php_novice2007

Hi all, I've made the following login system so far: a loginForm.html that accepts the user name and password. a loginck.php that verifies the user name and password. If successful, redirect to the menu page, if not, redirect back to loginForm.html. My question is.. if login was unsuccessful, how can I reload loginForm.html but with an error message as well? Currently the page just reloads and some users think that the login system is not working not realising that they have typed the wrong information. In an earlier version I had a message and a link back to loginForm.html displayed on loginck.php if login was unsucessful but it was annoying to have to click on the link all the time and thats why I made it redirect.. Any help is much appriciated. Thanks~!

oh wow~ Thanks so much! thats exactly what I want!

Are you saying that I can run php code inside JavaScript? I thought PHP is only done on the server side..

I think what I want to do is similar to when you view emails you can click on either "date" or "from" or "subject" etc and it sorts your emails for you according to what you choose. I want to do that to a table, the default is sorting by id, but if the user selects something from a drop down list (on the same page as the table) I want the table to change to have its rows sorted by what the user choose.

ohh so basically I have an onchange listener on the drop down list which calls up a javascript function which changes the address bar and get the page to reload? hm unfortunately the site you recommanded doesn't have anything that can change the address bar, and nothing useful is coming up on Google either.. one page actually said JavaScript can't change the address bar ???

would that produce the result in a new page?

Hi, I've got a mysql table called users with attributes "id", "name", "group", "last login". I've got a page where I first displays a HTML table containing all the users information followed by a form where each id is displayed and a check box is next to it. Currently I've just used a "select * from users" statement to extract all the users (ordered by id) and display their information on the HTML table. I've also saved the ids in a PHP array so that I can go through it and generate the form after displaying the table. Now I want to improve the display of the table. I want to add a drop down list on the page with options "id", "name", "group", and "last login" where depending on which one the user selects, the table will display the user information sorted by the option chosen. I'm not sure how to go about doing that.. I suppose I'll have to call a javascript function whenever the drop down option changed, and somehow redisplay the table. But how? I have to send another query to the database but I don't want to leave the page, and I need to keep at least the id sorted since I need it to generate the form.. Should I somehow form javascript objects (no idea how I would do that) and whenever the list changed write code to reorder the objects and then display the information? Thanks for any help~!

How do I prevent this? thanks~!

Hi, I'm not sure which forum this question belongs to.. not sure if this is a problem with the web server setting.. I'm developing a web site which allows users to log in and depending on what type of users they are, they get to access different pages of the site. Say theres a page: secureMenuAdmin.php, which can only be accessed by the administrator. When I open IE, and log in and get to secureMenuAdmin.php, I then open a new brower window, and copy the secureMenuAdmin.php into the address bar. On one computer it gives me the login page, and on another computer, it gives me secureMenuAdmin.php!.. Why is this the case?? I want to have the login page appear in the second brower. Similar problem is that for the first computer, I can have 2 IE browsers and be logged in with 2 different user names (i.e. see different menus), but on the second computer, I can only log in as 1 person at a time.. How do I make the second computer act like the first one? Thanks~!

By the way, if I have these code to stop SQL injection, does that mean a user name or password can't contain ` or ' s?

Hi, I've got something like this, is that the same as what you've got? $userid = $_POST['login']; $passWord = $_POST['password']; require("databaseInfo.php"); $dbtable = "users"; $link=mysql_connect("localhost", $username, $password) or die("Cannot connect to database"); //select database @mysql_select_db($database) or die("Unable to select database"); if(get_magic_quotes_gpc()) { $userid = stripslashes($userid); $passWord = stripslashes($passWord); } $query = sprintf("SELECT * FROM %s WHERE user_id = '%s'", $dbtable, mysql_real_escape_string($userid, $link)); $result=mysql_query($query, $link) or die("Unable to load selected table"); I think I copied the code from somewhere so not really sure what the magic_quotes_gpc do.. Do I still need your code to replace " ` " with " ' "? Thanks!

So if I add slashes to everything I'll be ok?

so therefore if I only use $POST and no $GET at all then I should be fine?

Hi, Does a MySQL injection attack only occur when the user is allowed to type something in which is used as part of a query? What about forms where the user can only select from radio buttons/checkboxes/drop down lists.. They can't really do the multiple SQL thing can they? Thanks~!

Hi guys, I'm just looking at the same topic.. at the moment I've got session_register('userid') in my loginCheck page, and then every other page I've got session_start(); if(session_is_registered('userid')){ session_regenerate_id(); ... } else { echo "You are not logged in"; } Is that doing the same as what darkfreaks's code is doing? I seem to remember being told elsewhere that "session_is_register" is not good to use, is that true?