Login Page

Printable View

Show 40 post(s) from this thread on one page

16-11-2008, 08:24 PM
wsg14

Login Page

PHP Code:

<?php $data = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'"); if($grab_login === 1){ header("Location: index.php"); } else { if($_GET['do'] == login){ $user = $_POST['username']; $password = $_POST['password']; if($user == $data['username'] || $password == $data['password']){ $_SESSION['username'] = $user; $_SESSION['logged_in'] = 1; header("Location: index.php"); } else { echo "your login credentials were incorrect."; } } } ?> <form action="?do=login"> <input type="text" name="username" /> <input type="password" name="password" /> <input type="submit" value="login" />

That is my login code, and it isn't working correctly. If I enter false credentials it doesn't give me the error. Also, when you click login, the url turns into "url.com/login.php?do=login&username=username&password=pass word. +rep

Closed by Johno! (Forum Moderator): To prevent further pointless posting.
16-11-2008, 08:40 PM
Source

That login does not make any sense what so ever. We need to see it all, and if that is all of it... then wth.

ref "the url turns into "url.com/login.php?do=login&username=username&password=pass " - add method="POST" to your form tag
16-11-2008, 08:43 PM
wsg14

Why wth? I don't see anything wrong with it? There's a config.php include at the top of the page (not included in that code). If you want I can show config.php?
16-11-2008, 08:45 PM
Source

PHP Code:

<?php //where is it getting $username from? $data = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'"); //where is it getting $grab_login if($grab_login === 1){ header("Location: index.php"); } else { if($_GET['do'] == login){ $user = $_POST['username']; $password = $_POST['password']; //$data['username'] doesnt correspond to anything? same with pass if($user == $data['username'] || $password == $data['password']){ $_SESSION['username'] = $user; $_SESSION['logged_in'] = 1; header("Location: index.php"); } else { echo "your login credentials were incorrect."; } } } ?> answer those questions in comments.
16-11-2008, 08:47 PM
wsg14

All of those variables are defined in config.php.
16-11-2008, 08:48 PM
L?KE

Lol, epic fail.

For my own curiosity, what difference does three ==='s mean?
16-11-2008, 08:48 PM
Source

all of them? so why have the query at the top and no fetch_array to go with it? At the moment its check the credentials with a resource return (or w/e :P).

And L?ke I believe 3 = (===) means the value and data type must be the same (integer, boolean etc..).
16-11-2008, 08:49 PM
wsg14

All of them but $data. Why do I need to use fetch_array?
16-11-2008, 08:51 PM
Source

because your using that information to see if the username and password are correct?

This script is seriously confusing, and if its not then fair enough im an idiot.
16-11-2008, 08:54 PM
wsg14

PHP Code:

<?php $data = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'"); // if logged in goto homepage, if not continue if($grab_login === 1){ header("Location: index.php"); } else { if($_GET['do'] == login){ $user = $_POST['username']; $password = $_POST['password']; // checks if the username and password the user entered matches the ones in the database if($user == $data['username'] || $password == $data['password']){ $_SESSION['username'] = $user; $_SESSION['logged_in'] = 1; header("Location: index.php"); } else { echo "your login credentials were incorrect."; } } } ?> <form action="?do=login"> <input type="text" name="username" /> <input type="password" name="password" /> <input type="submit" value="login" />

All I want to do is check if the information the user entered is correct (matches the ones in the database).

Show 40 post(s) from this thread on one page