Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    Regular Coder
    Join Date
    Mar 2009
    Location
    Troutdale, OR
    Posts
    147
    Thanks
    12
    Thanked 6 Times in 6 Posts

    Building password protection, help needed

    I am pretty new in php, so this is my first experience using headers to secure my pages. I need some help in this.

    Here is some errors I've got:
    Code:
    Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in /home1/yougotba/public_html/client/include/login.php on line 21
    
    Warning: Cannot modify header information - headers already sent by (output started at /home1/yougotba/public_html/client/include/login.php:21) in /home1/yougotba/public_html/client/include/login.php on line 28
    
    Warning: Cannot modify header information - headers already sent by (output started at /home1/yougotba/public_html/client/include/login.php:21) in /home1/yougotba/public_html/client/include/login.php on line 29
    
    Sorry, you must enter a valid username and password to log in and access clien page
    And here is my php code:
    PHP Code:
    <?php 
        
        
    if (!isset($_POST['login']) || !isset($_POST['password'])) {
        
    //Username or password weren't entered so send the authentication header
        
    header('HTTP/1.1 401 Unauthorized');
        
    header('WWW-Authenticate: Basic realm="Client_area"');
        exit(
    'Sorry, you must enter your username and passowrd to log in and access client area');
        }
        
        require_once(
    'main_db.php');
        
        
    //Grab the user-entered log-in data
        
    $client_username mysqli_real_escape_string($dbctrim($_POST['login']));
        
    $client_password mysqli_real_escape_string($dbctrim($_POST['password']));
        
        
    //Look up the username and password in the database
        
    $query "SELECT client_id, name FROM main_data WHERE login = '$client_username' AND " .
         
    "pas = SHA('$client_password')";
        
    $data mysqli_query($dbc$query);
        
        if (
    mysqli_num_rows($data) == 1) {
            
    // The log-in is OK so set the user ID and username variables
            
    $user_id $row['user_id'];
            
    $client_name $row['name'];
            } 
            else {
            
    // The username/password are incorrect so send authentication headers
            
    header('HTTP/1.1 401 Unauthorized');
            
    header('WWW-Authenticate: Basic realm="Client_area"');
            exit(
    'Sorry, you must enter a valid username and password to log in and access clien page');
            }
            
            
    //Confirm the successful log-in
            
    echo 'You are logged in as ' $user_id '.';
            
            
    ?>
    Thanks in advance.
    Last edited by RomanTaylor; 03-27-2009 at 09:24 AM.

  • #2
    Regular Coder
    Join Date
    Mar 2009
    Location
    Troutdale, OR
    Posts
    147
    Thanks
    12
    Thanked 6 Times in 6 Posts
    I added die function to query and figured out my mistakes. Its working now, but the result is not what I want. It uses HTTP browser windows, and I was trying to use forms to take user input. Is there way to use forms to take user input instead of .htaccess pop up window?

    RESOLVED:
    Bugs are fixed. I don't like the result though, so I am going to rebuild my password protection application using cookies and forms.
    Last edited by RomanTaylor; 03-27-2009 at 09:22 AM.


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •