I'd like to extend that to:Pyrite wrote:%20method=
Take that part out.
Had a go at rearranging the code:Dreamweaver - take that part out.
Code: Select all
<?php
// put session start first, it'll save you headaches in the long run and
// lets you know right away that you are using sessions in this page
session_start();
$hostname = 'localhost';
$database = '';
$username = '';
$password = '';
$illuio = mysql_pconnect($hostname, $username, $password) or trigger_error(mysql_error(), E_USER_ERROR);
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
// you don't need to use the $GLOBALS array here
// don't use session_register() it is a deprecated function, use
// the $_SESSION array instead:
$_SESSION['PrevUrl'] = $accesscheck;
}
if (isset($_POST['username'])) {
$loginUsername = $_POST['username'];
$password = $_POST['password'];
$MM_fldUserAuthorization = '';
$MM_redirectLoginSuccess = 'waliwasadmin.php'; // *** The page to view if login sucsesful
$MM_redirectLoginFailed = 'test.php'; // *** The page to view when login failed
$MM_redirecttoReferrer = false;
mysql_select_db($database, $illuio);
// IMHO, this is horrid on the eye and confusing to read:
/* $LoginRS__query=sprintf("SELECT username, password FROM admin WHERE username='%s' AND password='%s'", get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); */
// try the following instead:
$test_username = (!get_magic_quotes_gpc()) ? addslashes($loginUsername) : $loginUsername;
$test_password = (!get_magic_quotes_gpc()) ? addslashes($password) : $password;
$LoginRS_query = "SELECT username, password";
$LoginRS_query .= "FROM admin";
$LoginRS_query .= "WHERE username='$test_username' AND password='$test_username'";
$LoginRS = mysql_query($LoginRS_query, $illuio) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
// you aren't testing for true or false here so don't use:
// if ($loginFoundUser) {
// instead test to ensure that one user was found:
if ($loginFoundUser == 1) {
$loginStrGroup = ''; // what's the point of this?
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header('Location: '.$MM_redirectLoginSuccess);
exit(); // prevent further code from running
} else {
header('Location: '.$MM_redirectLoginFailed);
}
}
?>
<!-- You need to close the double quotes after the ?> -->
<form action="<?php echo $loginFormAction; ?>" method="post">
<div align="center">
<table width="60%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td>Username:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="text" name="password"></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td colspan="2">
<div align="center">
<p>
<input name="submit" type="submit" value="Login">
</p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
</div>
</td>
</tr>
</table>
</div>
</form>