login string

fullyloaded · May 20, 2009

hi i was wondering if anyone can tell me what im doing wrong what im trying to do is get the login string from my code but im doing somthing wrong here is the code from my login page and the string i been trying and having no luck thanks...

Login Page:

<?php
$redir = @$_GET['redir'];
if (!$redir) $redir = "index.php";

if (!$userInfo['loggedin']) {
$do = @$_GET['do'];
if ($do == "") {
  fetchTemplate("header");
  fetchTemplate("login");
  fetchTemplate("footer");
}
else if ($do == "login") {
  $error = "";
  $user = addslashes(htmlentities(@$_POST['user']));
  $pass = md5(addslashes(htmlentities(@$_POST['pass'])));
  $query = mysql_query("SELECT * FROM `member` WHERE username='$user' AND password='$pass'");
  $q = mysql_fetch_row($query);
  if (!$q[0]) {
   $error .= "Username and password do not match.<br />\n";
  }
  else {
   $_SESSION['loggedin'] = 1;
   $_SESSION['user'] = $user;
   header("Location: ".$redir);
  }
  if ($error) {
   fetchTemplate("header");
   echo "<br><p align=center><font color=red>".$error."</font></p>";
   echo "\n<p align=center><a href=\"login.php\">[ Back ]</a></p>\n";
   fetchTemplate("footer");
  }
}
}
else {
header("Location: index.php");
}
?>

Login String:

hxxp://www.MySiteHere.com/forum/login.php?do=login&action=login&username=MyUserNameHere&password=MyPassWordHere&redir=index.php

Masna · May 20, 2009

<?php
$redir = @$_GET['redir'];
if (!$redir) $redir = "index.php";

if (!$userInfo['loggedin']) {
$do = @$_GET['do'];
if ($do == "") {
  fetchTemplate("header");
  fetchTemplate("login");
  fetchTemplate("footer");
}
else if ($do == "login") {
  $error = "";
  $user = addslashes(htmlentities($_GET['user']));
  $pass = md5(addslashes(htmlentities($_GET['pass'])));
  $query = mysql_query("SELECT * FROM `member` WHERE username='$user' AND password='$pass'");
  $q = mysql_fetch_row($query);
  if (!$q[0]) {
   $error .= "Username and password do not match.<br />\n";
  }
  else {
   $_SESSION['loggedin'] = 1;
   $_SESSION['user'] = $user;
   header("Location: ".$redir);
  }
  if ($error) {
   fetchTemplate("header");
   echo "<br><p align=center><font color=red>".$error."</font></p>";
   echo "\n<p align=center><a href=\"login.php\">[ Back ]</a></p>\n";
   fetchTemplate("footer");
  }
}
}
else {
header("Location: index.php");
}
?>

MadTechie · May 20, 2009

Your using POST not GET, and i wouldn't like the idea of passing a password via a URL!

BK87 · May 20, 2009

did ya try adding session_start(), cant set a session without it being started??

Sign In

login string

Recommended Posts

fullyloaded

Link to comment

Share on other sites

Masna

Link to comment

Share on other sites

MadTechie

Link to comment

Share on other sites

BK87

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information