Login Page

Printable View

Show 40 post(s) from this thread on one page

16-11-2008, 08:55 PM
Source

PHP Code:

<?php ////////// You need to GRAB the array for the information $data = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'"); // if logged in goto homepage, if not continue if($grab_login === 1){ header("Location: index.php"); } else { if($_GET['do'] == login){ $user = $_POST['username']; $password = $_POST['password']; ////////// needs the array of data to check against..... if($user == $data['username'] || $password == $data['password']){ $_SESSION['username'] = $user; $_SESSION['logged_in'] = 1; header("Location: index.php"); } else { echo "your login credentials were incorrect."; } } } ?> <form action="?do=login"> <input type="text" name="username" /> <input type="password" name="password" /> <input type="submit" value="login" />
16-11-2008, 08:57 PM
wsg14

Would this be correct?

PHP Code:

<?php $query = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'"); $data = mysql_fetch_array($query); if($grab_login === 1){ header("Location: index.php"); } else { if($_GET['do'] == login){ $user = $_POST['username']; $password = $_POST['password']; if($user == $data['username'] || $password == $data['password']){ $_SESSION['username'] = $user; $_SESSION['logged_in'] = 1; header("Location: index.php"); } else { echo "your login credentials were incorrect."; } } } ?> <form action="?do=login"> <input type="text" name="username" /> <input type="password" name="password" /> <input type="submit" value="login" />
16-11-2008, 08:57 PM
L?KE

@Source; Oh right, thanks.
16-11-2008, 09:01 PM
wsg14

I just tested it and yeah, it works. Now it just gives me an error regarding the header. The "can't modify headers, bla bla bla".
16-11-2008, 09:02 PM
Source

PHP Code:

<?php //w/e includes include "config.php"; if($_GET['do'] == 'login'){ //get the info from post $user = $_POST['username']; $password = $_POST['password']; // grab any rows with that username and pass and count the rows returned $userQ = mysql_query("SELECT * FROM `users` WHERE `username` = '$user' and `password` = '$password"); $userC = mysql_num_rows( $userQ ); // if it returns 1 then the details must of been correct if( $userC == 1 ){ $_SESSION['username'] = $user; $_SESSION['logged_in'] = 1; header("Location: index.php"); } else { echo "Sorry the information you provided was wrong"; } } <form method="post" action="?do=login"> <input type="text" name="username" /> <input type="password" name="password" /> <input type="submit" value="login" /> </form> ?>

Wrote it up super quick, so soz for any errors. But that seems more logical to me? Also disclaimer would be "Make sure in the released version all inputs are filtered blah blah blah, and maybe try mysql sessions rather than browser sessions... blah blah"

also even that is a bad login, as it can easily be spoofed (changing your session logged_in to 1). Anyway, the main idea was to recreate what you already have.
16-11-2008, 09:07 PM
wsg14

Thanks Matt, last thing: I get this when I try to use headers:
Warning: Cannot modify header information - headers already sent by (output started at /home/x/public_html/test/login.php:11) in /home/x/public_html/test/login.php on line 17
16-11-2008, 09:08 PM
Source

Is session_start etc... right at the top of your config.php and executed before any other information is sent to the browser?
16-11-2008, 09:09 PM
wsg14

Yes, it is.
16-11-2008, 09:10 PM
Source

well unfortuantly I don't have time to read through all of your script etc... maybe make a new thread with it all in for other members to have a widdle.
16-11-2008, 09:13 PM
wsg14

Alright, thanks for all your help.

Show 40 post(s) from this thread on one page