smphil
asked on
login script
Below is a script I am using to authenticate a login how come if I put incorrect login data the error
("<b>Name and password not found or not matched</b>");
Does not print on the page.
Better yet how can I modify it to keep sending them back to press_login.php if the login fails?
Any help would be appreciated.
Thanks Phil
<?php
session_start();
if(!isset($_SESSION['confi rmation']) ) {
header("location:press_log in.php");
exit();
}
?>
<?
$conn = mysql_connect("localhost", "username" ,"pass");
$db = mysql_select_db("personal" );
$username = $_POST["username"];
$password = $_POST["password"];
$result = MYSQL_QUERY("SELECT * from users WHERE username='$username'and password='$password'")
or die ("<b>Name and password not found or not matched</b>");
$worked = mysql_fetch_array($result) ;
$username = $worked[username];
$password = $worked[password];
if($worked)
{header("location:press/cp anel.php") ; exit();}
?>
("<b>Name and password not found or not matched</b>");
Does not print on the page.
Better yet how can I modify it to keep sending them back to press_login.php if the login fails?
Any help would be appreciated.
Thanks Phil
<?php
session_start();
if(!isset($_SESSION['confi
header("location:press_log
exit();
}
?>
<?
$conn = mysql_connect("localhost",
$db = mysql_select_db("personal"
$username = $_POST["username"];
$password = $_POST["password"];
$result = MYSQL_QUERY("SELECT * from users WHERE username='$username'and password='$password'")
or die ("<b>Name and password not found or not matched</b>");
$worked = mysql_fetch_array($result)
$username = $worked[username];
$password = $worked[password];
if($worked)
{header("location:press/cp
?>
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Phil,
I guess I have answered this question before, better yet, the question was posted by you!
;)
I guess I have answered this question before, better yet, the question was posted by you!
;)
hi smphil
here's my vision in kinda pseudocode:
get auth data and compare it with the values in an eventual database.
if success create a session var
end of the login script
========================== ==========
now, using an if else block test the existence of that session
IF the session doesn't exist the user is redirected to the login form
ELSE the user is allowed to see the sensitive content
put this check on every sensitive page.
do not forget to put a link to logout i.e. destroy the session(s)
you can also destroy the session(s) by closing all MSIE instances
hope it helped
kind regards
mircea
here's my vision in kinda pseudocode:
get auth data and compare it with the values in an eventual database.
if success create a session var
end of the login script
==========================
now, using an if else block test the existence of that session
IF the session doesn't exist the user is redirected to the login form
ELSE the user is allowed to see the sensitive content
put this check on every sensitive page.
do not forget to put a link to logout i.e. destroy the session(s)
you can also destroy the session(s) by closing all MSIE instances
hope it helped
kind regards
mircea
phil,
any updates in this question ?
any updates in this question ?
may I know the reason for accepting that answer ?
>> may I know the reason for accepting that answer ?
I'm with you ldbkutty!
;)
I'm with you ldbkutty!
;)
I believe Phil should take the best answer(s), of course it should make some sence after all...
;)
;)
My proposal: http:Q_21332607.html#13425957
session_start();
if( !isset( $_SESSION['confirmation'] ) )
{
header( "Location: press_login.php" );
exit( );
}
$conn = mysql_connect( "localhost" , "username" , "pass" ) or die( "Could not connect : " . mysql_error() );
$db = mysql_select_db( "personal" ) or die( "Could not select : " . mysql_error( ) );
$result = mysql_query( "SELECT * from users WHERE username = '" . mysql_real_escape_string( $_POST["username"] ) . "'and password = '" . mysql_real_escape_string( $_POST["password"] ) . "'" ) or die ( "Sql error : " . mysql_error() );
if( mysql_num_rows( $result ) != 1 )
{
header( "Location: press_login.php" );
exit( );
}
else
{
$worked = mysql_fetch_array( $result );
$username = $worked['username'];
$password = $worked['password'];
header( "Location: press/cpanel.php" );
exit( );
}
?>