PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Hi, in my code i want to seperate my code, so if one variable equals null, display the login part, or if it equals 'login', do the login script. However, when it goes to index.php?action=login, the variable action equals login, but it still just displays the login script. Here is the code:
I made a few changes to your code. Although it doesn't hurt, you shouldin't wrap your variables in a string. Also on your second if you only had one = not two.
[/php ] tags.
[syntax=php]<?php
$action = $_GET['action']; //make it non-register globals friendly
if(empty($action)) {
?>
<form action="index.php?action=login" method="POST">
Your Username: <input type="text" name="user" />
Your Password: <input type="text" name="pass" />
<input type="submit">
</form>
<?php
}
else if ($action=='login') {
$ssppluser = $_POST["user"];
$sspplpass = $_POST["pass"];
$link = mysql_connect("localhost", "root", "") or die("Could not connect");
mysql_select_db("stormst_sspp") or exit("Could not select database");
$result = mysql_query("SELECT user AND pass FROM sspp WHERE user='$ssppluser' AND pass='$ssppluser'") or die ("Invalid query");
$num_rows = mysql_num_rows($result);
if($num_rows==1) {
echo "Login Complete.<br />";
echo "<a href="index.php?action=loginc&user=$ssppluser">Click here to continue</a>";
}
else {
echo "Bad username / password.";
}
mysql_close($link);
}
else if ($action=='loginc') {
echo "Welcome $user";
}
?>[/syntax]
However, this script is incredibly insecure.
- Are magic_quotes_gpc on or off? If they are off, I can login as whoever I want.
- If I wanted to, I could navigate to index.php?action=loginc&user=admin
etc
Last edited by d3ad1ysp0rk on Mon Aug 02, 2004 11:42 am, edited 1 time in total.
no, im not using this to login. I am going to use cookies for that, i will put a cookie on the users comp containing their entered user/pass, and on every page load, it will load these up and check the database if their right.