Forum Moderators: coopster
Thanks in advance.
Are you talking about a one time password, or one time userid?
A common practice on passwords is to create an additional column in the table that forces the user to change their password on the next successful signon. This comes in very handy when resetting passwords or even on initial account setup (if it isn't a self-registration process).
Is that kind of what you're after?
coopster, yes, i'm talking about one time password. I won't let them change the passwords a i gave them, i just want the user access a restricted page only once. And then, if this guy try to access that page again, he won't be able as the pass should be useless because it was already used before. It's just one page, each user will be allowed to access that page only once, that's the idea.
Hi 4string, that's the idea. I'm a newbie you know so, regarding this: "Then add to your login script update password_used to 1 when they login" this should be done automatically along with the users first time login, how can i do this?.
Thanks both.
$query = mysql_query("SELECT * FROM user WHERE username='$username' AND password='$password' AND password_used = '0' LIMIT 1") or die();//get results
$row = mysql_fetch_array($query);//If the query returns a row, you need to do another query to update 'password_used' to true.
if(mysql_num_rows($query) > 0){
$user_id = $row['user_id'];$do = mysql_query("UPDATE user SET password_used = 1 WHERE user_id = '$user_id' LIMIT 1");
//do other login stuff...
} else {
//show an error
echo 'This password is invalid or has already been used once before.';
}
That should work, but I'm pretty new at this too! You should get the idea anyway. Good luck!
<?php require_once('Connections/rsLogin.php');?>
<?php
// *** Validate request to login to this site.
session_start();
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "http://www.yahoo.com";
$MM_redirectLoginFailed = "http://www.google.com";
$MM_redirecttoReferrer = false;
mysql_select_db($database_rsLogin.php, $rsLogin.php);
$LoginRS__query=sprintf("SELECT username, password FROM login WHERE username='%s' AND password='%s'",
get_magic_quotes_gpc()? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc()? $password : addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $rsLogin.php) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;
//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
<html>
<head>
</head>
<body>
<form action="<?php echo $loginFormAction;?>" method="POST" name="login" id="login">
<p>username
<input name="username" type="text" id="username">
</p>
<p>password
<input name="password" type="text" id="password">
</p>
<p>
<input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>
Any clue? Thanks.
<?php require_once('Connections/rsLogin.php');?>
<?php
// *** Validate request to login to this site.
session_start();
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "http://www.yahoo.com";
$MM_redirectLoginFailed = "http://www.google.com";
$MM_redirecttoReferrer = false;
mysql_select_db($database_rsLogin.php, $rsLogin.php);
$LoginRS__query=sprintf("SELECT username, password FROM login WHERE username='%s' AND password='%s'",
get_magic_quotes_gpc()? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc()? $password : addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $rsLogin.php) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
$RemoveRS__query=sprintf("DELETE FROM login WHERE username='%s' AND password='%s' LIMIT 1",
get_magic_quotes_gpc()? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc()? $password : addslashes($password));
mysql_query($RemoveRS__query, $rsLogin.php) or die(mysql_error());
//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;
//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
<html>
<head>
</head>
<body>
<form action="<?php echo $loginFormAction;?>" method="POST" name="login" id="login">
<p>username
<input name="username" type="text" id="username">
</p>
<p>password
<input name="password" type="text" id="password">
</p>
<p>
<input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>
When i was about to give up your solution came up and the sun shines again for me now!
Thank you to you and all the other guys that put their time an efforts on this.
This is a great forum.
And welcome to WebmasterWorld, blueninja.
