Jump to content

API for login?


techker

Recommended Posts

Hey guys i made a script for a school and they would like to intergrate the script in an existing portal they have for the school..

 

so is there a way to bypass my login script?like a page that sends info to the checklogin page?

 

this is my page checklogin:

 


<?php

include"login_config.php";

//Connection String Variables_________________________________________________

   // connect to the server
   mysql_connect( $db_host, $db_username, $db_password )
      or die( "Error! Could not connect to database: " . mysql_error() );
   
   // select the database
   mysql_select_db( $db )
      or die( "Error! Could not select the database: " . mysql_error() );

//IBM suggested scrub for URL request
$urlun = strip_tags(substr($_REQUEST['username'],0,32));
$urlpw = strip_tags(substr($_REQUEST['password'],0,32));

$cleanpw = md5($urlpw);

//echo"Cleanpw: $cleanpw<br>";

//$sql="SELECT * FROM agents WHERE username='$urlun' and password='$urlpw'";
$sql="SELECT * FROM users WHERE username='$urlun' and password='$cleanpw'";

$result=mysql_query($sql);

// Mysql_num_row is counting table rows

$count=mysql_num_rows($result);

// If result matches $myusername and $mypassword, table row must be 1 row

//echo"Count:$count<br>";

if($count==1){

// Register $myusername and redirect to file designated success file

$cookie_name ="$cookiename";

$cookie_value ="$urlun";

//set to 24 hours

$cookie_expire ="86400";

setcookie($cookie_name,$cookie_value,time() + (86400),"/", $cookie_domain);

header("location:$successful_login_url");

}else{

header("location:$failed_login");

}


?>

 

and my login form

 


  <form action="checklogin.php" method="post" name="form" id="form">
<div id="login">
	<h2>Ouverture de session</h2>
	<label for="username">Nom d'utilisateur:</label>
	 <input type="text" name="username" value = '<? //echo $username; ?>' />
	<label for="password">Mot de passe:</label>
	<input type="password" name="password" value = '<? //echo $password; ?>' />
<input name="submit" type="submit" value="Entrer" />
	<div class="clear"></div>
</div>
</form>

Link to comment
Share on other sites

can i make a page an in it it has hidden fields of the loggin for with a session var that would post the current user to the new page?

 

the only thing is the password?inless if there is a way to use only sessions to detect if he is already in a session..

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.