Jump to content

Login script header question

graham23s

By graham23s
in PHP Coding Help

 Share

Recommended Posts

graham23s Advanced Member

graham23s

Posted
Posted

Hi Guys,

 

this is a basic login script i have been coding, i was wanting to have it all in the same page instead of having anothe rpage to authenticate, but beacuase i have html before it i get the output error , i was just wondering if there was a way i could get round that code is:

 

<?php
  # includes
  include("includes/db_connection.php");
  include("includes/functions.php");
  include("includes/header.php");
  include("includes/navbar0.php");
  
  ## deal with the submission
  if(isset($_POST['submit'])) {
  
  $username = $_POST['username'];
  $password = $_POST['password'];
  
  $q = "SELECT `id`,`username`,`password` FROM `members` WHERE `username`='$username' AND `password`='$password' LIMIT 1";
  $r = mysql_query($q);
  $row = mysql_fetch_array($r);
  
  $any_results = mysql_num_rows($r);
  
  if($any_results != 1) {
  
  std_message("Error","Error message here."); 
  include("includes/footer.php");
  exit;	
     
 } else {

  ## There was a result back
  session_start(); 
  header("Location:myaccount.php"); 

  }
  
  include("includes/footer.php");
  exit;
   
  }
  
  ## login
  echo ("<form action=\"login.php\" method=\"POST\">");
  echo ("<table class=\"tables\" align=\"left\" width=\"300\" border=\"0\" cellpadding=\"5\" cellspacing=\"0\">");
  echo ("<tr>");
  echo ("<td class=\"header_boxes\" colspan=\"2\" align=\"left\"><span class=\"header_txt\">Members Login</span></td>");
  echo ("</tr>");
  echo ("<tr>");
  echo ("<td align=\"right\"><b>Username:</b></td><td align=\"left\"><input type=\"text\" name=\"username\"></td>");
  echo ("</tr>");
  echo ("<tr>");
  echo ("<td align=\"right\"><b>Password:</b></td><td align=\"left\"><input type=\"password\" name=\"password\"></td>");
  echo ("</tr>");
  echo ("<tr>");
  echo ("<td colspan=\"2\" align=\"right\">[<a class=\"foot_links\" href=\"recover.php\">Forgot Your Password?</a>]  <input type=\"submit\" name=\"submit\" value=\"Login\"></td>");
  echo ("</tr>");
  echo ("</table></form>");
?>
<?php
  # footer
  include("includes/footer.php");
?>

 

thanks guys

 

Graham

Link to comment
Share on other sites
haaglin Newbie

haaglin

Posted
Posted

Which files output html before the confirmation of the login?

 

And just a tip. you really should make your login script safer than that.

Try filtering the POST values:

$username = htmlentities(strip_tags($_POST['username']));
$password = htmlentities(strip_tags($_POST['password']));

 

I could just enter any username and ' OR ''='' as password. Then your query would be:

SELECT `id`,`username`,`password` FROM `members` WHERE `username`='$username' AND `password`='' OR ''=''

 

You see? now i have full access..

Link to comment
Share on other sites
graham23s Advanced Member

graham23s

Posted
  • Author
Posted

Hi Mate,

 

thanks for the tips implemented already lol

 

this part has html in it:

 

include("includes/header.php");

 

i can do it ok, when using another page to validate but really wanting to do it all in 1 page if at all possible.

 

thanks mate

 

Graham

Link to comment
Share on other sites
haaglin Newbie

haaglin

Posted
Posted

Cant you just put the header file further down?

 

<?php
# includes
include("includes/db_connection.php");
include("includes/functions.php");
  
## deal with the submission
if(isset($_POST['submit'])) {
  
$username = htmlentities(strip_tags($_POST['username']));
$password = htmlentities(strip_tags($_POST['password']));
  
$q = "SELECT `id`,`username`,`password` FROM `members` WHERE `username`='$username' AND `password`='$password' LIMIT 1";
$r = mysql_query($q);
$row = mysql_fetch_array($r);
  
$any_results = mysql_num_rows($r);
  
if($any_results != 1) {
	std_message("Error","Error message here."); 
	include("includes/header.php");
  		include("includes/navbar0.php");
  		include("includes/footer.php");
  		exit;
} else {
  		## There was a result back
  		header("Location:myaccount.php"); 
  	}
}
  
## login
include("includes/header.php");
include("includes/navbar0.php");
echo ("<form action=\"login.php\" method=\"POST\">");
echo ("<table class=\"tables\" align=\"left\" width=\"300\" border=\"0\" cellpadding=\"5\" cellspacing=\"0\">");
echo ("<tr>");
echo ("<td class=\"header_boxes\" colspan=\"2\" align=\"left\"><span class=\"header_txt\">Members Login</span></td>");
echo ("</tr>");
echo ("<tr>");
echo ("<td align=\"right\"><b>Username:</b></td><td align=\"left\"><input type=\"text\" name=\"username\"></td>");
echo ("</tr>");
echo ("<tr>");
echo ("<td align=\"right\"><b>Password:</b></td><td align=\"left\"><input type=\"password\" name=\"password\"></td>");
echo ("</tr>");
echo ("<tr>");
echo ("<td colspan=\"2\" align=\"right\">[<a class=\"foot_links\" href=\"recover.php\">Forgot Your Password?</a>]  <input type=\"submit\" name=\"submit\" value=\"Login\"></td>");
echo ("</tr>");
echo ("</table></form>");
# footer
include("includes/footer.php");
?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.