this is nice! i really wanted to learn how to do this!

Cool stuff, what about a brute force protection, like vanishing the user according with the ip for 20 minutes if the password it’s wrong and he tried more than 5 times?

Can’t wait for Part 2!

This was helpful, I can’t wait to see the followup tutorial.

very nice tutorial. and you covered prepared statements. awesome!

Prepared statements are great. PDO is better though

Wow… this tutorial covered a lot.

Do you guys always used prepared statements or every use the standard:

$query = “”;
mysql_query($query);

@Brenelz – It’s not always appropriate to use prepared statements. Sometimes, it can actually be MORE taxing.

But more than anything, prepared statements greatly reduce the risk of SQL injection.

Also why use mysql when you can use mysqli? Still using PHP4?

thanx very much! I’ve just start creating login system for one of my sites

Jeff, You simply ROCK! I’m looking forward to the followup tutorial. Thank you so much for doing this.

Jeff,
I had the same problem with Dreamweaver entering the tag when going to a new line. It’s because you’re holding down shift when pressing enter. + is the shortcut for entering a tag. Took me a little while to realize what I was doing, but learning a new shortcut is always a good thing.

@Jeffery Way

Loved that you took an OO approach to this. I have a good knowledge of how to create classes in PHP but find it tough sometimes to write code so generic. For a programmer like me… Code re-use means making more money!

BTW, That JavaScript in Dreamweaver is awful, and I don’t have a solution. Hopefully someone knows why… :p

Sorry, I meant break tag, I entered an actual tag forgetting it would take.

That Was Great I wonder If we had couple of sessions created in the system , and we wanted to remove one of them so we session_destroy , we destroy it no problem but what about the Cookie which You set that to the past , is this cookie for all of our sessions or for a specific one .
I’m just confused

Hey, Jeff, thanks for another great screencast! Waiting for part 2! Good luck.

Hi, i thought about this php/dreamweaver weird curly braces behavior, and maybe that’s because dreamweaver is expecting you to use the following syntax :

if ( a==b)
{
do stuff;
}

damn, whitespace not showing


if ( a==b)
{
do stuff;
}

Wow! Another Login system. I love login systems! BTW, you should also add the conversion of string to SHA1 checksum and store it in the SQL database and then verify the login password with the SHA1 checksum.

Building an authentication system for a website is generally overlooked as just getting a password attached to the username. Then most developers realize a need for what to do in the case of a forgotten password and implement that. And maybe protect this with a secret question/answer that can be set up. Then perhaps they worry about brute force attacks, and try to devise a way to implement some more security.

In the end, there will be any security issues that need to be decided at each point. For example, with the forgotten password area… Should a new password be e-mail to the user in plain text or should they just be able to reset their password? Can users edit their secret question/answer?

Then there is the issue of protecting your users against phishing attacks.

What I’m trying to say is that, even for a “simple” website, it is quite demanding to be a responsible website and protect the user from abuse. By implementing OpenID, they will source out the authentication system to a provider that has experience with these issues and provide multiple proven methods to protect their users. I think it would be very worthwhile for anyone interested in a login system to consider the advantages of using OpenID.

I would like to have access to the top secret launch codes if it is not too much to ask Jeff. Thanks much!

Great tut! I would like to see in the future the use of MySQLi (more extensive) because you use a lot this and to many people only know the classic method.

Thanks for you tutorials!

Looking forwards for the other part ! Good job !

maybe u could add ajax to the login system.

Jeff obviously dosn’t sleep… nice work – what a great tut!

i haven’t done a login system for my new website, yet but i’m sure this will come in handy.

thanks1

I’m still waiting for part 2 of the photo site tutorial although this was pretty cool. always love the awesome work you guys do. thanks a lot.

nice tutorial.. m gonna use it soon … thnx for sharing …

You are using Windows 7 right?

Do your program work OK on it?

I agree with my previous speaker: very useful! I’ll be using it soon.

wow….. nice and simple tut

Excellent stuff. This is something that I know I will need in the future.

Just what I need!!

Thanks Jeff!

Brilliant. A nice and detailed walk through of a sometimes tricky topic. Thank you. Can’t wait for part 2. : )

I’ve been wanting to expand my knowledge with prepared statements. I heard they were a lot faster, because database doesn’t have to interpret the same SQL over and over again.

Thanks!

a very useful tutorial. thanks Jeff!

thx one more time, JW!
i don’t know how to do this and i’m really not into database stuffs.. but, i hope i learn one day. .^^

Much appreciated

Thanks Jeff, u are the best….

