Login Script
Posted: Mon Jul 31, 2006 12:21 am
Well ive managed to create a login authentication script that passes a session variable (the username) to the file admin.php, however im unsure what i need to do in admin.php to make it only viewable if you are loged in. Also since we are on the same subject, i was wondering if there any security issues with my authentication script?
Code: Select all
<?php
session_start();
require("config.php");
echo "<br><br><br><center>";
echo "<strong>Admin Login</strong><br><br>";
echo "<form method='post' action='index.php?action=check'>
<table>
<tr>
<td>Username:</td>
<td><input type='text' name='uname'></td>
</tr><tr>
<td>Password:</td>
<td><input type='password' name='pword'></td>
</tr><tr>
<td></td>
<td><input type='submit' value='login'></td>
</tr>
</table>
</form>";
echo "<center>";
if($_GET['action'] == 'check')
{
$username = $_POST['uname'];
$password = md5($_POST['pword']);
$q = "SELECT * FROM administrators WHERE username='$username' AND password='$password'";
$result = mysql_query($q) or die ('Something is wrong with query: ' . $q . '<br>'. mysql_error());
$row = mysql_fetch_assoc($result);
if(mysql_num_rows($result) > 0)
{
$_SESSION['username'] = $username;
Header("Location: admin.php");
}
else
{
echo "<b>Incorrect username or password.</b>";
}
}
else
{
}
?>