Page 1 of 1

Login script

Posted: Sun May 07, 2006 11:47 am
by chrisso
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Just another problem here...
What's the problem with this script?

Code: Select all

<?
function adminForm(){
	echo "<div align=\"right\" style=\"width:165px;\"><form action=\"?module=admin&file=admin&do=check\" method=\"post\">
		   Brukenavn: <input style=\"width:100px;\" type=\"text\" class=\"text\" name=\"uname\"><br>Passord:  <input style=\"width:100px;\" type=\"password\" class=\"text\" name=\"passwd\"><br>
		   <input type=\"submit\" class=\"text\" value=\"Logg inn\">
		   </form></div>";	
}

function checkAdmin($uname, $passwd){
	$result = mysql_query("SELECT * FROM cw_user WHERE uname = '$username'");
	$array = mysql_fetch_assoc($result) or die (mysql_error());
	
	if($username == $array['uname'] and md5($password) == $array['passwd'] and $array['admin'] == 1){
		$_SESSION["q6n4fk_logged_in"] = TRUE;
		$_SESSION["q6n4fk_admin"] = TRUE;
		$_SESSION["user"] = $uname;
		echo "<meta content=\"3;URL=?module=admin&file=admin&do=menu\" http-equiv=\"refresh\">You've been logged in as $username.";
		} else { echo "You've written a wrong combination of username and password!<br>a href=\"javascript:history.back(-1)\">Try again</a>"; }
	
}

function adminMenu(){
echo "Menu goes here!";
}


#################### Site starts here
$do = $_GET["do"];
$op = $_GET["op"];

switch ($do){
case "check":
$uname = $_POST["uname"];
$passwd = $_POST["passwd"];
checkAdmin($uname, $passwd);
break;

case "menu":
########### If not logged in, returns to admin login page
if(!$_SESSION["q6n4fk_admin"]){ echo "<meta content=\"0;URL=?module=admin&file=admin\" http-equiv=\"refresh\">"; } else {
adminMenu();
}
break;

default:
adminForm();
}
?>
The login form works, adminMenu() may work (haveb't tested it because can't log in.
The problem must be checkAdmin() / case "check".

Please help me :)

Thank you !


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Sun May 07, 2006 12:27 pm
by timvw
How is this related to databases?
Anyway, to me it appears that you're testing if something exists in $_SESSION... But you haven't called http://www.php.net/session_start so it will never exist...

Posted: Sun May 07, 2006 12:36 pm
by chrisso
The database connection and session_start() is exists in the index.php file. The login script/file is included to index.php.

Posted: Sun May 07, 2006 1:18 pm
by chrisso
I've fixed some problems.. so now I can log in.
But if I write wrong username and/or password the "wrong usernam and password"-message doesn't appear!

Code: Select all

<?
function adminForm(){
	echo "<div align=\"right\" style=\"width:165px;\"><form action=\"?module=admin&file=admin&do=check\" method=\"post\">
		   Brukenavn: <input style=\"width:100px;\" type=\"text\" class=\"text\" name=\"uname\"><br>Passord:  <input style=\"width:100px;\" type=\"password\" class=\"text\" name=\"passwd\"><br>
		   <input type=\"submit\" class=\"text\" value=\"Logg inn\">
		   </form></div>";	
}

function checkAdmin($uname, $passwd){
	$result = mysql_query("SELECT * FROM cw_user WHERE uname = '$uname'");
	$array = mysql_fetch_assoc($result) or die (mysql_error());
	
	if($uname == $array['uname'] and md5($passwd) == $array['passwd']){
		if($array['admin'] == 1){
		$_SESSION["q6n4fk_logged_in"] = TRUE;
		$_SESSION["q6n4fk_admin"] = TRUE;
		$_SESSION["user"] = $uname;
		} else { echo "Du har ikke tilgang til administrasjons siden!"; }
		echo "<meta content=\"3;URL=?module=admin&file=admin&do=menu\" http-equiv=\"refresh\">Du er logget inn som $uname.";
		} else { echo "Du har skrevet en feil kombinasjon av brukernavn og passord!<br>a href=\"javascript:history.back(-1)\">Pr&oslash;v igjen</a>"; }
	
}

function adminMenu(){
echo "Menu goes here!";
}


#################### Page starts here
$do = $_GET["do"];
$op = $_GET["op"];

switch ($do){
case "check":
$uname = $_POST["uname"];
$passwd = $_POST["passwd"];
checkAdmin($uname, $passwd);
break;

case "menu":
if(!$_SESSION["q6n4fk_admin"]){ echo "<meta content=\"0;URL=?module=admin&file=admin\" http-equiv=\"refresh\">"; } else {
adminMenu();
}
break;

default:
adminForm();
}
?>