Help Needed

[whizzykid]

help any password logs in on my website.help with validation using acct num and password.

my codes.

 

if (!isset($_SESSION)) {

session_start();

}

 

$loginFormAction = $_SERVER['PHP_SELF'];

if (isset($_GET['accesscheck'])) {

$_SESSION['PrevUrl'] = $_GET['accesscheck'];

}

 

if (isset($_POST['Account_Number'])) {

$loginUsername=$_POST['Account_Number'];

$password=$_POST['password'];

$MM_fldUserAuthorization = "";

$MM_redirectLoginSuccess = "account_" .$account[0] .".php";

$MM_redirectLoginFailed = "login failed.html";

$MM_redirecttoReferrer = false;

mysql_select_db($database_cthey_reg, $cthey_reg);

 

$LoginRS__query=sprintf("SELECT `Account Number`, password FROM login WHERE `Account Number`=%s AND password=%s",

GetSQLValueString($loginUsername, "-1"), GetSQLValueString($password, "text"));

 

$LoginRS = mysql_query($LoginRS__query, $cthey_reg) or die(mysql_error());

$loginFoundUser = mysql_num_rows($LoginRS);

if ($loginFoundUser) {

$loginStrGroup = "";

 

if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}

//declare two session variables and assign them

$_SESSION['MM_Username'] = $loginUsername;

$_SESSION['MM_UserGroup'] = $loginStrGroup;

 

if (isset($_SESSION['PrevUrl']) && false) {

$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];

}else{

$account = mysql_fetch_array($LoginRS);

$MM_redirectLoginSuccess = "account_".$account[0] .".php";

 

}

header("Location: " . $MM_redirectLoginSuccess );

}

else {

header("Location: ". $MM_redirectLoginFailed );

}

}

?>

[Muddy_Funster]

I'm sorry.....what's the question? and please use code tags when posting code.

[whizzykid]

I'm sorry.....what's the question? and please use code tags when posting code.

 

my form only validates using account number,i want it to also validate user password b4 allowing login success. thanks

[Muddy_Funster]

still not really getting it. you want to validate the password against what?

 

also, could you post the GetSQLValueString() function code (inside code tags)?

[whizzykid]

still not really getting it. you want to validate the password against what?

 

also, could you post the GetSQLValueString() function code (inside code tags)?

 

when users log in the form only checks for the account num,when it comes to the password any password can login,how i rectify that?

[Muddy_Funster]

and the contents of GetSQLValueString()?

[whizzykid]

and the contents of GetSQLValueString()?

 

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {

$insertSQL = sprintf("INSERT INTO login (`Account Number`, password) VALUES (%s, %s)",

GetSQLValueString($_POST['Account_Number'], "int"),

GetSQLValueString($_POST['password'], "text"));

[Muddy_Funster]

no, no, GetSQLValueString must be a function somewhere, I'm asking to see that function.

[whizzykid]

no, no, GetSQLValueString must be a function somewhere, I'm asking to see that function.

 

$LoginRS__query=sprintf("SELECT `Account Number`, password FROM login WHERE `Account Number`=%s AND password=%s",

GetSQLValueString($loginUsername, "-1"), GetSQLValueString($password, "text"));

 

sorry the 1st code i pasted are my validation codes no other place in my entire code has d Getstring value.

[Muddy_Funster]

somethings not adding up here, can you echo out the value of $LoginRS__query after it's built?

[Christian F.]

First of all, I strongly recommend that you read this article about secure login systems. As it should help explain a lot of the stuff you're having problems with, and how to add some very needed security to your script.

 

Secondly: Do yourself the favour and stop using DreamWeaver to generate the PHP code for you. Learn to write PHP yourself, the proper way, and you will avoid a huge amount of headaches. Remember that DW can't know what you want to do, only do what the programmers who made it thought is what you wanted to do.