WAP login script in php

[Steinbach]

Hi.. I have a wap site for mobile. I want to have a login page on my that site. The database is based on PHP nuke with the password md5 hashed.

The thing i need from you is about to get verifying username and password and logging him in.. Could you guys help me out in this case please. Whats about the php sessions ?

Please reply the solution soon..

[Praetor]

Its not a big problem. You will need to change field names accordingly in the first page which is a form and second processes the info. If every thing is correct and you succeeded, it creates another form and this field is validated in the admin.php page. And of course you can use $_SESSION's.

PHP Code:

// login.php
<?php
# Header Info
header('Content-Type: text/vnd.wap.wml', true);
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
# Version Type
print "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
# Import config file
include "/home/jamieb/private/conf.php";
# Connect to database
mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname);
?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml">

<wml>

<!-- THIS IS THE LOGIN CARD -->
<card id="login" title="Login">
<p>
<do type="accept" label="Login">
<go href="process.php" method="post">
<postfield name="userName" value="$userName" />
<postfield name="password" value="$password" />
</go>
</do>
</p>

<p>
User Name: <input title="userName" name="userName" /> <br />
Password : <input title="password" name="password" type="password" /> <br />
</p>
</card>

</wml>

PHP Code:

// process.php
<?php
# Header Info
header('Content-Type: text/vnd.wap.wml', true);
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
# Version Type
print "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
# Import config file
include "/home/jamieb/private/conf.php";
# Connect to database
mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname);
# Verify the user
$sql = mysql_query("SELECT userName,nickName FROM table WHERE userName = '".strtolower($_POST['userName'])."' AND password = '".md5($_POST['password'])."'");
$row = mysql_num_rows($sql);
$login = mysql_fetch_array($sql);
$user = md5($login['userName']);
$nick = $login['nickName'];
if ($row == 0):
?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml">
<wml>
<card id="failed" title="Login Failed">
<p>
Sorry, username or password incorrect!
</p>

<p>
<anchor>Home
<go href="index.php#menu" />
</anchor>
<do type="prev" label="Back"><prev/></do></p>
</card>
</wml>

<?php
exit;
else:
?>

<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml">
<wml>
<card id="success" title="Login Success">
<p>
<do type="accept" label="Admin">
<go href="admin.php" method="post">
<postfield name="session" value="<?php echo "$user"; ?>" />
</go>
</do>
</p>
<p>Welcome <?php echo "$nick"; ?>, please enter the admin area.</p>
</card>
</wml>

<?php
endif;
?>

Hope it works for you....

[Katty]

Try this as well for login script:-

PHP Code:

<?php
/* $Id: login.php,v 1.1 2002/09/20 20:01:18 shaggy Exp $ */

    if ($_SESSION['logged']) {
        redirect('/user/');
    }

    require_once 'html_form.php';
    $form = new Form(uri_self());

    $form->addText('username', 'Username');
    $form->addPassword('password', 'Password');
    $form->addCheckbox('remember', 'Remember me');

    $form->addSubmit('Log in');

    $form->addRule('username', 'range:5:20', 'Enter your username, 5 - 20 characters.');
    $form->addRule('password', 'range:5:20', 'Enter your password, 5 - 20 characters.');

    $form->addFilter('_ALL_', 'db');

    if ($form->valid()) {
        $processed = $form->getProcessed();
        $remember = $form->getValue('remember');

        if (!isset($_SESSION['login'])) {
            $_SESSION['login'] = 3;
        } else {
            if ($_SESSION['login'] <= 1) {
                die('You cannot log in.');
            }
        }

        if ($user->_checkLogin($processed['username'], $processed['password'], $remember)) {
            if (isset($_SESSION['log_to'])) {
                redirect($_SESSION['log_to']);
            } else {
                redirect('/user/');
            }
        } else {
            failed($form);
        }

    } else {
        begin_html();
        $form->display();
    }

    function failed(&$form) {
        begin_html();
        echo "<p>You could not be logged in, $_SESSION[login] attempts left.</p>
        <p>Possible reasons for this are:</p>

        <ul>
            <li>Your username and/or password is not correct.
                Check your username and password and then try again.</li>
            <li>You haven't" .
            '<a href="/user/signup" title="Sign up for an account, it is free">
            registered</a> yet</li>
            <li>Your account is temporarily disabled.</li>
            <li>You are trying to login simultaneously from two different computers or
            two browsers on the same computer.</li>
        </ul>';

        $form->display();
    }
?>

[Zecho]

To ensure that queries to the database are safe

Use $db->quote('value') where $db is a PEAR instance or if you are using native MySQL functions mysql_escape_string(). If you deal with numbers always cast them explicitely: $value = (int) $value.