havox

+-----------+----------------------------------+ | username | password | +-----------+----------------------------------+ | user | Hash | +-----------+----------------------------------+ This is what I have set up in my database(obviously I'm not going to put the real user or hash). I'm trying to md5 what the user inputs for a password and compare it to the database, but I keep getting failed login attempts. <?php error_reporting(-1); ini_set('display_errors', 1); $host = "localhost"; $dbuser = "****"; $pass = "****"; $databasename = "login"; mysql_connect($host,$dbuser,$pass)or die('Could not connect: '.mysql_error()); mysql_select_db($databasename) or die(mysql_error()); if (isset($_POST["user"]) && isset($_POST["pwd"])) { $admin = mysql_query("SELECT username FROM members"); $pass = mysql_query("SELECT password FROM members"); if ($_POST["user"] == $admin && md5($_POST["pwd"]) == $pass) { session_register("admin"); session_register("pass"); header('Location:https://deadnode.com/output.php'); } else { echo"<center><h1>Failed login attempt.</h1></center>"; } } ?>

I'm getting this error now Notice: Undefined variable: _SESSION in /srv/www/deadnode.com/public_html/function.php on line 29 Warning: Cannot modify header information - headers already sent by (output started at /srv/www/deadnode.com/public_html/function.php:37) in /srv/www/deadnode.com/public_html/function.php on line 30 I'm assuming it cannot see that session has been started, because its started within the function?

Ok the issue is fixed it goes through all the steps. I'm trying to make a redirect back to index.html if someone try just go ahead and go to one of my pages. I added this to my function.php function blah() { if ($_SESSION['user'] != "test") { redirect('Location: index.html'); } } I get the following error Parse error: syntax error, unexpected $end in /srv/www/deadnode.com/public_html/function.php on line 30 I have no idea if redirect is even real it just highlighted like header did so I figured I would try. Would http_redirect work?

When I did that it is showing no errors now, but it is stopping at check.php still

Well check.php initiates check() which in turn runs sesshin() where session should be started. When I enter a incorrect password it just stops at check.php and displays no errors.

No, but check.php is the action of the form. Which in turn links itself to function.php <?php require('function.php'); check(); ?>

That is everything that is function.php, but I did check my index.html file and line 25 is where the code for the button is; that is just a guess though.

I apologize to keep posting this in different topics, but since I can't edit my last topic to fit this one; I must. <?php error_reporting(-1); ini_set('display_errors', 1); function check() { $admin="test"; $pass="test"; if (isset($_POST["user"]) && $_POST["user"] == $admin && isset($_POST["pwd"]) && $_POST["pwd"] == $pass) { sesshin(); } } function sesshin() { session_start(); $_SESSION['user'] = "test"; if ($_SESSION['user'] = "test") { header('Location: output.php'); } else { header('Location: index.html'); } } ?> I get the following errors when I try to login. Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /srv/www/deadnode.com/public_html/function.php:25) in /srv/www/deadnode.com/public_html/function.php on line 15 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /srv/www/deadnode.com/public_html/function.php:25) in /srv/www/deadnode.com/public_html/function.php on line 15 Warning: Cannot modify header information - headers already sent by (output started at /srv/www/deadnode.com/public_html/function.php:25) in /srv/www/deadnode.com/public_html/function.php on line 1 I've just confused myself into doing this. Maybe I can do all of this in one function? Check(), should look to see if the form information is correct. If so, then it should start the session and proceed to the output.php page. The other thing I'm trying to figure out is how to block public view of output.php if you havent logged in.

No I am not. I googled on how to redirect to pages and thats what came up.

