leepee Posted January 12, 2013 Share Posted January 12, 2013 Im a begginer in the very sense of the word. Trying to setup a basic html login page that queries a php script for username and password then redirects to another page.I have spent all morning chasing my tail. just wondering if anyone can point me in the right direction. When i try to use the login and password specified in the php i just keep getting the echo'd error message :-( PHP - login.php <?php if($pass == "letmein" AND $user == "bob"){ echo"<html><head><meta http-equiv=\"refresh\"content=\"1;url=http://www.google.com.au\"></head></html>"; } elseif($pass == "letmein" AND $user == "john"){ echo"<html><head><meta http-equiv=\"refresh\"content=\"1;url=http://www.yahoo.com.au\"></head></html>"; } else{echo"ERROR!! Incorrect Username or Password!";} ?> Html <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <form name="input" action="login.php" method="post"> Username: <input type="text" name="user"> Pass : <input type="text" name="pass"> <input type="submit" value="Submit"> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
oaass Posted January 12, 2013 Share Posted January 12, 2013 (edited) You have to fetch the values from the form and assign it to the $user and $pass variables. You do that by adding the following code before your if statements $user = $_POST['user']; $pass = $_POST['pass']; Edited January 12, 2013 by oaass Quote Link to comment Share on other sites More sharing options...
Christian F. Posted January 12, 2013 Share Posted January 12, 2013 (edited) Let's run through a quick list of several Top-Tips For Better Web Development Separating concerns. Always put all of your PHP code at the top of the file, so that you do all of your processing before sending even a single bit of HTML to the client. Not only will this make your code a a lot easier to read, and thus maintain, but it will also avoid putting any artificial restrictions on what you can do. After all, once you've sent something to the client, you cannot take it back. This is especially true for headers. Data processing When working with data, always try to follow this pattern (using the applicable bits) grouped in logical groups of mutual dependencies: Retrieve, Validate, Process, Display That means that if you need a bunch of data to do a given task, then you should retrieve all of that data first, before going to the next step. Then, if necessary, validate all of that data. And so forth, and so on. However, if you have some data which is dependent upon the processing of some previous data, then only retrieve this second set after validating the first set. Use your tools correctly Find out what tools the languages you use have, and use the proper tools at their proper times. If the language support doing a certain task with build-in functionality then use that functionality, don't defer to a second language to simulate the effect. This requires a lot of knowledge about the languages you're using, at least within the specific problem domain you're working in. It may seem like it's a chore, and a waste of time to spend the time required to gain this knowledge, but you'll regain that time many times over when you're writing the code. In this case, PHP has a header () function that can be used to redirect a user to a different page, which should have been used instead of printing a meta-refresh HTML tag. Never underestimate the dark side Security is paramount, especially when accepting user-input! Your site will be attacked, no matter how small it is. Malicious users use tools that scans several thousands of sites for them, all automated, every day. If you don't take care, lot of really unpleasant things will happen to your data, application and server. Read up on all of the related security material for the tasks you're trying to do. Input validation and output escaping are the two cornerstones, which is found in all web applications. The more functionality you add to your application, and the more third party systems you bring into the equation, the more potential security risks you get. Hmm... Think I'll expand upon this one a bit more, and perhaps make a proper article out of it. For now I think it's best if I stop, don't want to flood you with too much information. Anyway, what you were missing here are the retrieval part and validation part of the data processing part. As, partly, mentioned by oasss above. He skipped the validation part, but you can read more about it in this article about secure login systems. Since you've hardcoded the usernames and passwords you don't have to worry about hashing, SQL injections and that stuff yet. Though, I still recommend reading the entire article. LOTS of good information there, which you will need later on. Edited January 12, 2013 by Christian F. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.