Page 2 of 2

Posted: Wed Jan 14, 2004 4:04 am
by twigletmac
Pyrite wrote:%20method=

Take that part out.
I'd like to extend that to:
Dreamweaver - take that part out.
Had a go at rearranging the code:

Code: Select all

<?php
// put session start first, it'll save you headaches in the long run and
// lets you know right away that you are using sessions in this page
session_start();

$hostname = 'localhost';
$database = '';
$username = '';
$password = '';
$illuio = mysql_pconnect($hostname, $username, $password) or trigger_error(mysql_error(), E_USER_ERROR);

$loginFormAction = $_SERVER['PHP_SELF'];

if (isset($accesscheck)) {
	// you don't need to use the $GLOBALS array here
	// don't use session_register() it is a deprecated function, use
	// the $_SESSION array instead:
	$_SESSION['PrevUrl'] = $accesscheck;
}

if (isset($_POST['username'])) {
	$loginUsername = $_POST['username'];
	$password      = $_POST['password'];

	$MM_fldUserAuthorization = '';
	$MM_redirectLoginSuccess = 'waliwasadmin.php'; // *** The page to view if login sucsesful
	$MM_redirectLoginFailed  = 'test.php'; // *** The page to view when login failed
	$MM_redirecttoReferrer   = false;
	
	mysql_select_db($database, $illuio);
	
	// IMHO, this is horrid on the eye and confusing to read:
	/* $LoginRS__query=sprintf("SELECT username, password FROM admin WHERE username='%s' AND password='%s'", get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); */
	// try the following instead:
	$test_username = (!get_magic_quotes_gpc()) ? addslashes($loginUsername) : $loginUsername;
	$test_password = (!get_magic_quotes_gpc()) ? addslashes($password) : $password;

	$LoginRS_query  = "SELECT username, password";
	$LoginRS_query .= "FROM admin";
	$LoginRS_query .= "WHERE username='$test_username' AND password='$test_username'";

	$LoginRS = mysql_query($LoginRS_query, $illuio) or die(mysql_error());
	
	$loginFoundUser = mysql_num_rows($LoginRS);
	
	// you aren't testing for true or false here so don't use:
	// if ($loginFoundUser) {
	// instead test to ensure that one user was found:
	if ($loginFoundUser == 1) {
		$loginStrGroup = ''; // what's the point of this?

		//declare two session variables and assign them
		$_SESSION['MM_Username']  = $loginUsername;
		$_SESSION['MM_UserGroup'] = $loginStrGroup;

		if (isset($_SESSION['PrevUrl']) && false) {
			$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
		}
		header('Location: '.$MM_redirectLoginSuccess);
		exit(); // prevent further code from running
	} else {
		header('Location: '.$MM_redirectLoginFailed);
	}
}
?>

<!-- You need to close the double quotes after the ?> -->
<form action="<?php echo $loginFormAction; ?>" method="post">
<div align="center">
<table width="60%" border="0" cellspacing="0" cellpadding="0">
<tr>
	<td>&nbsp;</td>
	<td>&nbsp;</td>
</tr>
<tr>
	<td>Username:</td>
	<td><input type="text" name="username"></td>
</tr>
<tr>
	<td>Password:</td>
	<td><input type="text" name="password"></td>
</tr>
<tr>
	<td colspan="2">&nbsp;</td>
</tr>
<tr>
	<td colspan="2">
		<div align="center">
		<p>
			<input name="submit" type="submit" value="Login">
		</p>
		<p>&nbsp;</p>
		<p>&nbsp;</p>
		<p>&nbsp;</p>
		<p>&nbsp;</p>
		</div>
	</td>
</tr>
</table>
</div>
</form>
Mac

Posted: Thu Jan 15, 2004 8:40 am
by gilbertwang
Thanks. your code helps alot..

how come when i type in the right username and password, it still direct me to the fail success page.

Posted: Thu Jan 15, 2004 9:12 am
by twigletmac
Is the password encrypted in the database?

Mac

Posted: Sun Jan 18, 2004 1:45 pm
by gilbertwang
no