Login Page

Coda · 16-11-2008, 09:57 PM

Originally Posted by BOX!

I get this when I try to use headers:
Warning: Cannot modify header information - headers already sent by (output started at /home/x/public_html/test/login.php:11) in /home/x/public_html/test/login.php on line 17

Try adding this at the top:

PHP Code:


ob_start();

wsg14 · 16-11-2008, 09:58 PM

Thanks, that worked.

Dentafrice · 16-11-2008, 11:57 PM

asuming your MD5ing your passwords..

EDIT: Just saw you had a fix.

PHP Code:


<?php

// if logged in goto homepage, if not continue
if($grab_login == 1) {
    header( "Location: index.php" );
} else {
    if($_GET ['do'] == "login") {
        
        // make sure you clean these..
        $username = $_POST ['username'];
        $password = md5( $_POST ['password'] );
        
        $data = @mysql_query( "SELECT * FROM `users` WHERE `username` = '$username' AND `password`='$password'" );
        $count = @mysql_num_rows( $data );
        
        // checks if the username and password the user entered matches the ones in the database
        if($count != 0) {
            $_SESSION ['username'] = $username;
            $_SESSION ['logged_in'] = 1;
            header( "Location: index.php" );
        } else {
            echo "your login credentials were incorrect.";
        }
    }
}
?>
<form action="?do=login" method="post"><input type="text"
    name="username" /> <input type="password" name="password" /> <input
    type="submit" value="login" />

Beau · 17-11-2008, 12:10 AM

Good move using POST instead of GET, esp for a login script. Stuff like that can potentially be picked up on the statistics software on your server, potentially allowing you to see passwords in plaintext.

Dentafrice · 17-11-2008, 12:14 AM

Originally Posted by Beau

Good move using POST instead of GET, esp for a login script. Stuff like that can potentially be picked up on the statistics software on your server, potentially allowing you to see passwords in plaintext.

I don't know any idiot who would use GET for something that processes sensitive data..

Beau · 17-11-2008, 02:52 AM

Originally Posted by Dentafrice

I don't know any idiot who would use GET for something that processes sensitive data..

Well, this script didn't specify a method up until the last revision. When there's no method, it results to GET...

Dentafrice · 17-11-2008, 03:52 AM

You don't think I know that? i don't need to be told what it reverts to when no method is specified.

I'm just saying, it's clear this user doesn't know much about this, or how it all works in general.

Beau · 17-11-2008, 04:09 AM

Originally Posted by Dentafrice

You don't think I know that? i don't need to be told what it reverts to when no method is specified.

I'm just saying, it's clear this user doesn't know much about this, or how it all works in general.

Hence I commended him on adding POST, explaining the reasons why GET is bad for this sort of form.

Stop jumping down my throat.

~~Blinger1~~ · 17-11-2008, 04:47 AM

Originally Posted by Beau

Stop jumping down my throat.

Dentafrice doesn't like people correcting him.. he can't handle it

Dentafrice · 17-11-2008, 12:26 PM

Originally Posted by Beau

Hence I commended him on adding POST, explaining the reasons why GET is bad for this sort of form.

Stop jumping down my throat.

I'm not jumping down your throat, but I just think most people are smarter then that, I've never in my 4-5 years on this forum seen anyone use GET for a login submission. Ever.

Thanks for telling us all some common sense!

Originally Posted by Blinger

Dentafrice doesn't like people correcting him.. he can't handle it

No one corrected me, are you stupid? If you'd read the posts you'd see no-one corrected me, I just saw a stupid post Beau posted, and criticized him for it.

Shows how much some of you pay attention :rolleyes:.

Thread: Login Page

Thread Tools

Posting Permissions