Jump to content

Pulling my hair out. I know this is a simple one but...


Recommended Posts

Im a begginer in the very sense of the word. Trying to setup a basic html login page that queries a php script for username and password then redirects to another page.I have spent all morning chasing my tail. just wondering if anyone can point me in the right direction. When i try to use the login and password specified in the php i just keep getting the echo'd error message :-(

 

PHP - login.php

<?php


if($pass == "letmein" AND $user == "bob"){
echo"<html><head><meta http-equiv=\"refresh\"content=\"1;url=http://www.google.com.au\"></head></html>";
}

elseif($pass == "letmein" AND $user == "john"){
echo"<html><head><meta http-equiv=\"refresh\"content=\"1;url=http://www.yahoo.com.au\"></head></html>";
}

else{echo"ERROR!! Incorrect Username or Password!";}

?>

 

Html

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<form name="input" action="login.php" method="post">
Username:
<input type="text" name="user">
Pass :
<input type="text" name="pass">
<input type="submit" value="Submit">
</form>
</body>
</html>

You have to fetch the values from the form and assign it to the $user and $pass variables. You do that by adding the following code before your if statements

 

$user = $_POST['user'];
$pass = $_POST['pass'];

Edited by oaass

Let's run through a quick list of several Top-Tips For Better Web Development ;)

 

Separating concerns.

Always put all of your PHP code at the top of the file, so that you do all of your processing before sending even a single bit of HTML to the client.

Not only will this make your code a a lot easier to read, and thus maintain, but it will also avoid putting any artificial restrictions on what you can do. After all, once you've sent something to the client, you cannot take it back. This is especially true for headers.

 

Data processing

When working with data, always try to follow this pattern (using the applicable bits) grouped in logical groups of mutual dependencies:

Retrieve, Validate, Process, Display

 

That means that if you need a bunch of data to do a given task, then you should retrieve all of that data first, before going to the next step. Then, if necessary, validate all of that data. And so forth, and so on.

However, if you have some data which is dependent upon the processing of some previous data, then only retrieve this second set after validating the first set.

 

Use your tools correctly

Find out what tools the languages you use have, and use the proper tools at their proper times.

If the language support doing a certain task with build-in functionality then use that functionality, don't defer to a second language to simulate the effect. This requires a lot of knowledge about the languages you're using, at least within the specific problem domain you're working in. It may seem like it's a chore, and a waste of time to spend the time required to gain this knowledge, but you'll regain that time many times over when you're writing the code.

 

In this case, PHP has a header () function that can be used to redirect a user to a different page, which should have been used instead of printing a meta-refresh HTML tag.

 

Never underestimate the dark side

Security is paramount, especially when accepting user-input!

Your site will be attacked, no matter how small it is. Malicious users use tools that scans several thousands of sites for them, all automated, every day. If you don't take care, lot of really unpleasant things will happen to your data, application and server.

 

Read up on all of the related security material for the tasks you're trying to do. Input validation and output escaping are the two cornerstones, which is found in all web applications. The more functionality you add to your application, and the more third party systems you bring into the equation, the more potential security risks you get.

 

Hmm... Think I'll expand upon this one a bit more, and perhaps make a proper article out of it. For now I think it's best if I stop, don't want to flood you with too much information. :P

 

Anyway, what you were missing here are the retrieval part and validation part of the data processing part. As, partly, mentioned by oasss above. He skipped the validation part, but you can read more about it in this article about secure login systems. Since you've hardcoded the usernames and passwords you don't have to worry about hashing, SQL injections and that stuff yet. Though, I still recommend reading the entire article. LOTS of good information there, which you will need later on.

Edited by Christian F.
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.