Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.
<? // THIS USES THE SHORT-OPEN TAG. SUGGEST YOU CONVERT TO THE FULL TAG LIKE <?php
// THIS NEEDS TO BE THE FIRST LINE OF EVERY SCRIPT
error_reporting(E_ALL);
// set up database
$Host = "db380492857.db.1and1.com";
$User = "dbo380492857";
$Password = "abcxyz";
$DBName = "db380492857";
// THE FOLLOWING INSTRUCTION CAN FAIL, AND MUST BE TESTED FOR SUCCESS
$Link = mysql_connect ($Host, $User, $Password);
// THE FIELDS HERE NEED TO BE ESCAPED
$qry = "SELECT * from admin where code = '" . $_POST['uc'] . "' and password = '" . $_POST['pwd'] . "'";
// THIS FUNCTION IS DEPRECATED - CHANGE IT. http://php.net/manual/en/function.mysql-db-query.php
$res = mysql_db_query ($DBName, $qry, $Link);
// HOW DO YOU KNOW WHAT VALUE IN IN $res? YOU HAVE TO TEST IT BEFORE YOU TRUST IT IN ANOTHER FUNCTION
$n = mysql_num_rows($res);
// WHAT WOULD YOU DO IF $n == 3? MAYBE YOU NEED A LIMIT IN THE QUERY
if ($n == 0) {
header("Location: login.php?bad=1");
exit;
}
// THE SESSION IS NOT STARTED UNLESS THE LOGIN IS SUCCESSFUL? THAT IS A RECIPE FOR CONFUSION
session_start();
$_SESSION['vavusr'] = $_POST['pwd'];
$_SESSION['user'] = $_POST['uc'];
$_SESSION['alast_used'] = time();
header("Location: admin_menu.php");
exit;
// THE ZEND CODING STANDARD RECOMMENDS ELIMINATING THE CLOSING PHP TAG. OMIT IT.
?>
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
Please read it over and have a look at the code samples. It is intentionally simplistic, but it is the foundation of "how it's done."