If it is a very simple website, ten lines of code in your ASP.net web config and you are done. Right out of the box, it includes a timeout feature and a referrer redirect so when you log back in after being timed out, it takes you back to the page you were on when you were timed out.

.Net also has some super easy to use controls that allows for registration, roles and permissions, forgot password and login status.

This site seems to be mainly focused on PHP, which is a shame because .Net is extremely powerful and has some really easy to use, rich functionality right out of the box.

How do prepared statements protect from sql injection anymore than using mysql_real_escape_string()?

It’s called Mysql Improved, but it seems like you’re writing more to do the exact same thing you would with just plain old mysql.

Can you explain how this actually benefits the programmer? So far it just seems like a more complicated way of doing things.

I’ve also had problems with CS4 with it indenting my code by a stupid amount, but it has seemed to have fixed itself.

Also, Dreamweaver plays up on its syntax highlighting when you open a PHP-only page which doesn’t have a close tag (very annoying when using CodeIgniter!).

Nice. I don’t normally see login tutorials that include the use of prepared statements. Interesting.

Part 2 ought to contain OpenID support.

Great job !

@Tip: If you use another programming language, ‘->’ in pHP is the ‘.’ in others like C# …

One thing i couldn’t figure out is why we are removing a cookie if we haven’t set any ?

Great cast!

though i think you could have dropped the “how to make a 2 input and submit button form”… would have shortened it by almost 15 mins…

@Bill

We have set a cookie, just not directly. The function session_start() creates a cookie and stores the session id in there. Even if we close the session, that doesn’t exactly delete the cookie. I believe that is why Jeff was doing it manually.

I love this website. Better than any book.

Question though (it might be answered – I haven’t watched the whole video):

Doesn’t PHP auto time out a session? Is setting a time out critically important? If so, I’ve got a few sites to fix.

Thank you very much for this, can’t wait for part deux!

Jeff,

Great screencast, still watching. With your gripe about DreamWeaver not setting your indented tag correctly it actually is because your if statement was missing some closing parentheses and so Dreamweaver was not sure where your starting bracket was.

OK, now on with the rest of the show

I’m getting this error:

Parse error: syntax error, unexpected T_STRING, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or ‘}’ in /var/www/login3/classes/Mysql.php on line 6

Why?!?

Don’t forget, the label “for” attribute should point to the -ID- of the form element, not the name. (This makes it so you can click on the label to focus the form input)

Great stuff and I’m sure it would make a lot more sense if I understood PHP.

I’m also following Jeff’s Diving into PHP screencasts over at Themeforest, but can anyone suggest a good book(s) about beginning with PHP for someone with no programming experience? I know html and css but many books assume a background in one form of programming or another.

thanks for the tutorial. it was great to see a real class being developed as i am starting to delve into OOP in PHP.

Also, the tag, gets added if you hold CTRL and press enter. You can change it in the shortcuts.

Cool tutorial

@jon – “PHP Solutions” is the best one I’ve found so far.

Your tutorials are awesome! They are exactly what I need! Thank you

Any chance some of these screencasts can be covered as a normal text/picture tutorial? My home connection is to slow to load these videos, and I try to avoid streaming videos at work as much as possible since our business is online based. Don’t want to be selfish and steal the bandwidth reserved for our clients.

Thanks! I’m currently enjoying the jQuery for Absolute Beginners series, at least those are nice and short so I can watch at home.

@jon – I read through PHP & MySQL For Dummies and found it to be worthwhile. The examples in it aren’t always tailored to what you may want to use the languages for, but they give you the jist of the possibilities. And it doesn’t assume you have any previous programming experience (hence the For Dummies).

Cheers!

Thanks very much for this tutorial Jeff.

Really really helpful.

@Aliaspanther – Normally, a text tutorial would be included with the screencast. But I covered so much in this series that it would taken a REALLY long time to create a written tutorial as well.

If you have ITUNES installed, do a search for NETTUTS. That way, you can download the video and view it anytime you like!

@Jeffrey – Wow, I love your screencasts! I have been learning so much from watching your work process. I really appreciate all the work you put into Nettuts. I visit every day anxious to learn more!

Thank you!

Cool, I really needed this

A tip to all of you saying that putting opening “{” at the same line as the statement or beneath it is the same thing, is totally wrong. If you ever get into “real” programming such as C, C++ or any other heavier language, you will learn the hardway that putting the opening tag will screw up your debugging. A good practise is ALWAYS put the opening beneath… like:
function()
{
}
If it was jQuery for example… Also you will most likely get turned down at a professional interview So use it beneath!

This is just a test envato – please remove the comment after!

