PDA

View Full Version : user name and password check

am_sarath
08-23-2002, 09:14 AM
Hello,

i am trying to implement user name and password check from my table and if they match, the user will be redirected to main.php else he stays over there.
I worked with a simple two textboxes to enter user name and password and then with a submt button.It was working fine.Now, i implemented the same code to my complicated log in page, it is'nt working.could somebody pls tell me where is the error?

<?php

include "dbconnection.inc";
include "main_functions.inc";
$p_main = new main_functions;

if ($language_f != "")
$p_main->set_system_language($language_f);
$p_main->get_language_phrases('LOGIN');

$sql = "SELECT count(*) as cnt from TBL_USER WHERE USER_NAME = '$sess_user_f' AND USER_PASSWORD = '$sess_pass_f'";
$result = ibase_query($sql);
$row = ibase_fetch_row($result);
if ($row[0]) {
header('Location: main.php');
exit;
} else {
echo"<form action=\"$PHP_SELF\" method=\"POST\">\n";

}

?>

<head><title>Login</title>
<link rel="stylesheet" type="text/css" href="formate.css">
</head>
<body>
<form method="post">
<table width="100%" height="100%" border="2">
<tr>
<td>
<center>
<table bgcolor="#E0E0E0" border="2">
<tr>
<td>
<table bgcolor="#E0E0E0" width="320">
<tr height="23" width="100%">
<td background="images/img_title.gif"><font color="#FFFFFF">
<?php
echo "{$p_main->a_system_textphrases_m[TXT_LOGIN]}";
?>

</font></td>
</tr><tr>
<td align="right">

<?php

echo ("
<a href =\"index.php?language_f=ENG\" target=\"_self\">
<img src=\"images/ban_english.gif\" alt=\"{$p_main->a_system_textphrases_m[TXT_SETENGLISH]}\" name=\"btn_gersel\" width=\"46\" height=\"25\" border=\"0\">
</a>");

echo ("<a href =\"index.php?language_f=SPA\" target=\"_self\">
<img src=\"images/ban_spanish.gif\" alt=\"{$p_main->a_system_textphrases_m[TXT_SETSPANISH]}\" width=\"46\" height=\"25\" border=\"0\">
</a>");

echo ("<a href =\"index.php?language_f=FRE\" target=\"_self\">
<img src=\"images/ban_french.gif\" alt=\"{$p_main->a_system_textphrases_m[TXT_SETFRENCH]}\" width=\"46\" height=\"25\" border=\"0\">
</a>");
?>
</td></tr><tr><td>

<?php
echo "{$p_main->a_system_textphrases_m[TXT_INTRO]}";
?>






</td>
</tr>

</table>

<table bgcolor="#E0E0E0" width="320">
<tr>
<td>
<?php
echo "{$p_main->a_system_textphrases_m[TXT_USERNAME]}";
?>
</td>
<td align="right"><input type="text" name="sess_user_f" value="" maxlength="99" size="25"></td>
</tr>
<tr>
<td>
<?php
echo "{$p_main->a_system_textphrases_m[TXT_PASSWORD]}";
?>
</td>
<td align="right"><input type="password" name="sess_pass_f" maxlength="255" size="25"></td>
</tr><input type="hidden" value="1" name="login_try">
</table>
<div align="center">


<table>
<tr>
<td><input type="submit" value="Log in" style="position: relative; width: 150;"></td>
</form><form method="post">
<td><input type="submit" value="Change password" style="position: relative; width: 150;"></td>
<input type="hidden" value="1" name="login_changepass">
</tr></form>
</table>
</div>
</td>
</tr>
</table>
</center>
</td>
</tr>
</table>
</form>
</body></html>
Halide
08-23-2002, 03:45 PM
It would be SO much easier to understand if you used your code here... in your posts :)

You are saying you redirect to main.php after a login. But, is this page checking the user info as well?
am_sarath
08-23-2002, 05:27 PM
NOpe.

Main.php is another page.The code which i posted previous is my log in page.

