web gurus pls i want to make a site 4 my class set am just wanderin can i code a log in acct were u can only use ur matric numba. if so hw can i go abt d codin tanx

chairman,that is agood dream but it invoves cash,if u can do that .it will be solve
olorun mo beeeeeeeeeeeeeeeeee

it's quite simply, create a table to hold the matric no of your colleague and write a code to work with it.
check tomorrow evening, i will post a video on how you can do that.

<?php


//remember to check if a session id exists


if (isset($_POST['submit'])) {//form has been submitted
$errors = array();

//perform validations on the form data

$required_fields = array('matric_number', 'password');



foreach($required_fields as $fieldname) {
if (!isset($_POST[$fieldname]) || empty($_POST[$fieldname])){
$errors[] = $fieldname;
}
}





$matric_number = trim(mysql_prep($_POST['matric_number']));
$password= trim(mysql_prep($_POST['password']));
//$hashed_password = sha1($password);



if(empty($errors)) {

//check database to see if matric_number and the hashed password exist there.

$query = "select matric_number, name  ";
$query .= "from table_name_in_your_database ";
$query .= "where matric_number = '{$matric_number}' ";
//$query .= "AND hashed_password = '{$hashed_password}' ";
$query .= "AND password = '{$password}' ";

//$query .= "limit 1';

$result_set = mysql_query($query);
confirm_query($result_set);
if (mysql_num_rows($result_set) == 1) {
//matric_number /password authenticated
//and only 1 match
$found_student = mysql_fetch_array($result_set);



//$_COOKIE['id'] = $found_student['matric_number'];
$_SESSION['id'] = $found_student['matric_number'];
$_SESSION['name'] = $found_student['name'];


redirect_to("studentinfopage.php";
//header ("Location: studentinfopage.php";
//print_r($found_student);
}else{
//matric_number/password combo was not found in the database
echo  "matric_number/Password combination incorrect.";
?> <br/> <?php
echo  "Please make sure your caps lock key is off and try again.";

}


}

else {

if(count($errors) == 1) {

$message = "There was 1 error in the form.";
}else {
$message = "There were " . count($errors) . " errors in the form.";
}
}

}else { //form has not been submitted

if (isset($_GET['logout']) && $_GET['logout'] == 1){

$message = "You are now logged out";
}
$matric_number = "";
$password = "";
}

?>


//my functions:

function mysql_prep($value){
$magic_quotes_active = get_magic_quotes_gpc();
$new_enough_php = function_exists("mysql_real_escape_string"; // i.e. php >= v4.3.0
if($new_enough_php) { // php v4.3.0 or higher
//undo any magic quote effects so mysql_real_escape_string can do the work
if($magic_quotes_active) { $value = stripslashes($value); }
$value = mysql_real_escape_string($value);
} else { //before php v4.3.0
// if magic quotes aren't already onb then add slashes manually
if (!$magic_quotes_active) { $value = addslashes($value);}
//if magic quotes are active, then the slashes already exist
}
return $value;
}



function confirm_query($result_set){

if (!$result_set) {
die("Database query failed: " . mysql_error());
}
}


function redirect_to($location = NULL){
if ($location != NULL) {
header ("Location: {$location}";
exit;
}}

@ techpros mst it b a video? cant u jst send me d codin and a proper xplanation abt creatin a table b sides i no b pro. if u can pls leave ur contacts.

@ techpros mst it b a video? cant u jst send me d codin and a proper xplanation abt creatin a table b sides i no b pro. if u can pls leave ur contacts.

@ tech pros. mst it b a video y nt jst send me d codin and pls explain beta abt d table as in hw do i go abt it. tanx abeg i no b pro so t8k it easy on me.