Robert
January 30th

A tip to all of you saying that putting opening “{” at the same line as the statement or beneath it is the same thing, is totally wrong. If you ever get into “real” programming such as C, C++ or any other heavier language, you will learn the hardway tha

@Noam – I agree somewhat. But that’s the great thing about the videos. If you’re advanced enough, you can simply fast forward a few minutes.

dude…. windows? really?

Unless I missed a modified idiom, don’t you mean “I bit off more than I could “chew”

@ms – Hah. Whoops.

@dude – These comments always make me laugh. Yes Windows…really. I think that both Mac and Windows should be used.

I keep waiting for the day when I receive a knock on my door from people preaching about the “word of Mac”. It reminds me of being ten years old and arguing at the school lunch table about whether Nintendo or Sega was better.

Nevertheless, I do love…and use both.

–

P.S. For the record, I picked Nintendo.

Cool tutorial

@Neil you are correct but Open source rox, than paid solutions. still what u re talking about ABC solution, they simply in to marketing and getting money as much they want.

but Open source for every one!, you, me , Beginner, advance user bla bla, i don’t don’t think there is a shameless, that because of avoiding a paid technology

@Jeffrey Way – thank you for listing for my comments, continue with OOP

so far as a beginner i have catchup approximately 70%, i guess once more i gotta watch it as you said

Hey Jeff, great tut!

Regarding your problem with Dreamweaver that doesn’t indent your line correctly – it’s simply because you had a mistake in your if statement. It’s some kind of warning that Dreamweaver gives ya!

Anyway to download the tutorial without itunes?

@trex279 why cant u use real player, it has a capturing feature, but slow :S

Awesome stuff!

Thank you for taking the time to get people started with web site log-in systems. As pointed out in some of the other comments, there’s always so much more you COULD do to protect your web site.

Cross-site scripting (XSS) is another weird but potentially harmful issue that I would love to see covered in any potential follow-up tutorials.

Again, keep up the good work.

@Neil – Dear friend, please use whatever technology you like but don’t say “Shame”. A bad developer do nothing but preaching the pros of the technology he THINKS he likes, a good developer is always open minded just like any artist who tries to express his thinking via any form of expression. And this is it: Todays web uses oepn standards and 100% of my production (freelance scripting, graphic design) is done with 100% opensource software and my clients are just happy with the results; and I’m happy

@all: I just want to say to everybody here: There are no limitations in the Web industry, and if any; they are just in your imagination.

@Jeff: nice swing Jeff

Thank You Jeffrey

I’m was wondering why you didn’t close the PHP tags at the end of the files (eg. constants.php). Also, require_once() is very slow. Might I suggest a config.php file?

@Vasili – True – require_once() is slower; but is sometimes necessary.

In reference to the constants.php file, there’s no need for a closing php tag.

Lol! I think its epic when you kept saying “or die” lol i love the way you say it!

Also very very good tut, Thank you very much

Nice tutorial. Mind not using the green border when zooming in next time? You can disable it in Camtasia’s preferences.

Adding a salt and using SHA1 or better would make it much more secure. MD5 was broken years ago.

Cool tutorial! cant wait for part 2

@David Singer

Doesn’t Wordpress use MD5? If it does and MD5 has been cracked then im worried :0

YES Jeffrey, Nintendo was always better than Sega in my book…. ha ha

@David – Yeah, I agree. We’ll be adding a salt in part 2.

Great tutorial.

@Jeffery: Sega is better. Kidding, kidding, lol.

MD5 has been broken, but most online Reverse MD5 hash lookup scripts simple crumble at the first sight of a non dictionary based password.

We actually bought an old SNES from ebay a couple years back and I failed my degree in construction solely because of mario kart and mortal combat.

Now I’m studying multimedia. Mario saved me so Nintendo is best!

Hello, How do I fix this error?

“Parse error: syntax error, unexpected T_STRING, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or ‘}’ in /nfs/c03/h04/mnt/57407/domains/login.dcwatts.com/html/classes/Mysql.php on line 6″

There must be something wrong with my server setup (MAMP). Both the site I created from the tutorial and the downloaded tutorial site files both show me the index.php page after I log out with these errors:

===============================
Notice: Undefined index: status in /Applications/MAMP/htdocs/login/membershipSite/classes/Membership.php on line 30

Warning: Cannot modify header information – headers already sent by (output started at /Applications/MAMP/htdocs/login/membershipSite/classes/Membership.php:30) in /Applications/MAMP/htdocs/login/membershipSite/classes/Membership.php on line 30
===============================

Everything works fine until I get to this point.

