User Authentication - Log in User (PHP)

Similar Messages

• User authentication - Logging in to different pages / PHP script / DW8

  Hi, I want to develop a PHP script for a login page that will direct users to different URLs depending on the URL address associated with their individual records stored in a MySQL database.
  I've set up a MySQL database which includes fields for (1) User Name (2) Password and (3) URL address.  I'm using Dreamweaver 8 and am relying on the server behaviour 'log In User'.
  After selecting all 3 x fields from the table is there specific code that can be inserted into the option "If login succeeds, go to" to resolve this query?
  The following link refers to what I'm seeking ...but it doesn't provide an answer for PHP/MySQL!
  http://kb2.adobe.com/cps/158/tn_15881.html
  Many thanks, Simon
  My Code so far:
  mysql_select_db($database_connLogin, $connLogin);
  $query_login = "SELECT userName, Password FROM users";
  $login = mysql_query($query_login, $connLogin) or die(mysql_error());
  $row_login = mysql_fetch_assoc($login);
  $totalRows_login = mysql_num_rows($login);
  ?><?php
  // *** Validate request to login to this site.
  if (!isset($_SESSION)) {
    session_start();
  $loginFormAction = $_SERVER['PHP_SELF'];
  if (isset($_GET['accesscheck'])) {
    $_SESSION['PrevUrl'] = $_GET['accesscheck'];
  if (isset($_POST['userName'])) {
    $loginUsername=$_POST['userName'];
    $password=$_POST['Password'];
    $MM_fldUserAuthorization = "";
    $MM_redirectLoginSuccess = "members.php";
    $MM_redirectLoginFailed = "tryAgain.php";
    $MM_redirecttoReferrer = false;
    mysql_select_db($database_connLogin, $connLogin);
    $LoginRS__query=sprintf("SELECT userName, Password FROM users WHERE userName=%s AND Password=%s",
      GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
    $LoginRS = mysql_query($LoginRS__query, $connLogin) or die(mysql_error());
    $loginFoundUser = mysql_num_rows($LoginRS);
    if ($loginFoundUser) {
       $loginStrGroup = "";

  Hai David Powers
  I followed this post and your book "The essential guide to dreamweaver cs3 ajax, php" to update my user registration and login system.
  User registration details database, login system and user authentication has been setup
  My problem..
  I am landing on the same page for each user 'username.php' when trying to login with any user.
  How to redirect the each registered user go to their own page with their details.
  Kindly help
  sreedhar

• Where can I find User authentication log?

  Hi,
  I am trying to find the log that has User authentication details such as login failed, invalid, success so on.
  I looked at SharedServices_security log. It has fail/success message but it doesn't have User name. It is just saying Anonymous ID.
  Do I have to enable anything on server or is there any other way to pull this kind of info from front-end.
  By the way, we are using EPM 11.1.2.1
  Thanks in advance,
  PM

  You could find the authenrication service log in the format "server_messages_OriginatorType.log"
  which will be under the EPM_ORACLE_INSTANCE/diagnostics/logs/ReportingAnalysis folder.
  You could refer this document for other log details : http://docs.oracle.com/cd/E17236_01/epm.1112/epm_install_troubleshooting_11121.pdf
  Note:You may need to put the log level to trace to get more information.

• User authentication failed when user is locked by system admin

  Hello!
  We have EP 6.0 (SP 18) and ABAP Backed 6.40 (SP21).  UME is connected to the backend system for user managment.
  When we try to log on to EP with a user that is locked by the system admin in the backend, the message shown is "User authentication failed".
  Should it be possible to show a message as "User locked by system admin", for the user to know the reason?
  Thanks in advance and regards!

