So...
I'm currently learning PHP and JAVA for making a (big) homepage later
I have webspace and a mySQL table with the name "data" *
I know how to make a register script and that just works

<?php
"INSERT into 'data' ( 'id' , 'username' , 'password' )
VALUES ( '2' , 'Example' , '12345' )";
?>

How ever, the Register script works correctly....
I used google around 100 times to get known how the login / logout scripts works but I never understood....
Btw: is it able to make it also with a config.php file which allows me to change each Mysql Datas [Username/Password]
in all files later just with changing the names in that config file?
can someone teach it to me? Thanks



* I got my Webspace from www.ohost.de (german site)
I use the ohost-username BrwosergameSC and I won't tell you the password
The phpMyAdmin username is Browsergamesc and I also won't tell you the password

In short, use the library functions like session_start() - I think that's what it's called, haven't done this in a while - to log a session cookie that is stored in a SESSIONS table that associates it with a user ID.

As passwords go, you have a serious problem if you aren't hashing your passwords with something like md5 before your write them to a database - major security flaw if you don't.

I think it was called start session() however... I half understand the session-part... but how to check if the user has enterd the right password for that username... select from 'data' and so on... how does that works??
thx anyway

<?php
session_start();
$pass = md5($_POST[pass]);
$user = $_POST[user];

$search = mysql_query("SELECT * FROM data WHERE username ='$user' ");
$check = mysql_fetch_array("$search");
if($check[username] == $user){
if(md5($check[pass]) == $pass){
$_SESSION[login] = true;
};
};
?>

Hope this helps

ahh thank you....
the login-page post the information to itself, right?
is $search a standart variable? (a variable which is pre-programmed?)
how ever... i'll test it

I've got a problem with my Register.php help me... I don't know why that comes...

Register.php :

<?php

//This function will display the registration form
function register_form(){

$date = date('D, M, Y');
echo "<form action='?act=register' method='post'>"
."Username: <input type='text' name='username' size='30'><br>"
."Password: <input type='password' name='password' size='30'><br>"
."Confirm your password: <input type='password' name='password_conf' size='30'><br>"
."Email: <input type='text' name='email' size='30'><br>"
."<input type='hidden' name='date' value='$date'>"
."<input type='submit' value='Register'>"
."</form>";

}

//This function will register users data
function register(){

//Connecting to database
$connect = mysql_connect("localhost", "browsergamesc", "YOUDONTHAVETOKNOWTHIS");
if(!$connect){
die(mysql_error());
}

//Selecting database
$select_db = mysql_select_db("users", $connect);
if(!$select_db){
die(mysql_error());
}

//Collecting info
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
$pass_conf = $_REQUEST['password_conf'];
$email = $_REQUEST['email'];
$date = $_REQUEST['date'];

//Here we will check do we have all inputs filled

if(empty($username)){
die("Please enter your username!<br>");
}

if(empty($password)){
die("Please enter your password!<br>");
}

if(empty($pass_conf)){
die("Please confirm your password!<br>");
}

if(empty($email)){
die("Please enter your email!");
}

//Checking if Username already exists

$user_check = mysql_query("SELECT username FROM users WHERE username='$username'");
$do_user_check = mysql_num_rows($user_check);

//Now if email is already in use

$email_check = mysql_query("SELECT email FROM users WHERE email='$email'");
$do_email_check = mysql_num_rows($email_check);

//Possible Errors

if($do_user_check > 0){
die("Username is already in use!<br>");
}

if($do_email_check > 0){
die("Email is already in use!");
}

//Does passwords match?

if($password != $pass_conf){
die("Passwords don't match!");
}


//All Right, Register

$insert = mysql_query("INSERT INTO users (username, password, email, geld) VALUES ('$username', '$password', '$email', '100')");
if(!$insert){
die("There's little problem: ".mysql_error());
}

echo $username.", you are now registered. Thank you!<br><a href=login.php>Login</a> | <a href=index.php>Index</a>";

}

switch($act){

default;
register_form();
break;

case "register";
register();
break;

}

?>

I become this error after hitting the submit button: Access denied for user 'browsergamesc'@'%' to database 'users'
So what the heck is wrong????



Another error with my Login.php:
Error: Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /usr/export/www/hosting/browsergamesc/login.php on line 25


Login.php:
<?php

//This displays your login form
function index(){

echo "<form action='?act=login' method='post'>"
."Username: <input type='text' name='user' size='30'><br>"
."Password: <input type='password' name='passw' size='30'><br>"
."<input type='submit' value='Login'>"
."</form>";

}

session_start();
$pass = md5($_POST[pass]);
$user = $_POST[user];

//Connecting to database
$connect = mysql_connect("localhost", "browsergamesc", "youstilldontneedtoknowthis");
if(!$connect){
die(mysql_error());
}

$search = mysql_query("SELECT * FROM data WHERE username ='$user' ");
$check = mysql_fetch_array("$search");
if($check[username] == $user){
if(md5($check[pass]) == $pass){
$_SESSION[login] = true;
};
};
?>



Another question: Does someone knows a good PHP/JAVA book? Not for the basics, just for some advanced things...
Help please... Thanks

Enjoy.

wow thank you as I see it there are many informations for java mysql php html etc will be helpfull....
but I don't think if there is a tutorial how login/logout works... however, i'll recode my files so it may work...
if I get other errors I'll post them
(Why did your post has been reported? lol)

It would seem your SQL login mask does not have the permissions to access that database (presumably you can read but not write, if login works). This is not a PHP problem.

I guess I solved the problem... I just typed an not existing table in the codes... damn