So I switched to my regular system server and everything worked just fine. Although not part of the tutorial any ideas as to why a MAMP setup wouldn’t work and the system setup does?

@RealToughCookie

Yes WordPress does, and they get a lot of shit for it it. I think the only reason they don’t change it is backwards compatibility.

This is how you should do it:
SELECT user_id, username, password_hash, salt FROM users WHERE username = :username LIMIT 1

if (hash(’sha256′, $password . $salt) == $password_hash) {
// ok
} else {
// not ok
}

@Christian – I had the same problem and found a way to fix it. Go to

MAMP > conf > php5 > php.ini

Find output_buffering and change it to a number, such as 4096 like it suggests. This will fix your problem.

@Christian – Also don’t forget to reset the server before you try again.

Your also missing a call to: session_regenerate_id()

Without this in your code its very simple to steel someones session/login to their account. See http://en.wikipedia.org/wiki/Session_fixation

For part 2:
public function isSsl() { return isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == ‘on’; }

Will determine if your running SSL or not. Then you can force people to use SSL with this:
public function forceSsl() {
if (PRODUCTION) {
if (!$this->isSsl()) {
$url = ‘https://’ . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$this->redirect($url);
exit(0);
} else {
return true;
}
} else {
// only use SSL in production
return true;
}
}

Also while relative URL’s may work sometimes they are not allowed in HTTP/1.1. See: http://us.php.net/header

More part 2 ideas:

Create an interface class for the database. Then do

class Mysql implements InterfaceDb {}

Then
class Db extends Mysql {}

That way in your Membership class you can make calls to Db rather than Mysql. Should anyone want to use your code with another database (say PostgreSQL) then all they would have to do is write

class Posgressql implements InterfaceDb {
// implement the methods
}

Then change:
class Db extends Posgressql {}

This would make your code much more portable.

Also much of the database class can/should be static as it can be beneficial to use one database connection across many other objects. If in the future you created other classes say User, Group, Account, etc they could all share a database connection.

Great tut!

I keep getting this error:

Warning: main(Mysql.php): failed to open stream: No such file or directory in /home/content/b/e/m/bemarketing215/html/classes/Membership.php on line 3

Warning: main(Mysql.php): failed to open stream: No such file or directory in /home/content/b/e/m/bemarketing215/html/classes/Membership.php on line 3

Fatal error: main(): Failed opening required ‘Mysql.php’ (include_path=’.:/usr/local/lib/php’) in /home/content/b/e/m/bemarketing215/html/classes/Membership.php on line 3

Please help!

Awesome Tutorial!!!!
Though “one-hour” seemed a bit scary at first, it’s worth “a whole month”
Cant wait to see the next tutorial, like creating a form to add info to database or stuff or so.

@Keith – Hey, thanks a lot! That did the trick. And how in the heck did you figure that one out?

Multiple google searches and passing through articles and forum posting. I don’t remember exactly where it was.

@Jeffery Way

Can you confirm if this login system is suitable and secure enough for a business environment. I want to use a login system on our company’s site so share files with my colleges.

Is this right for me?

The tag comes because you press shift+enter

Great tutorial though…continue with OOP

Thanks

Great tutorial. Suggestions for the next part:

- adding salt (as others mentioned)
- protecting the login from from a dictionary attack (by increasing the response time for it to load based on #attempts)
- checking the source of the post (so that no remote script is doing automated posts)
- UTF8 support/checks

I know these are kind of advanced topics, but none that can be skipped if people actually build their custom login forms and expose them on the webs.

Jeff, you are great!
What a great tutorial! It beats those from lynda.com hands down!
What a great introduction to OOP!!!!!!
Please don’t stop you work!

I see that you use functions like so: function authenticate($un, $pwd){ } But I use them like so: function authenticate(){ $un = $_POST['un'] }
This always seems to work, dragging the $_POST value from the other page. Is one method better than another, or am I just being lazy?

@Wassim – I wasn’t preaching ASP.net, PHP is a great language, BUT so is .Net. And while PHP is covered in this blog quite frequently, ASP.net is not. I was simply voicing my opinion, and as a daily reader of this blog, I would love to see some more articles on ASP.net.

This works on my home server setup just not on my paid hosted setup at Siteground.

I can enter a correct username/password and it will still popup the incorrect username/password box.

Must be a setting in there PHP setup.

@Nei – I agree with you. I personally love ASP.NET. Don’t worry – we have a bunch of .NET screencasts coming in February. Stay tuned.

Thank you so much , this is exactly what I’m currently working on and will benefit of a great benefit.