  Hi,
  We are using SAP EP7 and BW7 SP15. We are getting proper messages in portal when account is locked at BW System.
  Regards
  Baby

• Bypass PEAP user authentication

  Hello.
  We use PEAP/MSCHAPv2 for client AND user authentication. Wireless users and clients will be authenticated by the ACS by asking a ADS usergroup membership. Only authenticated users on authenticated clients should have access to LAN ressources protected by the wlan controller. If the wireless client use the WZC and the logged on user is not a member of the user group he will not be authenticated and blocked by the wlan controller. But if the wireless client use the actual "Intel Wireless Pro Set" AND the user is not a member of the ADS group the ACS drop the user authentication request, but few seconds later the user will have nevertheless access to internal resources.
  In this case I think the user authentication request will not right handled by the ACS so authenticated client will have access through the wlan controller and a not ACS authenticated user will have access to lan ressources by his local cached user credentials.
  Is there a possible security leak or have I a configuration problem?
  Best regards
  Olaf Bachmann

  This is not a security leak but a configuration issue. If the client utility and the ACS, ADS database is correctly configured then you will not see any issues.

• Log In User always fails even when i know that the mysql database is registering the login informati

  ok here is my issue. im setting up a login page for my site. i have my other pages restriced to access without the session validated. i register a test user and when i input the info into the correct fields it redirects back on itself and says accessdenied. i know the registration page is updating my mysql tables but it wont let me log in. also right after i create the server side behaviour i get a syntax error on line 2 and exclamation points next to Log In User plus log in user shows up twice in the behaviours panel. below is the form and php script
  <?php
  @@UrlFormat@@('Connections/tonyreaper.php');
  // *** Start the session
  session_start();
  // *** Validate request to log in to this site.
  $FF_LoginAction = $PHP_SELF;
  if (isset($QUERY_STRING) && $QUERY_STRING!="") $FF_LoginAction .= "?".$QUERY_STRING;
  if (isset($user_name)) {
    $FF_valUsername=$user_name;
    $FF_fldUserAuthorization="";
    $FF_redirectLoginSuccess="index.php";
    $FF_redirectLoginFailed="login.php";
    $FF_rsUser_Source="SELECT user_name, password ";
    if ($FF_fldUserAuthorization != "") $FF_rsUser_Source .= "," . $FF_fldUserAuthorization;
    $FF_rsUser_Source .= " FROM users WHERE user_name='" . $FF_valUsername . "' AND password='" . $password . "'";
    mysql_select_db($database_tonyreaper, $tonyreaper);
    $FF_rsUser=mysql_query($FF_rsUser_Source, $tonyreaper) or die(mysql_error());
    $row_FF_rsUser = mysql_fetch_assoc($FF_rsUser);
    if(mysql_num_rows($FF_rsUser) > 0) {
      // username and password match - this is a valid user
      $MM_Username=$FF_valUsername;
      session_register("MM_Username");
      if ($FF_fldUserAuthorization != "") {
        $MM_UserAuthorization=$row_FF_rsUser[$FF_fldUserAuthorization];
      } else {
        $MM_UserAuthorization="";
      session_register("MM_UserAuthorization");
      if (isset($accessdenied) && false) {
        $FF_redirectLoginSuccess = $accessdenied;
      mysql_free_result($FF_rsUser);
      session_register("FF_login_failed");
  $FF_login_failed = false;
      header ("Location: $FF_redirectLoginSuccess");
      exit;
    mysql_free_result($FF_rsUser);
    session_register("FF_login_failed");
    $FF_login_failed = true;
    header ("Location: $FF_redirectLoginFailed");
    exit;
  ?>
  <form action="<?php echo $FF_LoginAction?>" id="form1" name="form1" method="POST">
         <p> </p>
         <table width="200" border="0">
           <tr>
             <td>Username:</td>
             <td><label for="user_name"></label>
              <input type="text" name="user_name" id="user_name" /></td>
           </tr>
           <tr>
             <td>Password:</td>
             <td><span id="sprypassword1">
             <label for="password"></label>
             <input type="password" name="password" id="password" />
             <span class="passwordRequiredMsg">A value is required.</span><span class="passwordInvalidStrengthMsg">The password must have at least 5 letters and 1 number.</span></span></td>
           </tr>
           <tr>
             <td> </td>
             <td><input type="submit" name="submit" id="submit" value="Log In" /></td>
           </tr>
         </table>
         <p> </p>
       </form>
  im really trying to get this fixed but i am at an utter loss

