HomeBuilding Your WebsiteWeb Programming and Application Development

Does this php script look ok

benf posted this at 17:12 — 28th July 2006.

They have: 426 posts

Joined: Feb 2005

This is a login script i dont think im creating a session? Well it wont echo anyway!

This is the main logon page;

<?php
PHP

    include \"MainInclude.php\";
    $msg=\"\";
    switch (checklogon()){
        case 0:
            break;
        case 1:
            $msg=\"User name not regognised\";
            break;
        case 2:
            $msg=\"Password incorrect\";
            break;
        case -1:
            header(\"location:admin.php\");
            break;
        default:
            echo \"default\";
            break;
    }





<HTML>
<HEAD>
<BODY>
<FORM name=aform action='logon.php' method='POST'>
<CENTER><B><FONT color=#ff0000 size=5>LOGON</FONT></B> </CENTER>
<CENTER>&nbsp;</CENTER>
<CENTER><B><FONT color=#ff0000 size=3>PHP print $msg; </FONT></B></CENTER>
<CENTER>&nbsp;</CENTER>
<CENTER>
<TABLE>
<TBODY>
<TR>
<TD width=100>User Name:</TD>
<TD width=40><INPUT size=50 name='UserName'></TD></TR>
<TR>
<TD>Password:</TD>
<TD><INPUT size=50 name='Pwd' type='password'></TD></TR>
<TR>
<TD>&nbsp;</TD></TR>
<TR>
<TD align=middle colSpan=2><BUTTON type=submit>
<P>Submit</P></BUTTON></TD></TR></TBODY></TABLE></CENTER>
<P></FORM></P></BODY>
</HTML>
?>

then the function;

<?php
function checklogon(){

//    Called by Logon.php

    $user=$_POST['UserName'];
    $pwd=$_POST['Pwd'];

   
    if (!isset($user) || !isset($pwd)) return 0;
   
    if (isset($_SESSION['ID'])) {
        session_unset();
        session_destroy();
    }

    $conn = mysql_connect(\"localhost\", \"\",\"\");
    mysql_select_db('Websites',$conn);

    $sql = \"SELECT * from Users where UserName='$user'\";
   
     $result = mysql_query($sql, $conn);
   
    if (!$result) return 1;

    $row = mysql_fetch_assoc($result);

    if (!$row) return 1;
   
    if ($row['Password'] != $pwd) return 2;

    mysql_close();
    return -1;

}
?>

it works but i just cant echo the $_SESSION['ID'] so i can continue with my application i want to be sure that the sessions are working and not sire they are?

Good Value Professional VPS Hosting

Greg K posted this at 19:02 — 28th July 2006.

Greg K's picture

He has: 2,145 posts

Joined: Nov 2003

The problem is most likely that you are never initializing the session with the sesion_start() function. (see http://us3.php.net/manual/en/function.session-start.php) You need to do this on any page using the sessions, and it must be called BEFORE anything is sent ot the browser (ie. through echo, print, or before any <? ?> tags).

Just a few notes on your code as changes I would recommend:

Instead of <?PHP print $msg; ?>, you can simply do <?= $msg ?> or

<?php
= $msg
?>

It is best not to store the plain password in the database, you should save a hashed version (ie, use md5() function) and check that.

-Greg

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.