Sorry if the code was'nt clear.
Halide
08-23-2002, 05:51 PM
yeah, but someone could guess main.php and get in!

is this prevented?

anyway... what exactly do you want us to look at in your code
am_sarath
08-23-2002, 06:13 PM
well, my code displays a log-in page.when the username and password entered by the user matches with that of the values stored in the table, main.php will be displayed, else, the user stays back in the log-in page itself.
But, my script is'nt functioning in the way i need it to work like:-(
could somebody tell me wherez the error.

thanks in advance
Halide
08-23-2002, 10:45 PM
Well, I noticed that in your header call, you aren't using an absolute URI.
header('Location: main.php');
This should be something like...
header('Location: http://your-server.com/path/to/script/main.php');

and also, you can use this to find the $url_path

$url = "http://" . $HTTP_HOST . $PHP_SELF;
$url_path = dirname($url);

I hope someone else can help you figure out the problem...

can you edit your first post and put [ PHP ] [ /PHP ] around it, please?
roninblade
08-28-2002, 10:45 PM
what i think is the problem is that you have too many form tags inside. i dont recommend nesting form tags inside other form tags. i've tried simplifying your code here, test it and see if it the page posts correctly.

btw, i'm not sure if this will hack the user authentication for your pages try changing it to something more specific. if ($row[0]) {
header('Location: main.php');
exit;
}here's the rest of the code i modified<?php
include "dbconnection.inc";
include "main_functions.inc";
$p_main = new main_functions;

if ($language_f != "") $p_main->set_system_language($language_f);
$p_main->get_language_phrases('LOGIN');

$sql = "SELECT count(*) as cnt from TBL_USER WHERE USER_NAME = '$sess_user_f' AND USER_PASSWORD = '$sess_pass_f'";
$result = ibase_query($sql);
$row = ibase_fetch_row($result);

if ($row[0]) {
header('Location: main.php');
exit;
}
?>

<head>
<title>Login</title>
<link rel="stylesheet" type="text/css" href="formate.css">
</head>

<body>
<table width="100%" height="100%" border="2">
<tr>
<td>
<center>
<table bgcolor="#E0E0E0" border="2">
<tr>
<form action="<?=$PHP_SELF?>" method="POST">
<td>
<table bgcolor="#E0E0E0" width="320">
<tr height="23" width="100%">
<td background="images/img_title.gif">
<font color="#FFFFFF">
<?php
echo '{'.$p_main->a_system_textphrases_m["TXT_LOGIN"].'}';
?>
</font>
</td>
</tr>
<tr>
<td align="right">
<?php
echo '<a href="index.php?language_f=ENG" target="_self">
images/ban_english.gifa_system_textphrases_m["TXT_SETENGLISH"].
'}" name="btn_gersel" width="46" height="25" border="0"></a>
<a href="index.php?language_f=SPA" target="_self">
images/ban_spanish.gifa_system_textphrases_m["TXT_SETSPANISH"].
'}" width="46" height="25" border="0"></a>
<a href="index.php?language_f=FRE" target="_self">
images/ban_french.gifa_system_textphrases_m["TXT_SETFRENCH"].
'}" width="46" height="25" border="0"></a>';
?>
</td>
</tr>
<tr>
<td>
<?php
echo '{'.$p_main->a_system_textphrases_m["TXT_INTRO"].'}';
?>



</td>
</tr>
</table>
<table bgcolor="#E0E0E0" width="320">
<tr>
<td>
<?php
echo '{'.$p_main->a_system_textphrases_m["TXT_USERNAME"].'}';
?>
</td>
<td align="right"><input type="text" name="sess_user_f" value="" maxlength="99" size="25"></td>
</tr>
<tr>
<td>
<?php
echo '{'.$p_main->a_system_textphrases_m["TXT_PASSWORD"].'}';
?>
</td>
<td align="right"><input type="password" name="sess_pass_f" maxlength="255" size="25"></td>
</tr>
<input type="hidden" value="1" name="login_try">
</table>
<div align="center">


<table>
<tr>
<td><input type="submit" value="Log in" style="position: relative; width: 150;"></td>
<td>
<input type="button" value="Change password"
onClick="this.window.location.replace('<?=$PHP_SELF?>?login_changepass=1');"
style="position: relative; width: 150;">
</td>
</tr>
</table>
</div>
</td>
</form>
</tr>
</table>
</center>
</td>
</tr>
</table>
</form>
</body>
</html>