Need help adding exceptions so that php login page works

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
nickharambee
Forum Newbie
Posts: 12
Joined: Thu Mar 03, 2011 3:55 pm

Need help adding exceptions so that php login page works

Post by nickharambee »

Hi,

I am a php newbie, who has a page that relies on some php scripts, and to which I am trying to add a login page written in php. I took the example from here:

http://www.howtodothings.com/computers- ... ur-website

Basically it consists of adding:

<?
require("log.php");
?>

to the top of any page I want to protect, a log.php file which performs the actions of the form, linking to a mySQL database, and a login.php file which contains the form.

I have the login working fine, but it breaks one of the PHP scripts on the page that is protected. It is an upload script, called Weaverbox, based on FancyUpload. The uploads which are handled by a file called upload.php, aren't happening. The progress shows that they are being uploaded, but nothing is uploaded, and there is no success message. As soon as I remove the code from the top of the page requiring log.php all works fine again.

I think I may have to add some rules/extensions to resolve this conflict, but I don't know how to go about this. Would someone be able to help me get it sorted?

Thanks

Nick
litebearer
Forum Contributor
Posts: 194
Joined: Sat Mar 27, 2004 5:54 am

Re: Need help adding exceptions so that php login page works

Post by litebearer »

It helps to see your code
nickharambee
Forum Newbie
Posts: 12
Joined: Thu Mar 03, 2011 3:55 pm

Re: Need help adding exceptions so that php login page works

Post by nickharambee »

Sorry, here's the code:

log.php:

Code: Select all

<?
session_name("MyLogin");
session_start();

if($_GET['action'] == "login") {
$conn = mysql_connect("localhost","user","password"); // your MySQL connection data
$db = mysql_select_db("DATABASENAME"); //put your database name in here 
$name = $_POST['user'];
$q_user = mysql_query("SELECT * FROM USERS WHERE login='$name'");

if(mysql_num_rows($q_user) == 1) {

$query = mysql_query("SELECT * FROM USERS WHERE login='$name'");
$data = mysql_fetch_array($query);
if($_POST['pwd'] == $data['password']) { 
session_register("name");
header("Location: yourpage.php"); // success page. put the URL you want 
exit;
} else {
header("Location: login.php?login=failed&cause=".urlencode('Wrong Password'));
exit;
}
} else {
header("Location: login.php?login=failed&cause=".urlencode('Invalid User'));
exit;
}
}

// if the session is not registered
if(session_is_registered("name") == false) {
header("Location: login.php");
}
?>
login.php:

Code: Select all

<?
session_name("MyLogin");
session_start();
session_destroy();

if($_GET['login'] == "failed") {
print $_GET['cause'];
}
?>
<form name="login_form" method="post" action="log.php?action=login">
Login: <input type="text" name="user"><BR>
Password: <input type="password" name="pwd"><BR>
<input type="submit">
</form>
I now have a new upload script that does not conflict with this php login, but it has been suggested that the script is outdated and vulnerable to attacks, so I would be grateful for any advice in either updating it, or looking elsewhere for a better php login script.

thanks

nick
Post Reply