Page 1 of 1
lame login scipt not working
Posted: Sun May 08, 2005 8:38 am
by andrei.mita
Hi there. You may find the next script funny but is my very first one. I want to make a simple login page for a website, something very simple that does not include cookies or anything else, just a first page that blocks the entrence to the others.
Here is what I came up with:
Code: Select all
<?php
$us = "**********";
$passwd = "***********";
mysql_connect("*server*","*user*","***") or die ("Unable to connect to MySQL server.");
mysql_select_db("big_db") or die ("Unable to select requested database.");
echo ("Connection OK");
function auth($us, $passwd)
{
$passq = "SELECT password FROM user WHERE username = '$us'";
$result = mysql_query($passq);
$row = mysql_fetch_array($result); //would it be better to
//use mysql_fetch_row
if ($row['password'] == $passwd)
{
echo "Good boy.";
}
else
echo "Bad boy.";
}
?>
And olso, what function should I use to redirect the logged person to the next page?
Thank,
Andrei
d11wtq | Please mask out all usernames and passwords when posting in public forums 
Posted: Sun May 08, 2005 8:48 am
by Revan
Code: Select all
header("location: whereever.php");
is a method.
Posted: Sun May 08, 2005 10:07 am
by Chris Corbyn
Yes, for redirects use:
Code: Select all
header('location: wherever_you_want_to_go.php');
As regards the little comment in your code for best way to take out jusr ONE record and only ONE field, it's quicker to just do:
Code: Select all
$passq = "SELECT password FROM user WHERE username = '$us'";
$result = mysql_query($passq);
$db_pw = mysql_result($result, 0, 'password'); //Saves getting the array and then getting the value
if ($db_pw == $passwd)
{
If you do go down the header('location: ....'); route make sure you take out all the echo()'s or they'll screw around with the HTTP headers and you'll generate errors.
Good luck

Posted: Sun May 08, 2005 10:43 am
by John Cartwright
Although this is not a complicated script and many improvements can be made, I believe this is a good place to start.
Functions I'll be using:
sprintf,
mysql_real_escape_string,
header,
sessions
Code: Select all
session_start();
//make our query safe from sql injection
$result = sprintf("e;SELECT * FROM `users` WHERE `username` = '%s' AND `password` = '%s' LIMIT 1"e;,
mysql_real_escape_string($username),
mysql_real_escape_string($password));
//run the query
$result = mysql_query($result) or die(mysql_error());
//check to see if the username && password were correct
if (mysql_num_rows($result) > 0)
{
//fetch userinfo
$user = mysql_fetch_assoc($result);
//assign session variable with the username
//this can be accessed on any page where session_start() is found
$_SESSIONї'username'] = $userї'username'];
//redirect the user
header('Location: adminpage.php');
}
else
{
//show login form?
}
Code: Select all
session_start();
//check if session var exists
if (empty($_SESSIONї'username']))
{
//terminate the page
die ('Hacking Attempt');
}
//as long as the die statement never ran
//we will see the contents of the rest of the page
echo 'Welcome '.$_SESSIONї'username'];
Posted: Sun May 08, 2005 11:11 am
by andrei.mita
Thanks to all for the support. I now have to make it work and understand the new code, I wouldn't want to use it unless I actually know what it does
Also thanks for the info on $_SESSION['field']. I was curios how to make a "Hello USERNAME!" intro on the next pages
Thanks to all again,
Andrei
Posted: Sun May 08, 2005 11:18 am
by John Cartwright
Have a good read on the list of functions (they are all links to the manual) and I'm sure you'll understand.
FYI:
http://php.net/function_name_here so..
http://php.net/mysql_num_rows will bring up the relevant information on that function.
Good luck.