PHP Code:<?php
////////// You need to GRAB the array for the information
$data = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'");
// if logged in goto homepage, if not continue
if($grab_login === 1){
header("Location: index.php");
} else {
if($_GET['do'] == login){
$user = $_POST['username'];
$password = $_POST['password'];
////////// needs the array of data to check against.....
if($user == $data['username'] || $password == $data['password']){
$_SESSION['username'] = $user;
$_SESSION['logged_in'] = 1;
header("Location: index.php");
} else {
echo "your login credentials were incorrect.";
}
}
}
?>
<form action="?do=login">
<input type="text" name="username" />
<input type="password" name="password" />
<input type="submit" value="login" />
Results 11 to 20 of 43
Thread: Login Page
-
-
Would this be correct?
PHP Code:<?php
$query = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'");
$data = mysql_fetch_array($query);
if($grab_login === 1){
header("Location: index.php");
} else {
if($_GET['do'] == login){
$user = $_POST['username'];
$password = $_POST['password'];
if($user == $data['username'] || $password == $data['password']){
$_SESSION['username'] = $user;
$_SESSION['logged_in'] = 1;
header("Location: index.php");
} else {
echo "your login credentials were incorrect.";
}
}
}
?>
<form action="?do=login">
<input type="text" name="username" />
<input type="password" name="password" />
<input type="submit" value="login" />
-
@Source; Oh right, thanks.
-
I just tested it and yeah, it works. Now it just gives me an error regarding the header. The "can't modify headers, bla bla bla".
-
Wrote it up super quick, so soz for any errors. But that seems more logical to me? Also disclaimer would be "Make sure in the released version all inputs are filtered blah blah blah, and maybe try mysql sessions rather than browser sessions... blah blah"PHP Code:
<?php
//w/e includes
include "config.php";
if($_GET['do'] == 'login'){
//get the info from post
$user = $_POST['username'];
$password = $_POST['password'];
// grab any rows with that username and pass and count the rows returned
$userQ = mysql_query("SELECT * FROM `users` WHERE `username` = '$user' and `password` = '$password");
$userC = mysql_num_rows( $userQ );
// if it returns 1 then the details must of been correct
if( $userC == 1 ){
$_SESSION['username'] = $user;
$_SESSION['logged_in'] = 1;
header("Location: index.php");
} else {
echo "Sorry the information you provided was wrong";
}
}
<form method="post" action="?do=login">
<input type="text" name="username" />
<input type="password" name="password" />
<input type="submit" value="login" />
</form>
?>
also even that is a bad login, as it can easily be spoofed (changing your session logged_in to 1). Anyway, the main idea was to recreate what you already have.Last edited by Source; 16-11-2008 at 09:08 PM.
-
Thanks Matt, last thing: I get this when I try to use headers:
Warning: Cannot modify header information - headers already sent by (output started at /home/x/public_html/test/login.php:11) in /home/x/public_html/test/login.php on line 17
-
Is session_start etc... right at the top of your config.php and executed before any other information is sent to the browser?
-
Yes, it is.
-
well unfortuantly I don't have time to read through all of your script etc... maybe make a new thread with it all in for other members to have a widdle.
-
Alright, thanks for all your help.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts