PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Hi there. You may find the next script funny but is my very first one. I want to make a simple login page for a website, something very simple that does not include cookies or anything else, just a first page that blocks the entrence to the others.
Here is what I came up with:
<?php
$us = "**********";
$passwd = "***********";
mysql_connect("*server*","*user*","***") or die ("Unable to connect to MySQL server.");
mysql_select_db("big_db") or die ("Unable to select requested database.");
echo ("Connection OK");
function auth($us, $passwd)
{
$passq = "SELECT password FROM user WHERE username = '$us'";
$result = mysql_query($passq);
$row = mysql_fetch_array($result); //would it be better to
//use mysql_fetch_row
if ($row['password'] == $passwd)
{
echo "Good boy.";
}
else
echo "Bad boy.";
}
?>
And olso, what function should I use to redirect the logged person to the next page?
Thank,
Andrei
d11wtq | Please mask out all usernames and passwords when posting in public forums
$passq = "SELECT password FROM user WHERE username = '$us'";
$result = mysql_query($passq);
$db_pw = mysql_result($result, 0, 'password'); //Saves getting the array and then getting the value
if ($db_pw == $passwd)
{
If you do go down the header('location: ....'); route make sure you take out all the echo()'s or they'll screw around with the HTTP headers and you'll generate errors.
session_start();
//make our query safe from sql injection
$result = sprintf("e;SELECT * FROM `users` WHERE `username` = '%s' AND `password` = '%s' LIMIT 1"e;,
mysql_real_escape_string($username),
mysql_real_escape_string($password));
//run the query
$result = mysql_query($result) or die(mysql_error());
//check to see if the username && password were correct
if (mysql_num_rows($result) > 0)
{
//fetch userinfo
$user = mysql_fetch_assoc($result);
//assign session variable with the username
//this can be accessed on any page where session_start() is found
$_SESSIONї'username'] = $userї'username'];
//redirect the user
header('Location: adminpage.php');
}
else
{
//show login form?
}
session_start();
//check if session var exists
if (empty($_SESSIONї'username']))
{
//terminate the page
die ('Hacking Attempt');
}
//as long as the die statement never ran
//we will see the contents of the rest of the page
echo 'Welcome '.$_SESSIONї'username'];