['shopname'], $hour);
setcookie(ID_user, $_POST['username'], $hour);
setcookie(Key_shop, $_POST['pass'], $hour);

//then redirect them to the members area
header("Location: members.php");

}

}

}

else {

// if they are not logged in
//code removed for privacy
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Shop Name:</td><td>
<input type="text" name="shopname" size="60" maxlength="60">
<tr><td>Username:</td><td>
<input type="text" name="username" size="2" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
//code removed
<?php
}
?>


Each company will have its own database, once the user logs in I was
going to check their cookie for the company name and use that to
select the correct database. Does anyone have any better ideas?
Thanks for your time.

Apr 20 '07 #1
Share this Question
Share on Google+
2 Replies


P: n/a
DMH
Bump

On Apr 20, 1:14 pm, dylanhug...@gmail.com wrote:
I'm looking for an example of a login system that has multiple fields
(2 to be exact) + password. e.g username, company name and password,
the user, company and password are checked against a mysql database. I
have it working with just the username field but I'm confused on how
to go about adding another field. I'm pretty new to PHP so don't beat
me up too much for this example code, I borrowed and hacked it
together in a very short period of time.

Code:

<?php
include 'db.php';
//Checks if there is a login cookie

if(isset($_COOKIE['ID_user']))

//if there is, it logs you in and directs you to the members page
//shopname is used to select the correct database
{
$shopname = $_COOKIE['ID_fitsheetshop'];
$username = $_COOKIE['ID_fitsheetuser'];
$pass = $_COOKIE['Key_fitsheet'];

$checkuser = mysql_query("SELECT * FROM users WHERE username =
'$username'")or die(mysql_error());
$checkshop = mysql_query("SELECT * FROM users WHERE shopname =
'$shopname'")or die(mysql_error());
while($info = mysql_fetch_array($checkuser))
{

if ($pass != $info['password'])
{
die('something is wrong');
}

else
{
header("Location: members.php");
}

}

while($info = mysql_fetch_array($checkshop))
{

if ($pass != $info['password'])
{
die('something is wrong');
}

else
{
header("Location: members.php");

}

}

}

//if the login form is submitted

if (isset($_POST['submit'])) { // if form has been submitted

// makes sure they filled it in

if(!$_POST['shopname'] | !$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}

// checks it against the database

if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
$_POST['shopname'] = addslashes($_POST['shopname']);
}

$checkuser = mysql_query("SELECT * FROM users WHERE username = '".
$_POST['username']."'")or die(mysql_error());
$checkshop = mysql_query("SELECT * FROM users WHERE shopname = '".
$_POST['shopname']."'")or die(mysql_error());

//Gives error if user dosen't exist

$check2 = mysql_num_rows($checkuser);
if ($check2 == 0) {
die('Something is wrong');
}

$check3 = mysql_num_rows($checkshop);
if ($check3 == 0) {
die('Something is wrong');
}

while($info = mysql_fetch_array($checkuser))
while($info = mysql_fetch_array($checkshop))
{

$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong

if ($_POST['pass'] != $info['password']) {
die('Something is wrong');
}

else
{
// if login is ok then we add a cookie
$_POST['shopname'] = stripslashes($_POST['shopname']);
$_POST['username'] = stripslashes($_POST['username']);

$hour = time() + 3600;
setcookie(ID_shop, $_POST['shopname'], $hour);
setcookie(ID_user, $_POST['username'], $hour);
setcookie(Key_shop, $_POST['pass'], $hour);

//then redirect them to the members area
header("Location: members.php");

}
}
}

else {

// if they are not logged in
//code removed for privacy
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Shop Name:</td><td>
<input type="text" name="shopname" size="60" maxlength="60">
<tr><td>Username:</td><td>
<input type="text" name="username" size="2" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
//code removed
<?php

}

?>

Each company will have its own database, once the user logs in I was
going to check their cookie for the company name and use that to
select the correct database. Does anyone have any better ideas?

Thanks for your time.

