Page 1 of 5

Login pages... (quickie)

Posted: Thu Jan 11, 2007 3:53 pm
by Mightywayne
Hi. <3 I'm currently learning how to make a login page. Now I've got a question.

The place I'm learning from is http://www.evolt.org/article/Creating_a ... index.html

Right about at this part of the page:

"Check Client

Next we need to check if the client is already logged in or not. If they are, leave them be, if they're not, pop up a login form:"

I'm wondering if I have to copy-paste that onto each page I do. That's all, quick question.

Posted: Thu Jan 11, 2007 4:31 pm
by feyd
The text you've quoted would suggest the answer yes.

Posted: Thu Jan 11, 2007 4:35 pm
by neophyte
Hmm, That page is an example of the basics of authentication/login with PHP. It's not a complete login system. There could be many ways of implementation and the script isn't the best because it stores passwords in clear text. You'll need to change quite a bit to make it work in the real world.

To answer you question in brief, yes you'll need to check on everypage that you want to protect to see if the user is logged in. Would I use their exact code? No.

Experiment with the code. Post you questions here.

Posted: Sun Jan 14, 2007 9:41 am
by Mightywayne
Editted out in case some folks try to hax0r me. Seriously. o_O;;

Posted: Sun Jan 14, 2007 9:44 am
by feyd
It started at line 1 in /home/burnttoa/public_html/monbre/checklogin.php. It may be a space or carriage return, or maybe something more substantial.
  • headers_sent() may be of interest.
  • Use full URLs.

Posted: Sun Jan 14, 2007 10:01 am
by Mightywayne
Editted out in case some folks try to hax0r me. Seriously. o_O;;

Posted: Sun Jan 14, 2007 10:08 am
by Ollie Saunders
If you have any space before <?php that is output and the first bit of output triggers the headers to be sent. Here are some examples:

Code: Select all

<?php
// headers sent

Code: Select all

<?php
// headers not yet sent

Code: Select all

<?php
echo 'a';
// headers sent

Code: Select all

<?php
?> <?php
// headers sent

Code: Select all

<!-- comment --><?php
// headers sent

Posted: Sun Jan 14, 2007 12:54 pm
by Mightywayne
=/ I am sorry but I don't exactly understand what you mean. To make sure I had no spaces, I ended the php right before the code giving me trouble, and then restarted it again, to ensure there was not a space missed. Did you mean a space in the PREVIOUS or the NEXT scripts, perhaps...?

Posted: Sun Jan 14, 2007 1:27 pm
by feyd
They need to be checked in any scripts run prior to this code.

Posted: Sun Jan 14, 2007 1:50 pm
by jayshields
Post your full script (the one where the error was on the 27th line) or atleast everything before line 27.

Posted: Sun Jan 14, 2007 2:02 pm
by Mightywayne
Editted out in case some folks try to hax0r me. Seriously. o_O;;

Posted: Sun Jan 14, 2007 2:51 pm
by feyd
The blank line after the $_SESSION variable references will send headers.

Posted: Sun Jan 14, 2007 3:02 pm
by Mightywayne
Ahh! The LINE! Aha. Gotcha. I thought you meant spaces like . Well. Okay. Thanks. :) If I have more questions, I guess I'll use this thread for it.

Edit: (didn't want to bump) I always do injection stuff last. xP Thanks for the concern though, Matt.

Posted: Sun Jan 14, 2007 3:18 pm
by matthijs

Code: Select all

username = $_POST['username'];
$password = $_POST['password'];

$sql = "SELECT * FROM user WHERE username='$username' and password='$password'";
$result = mysql_query($sql);
The script is vulnerable for SQL injection. Please use at least mysql_real_escape_string(). Might want to validate the input as well.

Posted: Mon Jan 15, 2007 12:55 pm
by Mightywayne
Editted out in case some folks try to hax0r me. Seriously. o_O;;