Login pages... (quickie)

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Mightywayne
Forum Contributor
Posts: 237
Joined: Sat Dec 09, 2006 6:46 am

Login pages... (quickie)

Post by Mightywayne »

Hi. <3 I'm currently learning how to make a login page. Now I've got a question.

The place I'm learning from is http://www.evolt.org/article/Creating_a ... index.html

Right about at this part of the page:

"Check Client

Next we need to check if the client is already logged in or not. If they are, leave them be, if they're not, pop up a login form:"

I'm wondering if I have to copy-paste that onto each page I do. That's all, quick question.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

The text you've quoted would suggest the answer yes.
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »

Hmm, That page is an example of the basics of authentication/login with PHP. It's not a complete login system. There could be many ways of implementation and the script isn't the best because it stores passwords in clear text. You'll need to change quite a bit to make it work in the real world.

To answer you question in brief, yes you'll need to check on everypage that you want to protect to see if the user is logged in. Would I use their exact code? No.

Experiment with the code. Post you questions here.
Mightywayne
Forum Contributor
Posts: 237
Joined: Sat Dec 09, 2006 6:46 am

Post by Mightywayne »

Editted out in case some folks try to hax0r me. Seriously. o_O;;
Last edited by Mightywayne on Fri Apr 06, 2007 12:22 pm, edited 1 time in total.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

It started at line 1 in /home/burnttoa/public_html/monbre/checklogin.php. It may be a space or carriage return, or maybe something more substantial.
  • headers_sent() may be of interest.
  • Use full URLs.
Mightywayne
Forum Contributor
Posts: 237
Joined: Sat Dec 09, 2006 6:46 am

Post by Mightywayne »

Editted out in case some folks try to hax0r me. Seriously. o_O;;
Last edited by Mightywayne on Fri Apr 06, 2007 2:17 pm, edited 1 time in total.
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

If you have any space before <?php that is output and the first bit of output triggers the headers to be sent. Here are some examples:

Code: Select all

<?php
// headers sent

Code: Select all

<?php
// headers not yet sent

Code: Select all

<?php
echo 'a';
// headers sent

Code: Select all

<?php
?> <?php
// headers sent

Code: Select all

<!-- comment --><?php
// headers sent
Mightywayne
Forum Contributor
Posts: 237
Joined: Sat Dec 09, 2006 6:46 am

Post by Mightywayne »

=/ I am sorry but I don't exactly understand what you mean. To make sure I had no spaces, I ended the php right before the code giving me trouble, and then restarted it again, to ensure there was not a space missed. Did you mean a space in the PREVIOUS or the NEXT scripts, perhaps...?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

They need to be checked in any scripts run prior to this code.
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Post by jayshields »

Post your full script (the one where the error was on the 27th line) or atleast everything before line 27.
Mightywayne
Forum Contributor
Posts: 237
Joined: Sat Dec 09, 2006 6:46 am

Post by Mightywayne »

Editted out in case some folks try to hax0r me. Seriously. o_O;;
Last edited by Mightywayne on Fri Apr 06, 2007 2:17 pm, edited 2 times in total.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

The blank line after the $_SESSION variable references will send headers.
Mightywayne
Forum Contributor
Posts: 237
Joined: Sat Dec 09, 2006 6:46 am

Post by Mightywayne »

Ahh! The LINE! Aha. Gotcha. I thought you meant spaces like . Well. Okay. Thanks. :) If I have more questions, I guess I'll use this thread for it.

Edit: (didn't want to bump) I always do injection stuff last. xP Thanks for the concern though, Matt.
Last edited by Mightywayne on Sun Jan 14, 2007 9:15 pm, edited 1 time in total.
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Post by matthijs »

Code: Select all

username = $_POST['username'];
$password = $_POST['password'];

$sql = "SELECT * FROM user WHERE username='$username' and password='$password'";
$result = mysql_query($sql);
The script is vulnerable for SQL injection. Please use at least mysql_real_escape_string(). Might want to validate the input as well.
Mightywayne
Forum Contributor
Posts: 237
Joined: Sat Dec 09, 2006 6:46 am

Post by Mightywayne »

Editted out in case some folks try to hax0r me. Seriously. o_O;;
Last edited by Mightywayne on Fri Apr 06, 2007 2:18 pm, edited 1 time in total.
Post Reply