giraffemedia Posted August 20, 2008 Share Posted August 20, 2008 Hi guys i'd be grateful if you could have a look at my login execution page and check for any errors/new to php type problems. Thanks James <?php // Include neccessary set up files include ('../../config.php'); include ('../../opendb.php'); // Define the login name variable $login = $_POST['login']; //Define the password variable $password = md5($_POST['password']); // Define the salt variable to be added to the password $salt = 'S4lT3D'; // Combine and encrypt the password and salt variables $password_salted = md5($password.$salt); // Check for magic quotes on - if so strip slashes if (get_magic_quotes_gpc()) { $login = stripslashes($login); } //Sanitize the values received from the login page variables to prevent SQL Injection $login = mysql_real_escape_string($login); $password = mysql_real_escape_string($password); //Create query $getuser = "SELECT user_id FROM users WHERE login='$login' AND password = '$password_salted'"; $getuser_result = mysql_query($getuser); //Check whether the query was successful or not if($getuser_result) { //Check if the num rows returned is greater than 0 i.e. there is a match if(mysql_num_rows($getuser_result)>0) { //If login is successful start session and set the session variable to be the login name session_start(); $_SESSION['Login'] = $login; //Send the user to the main admin page header("location: ../home.php"); exit(); } else { //Login failed header("location: login_failed.php"); exit(); } } ?> Link to comment Share on other sites More sharing options...
Daniel0 Posted August 20, 2008 Share Posted August 20, 2008 Looks fine to me. Link to comment Share on other sites More sharing options...
JonnoTheDev Posted August 20, 2008 Share Posted August 20, 2008 Looks pretty straightforward. You may want to check that values have been entered before running them through functions // check to make sure data has been entered if(strlen(trim($_POST['login'])) && strlen(trim($_POST['password']))) { } Link to comment Share on other sites More sharing options...
giraffemedia Posted August 21, 2008 Author Share Posted August 21, 2008 Looks pretty straightforward. You may want to check that values have been entered before running them through functions // check to make sure data has been entered if(strlen(trim($_POST['login'])) && strlen(trim($_POST['password']))) { } I've got some code on the actual input page that checks if the fields have been filled in Neil. This page just executes the login process. I've only been using php for 3(ish) months so it's nice to see i'm on the right track with the syntax/structure side of things. Thanks for your help guys. James Link to comment Share on other sites More sharing options...
Recommended Posts