lame login scipt not working

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
andrei.mita
Forum Commoner
Posts: 65
Joined: Sun May 08, 2005 4:06 am
Location: Barlad/Romania

lame login scipt not working

Post by andrei.mita »

Hi there. You may find the next script funny but is my very first one. I want to make a simple login page for a website, something very simple that does not include cookies or anything else, just a first page that blocks the entrence to the others.
Here is what I came up with:

Code: Select all

<?php

$us = "**********";
$passwd = "***********";

mysql_connect("*server*","*user*","***") or die ("Unable to connect to MySQL server.");
mysql_select_db("big_db") or die ("Unable to select requested database."); 
echo ("Connection OK");


function auth($us, $passwd)
{
$passq = "SELECT password FROM user WHERE username = '$us'";
$result = mysql_query($passq);
$row = mysql_fetch_array($result); //would it be better to 
                                   //use mysql_fetch_row
if ($row['password'] == $passwd) 
{
echo "Good boy.";
}

else
echo "Bad boy.";
}

?>
And olso, what function should I use to redirect the logged person to the next page?
Thank,
Andrei

d11wtq | Please mask out all usernames and passwords when posting in public forums ;-)
Revan
Forum Commoner
Posts: 83
Joined: Fri Jul 02, 2004 12:37 am
Location: New Mexico, USA
Contact:

Post by Revan »

Code: Select all

header("location: whereever.php");
is a method.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Yes, for redirects use:

Code: Select all

header('location: wherever_you_want_to_go.php');
As regards the little comment in your code for best way to take out jusr ONE record and only ONE field, it's quicker to just do:

Code: Select all

$passq = "SELECT password FROM user WHERE username = '$us'";
$result = mysql_query($passq);
$db_pw = mysql_result($result, 0, 'password'); //Saves getting the array and then getting the value
if ($db_pw == $passwd) 
{
If you do go down the header('location: ....'); route make sure you take out all the echo()'s or they'll screw around with the HTTP headers and you'll generate errors.

Good luck ;-)
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Although this is not a complicated script and many improvements can be made, I believe this is a good place to start.

Functions I'll be using: sprintf, mysql_real_escape_string, header, sessions

Code: Select all

session_start();

//make our query safe from sql injection
$result = sprintf(&quote;SELECT * FROM `users` WHERE `username` = '%s' AND `password` = '%s' LIMIT 1&quote;,
                   mysql_real_escape_string($username),
                   mysql_real_escape_string($password));

//run the query
$result = mysql_query($result) or die(mysql_error());

//check to see if the username &amp;&amp; password were correct
if (mysql_num_rows($result) &gt; 0) 
{
    //fetch userinfo    
    $user = mysql_fetch_assoc($result);
    //assign session variable with the username
    //this can be accessed on any page where session_start() is found
    $_SESSION&#1111;'username'] = $user&#1111;'username'];
    //redirect the user
    header('Location: adminpage.php');
}
else
{
     //show login form?
}

Code: Select all

session_start();

//check if session var exists
if (empty($_SESSION&#1111;'username']))
{
    //terminate the page 
    die ('Hacking Attempt');
}

//as long as the die statement never ran
//we will see the contents of the rest of the page
echo 'Welcome '.$_SESSION&#1111;'username'];
andrei.mita
Forum Commoner
Posts: 65
Joined: Sun May 08, 2005 4:06 am
Location: Barlad/Romania

Post by andrei.mita »

Thanks to all for the support. I now have to make it work and understand the new code, I wouldn't want to use it unless I actually know what it does :D

Also thanks for the info on $_SESSION['field']. I was curios how to make a "Hello USERNAME!" intro on the next pages :P

Thanks to all again,
Andrei
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Have a good read on the list of functions (they are all links to the manual) and I'm sure you'll understand.

FYI: http://php.net/function_name_here so.. http://php.net/mysql_num_rows will bring up the relevant information on that function.

Good luck.
Post Reply