Link to home
Start Free TrialLog in
Avatar of smphil
smphilFlag for Afghanistan

asked on

login script

Below is a script I am using to authenticate a login how come if I put incorrect login data the error
 ("<b>Name and password not found or not matched</b>");

Does not print on the page.

Better yet how can I modify it to keep sending them back to  press_login.php if the login fails?

Any help would be appreciated.

Thanks Phil



<?php
         
             session_start();
             if(!isset($_SESSION['confirmation'])) {
             header("location:press_login.php");
             exit();
             }
       

?>
<?
$conn = mysql_connect("localhost","username","pass");
$db = mysql_select_db("personal");

$username = $_POST["username"];
$password = $_POST["password"];

$result = MYSQL_QUERY("SELECT * from users WHERE username='$username'and password='$password'")
or die ("<b>Name and password not found or not matched</b>");

$worked = mysql_fetch_array($result);

$username = $worked[username];
$password = $worked[password];



if($worked)
{header("location:press/cpanel.php"); exit();}
?>
SOLUTION
Avatar of Dawnlight
Dawnlight

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
<?php

  session_start();
  if( !isset( $_SESSION['confirmation'] ) )
  {
    header( "Location: press_login.php" );
    exit( );
  }

  $conn = mysql_connect( "localhost" , "username" , "pass" ) or die( "Could not connect : " . mysql_error() );
  $db = mysql_select_db( "personal" ) or die( "Could not select : " . mysql_error( ) );

  $result = mysql_query( "SELECT * from users WHERE username = '" . mysql_real_escape_string( $_POST["username"] ) . "'and password = '" . mysql_real_escape_string( $_POST["password"] ) . "'" ) or die ( "Sql error : " . mysql_error() );

  if( mysql_num_rows( $result ) != 1 )
  {
     header( "Location: press_login.php" );
     exit( );
  }
  else
  {
    $worked = mysql_fetch_array( $result );
    $username = $worked['username'];
    $password = $worked['password'];

    header( "Location: press/cpanel.php" );
    exit( );
  }

?>
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Phil,

I guess I have answered this question before, better yet, the question was posted by you!

;)
hi smphil

here's my vision in kinda pseudocode:

get auth data and compare it with the values in an eventual database.

if success create a session var

end of the login script
====================================
now, using an if else block test the existence of that session

IF the session doesn't exist the user is redirected to the login form
ELSE the user is allowed to see the sensitive content

put this check on every sensitive page.

do not forget to put a link to logout i.e. destroy the session(s)

you can also destroy the session(s) by closing all MSIE instances

hope it helped

kind regards
mircea
phil,

any updates in this question ?
may I know the reason for accepting that answer ?
>> may I know the reason for accepting that answer ?

I'm with you ldbkutty!

;)
I believe Phil should take the best answer(s), of course it should make some sence after all...

;)