Login (Part II) Validation NEW UPDATE!

Firs this that needs to be done (with this step) is we are going to add a table to your (wyvern) database. Call this "accounts" (original). This table is different/separate from another table we'll make called "characters". Accounts will hold information about players, while characters will hold information about the character(s) "players" create. - confused? Don't be, it'll become clear later.

Here are some of the info we're going to put into this table:
(note this will change as we go along - we only need something to get it functional)

• id - just a counter to keep track of the acct in question.
  
• playername - duh
• password - uhm ? (jk)
• email - for sending registration too and for recovering pw
• admin - will this user have admin privalages (will let you program that part)

So go ahead and make a new table with those 5 items. Again, sorry, not making a Navicat tutorial, but will answer any questions anyone has. For those of you who just wanna move on with the guide you can use the following sql dump and have it done automatically, then you can look at it.

ACCOUNTS.SQL

SET FOREIGN_KEY_CHECKS=0;
-- ----------------------------
-- Table structure for accounts
-- ----------------------------
DROP TABLE IF EXISTS `accounts`;
CREATE TABLE `accounts` (
`id` int(10) NOT NULL AUTO_INCREMENT,
`playername` char(20) DEFAULT NULL,
`password` char(100) DEFAULT NULL,
`email` char(50) DEFAULT NULL,
`admin` int(10) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1;

-- ----------------------------
-- Records
-- ----------------------------

If you notice from part I, once the submit button is clicked, it will send the user to "checklogin.php" What this guys job is to simply check to see if the login is good and send them to the character selection page, where they can select one of their characters that they have made to play, alert of a bad pw/Id or both, or to a registration page.

Lets take a look at a simple "checklogin.php" file:

<?php

require("serverconfig.php");
$valid_acct=0;
$username=$_REQUEST['username'];
$userpw=$_REQUEST['password'];
$userpw= md5($userpw);
$result = mysql_query("SELECT * FROM accounts WHERE playername='$username' AND password='$userpw'");
$row=mysql_fetch_array($result) ;
if ($row){ $valid_acct=1; }

if ($valid_acct){


echo '<meta http-equiv="refresh" content="0; url=main.php?acct='.$row['id'].'">';

}else{
echo '<font color="red">Bad Login</font><br>';
echo '<a href="index.php">Click here</a> to try again';
}
?>

Pretty simple (change as you like). the first line "require" is giong to be your buddy. He actually has a brother called "include". Both work the same way with one difference. REQUIRE will stop the page if there is an error. while INCLUDE will show you the error, but attempt to make the page display. Me personally, I rather just have the train stop and see who's messin around before i continue on.

Next we set a dummy variable (boolean) valid_acct to false. then we take the information we got from the form (username and userpw) and see if there is a match. if there is, change the valid_acct to 1.

If it is a valid account, load up the getcharacter.php page (there are a couple ways to force a page, I found this one to be the best, note it may not be supported in all browsers).

If it is not valid, shows them an error, and allows them to click back to the login screen to try again.

EDIT: There has been a change - the "getcharacter.php" has been replaced with "main.php"