Robert Elsdon Posted May 5, 2008 Share Posted May 5, 2008 If not will you please fix and post it again? <?php session_start();//At the start! include "dbConfig.php"; ?> <head> <title>Welcome To UltimateRavers.Net, Your Ultimate Online Raving Destiny!</title> <style type="text/css"> @import "stylesheet.css"; </style> if ($_GET["op"] == "login") { if (!$_POST["username"] || !$_POST["password"]) { die("You need to provide a username and password."); } // Create query $q = "SELECT * FROM `dbUsers` " ."WHERE `username`='".$_POST["username"]."' " ."AND `password`=PASSWORD('".$_POST["password"]."') " ."LIMIT 1"; // Run query $r = mysql_query($q); if ( $obj = @mysql_fetch_object($r) ) { // Login good, create session variables $_SESSION["valid_id"] = $obj->id; $_SESSION["valid_user"] = $_POST["username"]; $_SESSION["valid_time"] = time(); // Redirect to member page Header("Location: home.php"); } else { // Login not successful die("Sorry, You have enterd a wrong Username or Paswword please try again and be more carefull with your spelling!"); } } else { echo "<body bgcolor=\"#666666\">"; echo "<center>"; echo '<font size="2" face="verdana" color="#3d3d3d">'; echo "<form action=\"?op=login\" method=\"POST\">"; echo "Username<br /><input name=\"username\" size=\"15\"><br /> "; echo "Password<br /><input type=\"password\" name=\"password\" size=\"15\"><br /> "; echo "<input type=\"submit\" value=\"Login\">"; echo "</form>"; echo "</font>"; } ?> <a href="register.php">Click Here To Register! Link to comment https://forums.phpfreaks.com/topic/104209-can-anyone-tell-me-if-this-code-is-correct/ Share on other sites More sharing options...
DyslexicDog Posted May 5, 2008 Share Posted May 5, 2008 Try this <?php session_start();//At the start! include "dbConfig.php"; ?> <head> <title>Welcome To UltimateRavers.Net, Your Ultimate Online Raving Destiny!</title> <style type="text/css"> @import "stylesheet.css"; </style> <?php if ($_GET["op"] == "login") { if (!$_POST["username"] || !$_POST["password"]) { die("You need to provide a username and password."); } // Create query $q = "SELECT * FROM `dbUsers` " ."WHERE `username`='".$_POST["username"]."' " ."AND `password`=PASSWORD('".$_POST["password"]."') " ."LIMIT 1"; // Run query $r = mysql_query($q); if ( $obj = @mysql_fetch_object($r) ) { // Login good, create session variables $_SESSION["valid_id"] = $obj->id; $_SESSION["valid_user"] = $_POST["username"]; $_SESSION["valid_time"] = time(); // Redirect to member page Header("Location: home.php"); } else { // Login not successful die("Sorry, You have enterd a wrong Username or Paswword please try again and be more carefull with your spelling!"); } } else { echo "<body bgcolor=\"#666666\">"; echo "<center>"; echo '<font size="2" face="verdana" color="#3d3d3d">'; echo "<form action=\"?op=login\" method=\"POST\">"; echo "Username<br /><input name=\"username\" size=\"15\"><br /> "; echo "Password<br /><input type=\"password\" name=\"password\" size=\"15\"><br /> "; echo "<input type=\"submit\" value=\"Login\">"; echo "</form>"; echo "</font>"; } ?> <a href="register.php">Click Here To Register! Link to comment https://forums.phpfreaks.com/topic/104209-can-anyone-tell-me-if-this-code-is-correct/#findComment-533488 Share on other sites More sharing options...
rhodesa Posted May 5, 2008 Share Posted May 5, 2008 The biggest issue is that you can't use header() after output is sent to the screen...try this instead: <?php session_start();//At the start! include "dbConfig.php"; $error = ''; if($_SERVER['REQUEST_METHOD'] == 'POST') { if(!empty($_POST["username"]) && !empty($_POST["password"])) { // Create query $q = "SELECT * FROM `dbUsers` " ."WHERE `username`='".mysql_real_escape_string($_POST["username"])."' " ."AND `password`=PASSWORD('".mysql_real_escape_string($_POST["password"])."') " ."LIMIT 1"; // Run query $r = mysql_query($q); if ( $obj = @mysql_fetch_object($r) ) { // Login good, create session variables $_SESSION["valid_id"] = $obj->id; $_SESSION["valid_user"] = $_POST["username"]; $_SESSION["valid_time"] = time(); // Redirect to member page header("Location: home.php"); exit; }else $error = "Sorry, You have enterd a wrong Username or Paswword please try again and be more carefull with your spelling!"; }else $error = "You need to provide a username and password."; } ?> <html> <head> <title>Welcome To UltimateRavers.Net, Your Ultimate Online Raving Destiny!</title> <style type="text/css"> @import "stylesheet.css"; </style> </head> <body bgcolor="#666666"> <center> <font size="2" face="verdana" color="#3d3d3d"> <?php echo $error; ?> <form method="POST"> Username<br /><input name="username" size="15"><br /> Password<br /><input type="password" name="password" size="15"><br /> <input type="submit" value="Login"> </form>"; </font> <a href="register.php">Click Here To Register!</a> </center> </body> </html> Link to comment https://forums.phpfreaks.com/topic/104209-can-anyone-tell-me-if-this-code-is-correct/#findComment-533489 Share on other sites More sharing options...
rarebit Posted May 5, 2008 Share Posted May 5, 2008 mmm or this way... <?php session_start();//At the start! include "dbConfig.php"; $flag = 0; if ($_GET["op"] == "login") { if ($_POST["username"] && $_POST["password"]) { // Create query $q = "SELECT * FROM `dbUsers` " ."WHERE `username`='".$_POST["username"]."' " ."AND `password`=PASSWORD('".$_POST["password"]."') " ."LIMIT 1"; // Run query $r = mysql_query($q); if ( $obj = @mysql_fetch_object($r) ) { // Login good, create session variables $_SESSION["valid_id"] = $obj->id; $_SESSION["valid_user"] = $_POST["username"]; $_SESSION["valid_time"] = time(); // Redirect to member page Header("Location: home.php"); } else { $flag = 2; } } else { $flag = 1; } } echo "<head> <title>Welcome To UltimateRavers.Net, Your Ultimate Online Raving Destiny!</title> <style type='text/css'> @import 'stylesheet.css'; </style>"; if($flag ==1) { echo "You need to provide a username and password.<br>"; } elseif($flag==2) { echo "Sorry, You have enterd a wrong Username or Paswword please try again and be more carefull with your spelling!<br>"; } else { echo "</head><body bgcolor=\"#666666\">"; echo "<center>"; echo '<font size="2" face="verdana" color="#3d3d3d">'; echo "<form action=\"?op=login\" method=\"POST\">"; echo "Username<br /><input name=\"username\" size=\"15\"><br />"; echo "Password<br /><input type=\"password\" name=\"password\" size=\"15\"><br />"; echo "<input type=\"submit\" value=\"Login\">"; echo "</form>"; echo "</font>"; } ?> <a href="register.php">Click Here To Register!</a> ... Link to comment https://forums.phpfreaks.com/topic/104209-can-anyone-tell-me-if-this-code-is-correct/#findComment-533493 Share on other sites More sharing options...
MadTechie Posted May 5, 2008 Share Posted May 5, 2008 rhodesa seams better, he also included some SQL injection protection Link to comment https://forums.phpfreaks.com/topic/104209-can-anyone-tell-me-if-this-code-is-correct/#findComment-533496 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.