API tools faq
paste
Advertisement
gitlez

YA: Login Script Fixes 20120718042308AAQcU81 WC

gitlez
Jul 18th, 2012
70
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.23 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. // Needs to be started before anything has been sent to the user, including whitespace.
  3. session_start();
  4.  
  5. if(isset($_POST['Submit'])){
  6.     include 'connection/conn.php';
  7.     $database="issuelog";
  8.     $selectdb = mysql_selectdb($database);
  9.     if ($selectdb){
  10.         echo "Selected";
  11.         $UserName = $_POST['username'];
  12.         // Password's should never be stored as plain text.
  13.         $Password = $_POST['password'];
  14.         $table = "userreg";
  15.         $sql = "SELECT UserName FROM $table WHERE UserName='{$UserName}' AND Password='{$Password}' LIMIT 1";
  16.    
  17.         // Including the Connection Resource Link in the query call is the best way. Good Job.
  18.         $results=mysql_query($sql, $conn);
  19.        
  20.         // Check for successful query
  21.         if( $results && mysql_num_rows($results) === 1){
  22.             // If successful login details, redirect user to 'login_success.php'
  23.             // session_register() is no longer a valid function. It is deprecated in PHP 5.3 and removed from 5.4
  24.             $_SESSION['username'] = $UserName;
  25.             $_SESSION['password'] = $Password;
  26.             if( !headers_sent()){ // Check to see if the headers have already been sent. You cannot send more if they have already been sent.
  27.                 header("Location: login_success.php");
  28.                 exit;
  29.             }else{
  30.                 // If the headers have been sent, send alternative redirect methods.
  31.                 echo '<meta http-equiv="refresh" content="0; url=login_success.php"/>');
  32.                 echo '<script>document.location.href="login_success.php";</script>';
  33.                 exit;
  34.             }
  35.         } else if( !$results ){
  36.             // Query Failed, either because of a server/mysql error
  37.             // or a malformed query statement.
  38.             // echo 'Query [' . $sql . '] Failed because: ' . mysql_error($conn); // Uncomment this line for debugging purposes only
  39.             echo 'Internal Server Error';
  40.         } else {
  41.             echo "Wrong Username or Password.";
  42.         }
  43.     }
  44. }
  45. ?>
  46.  
  47. login_success.php
  48. <?php
  49. session_start();
  50. if(!isset($_SESSION['username'])){
  51.     header("Location: login.php");
  52. }
  53. ?>
  54.  
  55. <html>
  56.     <body>
  57.         Login Successful
  58.     </body>
  59. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!