PDA

View Full Version : PHP Login Help



wyclef
01-20-2006, 05:40 PM
Can someone check out the files i've uploaded? I've got a simple username and password login form that works except for the fact that you have submit the username and password twice in order to be redirected to the according page.

username: tst
password: your_password

Twey
01-20-2006, 05:51 PM
It redirects me to a page on a different server, the source of which I cannot see.

wyclef
01-20-2006, 06:17 PM
I updated the zip files to take that URL out. That should just be the URL of wherever the login page resides...(i think)

Twey
01-20-2006, 06:23 PM
Works here for me.
httpd-2.0.54-10.2
php-5.0.4-10.5
Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8) Gecko/20051201 Fedora/1.5-1.1.fc4.nr Firefox/1.5 - Build ID: 0000000000

See at http://twey.ath.cx/pass/login.php

wyclef
01-20-2006, 07:51 PM
lol. it's broken i swear! :) well, yours definitely seems to be working properly. ummm... do you think a base href tag at the top of the page could effect anything? also, the code seems a bit messy to me, do you have any advice on how to clean it up? i might strip out the base href tag on the version i'm using and see if that fixes the problem. i'm not exactly sure why this works now.

Twey
01-20-2006, 07:56 PM
do you think a base href tag at the top of the page could effect anything? Not unless you later try to use header() to redirect.
As to neatening up the code, try using an include to check the session.

wyclef
01-20-2006, 10:23 PM
would you say this new code is much better?

Twey
01-20-2006, 10:29 PM
Why are half your linebreaks UNIX-style and half Windows-style? It confuses my poor editor... :-\

wyclef
01-20-2006, 11:00 PM
Sorry, the other person giving input on my code must be on windows...

Twey
01-21-2006, 11:27 AM
Sorry, I lied: they're half-UNIX, half-old Mac.
What I meant was to put the login-checking bit in a seperate file, say "security.php":
<?php

function login_fail() {
header('Location: /');
exit;
}

// start the session
session_start();

// is the one accessing this page logged in or not?
if ($_SESSION['username'] != "tst 1060b7b46a3bd36b3a0d66e0127d0517") {
// not logged in, fail
login_fail();
}

?>then include it into page.php:
<?php require_once("security.php"); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Page</title>
</head>

<body>
The page you are redirected to upon successful login
</body>
</html>This will make life a lot easier for you later on.

wyclef
01-22-2006, 04:48 AM
but what if the user and password are different for each page? how would that work with 1 included file?

Twey
01-22-2006, 11:20 AM
In that case,
a) you shouldn't be using sessions in the first place, and
b) you can check $PHP_SELF (possibly) or a global variable set to $PHP_SELF in the documents it's called from.

wyclef
01-22-2006, 03:10 PM
what would b look like?

Twey
01-22-2006, 03:24 PM
$passstrings = array(
"test.php" => "83580b87d8e1eca38c31949ac85aacfd",
"page.php" => "69630e4574ec6798239b091cda43dca0"
// And so on...
);
if($_SESSION['authstring'] == "tst " . $passstrings[$PHP_SELF]) {
// Logged in OK.
}