Password locking a form
Posted: Sat Dec 20, 2003 11:08 pm
Ok I am going nuts with this. My goal is to have a section of my site that key members can log into and update the news posts on the site. I got it working perfectly like this:
So now I wanted to password the site so I added this at the beginning. I have a database and table set up with the users passwords and such, the HTTP_REFERER site is just a simple HTML "Username: Password:" log in.
The log in works fine and takes me to the form for updating the news. But after you fill out the fields pressing submit does nothing. If I take away the password checking at the beginning of the document (2nd code post) it works fine but logging in is pointless so anyone can just go to the correct web address and update the news, thus flooding my database 
I really don't know why adding the password check seems to mess something it. It is like the submit button is unresponsive. Thank you for your help.
Code: Select all
Welcome to the news update center<br>
<?php
#the html form
$form = "<form action="$PHP_SELF" method="post">";
$form.= "Header: <input type="text" name="head" ";
$form.= "size="50" value="$head"> <br>";
$form.= "News Post:<br>";
$form.= "<textarea name="post" cols="70" ";
$form.= "rows="20">$post</text> <br>";
$form.= "<input type="submit" name="submit" ";
$form.= "value="Submit"> </form>";
#on first opening display the form
if( !$submit)
{ $msg = $form; }
else
#redisplay a message and the form if incomplete
if( !$head or !$post)
{
$msg = "<b>Please complete all fields</b><br><br>";
$msg.= $form;
}
else
#add the form data to the news database table
{
#connect to MySQL
$conn = mysql_connect("localhost", "info taken out :D")
or die("Could not connect to database");
#select the database
$rs = mysql_select_db("database",$conn)
or die ("Could not select database");
#create the SQL query
if($head and $post)
{
$sql = "insert into news (head,post)
values ("$head","$post")";
$rs = mysql_query($sql,$conn)
or die ("Could not execute SQL query");
}
#confirm the entry and display a link to the front page
if($rs)
{
$msg = "Thank you - your entry has been saved.";
$msg.= "<a href = "index.php">";
$msg.= "Check It Out</a>";
}
}
echo($msg);
?>Code: Select all
<?php
if( (!$username) or (!$password) )
{
header("Location:$HTTP_REFERER");
exit();
}
#connect to MySQL
$conn=@mysql_connect("localhost", "edited of course")
or die("Could not connect");
#select the specified database
$rs = @mysql_select_db("database", $conn)
or die("Could not select database");
#create the query
$sql="select * from login where username="$username" and password = password( "$password" )";
#execute the query
$rs=mysql_query($sql,$conn)
or die("Could not execute query");
#get number of rows that match username and password
$num = mysql_numrows($rs);
#if there is a match the log-in is authenticated
if($num != 0)
{ ?>I really don't know why adding the password check seems to mess something it. It is like the submit button is unresponsive. Thank you for your help.