Hi PHP freaks,
I'm returning to the webpage building community after a 10-year hiatus and have returned to find many new and delicious
toys to play with, tastiest of all being PHP. I'm trying to build a minimal security site with PHP/MySQL login as well as a simple
PHP require using sessions to secure each page. I've based the script around a 'security by obscurity' script written by
blackmouth, which worked wonderfully. However, once I added and tried implementing the page security via sessions, the
entire script broke down and now forwards to the secure page even without proper login credentials. Given that I am completely
uneducated in the area of PHP, I'm hoping there is a simple resolution eluding me that is obvious to a master of the art. Here
are the pieces of my PHP puzzle.
my login script, again, working as intended until I entered in the session pieces:
<?php
$username = md5($_POST["username"]);
$passwd = md5($_POST["pass"]);
$handle = mysql_connect("my.sql.db","sqladmin","admin");
mysql_select_db("users",$handle);
$query = "SELECT r34ln4m3 FROM 1nside0ut WHERE md5(l0gn4m3)='$username' AND entryw41='$passwd'";
$result = mysql_query($query,$handle);
if(mysql_num_rows($result)!==0);
{
session_start();
$_SESSION['auth'] = 1;
$_SESSION['name'] = $list;
header('Location: index1.htm');
}
alert('Incorrect username or password!');
header('Location: index.html');
?>
That is intended to create a session which is then required by each page via:
<?php
require("userauth.php");
?>
<!DOCTYPE html PUBLIC...
And that file is:
<?php
if($_SESSION["auth"]!==1);
{
header('Location: index.html');
}
?>
Again I'm only a couple weeks into learning PHP so please, be gentle if my mistake is an
elementary one. Thanks in advance for taking the time to read through my issue.
cheers.