techker Posted November 29, 2011 Share Posted November 29, 2011 Hey guys i made a script for a school and they would like to intergrate the script in an existing portal they have for the school.. so is there a way to bypass my login script?like a page that sends info to the checklogin page? this is my page checklogin: <?php include"login_config.php"; //Connection String Variables_________________________________________________ // connect to the server mysql_connect( $db_host, $db_username, $db_password ) or die( "Error! Could not connect to database: " . mysql_error() ); // select the database mysql_select_db( $db ) or die( "Error! Could not select the database: " . mysql_error() ); //IBM suggested scrub for URL request $urlun = strip_tags(substr($_REQUEST['username'],0,32)); $urlpw = strip_tags(substr($_REQUEST['password'],0,32)); $cleanpw = md5($urlpw); //echo"Cleanpw: $cleanpw<br>"; //$sql="SELECT * FROM agents WHERE username='$urlun' and password='$urlpw'"; $sql="SELECT * FROM users WHERE username='$urlun' and password='$cleanpw'"; $result=mysql_query($sql); // Mysql_num_row is counting table rows $count=mysql_num_rows($result); // If result matches $myusername and $mypassword, table row must be 1 row //echo"Count:$count<br>"; if($count==1){ // Register $myusername and redirect to file designated success file $cookie_name ="$cookiename"; $cookie_value ="$urlun"; //set to 24 hours $cookie_expire ="86400"; setcookie($cookie_name,$cookie_value,time() + (86400),"/", $cookie_domain); header("location:$successful_login_url"); }else{ header("location:$failed_login"); } ?> and my login form <form action="checklogin.php" method="post" name="form" id="form"> <div id="login"> <h2>Ouverture de session</h2> <label for="username">Nom d'utilisateur:</label> <input type="text" name="username" value = '<? //echo $username; ?>' /> <label for="password">Mot de passe:</label> <input type="password" name="password" value = '<? //echo $password; ?>' /> <input name="submit" type="submit" value="Entrer" /> <div class="clear"></div> </div> </form> Link to comment https://forums.phpfreaks.com/topic/252027-api-for-login/ Share on other sites More sharing options...
scootstah Posted December 1, 2011 Share Posted December 1, 2011 You could send a POST from any page to that page and it would still process it. Or just use GET for that matter, since you are using REQUEST. Link to comment https://forums.phpfreaks.com/topic/252027-api-for-login/#findComment-1292904 Share on other sites More sharing options...
techker Posted December 1, 2011 Author Share Posted December 1, 2011 can i make a page an in it it has hidden fields of the loggin for with a session var that would post the current user to the new page? the only thing is the password?inless if there is a way to use only sessions to detect if he is already in a session.. Link to comment https://forums.phpfreaks.com/topic/252027-api-for-login/#findComment-1292981 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.