techker Posted November 29, 2011 Share Posted November 29, 2011 Hey guys i made a script for a school and they would like to intergrate the script in an existing portal they have for the school.. so is there a way to bypass my login script?like a page that sends info to the checklogin page? this is my page checklogin: <?php include"login_config.php"; //Connection String Variables_________________________________________________ // connect to the server mysql_connect( $db_host, $db_username, $db_password ) or die( "Error! Could not connect to database: " . mysql_error() ); // select the database mysql_select_db( $db ) or die( "Error! Could not select the database: " . mysql_error() ); //IBM suggested scrub for URL request $urlun = strip_tags(substr($_REQUEST['username'],0,32)); $urlpw = strip_tags(substr($_REQUEST['password'],0,32)); $cleanpw = md5($urlpw); //echo"Cleanpw: $cleanpw<br>"; //$sql="SELECT * FROM agents WHERE username='$urlun' and password='$urlpw'"; $sql="SELECT * FROM users WHERE username='$urlun' and password='$cleanpw'"; $result=mysql_query($sql); // Mysql_num_row is counting table rows $count=mysql_num_rows($result); // If result matches $myusername and $mypassword, table row must be 1 row //echo"Count:$count<br>"; if($count==1){ // Register $myusername and redirect to file designated success file $cookie_name ="$cookiename"; $cookie_value ="$urlun"; //set to 24 hours $cookie_expire ="86400"; setcookie($cookie_name,$cookie_value,time() + (86400),"/", $cookie_domain); header("location:$successful_login_url"); }else{ header("location:$failed_login"); } ?> and my login form <form action="checklogin.php" method="post" name="form" id="form"> <div id="login"> <h2>Ouverture de session</h2> <label for="username">Nom d'utilisateur:</label> <input type="text" name="username" value = '<? //echo $username; ?>' /> <label for="password">Mot de passe:</label> <input type="password" name="password" value = '<? //echo $password; ?>' /> <input name="submit" type="submit" value="Entrer" /> <div class="clear"></div> </div> </form> Quote Link to comment https://forums.phpfreaks.com/topic/252027-api-for-login/ Share on other sites More sharing options...
scootstah Posted December 1, 2011 Share Posted December 1, 2011 You could send a POST from any page to that page and it would still process it. Or just use GET for that matter, since you are using REQUEST. Quote Link to comment https://forums.phpfreaks.com/topic/252027-api-for-login/#findComment-1292904 Share on other sites More sharing options...
techker Posted December 1, 2011 Author Share Posted December 1, 2011 can i make a page an in it it has hidden fields of the loggin for with a session var that would post the current user to the new page? the only thing is the password?inless if there is a way to use only sessions to detect if he is already in a session.. Quote Link to comment https://forums.phpfreaks.com/topic/252027-api-for-login/#findComment-1292981 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.