graham23s Posted October 2, 2007 Share Posted October 2, 2007 Hi Guys, this is a basic login script i have been coding, i was wanting to have it all in the same page instead of having anothe rpage to authenticate, but beacuase i have html before it i get the output error , i was just wondering if there was a way i could get round that code is: <?php # includes include("includes/db_connection.php"); include("includes/functions.php"); include("includes/header.php"); include("includes/navbar0.php"); ## deal with the submission if(isset($_POST['submit'])) { $username = $_POST['username']; $password = $_POST['password']; $q = "SELECT `id`,`username`,`password` FROM `members` WHERE `username`='$username' AND `password`='$password' LIMIT 1"; $r = mysql_query($q); $row = mysql_fetch_array($r); $any_results = mysql_num_rows($r); if($any_results != 1) { std_message("Error","Error message here."); include("includes/footer.php"); exit; } else { ## There was a result back session_start(); header("Location:myaccount.php"); } include("includes/footer.php"); exit; } ## login echo ("<form action=\"login.php\" method=\"POST\">"); echo ("<table class=\"tables\" align=\"left\" width=\"300\" border=\"0\" cellpadding=\"5\" cellspacing=\"0\">"); echo ("<tr>"); echo ("<td class=\"header_boxes\" colspan=\"2\" align=\"left\"><span class=\"header_txt\">Members Login</span></td>"); echo ("</tr>"); echo ("<tr>"); echo ("<td align=\"right\"><b>Username:</b></td><td align=\"left\"><input type=\"text\" name=\"username\"></td>"); echo ("</tr>"); echo ("<tr>"); echo ("<td align=\"right\"><b>Password:</b></td><td align=\"left\"><input type=\"password\" name=\"password\"></td>"); echo ("</tr>"); echo ("<tr>"); echo ("<td colspan=\"2\" align=\"right\">[<a class=\"foot_links\" href=\"recover.php\">Forgot Your Password?</a>] <input type=\"submit\" name=\"submit\" value=\"Login\"></td>"); echo ("</tr>"); echo ("</table></form>"); ?> <?php # footer include("includes/footer.php"); ?> thanks guys Graham Link to comment https://forums.phpfreaks.com/topic/71552-login-script-header-question/ Share on other sites More sharing options...
haaglin Posted October 2, 2007 Share Posted October 2, 2007 Which files output html before the confirmation of the login? And just a tip. you really should make your login script safer than that. Try filtering the POST values: $username = htmlentities(strip_tags($_POST['username'])); $password = htmlentities(strip_tags($_POST['password'])); I could just enter any username and ' OR ''='' as password. Then your query would be: SELECT `id`,`username`,`password` FROM `members` WHERE `username`='$username' AND `password`='' OR ''='' You see? now i have full access.. Link to comment https://forums.phpfreaks.com/topic/71552-login-script-header-question/#findComment-360272 Share on other sites More sharing options...
graham23s Posted October 2, 2007 Author Share Posted October 2, 2007 Hi Mate, thanks for the tips implemented already lol this part has html in it: include("includes/header.php"); i can do it ok, when using another page to validate but really wanting to do it all in 1 page if at all possible. thanks mate Graham Link to comment https://forums.phpfreaks.com/topic/71552-login-script-header-question/#findComment-360283 Share on other sites More sharing options...
haaglin Posted October 2, 2007 Share Posted October 2, 2007 Cant you just put the header file further down? <?php # includes include("includes/db_connection.php"); include("includes/functions.php"); ## deal with the submission if(isset($_POST['submit'])) { $username = htmlentities(strip_tags($_POST['username'])); $password = htmlentities(strip_tags($_POST['password'])); $q = "SELECT `id`,`username`,`password` FROM `members` WHERE `username`='$username' AND `password`='$password' LIMIT 1"; $r = mysql_query($q); $row = mysql_fetch_array($r); $any_results = mysql_num_rows($r); if($any_results != 1) { std_message("Error","Error message here."); include("includes/header.php"); include("includes/navbar0.php"); include("includes/footer.php"); exit; } else { ## There was a result back header("Location:myaccount.php"); } } ## login include("includes/header.php"); include("includes/navbar0.php"); echo ("<form action=\"login.php\" method=\"POST\">"); echo ("<table class=\"tables\" align=\"left\" width=\"300\" border=\"0\" cellpadding=\"5\" cellspacing=\"0\">"); echo ("<tr>"); echo ("<td class=\"header_boxes\" colspan=\"2\" align=\"left\"><span class=\"header_txt\">Members Login</span></td>"); echo ("</tr>"); echo ("<tr>"); echo ("<td align=\"right\"><b>Username:</b></td><td align=\"left\"><input type=\"text\" name=\"username\"></td>"); echo ("</tr>"); echo ("<tr>"); echo ("<td align=\"right\"><b>Password:</b></td><td align=\"left\"><input type=\"password\" name=\"password\"></td>"); echo ("</tr>"); echo ("<tr>"); echo ("<td colspan=\"2\" align=\"right\">[<a class=\"foot_links\" href=\"recover.php\">Forgot Your Password?</a>] <input type=\"submit\" name=\"submit\" value=\"Login\"></td>"); echo ("</tr>"); echo ("</table></form>"); # footer include("includes/footer.php"); ?> Link to comment https://forums.phpfreaks.com/topic/71552-login-script-header-question/#findComment-360293 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.