  The $user_name has not been set, thus the login will always fail.
  Have a look this example http://forums.adobe.com/message/3795422#3795422 where I have used
  if (isset($_POST['user_name'])) {
  Gramps

• New Intel Wireless Pro set let bypass PEAP user authentication

  Hello.
  I have a critical situation. We use PEAP/MSCHAPv2 for client and user authentication. Wireless users and clients will be authenticated by the ACS by asking a ADS usergroup membership. Valid users and clients have access to LAN ressources protected by the wlan controller. If the wireless client use the WZC and the logged on user is not a member of the user group he will not be authenticated and have no access through the wlan controller. But if the wireless client can use the actual "Intel Wireless Pro Set" and the user is not a member of the ADS group the ACS drop the user authentication request. But some seconds later the user will have nevertheless access to internal resources.
  In this case I think the user authentication request will not right handled by the ACS so authenticated client will have access through the wlan controller and a not ACS authenticated user will have access to lan ressources by his local cached user credentials.
  Is there a possible security leak or have I a configuration problem?
  Best regards
  Olaf Bachmann

  Hi irisrios.
  PEAP "Fast Reconect" is disabled on ACS side.
  But in the meantime we made some tests with cisco ACS and nortel wlan controller. If the wlan client use a wireless profile, generated with the Intel Proset (!! full installation incl. andmin tools and pre-logon authentication!!) then a user who is not a member of the wlan user group have access to lan resources.

• Cisco ACS Appliance and Passed Authentication Logs

  I'm seeing something on our ACS appliance logs that looks kind of odd (but it is working fine).
  When I look at the "Passed Authentication" logs, the users seem to show up about 3 time a minute (each). Maybe I am missing something, but this seems like some type of over-reporting.
  Any ideas why this would be happening? I'm probably missing something obvious, but since I'm new to this I can't find the problem.
  Thanks for any suggestions!

  What version of CSACS are you running? Has this just started happening, or was the problem just identified? It could be a performance issue if in fact everything was reauthenticating every 20 sec. Are all your devices showing up, or just wired or wireless? It could be a slight misconfiguration that could be hard to find. If you have the capability, you might want to capture the traffic going to your CSACS server to see if the authentications are actually happening, or like you mentioned...just reporting issues. I ope this helps.

• Performing User authentication with php server

  How to perform user authentication and keep track of logged
  in users ? I have the login form saved in one AIR page. I could do
  an ajax request to authenticate the user. However, how to keep
  track of the user after being logged in, so that when moving to
  other pages, he doesn't need to login again ?

  Hi,
  Cookies work in an Adobe AIR HTML application. You can use
  cookies to track your session.

• Enforce AnyConnect client to do machine authentication when user is logged on

  Hi All,
  I want to use AnyConnect as a supplicant to our corporate WLAN and also use Machine Authentication feature on ACS 5.3.
  Is there a way how to enforce AnyConnect client to do machine authentication when user is logged on? Sometimes can happen, when user just hybernate the computer and do not log off and log on. If they don't do this in some period, then they are not allowed to use WLAN.
  Thanks for your help.
  Regards
  Karel

  The problem appears to be if a user hibernate or ACS is reloaded and machine authentication  timer expired and user need to logout and wait or reboot the machine. After that it authenticates and then user can login again.  Anyconnect 3.1 will allow eap chainging and should be able to address that problem.