@chris did you configure the mysql database and import all the data?

I use MAMP (http://www.mamp.info/en/index.php) on OSX. Can anyone let me know how to turn on debugging for PHP? When there is an php error I just get a blank page.

@Saeed:

Yes, the database exists with the same values as the one on my home server. The only code I modified was the constants.php to match up to the new MySQL values on my hosted site.

For the people getting this error: Parse error: syntax error, unexpected T_STRING, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or ‘}’ in /var/www/login3/classes/Mysql.php on line 6

Make sure that you are running PHP5 and not PHP4 on you server.

Zeke, You can view your errors in Applications/MAMP/logs/php_error.log

@Zeke use Xamp for OSX ,put the contents of your file in a folder in the htdocs.

@Chris that seems odd ,check for typos or whitespaces.

Extremely useful tutorial, thanks! This will definitely come in handy for a few projects I have lined up.

I have to agree with Stephen Coley. Why fatten your code to protect against sql injection when php’s mysql_real_escape_string() is probably a better option, especially for small applications. Look at Example No. 1 on this page:

http://us3.php.net/manual/en/function.mysql-real-escape-string.php

That’s a beautiful example of an injection-safe query.

@christian @Keith Walter
somehow enabling output buffering on php.ini didn’t work for me so I added ob_start(); and ob_end_flush(); , works great now, any idea why?

looks like this now

function confirm_Member() {
session_start();
ob_start(); if($_SESSION['status'] !=’authorized’) header(”location: login.php”);ob_end_flush();
}

btw, thanks @David Singer for the the ssl protection, i feel safe…er

I am using the same present usage of mysqli in an small application I’m building, but the use of bind_params method returns an error :

Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of variables doesn’t match number of parameters in prepared statement [...]

I think I declared it the right way though :

$statement->bind_param(’iss’, $id, $name, $filename);
$statement->execute();
while ($data = $statement->fetch())
{
return $data;
}

Indeed, the id is properly declared as an integer, then two variables $name and $filename declared as strings… There shouldn’t be an error right? I’m running the script on a local WAMP machine which runs the latest version of php, with the php_mysqli module activated…

This is driving me crazy! I might come back to good ol mysql_connect()…

Did anyone encountered the same problem?

Chears everyone, and thanks a lot Jeffrey for the awesome screencast!

Uhh i’m looking forward to the .NET screencasts Jeffrey
I have always wanted to lear .NET, so this will be great.

About this screencast: Super work, thouhg I am not that great at OOP. Could you make a screencast about OOP in PHP, for beginners , as well in the future?

@Jeffrey Way, looking forward to them – thanks for the heads up

ahh i missed the “L” from my name haha

@Saeed: I’m guessing the only place I could be making a mistake is the constants.php file since that’s the only file I’m editing. Although, I must be making the connection to the database because I’m not getting the DIE message.

Is there anyway to see what’s being passed using Firebug? I know in jQuery its console.log, is there a similar command for PHP?

@Chris you can install FirePHP for firebug and give that a try.

@Ben – It’s because the number of parameters doesn’t match your query.

Can you paste in your query? Is it different from the one I used?

I’ve liked it . But it has some code that could be better implemented.

@Zeke: Had the same problem a few days ago. You can fix it by going to your MAMP Folder and open the php.ini file in the folder “conf/php5″ or “conf/php4″ depeding on what version you are using. Then search for “display_errors = Off” and turn it “On”. After this you need to restart the server.

Fantastic Tutorial, Jeff! I just got started with PHP two weeks ago and your screencasts got me started very quick. Thank you so much.

@Saeed:
Its looking like it gets to the membership.php spot but its not actually querying the database or connecting at all..sort of like its bypassing it completely. So its only spitting out the response since $ensure_credentials is never being set. Wonder if there’s an extension that’s not loaded or something. Its PHP5.2.5 so I’d imagine it should work.

I can total omit the constants.php and not even fill in any database stuff or I can hard code everything and it doesn’t work either way. I’ve tried using a form method of GET so I can see the values being passed in the query string and everything is being sent through the form just fine.

Nice Tutorial. Maybe on the next one you can talk about ACL.

Hi Guys,

Getting a problem with this one if anyone can help out.

My Ensure Credentials is not coming back true,

Changes I have made include mysql.php

$query = “SELECT *
FROM permissions
WHERE username = $un AND passwd = $pwd
LIMIT 1″;

And Setting my database connection in the constants.php file.

Code is obviously getting stuck at this line in in mysql.php

if($stmt = $this->conn->prepare($query)) {

Looks like miy problem is exactly same as Chris’s 2 posts up as same version og PHP etc.

