Jump to content

lgin script..cross browser issues....

almightyegg

By almightyegg
in PHP Coding Help

 Share

Recommended Posts

almightyegg Advanced Member

almightyegg

Posted
Posted
it works fine in IE, but not in FireFox  :-[
[b]Welcome page:[/b]
[code=php:0]
<?
session_start(); // Session Start
include 'db.php'; // Connect to DB
session_register('email');
session_register('password');
$email = $_POST['email']; 
$password = $_POST['password'];
if((!$email) || (!$password)){ 
    echo "Please enter ALL of the information! <br />"; 
    include 'index.php'; 
    exit(); 


if((!$email) || (!$password)){ 
    echo "Please enter ALL of the information! <br />";
    echo "<a href=\"index.php\" />Click here to return to the main page</a>";
    exit(); 
}   

$sql = mysql_query("SELECT * FROM users WHERE email='$email' AND password='$password' AND activated='1'"); 
$login_check = mysql_num_rows($sql); 

if($login_check == 0){
$sql1 = mysql_query("SELECT * FROM users WHERE email='$email'");
$sql2 = mysql_query("SELECT * FROM users WHERE email='$email' AND password='$password'");
$sql3 = mysql_query("SELECT * FROM users WHERE email='$email' AND password='$password' AND activated='1'");
$c1 = mysql_num_rows($sql1); 
$c2 = mysql_num_rows($sql2); 
$c3 = mysql_num_rows($sql3);

echo "The following errors were found from your login.<br>";
    if($c1==0){
    echo "The email you've entered was not valid. Please go back and <a href=\"welcome.php\" />try again</a>.";
    }elseif($c2==0){
        echo "The password you've entered was incorrect. Please go back and <a href=\"welcome.php\" />try again</a>. If you would like your password sent to you via email please <a href=\"lostpw.php\" />click here</a>";
    }elseif($c3==0){
        echo "You did not yet validate your account! If you would like your validation code sent to you via email please <a href=\"resend.php\" />click here</a>.";
    }
}else{

//page goes here

}
[/code]

[b]All other pages:[/b]
[code=php:0]
<?
session_start(); // Session Start
include 'db.php'; // Connect to DB
$email = $_SESSION['email'];
$password = $_SESSION['password'];
if((!$email) || (!$password)){
echo "Please enter ALL of the information! <br />";
include 'index.php';
exit();
}

if((!$email) || (!$password)){
echo "Please enter ALL of the information! <br />";
echo '<a href=index.html>Click here to return to the main page</a>';
exit();
}

$sql = mysql_query("SELECT * FROM users WHERE email='$email' AND password='$password' AND activated='1'");
$login_check = mysql_num_rows($sql);

if($login_check == 0){
$sql1 = mysql_query("SELECT * FROM users WHERE email='$email'");
$sql2 = mysql_query("SELECT * FROM users WHERE email='$email' AND password='$password'");
$sql3 = mysql_query("SELECT * FROM users WHERE email='$email' AND password='$password' AND activated='1'");
$c1 = mysql_num_rows($sql1);
$c2 = mysql_num_rows($sql2);
$c3 = mysql_num_rows($sql3);

echo"The following errors were found from your login.<br>";
if($c1==0){
echo"The email you've entered was not valid. Please go back and <a href=index.php>try again</a>.";
}elseif($c2==0){
echo"The password you've entered was incorrect. Please go back and <a href=index.php>try again</a>. If you would like your password sent to you via email please <a href=lostpw.php>click here</a>";
}elseif($c3==0){
echo"You did not yet validate your account! If you would like your validation code sent to you via email please <a href=resend.php>click here</a>.";
}
}else{

//page goes here

}
[/code]
Link to comment
Share on other sites
almightyegg Advanced Member

almightyegg

Posted
  • Author
Posted
Oh, and here is my form...

[code]
<center>
<fieldset><legend>Login</legend>
<table border=0 cellpadding=10><tr><td valign=center>
<form method=POST action=welcome.php name=form1>
Email:<br> <input type=text name=email><bR><br>
Password:<br> <input type=password name=password><br><br>
<input type=submit value=Login!>
</form>
</td></tr></table>
</fieldset>
</center>
[/code]
Link to comment
Share on other sites
emehrkay Regular Member

emehrkay

Posted
Posted
for - one just reading over your code - you give the user WAY too much info about the username password combo. Just say "Somehting is off with eiter your un or pw" if i were a hacker and seen that i had the correct username but not the right password, i could create a bot that would brute force its way in.


Link to comment
Share on other sites
AndyB Regular Member

AndyB

Posted
Posted
Just so we can remove one possible problem, please use (something like) this as your log-in.  Halfway decent html never hurt anyone :)

[code]<center>
<fieldset><legend>Login</legend>
<table border="0" cellpadding="10"><tr><td valign="center">
<form method="post" action="welcome.php" name="form1">
Email:<br><input type="text" name="email"><br><br>
Password:<br><input type="password" name="password"><br><br>
<input type="submit" value="Login!">
</form>
</td></tr></table>
</fieldset>
</center>[/code]
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.