simple log in script not working
Posted: Sat Feb 09, 2008 5:07 pm
Hello, I am having trouble trying to implement a login system for an app I'm creating. First off this is my first project, but I've been working on it for a while, the point is that I'm a newb, but I've been doing my homework.
here is the simple authentication script
incase what I am trying to do is not obvious I'm trying to create a session (USER) which will be used to grant access to all my other pages in the application.
the problem I'm having is that in the first line or so of all my other scripts I'm putting this:
but what is happeneing is that I'm being re-directed to my log in script regardless.
Any advice and / or criticism is greatly appreciated.
let me know if there is any obvious security blunders (this will be hosted on a secure site).
Thank you so much.
here is the simple authentication script
Code: Select all
<?php
session_start;
if (isset($_POST['submitted'])) {
require_once ('../../../mysql_connect.php');
include ('../includes/functions.php');
$username = escape_data($_POST['user']);
$password = md5(escape_data($_POST['password']));
$authenticate = "SELECT username
FROM
user_accounts
WHERE
username = '$username'
AND
password = '$password'";
$result = mysql_query ($authenticate) or die(mysql_error());
if (mysql_num_rows($result) == 1)
{
$_SESSION['USER'] = mysql_fetch_row($result) ;
header("Location: ../pages/index.html");
// header("Location: {$_SERVER['HTTP_REFERER']}");
exit;
//var_dump($_SESSION['USER']);
//die ($authenticate);
} else { echo'Invalid username and/ or password, <br>
Please try again.' ; }
}
include ('../includes/header_footer/header.inc.htm');
echo'
<form action="log_in.php" method="post">
<table class="frame" cellpadding="8" >
<tr>
<td align="right" >
Username<input name="user" type="text" size="14" maxlength="12">
<br />
Password<input name="password" type="password" size="14" maxlength="16">
<br />
<input name="enter" type="submit" value="Enter" />
</td>
</tr>
<input name="submitted" type="hidden" />
</table>
</form>
' ;
include ('../includes/header_footer/footer.inc.htm');
?>
the problem I'm having is that in the first line or so of all my other scripts I'm putting this:
Code: Select all
<?php
session_start();
if (isset($_SESSION['USER'])) {
// my script
else { header("Location: ../authentication/log_in.php");}
?>
Any advice and / or criticism is greatly appreciated.
let me know if there is any obvious security blunders (this will be hosted on a secure site).
Thank you so much.