Matthew – You’re using prepared statements, yet you aren’t using “?” for your query.

“…WHERE username = ? AND passwd=?

Then bind the parameters to pass $un, and $pwd.

Hi Jeff,

Thanks mate figured that out not long after.

Thanks so much for the quick reply and looking forward to your next article

very nice tutorial thanks jeff

when will part 2 be out?

will their be a registration script to go with this?

Some one please answer

seriously looking forward to part 2!

many thanks

It must be a CS4 problem because I have never had the problem with CS3 and before….

I use Coda or Text Mate now for PHP style coding. I would use windows if they had these programs for windows computers.

Jeff,

Thanks for this tutorial. WOOF! I learned from this.

Cheers for this great tutorial,
I want to make a development, I would like to display the users first name on the members page (i.e. Welcome Chris). I have created two new columns in the database (FirstName, Surname). I understand that i will need to implement a new function in Mysql.php, but how do I create the query. Do I need to add more data to the session (i.e. ID)? If so how do I get the database to return that to the session when a User logs in.
I know this is a little Detailed, but this tutorial has given me a hunger to get coding and create something special!

I’m Looking forward to part 2!

Outstanding job as always Jeffrey. I will be studying this over and over again. Thanks for the great work you are doing for the community and for taking the time to share you knowledge. Tis very much appreciated! This site is terrific!

What I was looking for.. Thanks!

Very nice tutorial.

But, this is not working the same with me. So please send orginal code if you can.

Thanks.

TANKS

it’s really good to know it!

thanks

Hello to all,

First off Jeffery, really nice tutorial, really what i was looking for.

Im trying to implement the system on my project, but im getting this error after i put my pass and user on the form…

Fatal error: Class ‘mysqli’ not found in /home/rotary/public_html/2008-09/2009-2010/d1960/classes/Mysql.php on line 9

Anyone can give me some lights? i created the DB and all the fields and stated on the tutorial.

Some help would be nice,

Tks in advance,a nd keep up the good work Jeffrey.

Hi JW,

i tried to upload the script on my webspace. Locally it works fine, but online i get always the “incorrect username/password” message.

I think the function mysql->fetch() returns always NULL and i don’t know why. Do you have any solution?

Thank you very much.

@Rui: Do you have the MySqli extension enabled?

A typo. The function i was referring to is $stmt->fetch()

great tutorial, but im getting the error message

Warning: mysqli::mysqli() [mysqli.mysqli]: (28000/1045): Access denied for user ‘username’@'localhost’ (using password: YES) in C:\wamp\www\membershipSite\classes\Mysql.php on line 9

Warning: mysqli::prepare() [mysqli.prepare]: Couldn’t fetch mysqli in C:\wamp\www\membershipSite\classes\Mysql.php on line 20

Does anyone know how to fix this?

@Alessandro,

I’m still having that same problem as well. I posted a while ago about that..I dont see any differences between my setup and my web hosts.

I’d like to know if there is something that may need to be enabled on the web host.

i can’t open every flash on this site.i dont know what should i do

Hello, iv(ve got the same problem as unclebob…
Any idea ?

Thanks

Hey can someone please help me!

I keep getting this fatal error:Call to a member function on a non-object in line 20

This is the code. I did change line 6 to “var”

conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or
die(’There was a problem connecting to the database.’);
}

function verify_Username_and_Pass($un, $pwd) {

$query = “SELECT *
FROM users
WHERE username = ? AND password = ?
LIMIT 1″;

if($stmt = $this->conn->prepare($query)) {
$stmt->bind_param(’ss’, $un, $pwd);
$stmt->execute();

if($stmt->fetch()) {
$stmt->close();
return true;
}
}

}
Can someone please help me out!!!!

brandon

I keep getting that same problem. its weird though it was working the first time i tried it, and it the script works perfectly when i use it on my server, but when i go on another server(godaddy) it gives me this error. I two had to change private to var for it to work in godaddy

when your adding the userrname and password as constants, you use a predefined username of Jeffery_Way and a password of nettuts, since im new to this I don’t know where they are set. You tutorials are great, and im hoping to use this, but since i am having problems with the login password that you set it will not work yet.

Thanks, i havnt completed it but its helping ALOT :]

Very useful, works perfectly. HTML I’ve pretty much masterd, but PHP always had scared me, this was a great introduction to it and I have learnt a lot about it, thank you.

@Jeff Still desperately waiting for part 2 of this screencast. Tried to get my head around sessions myself but being a php-newbie this ended not the way I wanted it to. Can you tell when part 2 will be online? Anyway, keep up your great work. I always enjoy your tutorials. Thank you.