• Logging out Users authenticated thru a Directory service froma web app

  I would like to know how to log out users authenticated thru a Glassfish web server to a Directory service can be logged out and their associated session ended on the web app. My application logs in users successfully but it been problematic logging them out. each time i use the Session.Invalidate method and i navigate backward with the browser button, a new session is created and the getPrincipalUser is still available to the page. I would appreciate contributions. thxs.

  it says address already in use.
  another process is using port 7101: java.net.BindException: Address already in use: JVM_Bind.> go to taks manager.. kill any java.exe process and try again.. it should work..

• Need help with external user authentication

  Hello,
  I need some help to set up an external user authentication in Oracle DB 10g. Using the documentation at
  http://www.oracle-base.com/articles/misc/OsAuthentication.php
  I added the user alex to my linux system and checked the parameter os_authent_prefix:
  SQL> show parameter os_authent_prefix
  NAME TYPE VALUE
  os_authent_prefix string ops$
  SQL>
  I created the oracle user alex using
  CREATE USER alex IDENTIFIED EXTERNALLY;
  as well as
  CREATE USER ops$alex IDENTIFIED EXTERNALLY;
  The parameters in the sqlnet.ora are set to
  NAMES.DIRECTORY_PATH = (TNSNAMES, HOSTNAME, EZCONNECT)
  SQLNET.AUTHENTICATION_SERVICES = (ALL)
  Being the local user alex on the linux server I can login:
  $ sqlplus /
  SQL*Plus: Release 10.2.0.1.0 - Production on Tue Aug 30 08:56:26 2011
  Copyright (c) 1982, 2005, Oracle. All rights reserved.
  Connected to:
  Oracle Database 10g Release 10.2.0.1.0 - 64bit Production
  SQL>
  Now using a Windows Client:
  C:\>sqlplus alex@<netservicename>
  SQL*Plus: Release 10.2.0.1.0 - Production on Di Aug 30 10:31:37 2011
  Copyright (c) 1982, 2005, Oracle. All rights reserved.
  Kennwort eingeben:
  ERROR:
  ORA-01017: invalid username/password; logon denied
  - So, what's wrong?
  - Do I always have to create oracle users with the prefix "ops$" to the local username? How do these users login - with or without the prefix 'ops$'?
  - I read that kerberos authentication is only available through oracle advanced security addon. What about authentication through ldap?

  Obviously it doesn't work from any remote system.
  For this to happen the parameter remote_os_authent would have been set to true.
  Warning: this poses a security risk.
  As far as I know you should have been logged in as alex on the client, and using sqlplus /
  However, from 10g onwards Oracle comes with Oracle Wallet, which stores the password encrypted outside the database in a file, called wallet, and which is accessible from anywhere.
  You would better use that.
  Sybrand Bakker
  Senior Oracle DBA

• Read logged in user-works in Delphi7 but not in Delphi 2010

  Hi all
  I have some code I wrote a while back in Delphi 7 - simple program to read a currently logged in user IDs, read available class definitions, read some user attributes - relatively simple stuff. I am now trying to move to Delphi 2010 and the very same code that works on Delphi 7 does NOT work on Delphi 2010. The code was updated to compile and run on Delphi 2010, so it executes with no errors.
  I am using NWDSWhoAmI to get the currently logged in user name and NWDSRead to retrieve user attribute values. On Delphi 7, the code works, all API return "Success" and return correct values. In Delphi 2010, all APIs return "Success" but the code act as if I am not logged in - the username returned is "[Public]" and when I try reading attribute values I get $8884 - RESOLVE SVC FAILED (also may mean I am not authenticated to the NDS tree).
  The environment is XP and Novell Client 4.91 on the workstation, NW6.5 on the server (one sever tree). The code runs under the currently logged in user with full admin rights in the tree and Novell Client configuration on both workstations is identical. Any ideas on how to resolve this would be greatly appreciated.
  Thanks
  Vlad

