Page 1 of 1

Need help adding exceptions so that php login page works

Posted: Thu Mar 03, 2011 4:23 pm
by nickharambee
Hi,

I am a php newbie, who has a page that relies on some php scripts, and to which I am trying to add a login page written in php. I took the example from here:

http://www.howtodothings.com/computers- ... ur-website

Basically it consists of adding:

<?
require("log.php");
?>

to the top of any page I want to protect, a log.php file which performs the actions of the form, linking to a mySQL database, and a login.php file which contains the form.

I have the login working fine, but it breaks one of the PHP scripts on the page that is protected. It is an upload script, called Weaverbox, based on FancyUpload. The uploads which are handled by a file called upload.php, aren't happening. The progress shows that they are being uploaded, but nothing is uploaded, and there is no success message. As soon as I remove the code from the top of the page requiring log.php all works fine again.

I think I may have to add some rules/extensions to resolve this conflict, but I don't know how to go about this. Would someone be able to help me get it sorted?

Thanks

Nick

Re: Need help adding exceptions so that php login page works

Posted: Fri Mar 04, 2011 2:47 pm
by litebearer
It helps to see your code

Re: Need help adding exceptions so that php login page works

Posted: Sun Mar 06, 2011 12:26 pm
by nickharambee
Sorry, here's the code:

log.php:

Code: Select all

<?
session_name("MyLogin");
session_start();

if($_GET['action'] == "login") {
$conn = mysql_connect("localhost","user","password"); // your MySQL connection data
$db = mysql_select_db("DATABASENAME"); //put your database name in here 
$name = $_POST['user'];
$q_user = mysql_query("SELECT * FROM USERS WHERE login='$name'");

if(mysql_num_rows($q_user) == 1) {

$query = mysql_query("SELECT * FROM USERS WHERE login='$name'");
$data = mysql_fetch_array($query);
if($_POST['pwd'] == $data['password']) { 
session_register("name");
header("Location: yourpage.php"); // success page. put the URL you want 
exit;
} else {
header("Location: login.php?login=failed&cause=".urlencode('Wrong Password'));
exit;
}
} else {
header("Location: login.php?login=failed&cause=".urlencode('Invalid User'));
exit;
}
}

// if the session is not registered
if(session_is_registered("name") == false) {
header("Location: login.php");
}
?>
login.php:

Code: Select all

<?
session_name("MyLogin");
session_start();
session_destroy();

if($_GET['login'] == "failed") {
print $_GET['cause'];
}
?>
<form name="login_form" method="post" action="log.php?action=login">
Login: <input type="text" name="user"><BR>
Password: <input type="password" name="pwd"><BR>
<input type="submit">
</form>
I now have a new upload script that does not conflict with this php login, but it has been suggested that the script is outdated and vulnerable to attacks, so I would be grateful for any advice in either updating it, or looking elsewhere for a better php login script.

thanks

nick