Great tutorial. Also curious when the next part will be put up! Thanks for all your work!

Great.

Just what I need!

Thanks Jeff!

can you suggest how to setup this script and serve different pages to people once they are logged in?

is there an automated way to setup the program to redirect directly to the user’s page? right since i am using a login system for a small group of people, i manually edit the code each time i need to add a new user and do an if statement against the usernames to serve specific pages. although if someone is logged in and guesses another person’s username, they could jump to someone else’s page.

help!

was wondering if you could show more on how to implement this into a existing site.. looking to password protect for e commerce and was not all that familiar with php. scripting. and this video was very help full. also do you have any recommendations for how to find a good online free data base for php. user name and password storage.

Jeff,
Very nice…implementation went smoothly…When will part 2 come out?

Awesome tutorial, I am really anxious to see part 2!

Part 2 Pleaseeeeeeeeeeeeeeeee!

kkkkkkkkooooooooool!!

Nice tut, having a little problem. I copied everything line by line and my function verify_username_and_pass always returns false. It never even tries to execute my sql statment. Any suggestions?

This is simply amazing, im going to dive deeper into PHP now, thanks to you!!

This tutorial really rocks. Can’t wait for part 2 include the CSS tutorial too.

the For attribute of the tag doesn’t refer to the name attribute of an input element, but rather the ID attribute..

eg UserName:

more info: http://www.w3schools.com/tags/tag_label.asp

Hello all,
pleasure to write to you ,Can i develop that login without using database but by simply using text file and if yes how could it be done?
Thank you for time and consideration

Very useful tutorial. THX

Cheers

is there going to be part 2 to this

just another user waiting for part 2 any release date penned?

WTB Part 2. Paying +2 Karma.

hey do you know when you will bring out part two?:)
really wanna know how to do a lot of extra things

do you think you will be able to show people how to make a forum ? like adding comments that add onto our domain space database? that would be a really cool tut!

by the way sorry, how do you add your database made in phpmyadmin, to your domain? along with the Other files ?

its really confused me :Si know how to add them i just dont know how to with the phpmyadmin database LOL!

someone please help would be appreciated!

how can I get more information or updates to this post/code?

Nice tut. I’m waiting for Part2 too.

This was a great Tutorial. It was also a nice and simple intro to class based OOP programming. I’m longing for part 2.

Well,why i enter a valid username and password,but it seems that i can’t log in.why?
i had followed the way,but still cannot successfully make a perfet login system,who can help me?
you can refer to http://www.elathy.com/membershipsite to focus on my problem,thanks.

sorry,it’s http://www.leathy.com/membershipsite

This tutorial is a bomb. But I wonder where mysqli and the $this->conn->prepare() is from. Anyway this one really is great

which capture software are you using to capture this its looks professional
good tutorial

Hey, I am having some problems… dunno why, I followed your video and tried your actual files, all to no avail… I have SQL 5.0.67-community and It comes up with the error:

Fatal error: Class ‘mysqli’ not found in /classes/Mysql.php on line 9

Please help!

hi guys could someone give me a little help to make it works:
when i click on login button it doesn’t take me anywhere but when i try to enter a random username and password it return the error message .
here is my files i haven’t a nother solution so i uploaded them to rapidshare.
http://rapidshare.com/files/223755870/membership.rar.html
thank’s jeffrey
thank’s guys

A little off-topc, but I am really curious how you got that sidebar on the left of your screen? Did you use some software to install that sidebar? If yes, which?

Thanks,

Buco

awsome

wher’s part2?

it’s not working for me in MAMP.

It let’s me see the secret launch code lol

I think for some reason it’s not destroying the session or not redirecting…

Anyone else with the same problem???

found out why i had this:
if(isset($_SESSION['status']) && $_SESSION['status'] != ‘authorized’){
header(”location: login.php”);
}

should have had this

if(isset($_SESSION['status']) != ‘authorized’){
header(”location: login.php”);
}

I tried to be cool and check if the session was set but I screwed it up. why would the first notation work though?

