Pagina en la que el usuario hace login Código PHP:
<?php require_once('Connections/registro_usuarios.php'); ?>
<?php
if (isset($_POST['contrase'])) {$_POST['contrase'] = sha1($_POST['contrase']);}
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['nombreusuario'])) {
$loginUsername=$_POST['nombreusuario'];
$password=$_POST['contrase'];
$MM_fldUserAuthorization = "admin_priv";
$MM_redirectLoginSuccess = "correcto.php";
$MM_redirectLoginFailed = "fallo.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_registro_usuarios, $registro_usuarios);
$LoginRS__query=sprintf("SELECT nombreusuario, contrase, admin_priv FROM usuarios WHERE nombreusuario=%s AND contrase=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $registro_usuarios) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = mysql_result($LoginRS,0,'admin_priv');
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Documento sin título</title>
</head>
<body>
<form id="form1" name="form1" method="POST" action="<?php echo $loginFormAction; ?>">
<h1>Identificación Usuario</h1>
<p>Nombre Usuario:
<label>
<input type="text" name="nombreusuario" id="nombreusuario" />
</label>
</p>
<p>Contraseña:
<label>
<input type="password" name="contrase" id="contrase" />
</label>
</p>
<p>
<label>
<input type="submit" name="hacerLogin" id="hacerLogin" value="Identificarse" />
</label>
</p>
<p> </p>
<p> </p>
</form>
</body>
</html>
PAGINA DONDE EL USUARIO SI ES CORRECTO EL NOMBRE INGRESA Código PHP:
<?php require_once('Connections/registro_usuarios.php'); ?><?php
//initialize the session
if (!isset($_SESSION)) {
session_start();
}
// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
$logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
//to fully log out a visitor we need to clear the session varialbles
$_SESSION['MM_Username'] = NULL;
$_SESSION['MM_UserGroup'] = NULL;
$_SESSION['PrevUrl'] = NULL;
unset($_SESSION['MM_Username']);
unset($_SESSION['MM_UserGroup']);
unset($_SESSION['PrevUrl']);
$logoutGoTo = "login.php";
if ($logoutGoTo) {
header("Location: $logoutGoTo");
exit;
}
}
?>
<?php
if (!isset($_SESSION)) {
session_start();
}
$MM_authorizedUsers = "s,n";
$MM_donotCheckaccess = "false";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && false) {
$isValid = true;
}
}
return $isValid;
}
$MM_restrictGoTo = "login.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
$colname_obtenerNombre = "-1";
if (isset($_SESSION['MM_Username'])) {
$colname_obtenerNombre = $_SESSION['MM_Username'];
}
mysql_select_db($database_registro_usuarios, $registro_usuarios);
$query_obtenerNombre = sprintf("SELECT nombre, apellidos FROM usuarios WHERE nombreusuario = %s", GetSQLValueString($colname_obtenerNombre, "text"));
$obtenerNombre = mysql_query($query_obtenerNombre, $registro_usuarios) or die(mysql_error());
$row_obtenerNombre = mysql_fetch_assoc($obtenerNombre);
$totalRows_obtenerNombre = mysql_num_rows($obtenerNombre);
$_SESSION['nombre'] =$row_obtenerNombre['nombre'];
$_SESSION['apellidos'] =$row_obtenerNombre['apellidos'];
$_SESSION['nombre_completo'] =$row_obtenerNombre['nombre'].' '.$row_obtenerNombre['apellidos'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Documento sin título</title>
</head>
<body>
<h1>Tu identificación ha sido correcta</h1>
<p>Hola, <?php echo $row_obtenerNombre['nombre']; ?> <?php echo $row_obtenerNombre['apellidos']; ?>, estás identificado.</p>
<p>
<?php if ($_SESSION['MM_UserGroup']=='s'){ ?>
</p>
<p> </p>
<p>Contenido y enlaces para Administradores</p>
<?php } else { ?>
<p>Contenido y enlaces para Usuarios</p>
<?php } ?>
<p> </p>
<p> <a href="<?php echo $logoutAction ?>">Desconectar</a></p>
<p> </p>
</body>
</html>
<?php
mysql_free_result($obtenerNombre);
?>
BUENO COMENTO EL PROBLEMA ES EL SIGUIENTE, MUHO NO SE SOBRE EL TEMA SOY NUEVO Y ESTOY HACIENDO CON UN TUTORIAL ESTE LOGUEO EN DREAMWEAVER, CUANDO LO SUBO AL SERVIDOR TENGO DOS PROBLEMAS, UNO NO ME MUESTRA EL USUARIO QUE ESTA CONECTADO, OSEA ME DEJA EN BLANCO Y NO PONE NU NOMBRE Y EL OTRO PROBLEMA ES QUE ME MARCA ESTE ERROR
" You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1"
tengo esos dos problemas si alguien me puede dar una mono muchas gracias.