Help with setting up an authorization system
Posted: Thu Apr 23, 2009 12:36 pm
Hi guys
I`m trying to setup a system where a user enters there usernname and password and then tries to log in depending whether there details match up,using a MySql DB.
Password.html
Insert.php
login.html
session.php
The problem that I am having is that any name and pass the user enters brings them to yahoo.com(meaning that it has failed???)
Any advice would be much appreciated
I`m trying to setup a system where a user enters there usernname and password and then tries to log in depending whether there details match up,using a MySql DB.
Password.html
Code: Select all
<form method="post" action="insert.php">
Full Name: (Example: Michael R Maguire) <br />
<input type="text" name="user_name" size="50" maxlength="50"/> (50 Characters Max)
<br />
<br />
User Name: <br />
<input type="text" name="sha_pw" size="20" maxlength="20"/> (20 Characters Max)
<br />
<br />
<input type="submit" value="Create User" />
</form>
Code: Select all
<?php
$user_name = $_POST['user_name'];
$SHA_PW = $_POST['sha_pw'];
$dbname = "heskdb";
$conn = mysql_connect ("localhost","root","password") or
die ('cannot connect to database error: '.mysql_error());
mysql_select_db ($dbname);
if(empty($user_name) || empty($sha_pw)) {
echo "<h2>Please fill in all fields</h2>\n";
echo "Please use the back button in your browsers and fill in all required fields.\n";
die ();
}
$sql="insert into teamtutorials_test (`User_ID` , `user_name` , `sha_pw`) values ('NULL','$user_name','sha1($sha_pw)')";
mysql_query($sql) or die (mysql_error()." $sql");
?>Code: Select all
<form method="post" action="session.php">
Full Name: (Example: Michael R Maguire) <br />
<input type="text" name="user_name" size="50" maxlength="50"/> (50 Characters Max)
<br />
<br />
User Name: <br />
<input type="text" name="password" size="20" maxlength="20"/>
<br />
<br />
<input type="submit" value="Create User" />
</form>
Code: Select all
<?php
session_start();
if (isset($_POST['user_name']) && isset($_POST['password']))
{
$user_name = $_POST['user_name'];
$password = $_POST['password'];
$dbname = "heskdb";
$conn = mysql_connect ("localhost","root","password") or
die ('cannot connect to database error: '.mysql_error());
mysql_select_db ($dbname);
$sql = mysql_query("select count(*) from teamtutorials_test
where user_name = '$user_name' and sha_pw = sha1('$password')") or die(mysql_error());
$results = mysql_result($sql, 0);
if ($results == 0){
header( 'Location:http://www.yahoo.com');
}
else
{
$_SESSION['valid_user'] = $user_name;
header( 'Location:http://www.google.ie');
}
}
?>
Any advice would be much appreciated