Forum Moderators: coopster
<?
session_start();
session_destroy();
?>
Index.php
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="password" type="text" id="password"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
checklogin.php
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="logins"; // Database name
$tbl_name="logins"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
//$sql1="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
//$result1=mysql_query($sql1);
// Mysql_num_row is counting table row
//$count=mysql_num_rows($result1);
// If result matched $myusername and $mypassword, table row must be 1 row
$sql="SELECT username,password,logins FROM $tbl_name WHERE username='$username'and logins='$logins'";
$query=mysql_query($sql);
$result = MYSQL_QUERY($query);
/* check the total number of logins */
if($result['$logins']==3) {
$TooManyLogins="Yes";
}
else {
$sql2="UPDATE table SET $logins=$logins+1";
mysql_query($sql2);
}
if($username===$result['username'] && $password===$result['password']) {
if($TooManyLogins==="Yes") {
echo "Your Logins have expired";
exit();
}
else {
if($logins==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("username");
session_register("password");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
}
}
?>
login_success.php
// Check if session is not registered , redirect back to main page.
// Put this code in first line of web page.
<?
session_start();
session_destroy();
?>
<?
session_start();
if(!session_is_registered(username)){
header("location:index.php");
}
?>
<html>
<body>
Login Successful
</body>
</html>
$sql2="UPDATE table SET $logins=$logins+1";
That line doesn't look right to me. I think there's a wrong $ and I'm not sure if you can write a formula in SQL like that (although I could be wrong about that bit).
Try:
$newLoginCount = $logins + 1;
$sql2="UPDATE table SET logins=$newLoginCount";
On closer inspection, you don't actually define $logins anywhere.
On closer, closer inspection, you perform a SQL lookup of the user based on $logins which is undefined.
I think that may be your problem. If not, please reply with more detail.
and I'm not sure if you can write a formula in SQL like that (although I could be wrong about that bit)
Yeah, from the manual:
If you access a column from the table to be updated in an expression, UPDATE uses the current value of the column. For example, the following statement sets the age column to one more than its current value:UPDATE persondata SET age=age+1;
[dev.mysql.com...]
The only issue I've ever had using this type of update is when I update from 0, so my suggestion is if the counter is not counting in the database, set the col value to a default of 1, set the max logins to 4 and leave the statements the way they were working...
If this isn't the issue, or does not fix the issue, then please be specific about the problem, because it's the one of the only things I can see where you might have an error with what was working before.
Incorrect:
$sql2="UPDATE table SET $logins=$logins+1";Correct:
$sql2="UPDATE table SET logins=logins+1 WHERE username='$username'";
(You need the WHERE clause to make sure you set the right one. I may not have written that one in before, but it's fairly basic and should be easy to figure out...)Incorrect:
$sql="SELECT username,password,logins FROM $tbl_name WHERE username='$username'and logins='$logins'";Correct:
$sql="SELECT username,password,logins FROM $tbl_name WHERE username='$username' AND password='$password'";Incorrect:
$result = MYSQL_QUERY($query);Correct:
$result = mysql_fetch_array($query);
(Many times case of letters matters, so MYSQL_QUERY isn't really ever correct. It should be mysql_query.)This is about the best I can do for you without writing it for you, so I'm going to let someone else handle it from here... Good luck. (Honestly, you might want to hire a professional if you're really having this tough of time working your way through it, because I think I covered quite a bit in the other thread we had and it looks like you're still struggling with just finishing off some really basic code.)
Being able to search really helped me learn PHP and MySql, so when things did things I didn't expect or someone on a forum gave me some direction (or a rough idea to take and finish) rather than writing the script for me I could find the answers I needed...
mysql update
gives you the reference I sited above in most search engines.php mysql
gives you the php manual for interacting with mysqlphp mysql w3schools
gives you information from w3schoolsphp select w3schools
gives you another result from w3schoolsI hope this helps a bit.
Have a good day, and good luck getting it going again.
