Thanks for the help I am sure to recieve.
Cheers!
Moderator: General Moderators
Code: Select all
//start the session
session_start();
//this is the user input form
echo "<input type="text" name="username" value="'.$_SESSION['username'].'" /> ";
echo "<input type="password" name="password" />";
echo "<input type="submit" />";
echo "</form>'";Code: Select all
require("Connect.php"); //hold the db connection info
session_start();
//call mysql
$query="SELECT * FROM table WHERE username='$_SESSION['username']' AND password='$password'"
$result=mysql_db_query($db, $query, $connection);
if ( $_POST['username'] == '???' && $_POST['password'] == '???' ) {
$_SESSION['auth'] = true;
$_SESSION['username'] = $_POST['username'];
header("Location: page5.php");
} else {
$_SESSION['auth'] = false;
$_SESSION['username'] = '';
header("Location: page3.php");
}Code: Select all
<?php
//this is the user input form
echo "<form action="process.php" method="post">";
echo "<input type="text" name="username" value="" /> "; # no need to have the $_SESSION['username'] here. you want people to enter their info
echo "<input type="password" name="password" />";
echo "<input type="submit" />";
echo "</form>'";
?>Code: Select all
<?php
require("Connect.php"); //hold the db connection info
session_start();
//call mysql
$query="SELECT * FROM table WHERE username='".$_POST['username']."' AND password='".$_POST['password']."'"; #Check the POSTed username, not session
$result=mysql_query($query, $connection); # Use mysql_query, not mysql_db_query. Look into mysql_connect and mysql_select_db
if (mysql_num_rows($result)==1) { # if 1 result was returned (ie--username/password combo was in DB)
$_SESSION['auth'] = true;
$_SESSION['username'] = $_POST['username'];
header("Location: page5.php");
} else {
$_SESSION['auth'] = false;
$_SESSION['username'] = ''; # I would suggest not setting the $_SESSION['username'] at all. That way you can do checks later with isset()
header("Location: page3.php");
}
?>Code: Select all
<?php
require("connect.php"); //hold the db connection info
session_start();
//call mysql
$query="SELECT * FROM table WHERE username='".$_POST['username']."' AND password='".$_POST['password']."'"; $result=mysql_query($query, $connection);
if (mysql_num_rows($result)==1) {
$_SESSION['auth'] = true;
$_SESSION['username'] = $_POST['username'];
header("Location: index.php");
} else {
$_SESSION['auth'] = false;
$_SESSION['username'] = '';
header("Location: login.php");
}
?>Code: Select all
session_start()
if ($_SESSION['auth']=true) //can I even do this?
{
echo "<A HREF="http://blah.com/somescript.php"> logout </a>";
}
else
{
echo "<A HREF="http://blah.com/someotherscript.php"> login </a>";
}Code: Select all
<?php
$query="SELECT * FROM table WHERE username='".
mysql_escape_string(stripslashes($_POST['username']))."' AND password='".
mysql_escape_string(stripslashes($_POST['password']))."'";
?>