Check with me
Posted: Mon May 31, 2004 1:12 pm
OKay basically this is the processing page for a user login script. The information will be past from a 'post' form by the names 'username' and 'password'.
Whenever I test this script out, it tells me Im accepted! Even if my crudentials are completely wrong!
Could you please tell me where I am going wrong, and wether this way is secure enough?
Cheers,
Nick
Whenever I test this script out, it tells me Im accepted! Even if my crudentials are completely wrong!
Code: Select all
<html>
<?php
//getting the information from the form and saving them as variables
$username = $_POSTї'username'];
$password = $_POSTї'password'];
//servername
$server = '******';
//username
$user = '*****';
//connect to mysql
$connect = mysql_connect($server, $user, *******) or die("FATAL ERROR - Could not connect - Please contact the webmaster");
//database name
$database = 'theclubdatabase';
//select the database
mysql_select_db($database) or die("FATAL ERROR - Could not select database - Please contact the webmaster");
//the query
$query = "Select * from userinfo where '$username'=username and '$password'=password";
//carrying out the query
$result = mysql_query($query, $connect);
//questioning wether login is accepted
if(!$result)
{
echo "<head><title>Login not accepted</title></head><body>Login not accepted. Please check your username and/or password</body>";
}
else
{
echo "";
}
?>
</html>Cheers,
Nick