SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    Freelance Web Designer KeithMcL's Avatar
    Join Date
    Oct 1999
    Location
    Dublin, Ireland
    Posts
    1,125
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi, i'm in the process of setting up a login form on my page using PHP. When the form is submitted the info is sent to a login page which uses the include command to include the body of the page. It also looks for a footer include (with me so far?)

    Now if the login info that is submitted is correct all works fine, the footer page gets included, but if the login info is incorrect it doesn't show the footer page. Any one got any ideas why?

    Here's the PHP code of the body which is included on the login page:

    <?
    mysql_connect("localhost", "user", "password")
    or die ("Unable to connect to server.");
    mysql_select_db("database")
    or die ("Unable to select database.");
    $sql = "SELECT * FROM users WHERE user_id='$user_id' and password='$password'";
    $result = mysql_query($sql)
    or die ("Unable to get results.");
    $num = mysql_numrows($result)
    or die ("Invalid username or password. Please <a href=\"../register/\">click here</a> to register or go <a href=\"javascript:history.back(1)\">back</a> and retry. Thank You.<br>");
    if ($num == 1) {
    echo "<p>Welcome back $user_id<br><br>";
    echo "Please <a href=\"index.php\">click here</a> to continue. Thanks!</p>";
    }
    ?>

    Much Appreciated.

  2. #2
    SitePoint Member
    Join Date
    Aug 2000
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Keith,

    Pleae post your full code. I didn't see the include statements you are talking about. I think I know your problem..
    Visit http://www.mybizhosting.com for e-commerce sites that need serious hosting!

  3. #3
    SitePoint Wizard
    Join Date
    Jul 1999
    Location
    Chicago
    Posts
    2,629
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's possible you wrote to the page and then added headers and your host set the error reporting level low. That's the only thing I could imagine without seeing the rest of your code.

  4. #4
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I do believe the following should be:
    $num = mysql_num_rows($result)
    Not:
    $num = mysql_numrows($result)
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  5. #5
    Freelance Web Designer KeithMcL's Avatar
    Join Date
    Oct 1999
    Location
    Dublin, Ireland
    Posts
    1,125
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OK, here's the index.php page that asks for the inlude files

    <?php include("../header.php"); ?>

    <?php include("../nav.php"); ?>

    <?php include("body.php"); ?>

    <?php include("../footer.php"); ?>

    and here is the body.php file :

    <td width="400" valign="top">
    <div align="center"><center>

    <table border="0" cellpadding="3" cellspacing="0" width="100%">
    <tr>
    <td width="100%">
    <font face="verdana, arial" size="2">
    <br>
    <?
    mysql_connect("localhost", "user", "password")
    or die ("Unable to connect to server.");
    mysql_select_db("database")
    or die ("Unable to select database.");
    $sql = "SELECT * FROM users WHERE user_id='$user_id' and password='$password'";
    $result = mysql_query($sql)
    or die ("Unable to get results.");
    $num = mysql_num_rows($result)
    or die ("Invalid username or password. Please <a href=\"../register/\">click here</a> to register or go <a href=\"javascript:history.back(1)\">back</a> and retry. Thank You.<br>");
    if ($num == 1) {
    echo "<p>Welcome back $user_id<br><br>";
    echo "Please <a href=\"welcome.php\">click here</a> to continue. Thanks !<br><br><br><br><br><br><br><br></p>";
    }
    ?>

    <br><br>

    <a href="http://www.pawsitronic.com"><img src="/images/noproblem.gif" border="0" alt="Pawsitronic.Com"></a>
    </td>
    </tr>
    </table>

    </center>

    </td>
    </tr>
    </table>

    </div>

    If guys wanna have a look at it yourselves go to http://www.webmasterswork.com/testing_php/ and enter incorrect login info.

  6. #6
    SitePoint Member
    Join Date
    Jul 2000
    Posts
    22
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Now if the login info that is submitted is correct all works fine, the footer page gets included, but if the login info is incorrect it doesn't show the footer page. Any one got any ideas why?
    die() outputs the message and terminates parsing of the script, that is why the rest of the page is not shown. Try something like this:

    if (mysql_num_rows($result) == 1)
    {
    echo "<p>Welcome back $user_id<br><br>";
    echo "Please <a href=\"welcome.php\">click here</a> to continue. Thanks!<br><br><br><br><br><br><br><br></p>";
    }
    else
    {
    echo "Invalid username or password. Please <a href=\"../register/\">click here</a> to register or go <a href=\"javascript:history.back(1)\">back</a> and retry. Thank You.<br>";
    }

    But, how are you going to authenticate the user in the welcome.php page and other pages? The current code does not provide much security (just security through obscurity).

    [Edited by antti on 09-04-2000 at 02:57 PM]

  7. #7
    Freelance Web Designer KeithMcL's Avatar
    Join Date
    Oct 1999
    Location
    Dublin, Ireland
    Posts
    1,125
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by antti
    But, how are you going to authenticate the user in the welcome.php page and other pages? The current code does not provide much security (just security through obscurity).
    Do you mean, what stops a person from bookmarking one of the pages and going back to that page again another time or sending it onto someone else?

    What would be the best way to stop this from happening? Cookies, session management using PHP 4 or another way?

    Much Appreciated


  8. #8
    SitePoint Member
    Join Date
    Jul 2000
    Posts
    22
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Do you mean, what stops a person from bookmarking one of the pages and going back to that page again another time or sending it onto someone else?
    Yes. Exactly.

    What would be the best way to stop this from happening? Cookies, session management using PHP 4 or another way?
    I don't know what is the best way. Cookies are quite easy to use with PHP, though.

    Here are a couple links to articles about using cookies and sessions to authenticate users:

    http://hotwired.lycos.com/webmonkey/...ex2a_meta.html

    http://www.devshed.com/Server_Side/P...ons/print.html


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •