Very basic login script help

PHP
1

Hi Folks,

I need help with a basic login page.

I’d like to code the username and passowrd into the page itself, and not use database queries. I’d like to protect all pages in a folder.

Here is my script and login form, can anyone help?

I cant seem to get past the first if statment can anyone please help?

<?php
include_once "common_db.php";



if(!isset($userid)) {
      echo "111 ";
   login_form();
   exit;


} else {

      echo "222 ";

   session_start();
   session_register("userid", "userpassword");
   


   			if($_POST['userid'] = "a" & $_POST['userpassword'] = "a") {
	 $PHP_SELF = $_SERVER['PHP_SELF'];
      session_unregister("userid");
      session_unregister("userpassword");
      echo "Authorization failed. ";
      exit;
  			 }
   			else {echo "Welcome, $username!";
			}
			
}


function login_form() {
global $PHP_SELF;
?>
<HTML>
<HEAD>
<TITLE>Login</TITLE>
</HEAD>
<BODY>
<FORM METHOD="POST" ACTION="<?php echo "$PHP_SELF"; ?>">
   <DIV ALIGN="CENTER"><CENTER>
      <H3>Please log in to access the page you requested.</H3>
   <TABLE BORDER="1" WIDTH="200" CELLPADDING="2">
      <TR>
         <TH WIDTH="18%" ALIGN="RIGHT" NOWRAP>ID</TH>
         <TD WIDTH="82%" NOWRAP>
            <INPUT TYPE="TEXT" NAME="userid" SIZE="8">
         </TD>
      </TR>
      <TR>
         <TH WIDTH="18%" ALIGN="RIGHT" NOWRAP>Password</TH>
         <TD WIDTH="82%" NOWRAP>
            <INPUT TYPE="PASSWORD" NAME="userpassword" SIZE="8">
         </TD>
      </TR>
      <TR>
         <TD WIDTH="100%" COLSPAN="2" ALIGN="CENTER" NOWRAP>
            <INPUT TYPE="SUBMIT" VALUE="LOGIN" NAME="Submit">
         </TD>
      </TR>
   </TABLE>
   </CENTER></DIV>
</FORM>
</BODY>
</HTML>
<?
}


?>
2

damn didnt catch that =(

3

I guess I read your post wrong, I thought you were saying $PHP_SELF is a superglobal.
Apperantly you weren’t (pfew :)). I agree that it’s a bit over the top to define a variable somewhere that gets it’s value from a superglobal and then use that variable in a function by means of global. As you said, just using $_SERVER[‘PHP_SELF’] in the function directly makes a lot more sense.
Or just omit the action entirely (<form method=“post” action=“”>), which does the exact same thing as using $_SERVER[‘PHP_SELF’], i.e. post the data to the current URL.

4

This line is wrong:

if($_POST['userid'] = "a" & $_POST['userpassword'] = "a")

You should use == instead of = (compare instead of assign) and && instead of & (logical AND instead of bitwise AND)

:slight_smile:

5

don’t you think that’s an overhead. rather he has used $_SERVER[‘PHP_SELF’] directly inside the function.
I don’t prefer the use of global as they can’t be traced if something went wrong.

6

Since when is $PHP_SELF a super-global? :shifty:

7

add a closing tag after

global $PHP_SELF;

and did php show an error code?

also if you have cpanel you can just use the premade script

if you dont there are a number of them on google

8

Lots of mistakes that i found:

  • no need make superglobal arrays as global
  • session_register() is considered to be deprecated so rather $_SESSION should be used for registering sessions

Thanks