I have this code...
When the login is invalid it goes to invalid page as it should but when the login is correct i get this error:Code:<? include "config.php"; $username = $_POST['username']; $password = md5($_POST[password]); $info = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error()); $data = mysql_fetch_array($info); if($data[password] != $password) { echo "<META http-equiv=\"refresh\" content=\"3;URL=invalid.php\">"; }else{ $query = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error()); $user = mysql_fetch_array($query); setcookie("id", $user[id],time()+(60*60*24*5), "/", ""); setcookie("pass", $user[password],time()+(60*60*24*5), "/", ""); echo ("<META http-equiv=\"refresh\" content=\"3;URL=index.php\">"); } ?>
Warning: Cannot modify header information - headers already sent by (output started at /home/pkskape/public_html/processlogin.php:9) in /home/pkskape/public_html/processlogin.php on line 46
Warning: Cannot modify header information - headers already sent by (output started at /home/pkskape/public_html/processlogin.php:9) in /home/pkskape/public_html/processlogin.php on line 47
Processing Login... If this page appears for more than 5 seconds click here...
Moved by Mattps22004 (Forum Moderator) from Website Designing & Development: Please post in the correct forum next time, thanks.
Results 1 to 9 of 9
Thread: *** is this error all about ;S
-
*** is this error all about ;S
Last edited by Matt.; 01-08-2007 at 04:23 PM.
-
I think you posted the wrong code try posting invalid.php or index.php (i think the one above it index.php?)
-
U forgot the ob_start(); up the top mate. Have funPHP Code:
<?
ob_start();
include "config.php";
$username = $_POST['username'];
$password = md5($_POST[password]);
$info = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$data = mysql_fetch_array($info);
if($data[password] != $password) {
echo "<META http-equiv=\"refresh\" content=\"3;URL=invalid.php\">";
}else{
$query = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$user = mysql_fetch_array($query);
setcookie("id", $user[id],time()+(60*60*24*5), "/", "");
setcookie("pass", $user[password],time()+(60*60*24*5), "/", "");
echo ("<META http-equiv=\"refresh\" content=\"3;URL=index.php\">");
}
?>
-
You really ought to put some form of security on there..
Just try a few simple things like addslashes() on your inputs.
-
*stipslashes()
-
mysql_real_escape_string and stripslashes is what I always use. Write a function to clean the strings.
-
also use sessions rather than cookies.. much more secure
Chippiewill.
-
Oh everyones talking bout protection. Well to stop html and everything else u wanna set up a function with stripslashes(); etc.
-
Surely you want to add slashes before every single quote, BEFORE it goes into the database? And strip them when you're displaying the HTML?
Originally Posted by Invent
Reply With Quote
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts