tmallen Posted November 2, 2007 Share Posted November 2, 2007 I want a simple user login page/script that does not run over a DB. The main reason for this is to ease deployment and because security is not a huge deal for the data being protected. Here's what I'm trying now. It isn't working. The form at login.php: <form action="../scripts/login.php" method="post"> <fieldset> <label>Username: <span class="alert">*</span></label><input type="text" name="username" /> <label>Password: <span class="alert">*</span></label><input type="password" name="password" /> <input type="submit" value="Login" class="submit clear" /> <div class="clear"></div> </fieldset> </form> The script at ../scripts/login.php: <?php $username = $_REQUEST['username']; $password = $_REQUEST['password']; session_start(); $_SESSION['uid'] = $username; $_SESSION['pass'] = $password; header("Location: The admin homepage"); ?> Part of includes/header.php to check for access: session_start(); if ($admin) { if ($_SESSION['uid']!='admin' || $_SESSION['pass']!='adminpw') { echo("Permission denied for $username at $password\n"); } } And at the top of a sample admin page: <?php $title = 'Downloads'; $admin = TRUE; include '../includes/header.php'; ?> Right now, permission is not being denied in any way to false logins, and at the top of the page I get "Permission denied for at". So basically, it sets two session variables (I have no prior session experience) based on form input, and checks these variables at every $admin page. I know I'm doing many, many things wrong. Please point them out, but be gentle :^) Quote Link to comment https://forums.phpfreaks.com/topic/75741-solved-need-a-simple-user-login-script/ Share on other sites More sharing options...
rajivgonsalves Posted November 2, 2007 Share Posted November 2, 2007 Looks ok for your need... you can't do a lot improvment to it... Quote Link to comment https://forums.phpfreaks.com/topic/75741-solved-need-a-simple-user-login-script/#findComment-383325 Share on other sites More sharing options...
tmallen Posted November 2, 2007 Author Share Posted November 2, 2007 It doesn't work though. Quote Link to comment https://forums.phpfreaks.com/topic/75741-solved-need-a-simple-user-login-script/#findComment-383327 Share on other sites More sharing options...
tmallen Posted November 2, 2007 Author Share Posted November 2, 2007 Wait, it does work, but the page is still loading. How can I kill the process? Quote Link to comment https://forums.phpfreaks.com/topic/75741-solved-need-a-simple-user-login-script/#findComment-383329 Share on other sites More sharing options...
rajivgonsalves Posted November 2, 2007 Share Posted November 2, 2007 just one thing if ($_SESSION['uid']!='admin' || $_SESSION['pass']!='adminpw') { echo("Permission denied for $username at $password\n"); } should be if ($_SESSION['uid']!='admin' || $_SESSION['pass']!='adminpw') { echo("Permission denied for $username\n"); exit; } one more tip avoid displaying any passwords on screen Quote Link to comment https://forums.phpfreaks.com/topic/75741-solved-need-a-simple-user-login-script/#findComment-383330 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.