View Full Version : PHP Login Help

01-20-2006, 05:40 PM
Can someone check out the files i've uploaded? I've got a simple username and password login form that works except for the fact that you have submit the username and password twice in order to be redirected to the according page.

username: tst
password: your_password

01-20-2006, 05:51 PM
It redirects me to a page on a different server, the source of which I cannot see.

01-20-2006, 06:17 PM
I updated the zip files to take that URL out. That should just be the URL of wherever the login page resides...(i think)

01-20-2006, 06:23 PM
Works here for me.
Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8) Gecko/20051201 Fedora/1.5-1.1.fc4.nr Firefox/1.5 - Build ID: 0000000000

See at http://twey.ath.cx/pass/login.php

01-20-2006, 07:51 PM
lol. it's broken i swear! :) well, yours definitely seems to be working properly. ummm... do you think a base href tag at the top of the page could effect anything? also, the code seems a bit messy to me, do you have any advice on how to clean it up? i might strip out the base href tag on the version i'm using and see if that fixes the problem. i'm not exactly sure why this works now.

01-20-2006, 07:56 PM
do you think a base href tag at the top of the page could effect anything? Not unless you later try to use header() to redirect.
As to neatening up the code, try using an include to check the session.

01-20-2006, 10:23 PM
would you say this new code is much better?

01-20-2006, 10:29 PM
Why are half your linebreaks UNIX-style and half Windows-style? It confuses my poor editor... :-\

01-20-2006, 11:00 PM
Sorry, the other person giving input on my code must be on windows...

01-21-2006, 11:27 AM
Sorry, I lied: they're half-UNIX, half-old Mac.
What I meant was to put the login-checking bit in a seperate file, say "security.php":

function login_fail() {
header('Location: /');

// start the session

// is the one accessing this page logged in or not?
if ($_SESSION['username'] != "tst 1060b7b46a3bd36b3a0d66e0127d0517") {
// not logged in, fail

?>then include it into page.php:
<?php require_once("security.php"); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

The page you are redirected to upon successful login
</html>This will make life a lot easier for you later on.

01-22-2006, 04:48 AM
but what if the user and password are different for each page? how would that work with 1 included file?

01-22-2006, 11:20 AM
In that case,
a) you shouldn't be using sessions in the first place, and
b) you can check $PHP_SELF (possibly) or a global variable set to $PHP_SELF in the documents it's called from.

01-22-2006, 03:10 PM
what would b look like?

01-22-2006, 03:24 PM
$passstrings = array(
"test.php" => "83580b87d8e1eca38c31949ac85aacfd",
"page.php" => "69630e4574ec6798239b091cda43dca0"
// And so on...
if($_SESSION['authstring'] == "tst " . $passstrings[$PHP_SELF]) {
// Logged in OK.