hi please help
Posted: Wed Apr 19, 2006 11:11 am
Hi
i hope someone can help
i need it so when you login in you get the continue link that links to the page that the sql table tells it to
so it gets data out of my priv coloum that stores the url eg. admin.php
i change things and get an error every time normaly different i hope some on can just see the problem its fine when i take out all the priv stuff and just give it the link to go to but it just can get it out of the database i think
sorry to be a pain
thanks hope someone can help
http://www.rjcdesigns.co.uk
i hope someone can help
i need it so when you login in you get the continue link that links to the page that the sql table tells it to
so it gets data out of my priv coloum that stores the url eg. admin.php
i change things and get an error every time normaly different i hope some on can just see the problem its fine when i take out all the priv stuff and just give it the link to go to but it just can get it out of the database i think
sorry to be a pain
Code: Select all
<?php
// Connect to the database
mysql_connect($server,$dbuser,$dbpass) or die ("Could not establish connection"); // make connection
mysql_select_db($dbname); // select database
// convert posted info to easy to use variables
$user = $_REQUEST['username'];
$pass = $_REQUEST['password'];
// strip away any dangerous tags
$user=strip_tags($user);
$pass=strip_tags($pass);
// remove spaces from variables
$user=str_replace(" ","",$user);
$pass=str_replace(" ","",$pass);
// remove escaped spaces
$user=str_replace("%20","",$user);
$pass=str_replace("%20","",$pass);
// add slashes to stop hacking
$user=addslashes($user);
$pass=addslashes($pass);
// hash password into md5 (random 32 characters - md5)
$pass=md5($pass);
// search database to check for user
$request = "SELECT * FROM $dbtable WHERE password ='".$pass."' AND username='".$user."'";
// hand over the request
$results = mysql_query($request);
// hand over the request
$results = mysql_query($request);
// if mysql returns any number of rows great than 0 then there is a succesful login
(mysql_num_rows($query) == 1)
{
// get information on user
$query= "SELECT `user`, `priv` FROM `$dbtable` WHERE username='".$user."' LIMIT 1";
$rs = mysql_query($query);
$result = mysql_fetch_array($rs);
$userid = $result['userid'];
$priv = $result['priv'];
$html_user = htmlentities($user);
setcookie('userid', $userid, time() + 3600, '/', '', 0);
echo "You have successfuly loged in! Welcome, $html_user .<br><br><a href=\"$priv\">Continue...</a>";
}
else // only happens if not a succesful username and password match
{
// login failed so display error message and kill script
die("Username and passwords do not match our records<br><br><a href=\"login.htm\">Click to retry ?");
}
?>thanks hope someone can help
http://www.rjcdesigns.co.uk