PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I'm trying to create a secure part of a website using cookies. I have created a login page which brings up an html page. At the top of that html page, and ever page that I want secure, there is a link to run this script like
The only problem is that even if you use the wrong username and password the page still comes up as normal. I want to make it so that only people that I manually add through the phpmyadmin can access and view pages with that include statement on it. Any suggestions?
<?php
session_start();
if (! isset($_session['name'])) {
if (isset ($_post['username']))
{
$username = $_post['username'];
$password = $_post['password'];
$username="abc";
$password="abc";
$database="mysql";
mysql_pconnect($database,$username,$password);
@mysql_select_db($databse) or die("Unable to connect to database. Please contact the webmaster for further assistance.");
$query = "SELECT FROM user_handle.user WHERE username='$username' AND password='$password'";
$result = mysql_query($query);
if (mysql_numrows($result) == 1)
{
echo "Sorry but you are not authorized to view this page";
}
}
else {
include "admin.html";
}
}
else {
}
?>
Yes, I believe your right on that one, it should be a "!=", however, when I type in the right password using that code it should give me that echo, but it doesn't. I definitely think I'm missing something in that script.
no it shouldn't.unless you got someone in the database with username abs and password abc it should go to the else:-D because whatever is written into username and pass from the post is over written by your assignment to abc abc.
<?php
session_start();
if (! isset($_session['name'])) {
if (isset ($_post['username']))
{
$person = $_post['username'];
$pwd = $_post['password'];
$username="abc";
$password="abc";
$database="mysql";
mysql_pconnect($database,$username,$password);
@mysql_select_db($databse) or die("Unable to connect to database. Please contact the webmaster for further assistance.");
$query = "SELECT FROM user_handle.user WHERE username='$person' AND password='$pwd'";
$result = mysql_query($query);
if (mysql_numrows($result) != 1)
{
echo "Sorry but you are not authorized to view this page";
}
}
else {
include "admin.html";
}
}
else {
}
?>
<?php
session_start();
if (! isset($_SESSION['name'])) {
if (isset ($_POST['username']))
{
$person = $_POST['username'];
$pwd = $_POST['password'];
$username="abc";
$password="abc";
$database="mysql";
mysql_pconnect($database,$username,$password);
@mysql_select_db($databse) or die("Unable to connect to database. Please contact the webmaster for further assistance.");
$query = "SELECT name FROM user_handle.user WHERE username='$person' AND password='$pwd'";
$result = mysql_query($query);
if (mysql_num_rows($result) == 1)
{
include ("admin.html");
}
else
{
echo ("Sorry but you are not authorize to view this page.");
}
}
?>
Changed it and still nothing. How do I know if its actually creating a cookie or not? I also set the SID myself and didn't let the computer set it. As it stands the password is "test" username is "test" and the SID is "test".
$dbhost= 'localhost';
$dbuser= 'user';
$dbpass= 'pass';
$conn= mysql_connect($dbhost,$dbuser,$dbpass) or die ('Error connecting to the database.');
$dbname='database';
mysql_select_db($dbname);
<?php
session_start();
if (! isset($_SESSION['name'])) {
if (isset ($_POST['username']))
{
$person = $_POST['username'];
$pwd = $_POST['password'];
$username="abc";
$password="abc";
$database="mysql";
mysql_connect($database,$username,$password);
@mysql_select_db($databse) or die("Unable to connect to database. Please contact the webmaster for further assistance.");
$query = "SELECT name FROM user_handle.user WHERE username='$person' AND password='$pwd'";
$result = mysql_query($query);
if (mysql_num_rows($result) == 1)
{
include ("admin.html");
}
} else
{
echo ("Sorry but you are not authorize to view this page.");
}
}
?>
White screen is no more but now it just displays the "Sorry but you are not authorize to view this page." no matter correct or incorrect password.