Page 1 of 1
Seperating Pages
Posted: Mon Aug 02, 2004 9:38 am
by dwfait
Hi, in my code i want to seperate my code, so if one variable equals null, display the login part, or if it equals 'login', do the login script. However, when it goes to index.php?action=login, the variable action equals login, but it still just displays the login script. Here is the code:
Code: Select all
<?php
echo "$action";
if ("$action"==0) {
?>
<form action="index.php?action=login" method="POST">
Your Username: <input type="text" name="user" />
Your Password: <input type="text" name="pass" />
<input type="submit">
</form>
<?php
} else if ($action="login") {
$ssppluser = $_POSTї"user"];
$sspplpass = $_POSTї"pass"];
$link = mysql_connect("localhost", "root", "")
or die("Could not connect");
mysql_select_db("stormst_sspp")
or exit("Could not select database");
$result = mysql_query("SELECT user AND pass FROM sspp WHERE user='$ssppluser' AND pass='$ssppluser'")
or die ("Invalid query");
$num_rows = mysql_num_rows($result);
If ("$num_rows"==1) {
echo "Login Complete.";
} else {
echo "Bad username / password.";
}
mysql_close($link);
}
?>
Posted: Mon Aug 02, 2004 9:55 am
by hawleyjr
I made a few changes to your code. Although it doesn't hurt, you shouldin't wrap your variables in a string. Also on your second if you only had one = not two.
Hope this helps.
Code: Select all
<?php
<?php
echo $action;
if ($action==0) {
?>
<form action="index.php?action=login" method="POST">
Your Username: <input type="text" name="user" />
Your Password: <input type="text" name="pass" />
<input type="submit">
</form>
<?php
} else if ($action=='login') {
$ssppluser = $_POST["user"];
$sspplpass = $_POST["pass"];
$link = mysql_connect("localhost", "root", "")
or die("Could not connect");
mysql_select_db("stormst_sspp")
or exit("Could not select database");
$result = mysql_query("SELECT user AND pass FROM sspp WHERE user='$ssppluser' AND pass='$ssppluser'")
or die ("Invalid query");
$num_rows = mysql_num_rows($result);
If ($num_rows==1) {
echo "Login Complete.";
} else {
echo "Bad username / password.";
}
mysql_close($link);
}
?>
?>
Posted: Mon Aug 02, 2004 10:11 am
by dwfait
Im afraid it still happens, when i click submit query, it just comes up with the password box again

Posted: Mon Aug 02, 2004 10:13 am
by hawleyjr
Sorry didn't read your post. I just fixed errors in your code. Thy this:
Posted: Mon Aug 02, 2004 10:30 am
by dwfait
Thank you, it works

Posted: Mon Aug 02, 2004 10:42 am
by dwfait
Also, how would i carry on variables to the next page?
I have this code:
Code: Select all
<?php
if (is_null($action)) {
?>
<form action="index.php?action=login" method="POST">
Your Username: <input type="text" name="user" />
Your Password: <input type="text" name="pass" />
<input type="submit">
</form>
<?php
} else if ($action=='login') {
$ssppluser = $_POSTї"user"];
$sspplpass = $_POSTї"pass"];
$link = mysql_connect("localhost", "root", "")
or die("Could not connect");
mysql_select_db("stormst_sspp")
or exit("Could not select database");
$result = mysql_query("SELECT user AND pass FROM sspp WHERE user='$ssppluser' AND pass='$ssppluser'")
or die ("Invalid query");
$num_rows = mysql_num_rows($result);
If ($num_rows==1) {
echo "Login Complete.";
?>
<br>
<a href="index.php?action=loginc&user=$ssppluser">Click here to continue</a>
<?php
} else {
echo "Bad username / password.";
}
mysql_close($link);
?>
<?php
} else if ($action=='loginc') {
echo "Welcome $user";
}
?>
but at echo "Welcome $user";, the output is "Welcome $ssppluser". How would i carry on the variable ssppluser to the loginc page?
Posted: Mon Aug 02, 2004 11:36 am
by d3ad1ysp0rk
Please post code in
Code: Select all
[/php ] tags.
[syntax=php]<?php
$action = $_GET['action']; //make it non-register globals friendly
if(empty($action)) {
?>
<form action="index.php?action=login" method="POST">
Your Username: <input type="text" name="user" />
Your Password: <input type="text" name="pass" />
<input type="submit">
</form>
<?php
}
else if ($action=='login') {
$ssppluser = $_POST["user"];
$sspplpass = $_POST["pass"];
$link = mysql_connect("localhost", "root", "") or die("Could not connect");
mysql_select_db("stormst_sspp") or exit("Could not select database");
$result = mysql_query("SELECT user AND pass FROM sspp WHERE user='$ssppluser' AND pass='$ssppluser'") or die ("Invalid query");
$num_rows = mysql_num_rows($result);
if($num_rows==1) {
echo "Login Complete.<br />";
echo "<a href="index.php?action=loginc&user=$ssppluser">Click here to continue</a>";
}
else {
echo "Bad username / password.";
}
mysql_close($link);
}
else if ($action=='loginc') {
echo "Welcome $user";
}
?>[/syntax]
However, this script is incredibly insecure.
- Are magic_quotes_gpc on or off? If they are off, I can login as whoever I want.
- If I wanted to, I could navigate to index.php?action=loginc&user=admin
etc
Posted: Mon Aug 02, 2004 11:41 am
by dwfait
no, im not using this to login. I am going to use cookies for that, i will put a cookie on the users comp containing their entered user/pass, and on every page load, it will load these up and check the database if their right.
Posted: Mon Aug 02, 2004 11:43 am
by d3ad1ysp0rk
just so you know.. i changed your script too.. it should work now.