  Vlad,
  since both Delphi versions go through the same DLLs it must be a difference
  in the code - possibly different variable implementation as 16/32 bit or
  signed/unsigned vars
  It is good practice to use the NWLibrary defined variable types instead of
  native Delphi types.
  I have successfully used the same sources in Delphi 4, 5, 6, and 2010
  Try my old samples:
  http://support.novell.com/techcenter...a20020203.html and my Delphi
  version independent Delphi libraries
  http://developer.novell.com/wiki/index.php/Delphi-units
  Wolfgang
  "vladh" <[email protected]> wrote in message
  news:[email protected]...
  >
  > Hi all
  > I have some code I wrote a while back in Delphi 7 - simple program to
  > read a currently logged in user IDs, read available class definitions,
  > read some user attributes - relatively simple stuff. I am now trying to
  > move to Delphi 2010 and the very same code that works on Delphi 7 does
  > NOT work on Delphi 2010. The code was updated to compile and run on
  > Delphi 2010, so it executes with no errors.
  > I am using NWDSWhoAmI to get the currently logged in user name and
  > NWDSRead to retrieve user attribute values. On Delphi 7, the code works,
  > all API return "Success" and return correct values. In Delphi 2010, all
  > APIs return "Success" but the code act as if I am not logged in - the
  > username returned is "[Public]" and when I try reading attribute values
  > I get $8884 - RESOLVE SVC FAILED (also may mean I am not authenticated
  > to the NDS tree).
  > The environment is XP and Novell Client 4.91 on the workstation, NW6.5
  > on the server (one sever tree). The code runs under the currently logged
  > in user with full admin rights in the tree and Novell Client
  > configuration on both workstations is identical. Any ideas on how to
  > resolve this would be greatly appreciated.
  > Thanks
  > Vlad
  >
  >
  > --
  > vladh
  > ------------------------------------------------------------------------
  > vladh's Profile: http://forums.novell.com/member.php?userid=84546
  > View this thread: http://forums.novell.com/showthread.php?t=422167
  >

• Dreamweaver Server Bahavior, User Authentication, Logout User Problem

  Hi! I want to add a 'logout user' functionality to the PHP
  page using Server Behavior, User Authentication, Logout User option
  in Dreamweaver CS3.
  I highlight the text, Logout, then clicked on the above
  mentioned option and I get an error message:
  While executing onLoad in Log Out User.htm, the following
  JavaScript error(s) occurred:
  At line 603 of file "C:\Program Files\Adobe\Adobe Dreamweaver
  CS3\Configuration\Shared\Controls\Script\TagMenu.js": The object is
  not currently contained in a document.
  In the Log Out User form, the "link clicked" is blank and
  "when done" is not selectable.
  Can anyone help me out? Thanks!

