Hi,

I made a website: http://www.stgteam.port-serve.com/Website/website/index.html

And i made a PHP login script hooked up with MySql etc, all working...

BUT, my HTML and PHP are no good mix, so, anyone, is there a way i can 'connect' that HTML form to my PHP script or somewhat?

~Bose

Okay, simply you want to do something like this in your HTML:


Then in your PHP file you can access the fields using the $_POST array (or $_GET if you used method="get" in your form tag).

Or was that not what you needed?

Quote from JamesF1 :

Okay, simply you want to do something like this in your HTML:

<form method="post" action="yourphpfile.php">

Then in your PHP file you can access the fields using the $_POST array (or $_GET if you used method="get" in your form tag).

Or was that not what you needed?

Ok, so in the php i need to do method="get" index.html

Or what?

What I will say is, you need to rethink your site design. Please don't try and add to the site you have already built, as it's a complete mess, sorry to say.

Hopefully your new login script is more secure than your current one...

Just to add to this, I suggest you look at some more examples of site design, and specifically login scripts. There are plenty of good examples out there, and designing your site properly first will save you a lot of time and headaches when you come to build it, rather than just adding in bits of code here and there. There are many knowledgeable members on here, however unless they spend hours going through the fundamental design with you, they can't really help.

Quote from pb32000 :

What I will say is, you need to rethink your site design. Please don't try and add to the site you have already built, as it's a complete mess, sorry to say.

Hopefully your new login script is more secure than your current one...

haha, i know.

And the login thing is planned there

Quote from Bose321 :

Ok, so in the php i need to do method="get" index.html

No, say now you have this form:

Then in the file process.php, you can access the field contents using:

Does that help a bit?

Yes, i think so, im a bit tired, so thanks, ill resume tomorow!

Thanks

Check out this tutorial for basics of HTML form processing with PHP. It may explain it a bit better than me

Thanks

Now im really confused
I Don't know where to put the password

Lets just take a step back here and think about what you need/want.

If you want a login/registration system that allows multiple users to login with data relevant to them, then yes, you will probably want to use a PHP/MySQL system.

However, if you just want a password protected area that say, an admin, can access, it would be far simpler just to password protect it using either your host's built in features, or by modifying your .htaccess (etc) files.

Quote from JamesF1 :

Then in the file process.php, you can access the field contents using:
[code]
<?php
$un = $_GET['username'];
$pw = $_GET['password'];

Note that you should use mysql_real_escape_string on strings used in mysql-queries.
PHP uses addslashes() on any GET, POST, and COOKIE data by default, but all that does is put a backslash (\) in front of single-quotes ('), double-quotes (") and NUL characters.
Why does that matter? Google for "SQL injection"

Indeed, I simply omitted that so as not to confuse our protege here with extra info until the basics have been learned

Quote from JamesF1 :

Indeed, I simply omitted that so as not to confuse our protege here with extra info until the basics have been learned

Better be confused than facing a defaced / cracked project, don't you think
Well, I guess it's alright

Quote from Bose321 :

Now im really confused
I Don't know where to put the password

You want to use MySQL for the user-db, right? so that's where you store the password.
Passwords are usually stored as hashes, mostly md5 and sha1.
Altough both of those can be cracked, they're fine for forums, blogs, etc. as it would take a very very long time to crack 'em on a very very very powerful machine

You should also use "password" as type for password-fields.
It doesn't change the way passwords are sent to the server, but people usually don't like their passwords displayed in plain text and auto-completition-features would display the password from a plain text field for any text-field with the same name, you really don't want that, trust me

If you don't understand a word, JFGI (including that one)

Quote from morpha :

Better be confused than facing a defaced / cracked project, don't you think
Well, I guess it's alright

Ordinarily I'd agree with you

to make it clear, i need a login script for all my members, so i need a register page and all that...
But the form needs to be in the website itself, and the PHP files somewhere else, and then connect them...
And for admins a special admin panel or somewhat...
maybe someone can do that for me

And then i need a code for the table in Mysql.

Thank you

i finaly did it

http://www.stgteam.port-serve.com/logn

But, when the password is correct, you get redirected to a new page, is there a way i can hide/mask/whatever the url?

~Bose

That's not how you do it. On all subsequent pages where not-logged-in people shouldn't be allowed, you need to be checking to see if that person has logged in, and booting them back to the login form if they haven't.

Look up cookies (PHP session cookies will do), and the header() function.

Take a gander here: http://php.about.com/od/finishedphp1/ss/php_login_code.htm

Quote from niall09 :

Take a gander here: http://php.about.com/od/finishedphp1/ss/php_login_code.htm

Please, please, PLEASE! don't use any of the info posted on that site.. it's horrendous and looks like it was written by a marketing droid (ie: someone with no clue about the real world).

SQL injection anyone?

I don't have time right now to write an example set of scripts for you, but the example in the link above takes data straight from the form and uses it directly against the database.. the first cardinal sin of any user-interaction.


For the OP: Take some time and research about how to do this _before_ implementing it. I know you probably want it all working "yesterday".. have been there, done that myself (still do sometimes).. but it'll be 100% better and more secure if you take some time to first read up on validating user input and SQL injection attacks. Granted, I realise the latter isn't "basic stuff", but it's stuff you'll need to know for your own sake and the sake of your host (I'd personally take your site offline if it was written using the above sample and I was hosting you for security reasons).



Regards,

Ian

Sorry!

I are teh noob

Quote from niall09 :

Sorry!

I are teh noob

No need for apologies.. your intentions were good

We all start somewhere (I shudder when I look back at my own early code). It's more of a shame that articles on such sites don't either get removed or updated as people looking to learn find them and think "cool! now I know".. only to end up viewing a compromised site a few weeks later.. not knowing just quite why or what to do about it as such (Matt's 'FormMail' Perl script is a classic example of a similar situation)



Regards,

Ian

Maybe take a look at this: http://www.evolt.org/article/P ... ature/17/60265/index.html

Again, doesn't deal with SQL injection though, so you'll need to think about how to manage that.

Quote from pb32000 :

Maybe take a look at this: http://www.evolt.org/article/P ... ature/17/60265/index.html

Again, doesn't deal with SQL injection though, so you'll need to think about how to manage that.

Thanks, i will have a look

*edit: that script doesnt work... i cant see the form in the login.php, and when i copy the form to a html, it says the username is wrong, but i just made it :S
http://stgteam.port-serve.com/login/login.php

The script does work, you're just not using it correctly. You can't just copy the form into an html file. You'd be better off reading through the documentation, then maybe modifying the relevant files to your own needs.