Login Page

Printable View

Show 40 post(s) from this thread on one page

16-11-2008, 09:57 PM
Coda

Quote:

Originally Posted by BOX!

I get this when I try to use headers:
Warning: Cannot modify header information - headers already sent by (output started at /home/x/public_html/test/login.php:11) in /home/x/public_html/test/login.php on line 17

Try adding this at the top:

PHP Code:

ob_start();
16-11-2008, 09:58 PM
wsg14

Thanks, that worked.
16-11-2008, 11:57 PM
Dentafrice

asuming your MD5ing your passwords..

EDIT: Just saw you had a fix.

PHP Code:

<?php // if logged in goto homepage, if not continue if($grab_login == 1) { header( "Location: index.php" ); } else { if($_GET ['do'] == "login") { // make sure you clean these.. $username = $_POST ['username']; $password = md5( $_POST ['password'] ); $data = @mysql_query( "SELECT * FROM `users` WHERE `username` = '$username' AND `password`='$password'" ); $count = @mysql_num_rows( $data ); // checks if the username and password the user entered matches the ones in the database if($count != 0) { $_SESSION ['username'] = $username; $_SESSION ['logged_in'] = 1; header( "Location: index.php" ); } else { echo "your login credentials were incorrect."; } } } ?> <form action="?do=login" method="post"><input type="text" name="username" /> <input type="password" name="password" /> <input type="submit" value="login" />
17-11-2008, 12:10 AM
Beau

Good move using POST instead of GET, esp for a login script. Stuff like that can potentially be picked up on the statistics software on your server, potentially allowing you to see passwords in plaintext.
17-11-2008, 12:14 AM
Dentafrice

Quote:

Originally Posted by Beau

Good move using POST instead of GET, esp for a login script. Stuff like that can potentially be picked up on the statistics software on your server, potentially allowing you to see passwords in plaintext.

I don't know any idiot who would use GET for something that processes sensitive data..
17-11-2008, 02:52 AM
Beau

Quote:

Originally Posted by Dentafrice

I don't know any idiot who would use GET for something that processes sensitive data..

Well, this script didn't specify a method up until the last revision. When there's no method, it results to GET...
17-11-2008, 03:52 AM
Dentafrice

You don't think I know that? i don't need to be told what it reverts to when no method is specified.

I'm just saying, it's clear this user doesn't know much about this, or how it all works in general.
17-11-2008, 04:09 AM
Beau

Quote:

Originally Posted by Dentafrice

You don't think I know that? i don't need to be told what it reverts to when no method is specified.

I'm just saying, it's clear this user doesn't know much about this, or how it all works in general.

Hence I commended him on adding POST, explaining the reasons why GET is bad for this sort of form.

Stop jumping down my throat.
17-11-2008, 04:47 AM
Blinger1

Quote:

Originally Posted by Beau

Stop jumping down my throat.

Dentafrice doesn't like people correcting him.. he can't handle it :'(
17-11-2008, 12:26 PM
Dentafrice

Quote:

Originally Posted by Beau

Hence I commended him on adding POST, explaining the reasons why GET is bad for this sort of form.

Stop jumping down my throat.

I'm not jumping down your throat, but I just think most people are smarter then that, I've never in my 4-5 years on this forum seen anyone use GET for a login submission. Ever.

Thanks for telling us all some common sense!

Quote:

Originally Posted by Blinger

Dentafrice doesn't like people correcting him.. he can't handle it :'(

No one corrected me, are you stupid? If you'd read the posts you'd see no-one corrected me, I just saw a stupid post Beau posted, and criticized him for it.

Shows how much some of you pay attention :rolleyes:.

Show 40 post(s) from this thread on one page