Hey Guys ,

getting error called “call to member function on a non object” on
this line
if($stmt = $this->conn->prepare($query)) in php
i know this is a problem with version .
how to use in php4 and this help must be greatly appreciated .

hii guys, i am trying to source code but my firewall says
HAVP – Access Denied

Accesss to the page has been denied

because the following virus was detected
Clamd: PUA.Script.Packed-1

223

Nice Tut
For PostgreSQL I replaced the verify_username_and_pass method to the following. Hope it would benefit some of you.

public function verify_username_and_pass ($un, $pwd) {

$query_str = “select * from users where username=$1 and pwd=$2″;

if ($statement = pg_prepare($this->dbconn, $query_str)){
$result = pg_execute($this->dbconn, array($un, $pwd));
}
if(pg_fetch_array($result)) {
return true;
}
}

why its not working with me..I still got the error message that I have wrong username and password,but I see in phpmyadmin it was correct,can someone help me

Отлично написано. Позитива конечно не хватает, но читал на одном дыхании

Hey great tutorial. I’m a bit of a noob and i keep getting the error…

Fatal error: Class ‘Msql’ not found in …/membershipSite/classes/Membership.php on line 8

$mysql = New Msql();

Could someone help me?

Warning: mysqli::mysqli() [mysqli.mysqli]: (28000/1045): Access denied for user ‘username’@'localhost’ (using password: YES) in C:\AppServ\www\giris\classes\Mysql.php on line 9

Warning: mysqli::prepare() [mysqli.prepare]: Couldn’t fetch mysqli in C:\AppServ\www\giris\classes\Mysql.php on line 20

sql ? share…

really great

Thanks … it was easy to learn … and put in practice

I’m checking new nettuts from you …

Love the this tutorial. Still waiting for part 2, though. Still going to happen??

Is it possible to download the screencast itself?

Hi,

I’m gettin an error saying:

“Fatal error: Call to a member function prepare() on a non-object in C:\wamp\www\membershipSite\classes\Mysql.php on line 20″

This happens whether I use the correct username/password or not. I went to line 20:
if ($stmt = $this->conn->prepare($query)) {

but don’t see what is wrong. Any ideas?

if the user ignores location headers, they will not have to log in to see the secret launch codes.

Thanks for every thing.

i’m looking forward to your future tutorial

thnx jeff. you rock!

nice tut!
i was wondering what is the method to hash a password ?

Die() function is not working. It’s not dying.

I simply don’t have database installed even though i when i try with existing database and WRONG password. It’s not dying.

It just shows error at the top of the page. I just want to make it die().

Do Prepared Statements return differently with UPDATE instead of SELECT.
I’ve been using this tutorial to understand Prepared Statements and I have them working fine, except my UPDATE queries return to the previous class false, even if they work just fine.
Hope that makes sense.

Hii… this video stops in minute 26.. i whats up there ???

Excellent !! Very precise and we all forgive you for your mistakes during the video ^^

I love your tutorial !
Thanks again

Awesome tut – Just what I was looking for.

Trying to upload the working files to my server that has php myadmin built in.
I’m pretty sure Ive changed the “constants” file correctly with my user name, password etc but when I login to the login.php page it keeps saying that I have an invalid username/ password although it is one I have entered into php myadmin.

Any ideas?

(un: ‘test’ | ps: ‘12345′

Hi Jeff!

Where can I get part 2 of this tutorial?

What should I use instead of this:

conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or
die(’There was a problem connecting to the database.’);
}

function verify_Username_and_Pass($un, $pwd) {

$query = “SELECT *
FROM users
WHERE username = ? AND password = ?
LIMIT 1″;

if($stmt = $this->conn->prepare($query)) {
$stmt->bind_param(’ss’, $un, $pwd);
$stmt->execute();

if($stmt->fetch()) {
$stmt->close();
return true;
}
}

}
}

If I dont have MYSQLI module installed?

Hey when will part to be posted? BTW great tuts only reason i got a plus account is to watch the content you post

thanks

Hey Thanks! I enjoyed that, and learned a bunch. I’ll be going through your other stuff for sure.

Part 2 would be great.

Hey everybody, how can i get the details for the user currently logged in?
As i am building an application form, which inserts to mysql db.

Any ideas?

Great tutorial! Thanks a lot to make it very easy and understandable. I believe 2nd part of tutorial is in demand! cant wait…..

@Jeff – Is part 2 on the way soon?

Thank you for this tutorial, I got it working pretty close to my needs.

However, how would I go about redirecting the visitor to the page he was *trying* to reach before getting stopped by the login.php page, after he has sucsessfully logged in?

I still have a problem, both in my own and the downloaded tutorial version of Mysql.php.

I get this error:

Parse error: syntax error, unexpected T_STRING, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or ‘}’ in /nfs/c05/h04/mnt/77028/domains/silktonguegamblers.com/html/classes/Mysql.php on line 6

As I don’t know any php, I have no idea how to solve it. Does anyone know why this error comes up? My server is uding PHP5.