phpMyTony Posted March 22, 2009 Share Posted March 22, 2009 Okay, so I'm only 13 years old and want to get into PHP. I have a website (www.tonyperez.biz) and it supports PHP. The login form is at: http://www.tonyperez.biz/test/index.php I know it's rubbish, but it's my first attempt at php Opinions? EDIT: User: Tony Pass: poo Try it out. Quote Link to comment Share on other sites More sharing options...
Maq Posted March 22, 2009 Share Posted March 22, 2009 What do you want us to say? There's almost nothing there to critique, although it did pass the SQL Inject Me test. Quote Link to comment Share on other sites More sharing options...
phpMyTony Posted March 22, 2009 Author Share Posted March 22, 2009 Say what I could do to maybe make it more protected? Quote Link to comment Share on other sites More sharing options...
waynewex Posted March 23, 2009 Share Posted March 23, 2009 Hi Tony, You could post your code and allow us to pick at it, giving you pointers here and there? First thing I noticed is that you're giving me an access denied message before I even attempt to enter my password? That shouldn't really be the case. How about only showing that message if they have an incorrect login? Quote Link to comment Share on other sites More sharing options...
phpMyTony Posted March 23, 2009 Author Share Posted March 23, 2009 That is what I need to sort out. I am not sure how to do it, as I am very new to SMF. Here's the code: <html> <head /> <body> <form action="index.php" method=POST> Full Name: <input type=text name=name><br /> Age: <input type=text name=age><br /> Password: <input type=password name=pass><br /> <input type=submit value="Authenticate!"><p> </form> <?php $name=$_POST['name']; $age=$_POST['age']; $pass=$_POST['pass']; if (($name=="Tony Perez") && ($age=="13") && ($pass=="999")) echo "Correct. Redirecting..."; else echo "Incorrect. Please check spelling."; ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
waynewex Posted March 23, 2009 Share Posted March 23, 2009 I made some comments. <?php //assume that the login is not correct $login_correct = false; //lets check to see if the form was actually submitted or not if(isset($_POST['name'])){ //if post variable 'name' is set, form has been submitted $name = $_POST['name']; $age = $_POST['age']; $pass = $_POST['pass']; //check details to see if they match if (($name=="Tony Perez") && ($age=="13") && ($pass=="999")){ $login_correct = true; //set $login_correct to true if details match } } ?> <html> <head> <title>Login page</title> </head> <body> <?php //if $login_correct = true, login went well if($login_correct){ echo '<strong>Login correct</strong><br />'; } //else if $login_correct = false AND the form is known to have been submitted, login failed else if(!$login_correct && isset($_POST['name'])){ echo '<strong>Login incorrect</strong><br />'; } ?> <form action="index.php" method=POST> Full Name: <input type=text name=name><br /> Age: <input type=text name=age><br /> Password: <input type=password name=pass><br /> <input type=submit value="Authenticate!"><p> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
phpMyTony Posted March 23, 2009 Author Share Posted March 23, 2009 Ah, thanks. It is all complicated to me at the moment. I still need to learn variables and things. Quote Link to comment Share on other sites More sharing options...
Maq Posted March 23, 2009 Share Posted March 23, 2009 Ah, thanks. It is all complicated to me at the moment. I still need to learn variables and things. Then you should read about the very basics before you go any further. Quote Link to comment Share on other sites More sharing options...
phpMyTony Posted March 23, 2009 Author Share Posted March 23, 2009 Thanks =] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.