Hi.

Iv tried to do this one myself with help off tutorials but I have run into a brick wall. What I want is a script where someone must register to the site, with username and pass, then after this they can click save static ip or something like that, and then for every page that they remain logged in. I also want this login not just to go through to 1 page but be available for all pages on the site. This is what I have so far:

register.html

HTML Code:

</html>

<center>You are not logged in.<br><br>
        <form action="???????.php" method="post"><b>username:</b><br><input type="text" name="username"><br><b>password:</b><br><input type="password" name="password"><br></form><br><input type="checkbox" name="chkCookie">&nbsp;Save Static IP Login Cookie<br><br><input type="submit" value="log in"></form><br>
        
        (<a href="register.php">create account here</a>)<br><br>
        
</html>

its the form action bit at the top where i need to insert a checking script which I am unsure of

register.php

PHP Code:

<?
session_start(); 
include("database.php");

/**
 * Returns true if the username has been taken
 * by another user, false otherwise.
 */
function usernameTaken($username){
   global $conn;
   if(!get_magic_quotes_gpc()){
      $username = addslashes($username);
   }
   $q = "select username from users where username = '$username'";
   $result = mysql_query($q,$conn);
   return (mysql_numrows($result) > 0);
}

/**
 * Inserts the given (username, password) pair
 * into the database. Returns true on success,
 * false otherwise.
 */
function addNewUser($username, $password){
   global $conn;
   $q = "INSERT INTO users VALUES ('$username', '$password')";
   return mysql_query($q,$conn);
}

/**
 * Displays the appropriate message to the user
 * after the registration attempt. It displays a 
 * success or failure status depending on a
 * session variable set during registration.
 */
function displayStatus(){
   $uname = $_SESSION['reguname'];
   if($_SESSION['regresult']){
?>

<h1>Registered!</h1>
<p>Thank you <b><? echo $uname; ?></b>, your information has been added to the database, you may now <a href="register.html" title="Login">log in</a>.</p>

<?
   }
   else{
?>

<h1>Registration Failed</h1>
<p>We're sorry, but an error has occurred and your registration for the username <b><? echo $uname; ?></b>, could not be completed.<br>
Please try again at a later time.</p>

<?
   }
   unset($_SESSION['reguname']);
   unset($_SESSION['registered']);
   unset($_SESSION['regresult']);
}

if(isset($_SESSION['registered'])){
/**
 * This is the page that will be displayed after the
 * registration has been attempted.
 */
?>

<html>
<title>Registration Page</title>
<body>

<? displayStatus(); ?>

</body>
</html>

<?
   return;
}

/**
 * Determines whether or not to show to sign-up form
 * based on whether the form has been submitted, if it
 * has, check the database for consistency and create
 * the new account.
 */
if(isset($_POST['subjoin'])){
   /* Make sure all fields were entered */
   if(!$_POST['user'] || !$_POST['pass']){
      die('You didn\'t fill in a required field.');
   }

   /* Spruce up username, check length */
   $_POST['user'] = trim($_POST['user']);
   if(strlen($_POST['user']) > 30){
      die("Sorry, the username is longer than 30 characters, please shorten it.");
   }

   /* Check if username is already in use */
   if(usernameTaken($_POST['user'])){
      $use = $_POST['user'];
      die("Sorry, the username: <strong>$use</strong> is already taken, please pick another one.");
   }

   /* Add the new account to the database */
   $md5pass = md5($_POST['pass']);
   $_SESSION['reguname'] = $_POST['user'];
   $_SESSION['regresult'] = addNewUser($_POST['user'], $md5pass);
   $_SESSION['registered'] = true;
   echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
   return;
}
else{
/**
 * This is the page with the sign-up form, the names
 * of the input fields are important and should not
 * be changed.
 */
?>

<html>
<title>Registration Page</title>
<body>
<h1>Register</h1>
<form action="<? echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr>
<tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="subjoin" value="Join!"></td></tr>
</table>
</form>
</body>
</html>


<?
}
?>

Now this bit works, database.php connects to the db and adds the info. Now the script that I am not sure about, is a script that I can put at the top of everypage to check that the user is loggen in. This would need to check I assume the database 'users' for username and password, but I also wondered if its possible to use cookie verification.?

If anyone can help me with writing a script that would be great

Andy

Just at the time of verification put create a session var of $_SESSION['user'] and see if it exists on each page you want to check for. If it does not then you know to display the login form and not the protected info. If it does exist than this person has already been verified.

would I do that as a php script, or is it just a line at the top of the each page in the website, or would i use include blah.php?

I have the register bit set up, but when its done, I want it to go to a login page, which then checks the database to see if there is that user. How would I do this, I have read tutorials about creating the user, just nothing on actually loggin in and checking using cookie authentication, or even checking the user and password with the database for that matter.

Andy

Check out..

http://www.phpfreaks.com/tutorials/120/0.php

This may help

-James

thanks. Just what I was looking for...thats a great site actually!

Andy