Apr 23 '07 #2

P: n/a
dy*********@gmail.com wrote:
I'm looking for an example of a login system that has multiple fields
(2 to be exact) + password. e.g username, company name and password,
the user, company and password are checked against a mysql database. I
have it working with just the username field but I'm confused on how
to go about adding another field. I'm pretty new to PHP so don't beat
me up too much for this example code, I borrowed and hacked it
together in a very short period of time.

Code:

<?php
include 'db.php';
//Checks if there is a login cookie

if(isset($_COOKIE['ID_user']))
//if there is, it logs you in and directs you to the members page
//shopname is used to select the correct database
{
$shopname = $_COOKIE['ID_fitsheetshop'];
$username = $_COOKIE['ID_fitsheetuser'];
$pass = $_COOKIE['Key_fitsheet'];

$checkuser = mysql_query("SELECT * FROM users WHERE username =
'$username'")or die(mysql_error());
$checkshop = mysql_query("SELECT * FROM users WHERE shopname =
'$shopname'")or die(mysql_error());
while($info = mysql_fetch_array($checkuser))
{

if ($pass != $info['password'])
{
die('something is wrong');
}

else
{
header("Location: members.php");
}

}

while($info = mysql_fetch_array($checkshop))
{

if ($pass != $info['password'])
{
die('something is wrong');
}

else
{
header("Location: members.php");

}

}

}
//if the login form is submitted

if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in

if(!$_POST['shopname'] | !$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}

// checks it against the database

if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
$_POST['shopname'] = addslashes($_POST['shopname']);
}

$checkuser = mysql_query("SELECT * FROM users WHERE username = '".
$_POST['username']."'")or die(mysql_error());
$checkshop = mysql_query("SELECT * FROM users WHERE shopname = '".
$_POST['shopname']."'")or die(mysql_error());

//Gives error if user dosen't exist

$check2 = mysql_num_rows($checkuser);
if ($check2 == 0) {
die('Something is wrong');
}

$check3 = mysql_num_rows($checkshop);
if ($check3 == 0) {
die('Something is wrong');
}

while($info = mysql_fetch_array($checkuser))
while($info = mysql_fetch_array($checkshop))
{

$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong

if ($_POST['pass'] != $info['password']) {
die('Something is wrong');
}

else
{
// if login is ok then we add a cookie
$_POST['shopname'] = stripslashes($_POST['shopname']);
$_POST['username'] = stripslashes($_POST['username']);

$hour = time() + 3600;
setcookie(ID_shop, $_POST['shopname'], $hour);
setcookie(ID_user, $_POST['username'], $hour);
setcookie(Key_shop, $_POST['pass'], $hour);

//then redirect them to the members area
header("Location: members.php");

}

}

}

else {

// if they are not logged in
//code removed for privacy
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Shop Name:</td><td>
<input type="text" name="shopname" size="60" maxlength="60">
<tr><td>Username:</td><td>
<input type="text" name="username" size="2" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
//code removed
<?php
}
?>


Each company will have its own database, once the user logs in I was
going to check their cookie for the company name and use that to
select the correct database. Does anyone have any better ideas?
Thanks for your time.
I don't know of any examples, but it's not too hard. But you need to
put everything in one SQL query, i.e. (Not checked for syntax)

$result = mysql_query("SELECT * FROM users WHERE username = " .
"'$username' AND shopname='$shopname' AND `password` = '$pass'");

if (mysql_rows($result) !< 1)
echo "User not found";
elseif (mysql_rows($result) 1)
echo "This should not occur!");
else
// valid login here

The way you have it, you could have user 'abc' at shop 'acme shop' and
still be able to access shop 'widgets, inc.'.

Also, I wouldn't have a different table for every shop. It gets too
hard to manage. Rather, in your table have a column for the shop id and
filter on that.

For instance:

User table:
userid
pwd
shopid

Shop table:
shopid
shop Name

Data table:
shopid
(other information)

Of course, if you did it this way you'd have to adjust your SQL code
slightly - but it's much better than separate tables for each shop.

For more info on the DB design, try comp.database.mysql (or whatever
database you're using if not MySQL).
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Apr 24 '07 #3

This discussion thread is closed

Replies have been disabled for this discussion.