Well this isn't all about cookies or maybe it is, I'm not to sure. On top of this my script has suddenly broke and stops at check.php I'm also not sure how I should go about checking the cookie to identify the user and how to keep other from viewing the output page(s). <html> <head> <title>Deadnode.com</title> <style type="text/css"> img { position:absolute; left:300px; top:130px; z-index:-1; } form { position:absolute; left:365px; top:248px; z-index:0; } </style> </head> <body> <img src="iL0bw.png" /> <form method="post" action="check.php"> <center><table> <tr><td><font face="verdana,arial" size=-1>Username:</td><td><input type="text" size="25" name="user"></td> <tr><td><font face="verdana,arial" size=-1>Password:</td><td><input type="password" size="25" name="pwd"></td> <tr><td><font face="verdana,arial" size=-1> </td><td><font face="verdana,arial" size=-1><input type="submit" value="Login"></td></tr> </table></center> </form> </body> </html> <?php function check() { $admin="test"; $pass="test"; if (isset($_POST["user"]) && $_POST["user"] == $admin && isset($_POST["pwd"]) && $_POST["pwd"] == $pass) { header('Location: output.php'); setcookie("usr", "test", time()+3600); else { header('Location: index.html'); } } ?> <?php require('function.php'); check(); ?> <?php require('check.php'); ?> <html> <body> <p>Congrats!</p> </body> </html>

Thanks BlueSkyIS. I actually just realized that when I was looking over it, but I still get the same error.

Updated function.php <?php function check() { $admin="test"; $pass="test"; if (isset( $_POST["user"] == $admin & $_POST["pwd"] == $pass)) { header('Location: output.php'); } else { header('Location: index.html'); } } ?> I tried using isset(). Good thing is It doesn't print the contents of the page out, but I do get this error. Parse error: syntax error, unexpected T_IS_EQUAL, expecting ',' or ')' in /srv/www/deadnode.com/public_html/function.php on line 7

Here is one comes up now Notice: Undefined index: user in /srv/www/deadnode.com/public_html/function.php on line 7 Notice: Undefined index: pwd in /srv/www/deadnode.com/public_html/function.php on line 7 Warning: Cannot modify header information - headers already sent by (output started at /srv/www/deadnode.com/public_html/function.php:7) in /srv/www/deadnode.com/public_html/function.php on line 10

Ok, I moved the error reporting before require and still nothing. Also, I've copied the contents of output.html into output.php and I nothing happens at all; well besides the .php version not outputing "congrats" on the page.

It still just shows the page and there is no error reporting of any kind. <?php require(function.php); check(); error_reporting(-1); ini_set('display_errors', 1); ?> <html> <body> <p>Congrats!</p> </body> </html>

I'm not really sure how to do that and where it would report the error. My webserver is running off of a Debian 5.5 box. The code you see now works fine. just when I try to insert my check function onto a page I want to secure; it won't do anything.

Hello everyone, this is my first post. This isn't just a simple post and leave, I'm looking to expand into this community and learn as much as I can. Well on to the problem at hand! I decided to start with something simple as a login page and now want to expand it to make it fully functional. <html> <head> <title>Deadnode.com</title> <LINK href="style.css" rel="stylesheet" type="text/css"> </head> <body> <div style=width:150px;height:80px;position:absolute;left:40%;top:35%; margin-left:-135px;margin-top:-50px;"> <div class="sidebox"> <div class="boxhead"><h2>Login Required</h2></div> <div class="boxbody"> <form method="post" action="check.php"> <center><table> <tr><td><font face="verdana,arial" size=-1>User:</td><td><input type="text" name="user"></td></tr> <tr><td><font face="verdana,arial" size=-1>Pass:</td><td><input type="text" name="pwd"></td></tr> <tr><td><font face="verdana,arial" size=-1> </td><td><font face="verdana,arial" size=-1><input type="submit" value="Login"></td></tr> </table></center> </form> </div> </div> </body> </html> <?php function check() { $admin="test"; $pass="test"; if ( $_POST["user"] == $admin & $_POST["pwd"] == $pass) { header('Location: output.php'); } else { header('Location: index.html'); } } ?> <?php require('function.php'); check(); ?> This is just the code in it originally form; completely functional. I tried to use start_session() in my check() function. I know I should be using cookies, but I haven't gotten that far yet. Is it possible to use my check function as a way to block pages? I tried inserting the same code that is in check.php onto a html page, but I've had no luck with it redirecting back to my index.html page.