Need a little help - r.e. password protection

Discussion in 'Web Design and Development' started by LastLine, Apr 17, 2007.

  1. LastLine macrumors 65816

    Joined:
    Aug 24, 2005
    #1
    Hey guys, just tying up some loose ends on a current project here and can't quite get it right - wonder if anyone can offer me some advice.

    Situation is this - I've got an MS Access database set up (college server for some reason won't do mysql) with two tables
    contact - contains kids contact details
    passwords - contains a set of username/password details.

    I have a form on my page that allows people to enter a username, a password, and a childs name, and then submit, I'd like my php to check that the username and password are correct, and if so, to run a query in the database to display the child's Name, then Contact Number, then emergency contact number in a table

    here's what I have so far

    Code:
    <html>
    <head></head>
    <body>
    <?php
    $user = $_POST ['username'];		
    $pass = $_POST ['password'];
    $conn=odbc_connect('mydb03','','');  
    $sql="SELECT password FROM [passwords] where username='$user'";
    $rs=odbc_exec($conn,$sql);    		//executes the query on the database connection
    if (odbc_fetch_row($rs)) {					//gets the data from the database
    	$pass=odbc_result($rs,"password");
    <?php
    $name = $_POST ['inputname'];		//get the data from the form
    $conn=odbc_connect('mydb03','','');   //all quotes are single quotes, replace nn with your number
    $sql="SELECT contact, emergency FROM [contact] where cubname='$name'"; 
    $rs=odbc_exec($conn,$sql);    		//executes the query on the database connection
    if (odbc_fetch_row($rs)) {					//gets the data from the database
    	$contact=odbc_result($rs,"contact");
    	$emergency=odbc_result($rs,"emergency");
    echo "<table>";							//display the data in a table
    echo "<tr><td>Name:</td><td>$name</td>";
    echo "<tr><td>contact:</td><td>$contact</td>";
    echo "<tr><td>emergency:</td><td>$emergency</td>";
    echo "</table>"; 
    }
    else {									//display a message if name not found
    	echo "<p>Name not found - please check spellings.";
    	}
    odbc_close($conn);						//close the database connection
    ?>
    }
    else {									//display a message if name not found
    	echo "<p>Incorrect password or child name - please try again.";
    	}
    odbc_close($conn);						//close the database connection
    ?>
    </body>
    </html>
    
    Now obviously this doesn't work, but the simple case is, I think I need to tell the php script to check the password, then IF that is right, to run a second script. Is this the correct logic? and if so how do I get it do that?

    Any help very much appreciated.

    On a second point - this second script, when it works, generates the table in a new, blank page. Which is fine. It works. But it doesn't look nice, is there a way to get it to generate it within a div on a pre-exisiting CSS based page? Or is that insane of me to suggest?
     
  2. LastLine thread starter macrumors 65816

    Joined:
    Aug 24, 2005
    #2
    As an afterthought - does anyone have any good references for reading up on mobile web building? Current issues involving WAP sites and the like.
     
  3. timmillwood macrumors 6502a

    Joined:
    Apr 7, 2006
  4. LastLine thread starter macrumors 65816

    Joined:
    Aug 24, 2005
    #4
    I've been thinking on this (and partially thanks to that link just then)
    Code:
    else 
    { 
    echo "Admin Area<p>"; 
    echo "Your Content<p>"; 
    echo "<a href=logout.php>Logout</a>"; 
    } 
    } 
    } 
    else 
    
    In an echo command could I use div's and the like? so that the command actually returns say, something that's in the line of the rest of my site?i.e.

    Code:
    echo "<div id="div1"> Etc etc etc etc </div>
    <div id="div2"> Random Form goes in here </div>";
    }
    
    or would I need a new echo for each new line? Such as here
    Code:
    echo "<div id="div1"> Etc etc etc etc </div>";
    echo "<div id="div2"> Random Form goes in here </div>";
    }
    
    Sorry, still trying to get my head around this - loses me every time :)

    If nobody replies I'll take another look at the site in the morning when I've got more caffeine in my system :)
     
  5. SC68Cal macrumors 68000

    Joined:
    Feb 23, 2006
    #5
    I only gave a short glance at your code, but I think what perhaps would help would be your idea about running one script for the login, and if that one works you can do the second one that runs the main query.


    What you could do is have the first page with the login form, then in PHP do

    <?PHP
    if (isset($_POST['add'])
    {
    do sql query to check login info
    if everything checks out, redirect to a second page that
    displays their login credentials and asks if it is correct
    }
    ?>

    *** Second Page *****

    Basically echo out their login credentials, and have a second if is set like the one above, that will allow them to move to the page where the application is

    *** Third page ****

    Login is complete, begin the application code
     
  6. LastLine thread starter macrumors 65816

    Joined:
    Aug 24, 2005
    #6
    I'm not sure I see the use for the second page there, can you elaborate for me?

    Way I see it?

    Page one - login

    Page two - confirms users id or something?

    Page three is a standard page with another form where the user can request information.

    The only problem I see with this is that a user could (in theory) just type in the url for page three - e.g. www.website.com/pagethree.htm and forgo the log in procedure?

    or - if we assume page three is a php generated page, how can I make it match the CSS styling of the rest of my site? I've only managed to figure out how to echo plain text and forms, I can't seem to get it to use a <div> like on a normal page - is this possible, and if so how? :)


    Sorry for the long posts guys! You've got my brain ticking over now.
     
  7. SC68Cal macrumors 68000

    Joined:
    Feb 23, 2006
    #7
    I thought about this while I was on the subway, page two in my scheme is redundant.

    They can't access the URL, since it's a PHP script and unless they fulfil the validation check all they'll see is a blank page.

    it would be a http://www.yoursite.com/pagethree.php

    You name it the PHP extension and code it like a regular HTML page. The server just knows to just spit out the HTML segments of the document, since the PHP side is server-only. You can stick your CSS in there with the HTML as well.

    That's why I can build an application with a user name and password for the database in cleartext and not worry about that getting stolen and used to access the database. The PHP portion of the file is kept on the sever side, the client's browser doesn't see it.
     
  8. LastLine thread starter macrumors 65816

    Joined:
    Aug 24, 2005
    #8
    Right...I think that makes sense. I'll give it a go when I'm back on campus tomorrow :)
     

Share This Page