Jump to content

Recommended Posts

Hi guys

 

i'd be grateful if you could have a look at my login execution page and check for any errors/new to php type problems.

 

Thanks

 

James

 

<?php

// Include neccessary set up files

include ('../../config.php');
include ('../../opendb.php');


// Define the login name variable

$login = $_POST['login'];

//Define the password variable

$password = md5($_POST['password']);

// Define the salt variable to be added to the password
$salt = 'S4lT3D';

// Combine and encrypt the password and salt variables
$password_salted = md5($password.$salt);

// Check for magic quotes on - if so strip slashes

if (get_magic_quotes_gpc()) {

$login = stripslashes($login);
}

//Sanitize the values received from the login page variables to prevent SQL Injection

$login = mysql_real_escape_string($login);

$password = mysql_real_escape_string($password);

//Create query

$getuser = "SELECT user_id FROM users WHERE login='$login' AND password = '$password_salted'";

$getuser_result = mysql_query($getuser);

//Check whether the query was successful or not
if($getuser_result) {

//Check if the num rows returned is greater than 0 i.e. there is a match
if(mysql_num_rows($getuser_result)>0) {

//If login is successful start session and set the session variable to be the login name

session_start();

$_SESSION['Login'] = $login;

//Send the user to the main admin page

header("location: ../home.php");

exit();

}

else {

//Login failed

header("location: login_failed.php");

exit();

}

}

?>

Link to comment
https://forums.phpfreaks.com/topic/120539-how-is-my-login-page/
Share on other sites

Looks pretty straightforward.

You may want to check that values have been entered before running them through functions

 

// check to make sure data has been entered

if(strlen(trim($_POST['login'])) && strlen(trim($_POST['password']))) {

 

}

Link to comment
https://forums.phpfreaks.com/topic/120539-how-is-my-login-page/#findComment-621201
Share on other sites

Looks pretty straightforward.

You may want to check that values have been entered before running them through functions

 

// check to make sure data has been entered

if(strlen(trim($_POST['login'])) && strlen(trim($_POST['password']))) {

 

}

 

I've got some code on the actual input page that checks if the fields have been filled in Neil. This page just executes the login process. I've only been using php for 3(ish) months so it's nice to see i'm on the right track with the syntax/structure side of things.

 

Thanks for your help guys.

 

James

Link to comment
https://forums.phpfreaks.com/topic/120539-how-is-my-login-page/#findComment-621815
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.