  Hi! I'm not using Javascript. I'm using PHP to log in and log
  out a user. The log in implementation works fine. It's the log out
  that is giving me problems.
  Below is the code:
  <?php
  if (!isset($_SESSION)) {
  session_start();
  $MM_authorizedUsers = "admin";
  $MM_donotCheckaccess = "false";
  // *** Restrict Access To Page: Grant or deny access to this
  page
  function isAuthorized($strUsers, $strGroups, $UserName,
  $UserGroup) {
  // For security, start by assuming the visitor is NOT
  authorized.
  $isValid = False;
  // When a visitor has logged into this site, the Session
  variable MM_Username set equal to their username.
  // Therefore, we know that a user is NOT logged in if that
  Session variable is blank.
  if (!empty($UserName)) {
  // Besides being logged in, you may restrict access to only
  certain users based on an ID established when they login.
  // Parse the strings into arrays.
  $arrUsers = Explode(",", $strUsers);
  $arrGroups = Explode(",", $strGroups);
  if (in_array($UserName, $arrUsers)) {
  $isValid = true;
  // Or, you may restrict access to only certain users based
  on their username.
  if (in_array($UserGroup, $arrGroups)) {
  $isValid = true;
  if (($strUsers == "") && false) {
  $isValid = true;
  return $isValid;
  $MM_restrictGoTo = "denied.html";
  if (!((isset($_SESSION['MM_Username'])) &&
  (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'],
  $_SESSION['MM_UserGroup'])))) {
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING)
  > 0)
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar .
  "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo);
  exit;
  ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
  Transitional//EN" "
  http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="
  http://www.w3.org/1999/xhtml"><!--
  InstanceBegin template="../Templates/admin.dwt"
  codeOutsideHTMLIsLocked="false" -->
  <head>
  <meta http-equiv="Content-Type" content="text/html;
  charset=utf-8" />
  <!-- InstanceBeginEditable name="doctitle" -->
  <title>Admin</title>
  <!-- InstanceEndEditable -->
  <!-- InstanceBeginEditable name="head" -->
  <!-- InstanceEndEditable -->
  <link href="../twoColFixLtHdr.css" rel="stylesheet"
  type="text/css" />
  <!--[if IE 5]>
  <style type="text/css">
  /* place css box model fixes for IE 5* in this conditional
  comment */
  .twoColFixLtHdr #sidebar1 { width: 230px; }
  </style>
  <![endif]--><!--[if IE]>
  <style type="text/css">
  /* place css fixes for all versions of IE in this conditional
  comment */
  .twoColFixLtHdr #sidebar1 { padding-top: 30px; }
  .twoColFixLtHdr #mainContent { zoom: 1; }
  /* the above proprietary zoom property gives IE the hasLayout
  it needs to avoid several bugs */
  </style>
  <![endif]--><style type="text/css">
  <!--
  body,td,th {
  color: #000000;
  body {
  background-color: #990000;
  .style1 {color: #FFFF00}
  -->
  </style></head>
  <body class="twoColFixLtHdr">
  <div id="container">
  <div id="header">
  <h1 class="style1">Welcome to EMART</h1>
  <!-- end #header --></div>
  <!-- InstanceBeginEditable name="EditRegion4" -->
  <div id="sidebar1">
  <h3 class="style1">Emart</h3>
  <ul type="square">
  <li><a href="../index.php"
  class="style1">Home</a> </li>
  <li><a href="admin.php"
  class="style1">Admin</a> </li>
  <li><a href="add_product.php" class="style1">Add
  Product</a> </li>
  <li><a href="edit_product.php"
  class="style1">Edit Product</a> </li>
  <li><a href="delete_product.php"
  class="style1">Delete Product</a> </li>
  <li>Logout</li>
  </ul>
  <p> </p>
  <!-- end #sidebar1 -->
  </div>
  <!-- InstanceEndEditable --><!--
  InstanceBeginEditable name="EditRegion3" -->
  <div id="mainContent">
  <h1>Admin</h1>
  <p>
  <!-- end #mainContent -->Logout</p>
  <p>  </p>
  </div>
  <!-- InstanceEndEditable -->
  <!-- This clearing element should immediately follow the
  #mainContent div in order to force the #container div to contain
  all child floats --><br class="clearfloat" />
  <div id="footer">
  <p>&copy; 2008<!-- end #footer -->
  </p>
  </div>
  <!-- end #container --></div>
  </body>
  <!-- InstanceEnd --></html>

• Dreamweaver User Authentication

  Im using dreamweaver cs4, and I've connected it to a database which is Wampserver 2.1 using PHP
  when i put the server behavior/user authentication/login/ I succesfully make it, but when I test the page, it says, an the connection to localhost was interrupted, help me pls

  First, try to make that page come up again, click on Apache-->Apache Error Log.  Look to that time for the Apache error.  Also open PHP.ini from the system tray icon and make sure that "error_reporting" is set to "error_reporting = E_ALL ".  That "error_reporting" should come up 2x in the search, the first is the instructions and the 2nd is the live command turning on error reporting if it is not already on.  Then we are going to need to see the source code and the error from the log in order to help you.