Password locking a form

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Holliday
Forum Newbie
Posts: 1
Joined: Sat Dec 20, 2003 11:08 pm

Password locking a form

Post by Holliday »

Ok I am going nuts with this. My goal is to have a section of my site that key members can log into and update the news posts on the site. I got it working perfectly like this:

Code: Select all

Welcome to the news update center<br>
<?php

#the html form
$form = "<form action="$PHP_SELF" method="post">";
$form.= "Header: <input type="text" name="head" ";
$form.= "size="50" value="$head"> <br>";
$form.= "News Post:<br>";
$form.= "<textarea name="post" cols="70" ";
$form.= "rows="20">$post</text> <br>";
$form.= "<input type="submit" name="submit" ";
$form.= "value="Submit"> </form>";

#on first opening display the form
if( !$submit)
&#123; $msg = $form; &#125;
else 

#redisplay a message and the form if incomplete
if( !$head or !$post)
&#123;
  $msg = "<b>Please complete all fields</b><br><br>";
  $msg.= $form;
&#125;
else

#add the form data to the news database table
&#123;
  #connect to MySQL
  $conn = mysql_connect("localhost", "info taken out :D") 
	or die("Could not connect to database");
  
  #select the database
  $rs = mysql_select_db("database",$conn) 
	or die ("Could not select database");  

  #create the SQL query
  if($head and $post)
  &#123;
     $sql = "insert into news (head,post) 
			values ("$head","$post")"; 
     $rs = mysql_query($sql,$conn) 
	or die ("Could not execute SQL query");
  &#125;

  #confirm the entry and display a link to the front page
  if($rs)
  &#123;
    $msg = "Thank you - your entry has been saved.";
    $msg.= "<a href = "index.php">";
    $msg.= "Check It Out</a>";
  &#125;
&#125;
echo($msg);
?>
So now I wanted to password the site so I added this at the beginning. I have a database and table set up with the users passwords and such, the HTTP_REFERER site is just a simple HTML "Username: Password:" log in.

Code: Select all

<?php
if( (!$username) or (!$password) )
&#123;
  header("Location:$HTTP_REFERER");
	  exit();
&#125;

#connect to MySQL
$conn=@mysql_connect("localhost", "edited of course")
		 or die("Could not connect");

#select the specified database
$rs = @mysql_select_db("database", $conn) 
		or die("Could not select database");
 
#create the query 
$sql="select * from login where username="$username" and password = password( "$password" )";
 
#execute the query
$rs=mysql_query($sql,$conn) 
		or die("Could not execute query");

#get number of rows that match username and password
$num = mysql_numrows($rs);

#if there is a match the log-in is authenticated
if($num != 0)
&#123; ?>
The log in works fine and takes me to the form for updating the news. But after you fill out the fields pressing submit does nothing. If I take away the password checking at the beginning of the document (2nd code post) it works fine but logging in is pointless so anyone can just go to the correct web address and update the news, thus flooding my database :P

I really don't know why adding the password check seems to mess something it. It is like the submit button is unresponsive. Thank you for your help.
User avatar
DuFF
Forum Contributor
Posts: 495
Joined: Tue Jun 24, 2003 7:49 pm
Location: USA

Post by DuFF »

Try replacing all the $username and $password with $_POST['username'] and $_POST['password'].

More info here.
Post Reply