@ sayhi2a. no xplanations, or dats d code i shld jst cut and paste where i want? pls talk 2 me and abt d table am a bit confusd

by table he refers to a Database from his code he saying MySql,you will have to create a table that stores the student information, let me help wit the explaination to my best knowledge;

   if (isset($_POST['submit'])) {//form has been submitted
         $errors = array();

This checks if your submit button or any html button with an id="submit" has been sent,th

//perform validations on the form data

            $required_fields = array('matric_number', 'password');

the array will hold variables which will be the matric no and password[$_REQUEST['matric_number'] and $_REQUEST[' password ']

     foreach($required_fields as $fieldname) {
               if (!isset($_POST[$fieldname]) || empty($_POST[$fieldname])){
            $errors[] = $fieldname;
               }
            }

This loops inside the associative array and iterate each item i.e matric no and password with a check to determine if the matric and password has been set

  $matric_number = trim(mysql_prep($_POST['matric_number']));
            $password= trim(mysql_prep($_POST['password']));
            //$hashed_password = sha1($password);

the trim remove removes whitespaces then the mysql_prep is a function the poster created to escape quotes it's a database things it uses GPC if on and if off use addslashes[it's a compatibility to support old and new php]


now the hashed stores the password but in a calculated and unreadable form that will make no meaning to a hacker or the owner it's just like encryption except i think it can't be reversed from hashed to protect ur passwords

  if(empty($errors)) {
      
               //check database to see if matric_number and the hashed password exist there.
      
               $query = "select matric_number, name  ";
               $query .= "from table_name_in_your_database ";
               $query .= "where matric_number = '{$matric_number}' ";
               //$query .= "AND hashed_password = '{$hashed_password}' ";
               $query .= "AND password = '{$password}' ";

obviously from the check before if no values were set the variable error will hold a value,so the empty will return false otherwise;
it goes through and gives a SQL query which will select matric and password using the values you typed as a criteria but the twist is that ur real password is not the criteria but the hashed password converted will be checked against the password in the database that way if otherwise it won't retrieve any user.


//$query .= "limit 1'; [this limits only one entry to be retrieved]

    $result_set = mysql_query($query);
               confirm_query($result_set);
                  if (mysql_num_rows($result_set) == 1) {
                     //matric_number /password authenticated
                     //and only 1 match
                     $found_student = mysql_fetch_array($result_set);

mysql_query is a phpmysql extension that send query to the database the query from earlier is stored in a variable called $query which mysql_query will process

confirm query is the posters check to test the query

mysql_num_rows retrieves the no of rows from the query
mysql_fetch_array retrieves the rows information and throws them in an associative array so example to use matric no it will be $found_student['matric_no']

 $_SESSION['id'] = $found_student['matric_number'];
                     $_SESSION['name'] = $found_student['name'];

this throws ur variables into a another variable which are called SuperGlobals like Post they can be used everywhere they are like Agent Smith
this session variables are good so that through out an entire session even in different pages they can be used,it's just like email been logged in through out a specific time and the Cookie is meant for the Browser client,

    redirect_to("studentinfopage.php";
                     //header ("Location: studentinfopage.php";
                     //print_r($found_student);
                  }else{
                     //matric_number/password combo was not found in the database
                     echo  "matric_number/Password combination incorrect.";
                     ?> <br/> <?php
                     echo  "Please make sure your caps lock key is off and try again.";
                  
                  }

after putting the password and it is correct it will redirect the page to another page studentinfopage.php reason is that the studentinfo cud be a page that uses a session variable as a criteria to view it, and the rest of the code u can understand , the poster's predefined functions and the rest,



}

else {

if(count($errors) == 1) {

$message = "There was 1 error in the form.";
}else {
$message = "There were " . count($errors) . " errors in the form.";
}
}

}else { //form has not been submitted

if (isset($_GET['logout']) && $_GET['logout'] == 1){

$message = "You are now logged out";
}
$matric_number = "";
$password = "";
}

?>

@ pc guru: thanks so much, you are right on, couldnt have explained it better.

as Dual Core posted, we forgive those who ask that we document.


noticed i didnt initiate the session :

<?php session_start();

require_once("your_function_folder/functions.php";

function logged_in(){
return isset($_SESSION['id']);

}

function confirm_logged_in(){

if (!logged_in()){

redirect_to("index.php"; or redirect to logout.php
}

}


// include session.php on all your files, it probably should be the first thing you call since you are starting a session (if you dont have buffering turned on) or use obstart(); - so you dont get header already sent error.
// call the confirme_logged_in function to check if a user is logged in.