Page 1 of 1
password problem
Posted: Sat Jan 10, 2004 10:06 pm
by crayon
hi all
just learning PHP week ago,anyone can enlighten me,what wrong the this coding which key in a correct password still showing wrong password.
many thkx
<html>
<head>
<title>PHP testing</title>
</head>
<body>
<?php
$loginpass = 'test';
if ($pw == $loginpass)
{
....do something
}
else
{
print("Error. That is not the correct password.\n");
}
?>
</body>
</html>
Posted: Sat Jan 10, 2004 10:13 pm
by crayon
I using RH9.0 localhost,file store in /var/www/html/
Posted: Sat Jan 10, 2004 10:16 pm
by Straterra
Try echo "Error. That is not the correct password.\n";
Posted: Sun Jan 11, 2004 12:34 am
by d3ad1ysp0rk
That wouldn't matter.
uhh.. you didnt declare $pw anywhere?
Posted: Sun Jan 11, 2004 1:42 am
by Nay
Most probably the $pw is coming from a form. I doubt anyone uses $_GET to authenticate

. Try changing the $pw to $_POST['pw']
-Nay
Posted: Sun Jan 11, 2004 2:15 pm
by crayon
Thkx for everyone helping me,this my fault didn't read thru the documentation,that
php.ini register_globals need set it to "On".
pls accept my apologize.
Posted: Sun Jan 11, 2004 3:08 pm
by Straterra
I know the echo things wouldn't matter..but..echo is so much better than print.
Posted: Sun Jan 11, 2004 3:53 pm
by thomasd1
Nay wrote:Most probably the $pw is coming from a form. I doubt anyone uses $_GET to authenticate

. Try changing the $pw to $_POST['pw']
-Nay
explain ?
what's the difference?
ohno, i've been doin it all wrong

Posted: Sun Jan 11, 2004 4:10 pm
by DuFF
When you use a form there are 2 different ways to send the data, GET and POST.
Code: Select all
<form action="authenticate.php" method="POST">
OR
<form action="authenticate.php" method="GET">
GET will send the data straight through the URL and then on authenticate.php the URL will be like this:
authenticate.php?username=DuFF&password=fakepswd
If you use POST it will not pass the data through the URL and therefore is much harder to manipulate the form data.
On the page recieving the form, depending on which method you use, you need to use $_GET['username'] or $_POST['username']
Posted: Sun Jan 11, 2004 9:47 pm
by JAM
crayon wrote:Thkx for everyone helping me,this my fault didn't read thru the documentation,that
php.ini register_globals need set it to "On".
pls accept my apologize.
Just to point something out. You should not change te php.ini setting of register_globals to 'On' to solve the problem, but rather learn how to use $_POST / $_GET (as mentioned by fellow posters).
register_globals are set to off for security reasons as default and should imho never be touched.
Posted: Sun Jan 11, 2004 11:03 pm
by crayon
JAM wrote:crayon wrote:Thkx for everyone helping me,this my fault didn't read thru the documentation,that
php.ini register_globals need set it to "On".
pls accept my apologize.
Just to point something out. You should not change te php.ini setting of register_globals to 'On' to solve the problem, but rather learn how to use $_POST / $_GET (as mentioned by fellow posters).
register_globals are set to off for security reasons as default and should imho never be touched.
thkx for your advice,I just insert $_POST and set php.in off and it work.
many thkx for everyone.
Posted: Tue Jan 13, 2004 2:43 am
by thomasd1
DuFF wrote:When you use a form there are 2 different ways to send the data, GET and POST.
Code: Select all
<form action="authenticate.php" method="POST">
OR
<form action="authenticate.php" method="GET">
GET will send the data straight through the URL and then on authenticate.php the URL will be like this:
authenticate.php?username=DuFF&password=fakepswd
If you use POST it will not pass the data through the URL and therefore is much harder to manipulate the form data.
On the page recieving the form, depending on which method you use, you need to use $_GET['username'] or $_POST['username']
so, GET reads data out of url's..
and POST ... not ....
