Authentication

Printable View

Dec 8th, 2005, 06:44 PM
JoshUK

Authentication

I wrote this script today, and it works with check the password and everything, but how do i get it to go to another webpage when the password is right?

Code:

<form name="form1" method="post" action="<?php $_SERVER['PHP_SELF']; ?>?action=login"> Username:<input type="text" name="u"><br> Password:<input type="text" name="p"><br> <input type="submit" name="Submit" value="Submit"> </form> <?php $server = "localhost"; $username = "root"; $password = ""; $datebase = "login"; $a = 0; $db = mysql_connect($server, $username, $password); mysql_select_db($datebase, $db); $result = mysql_query("SELECT * FROM users WHERE username='$u'",$db) or die(mysql_error()); while ( $r = mysql_fetch_array( $result ) ) { $uu = $r['username']; $pp = $r['password']; } if (isset($action) && $action == 'login') { if ($uu == $u && $pp == $p){ echo "Right!"; $a ++; }else echo "Wrong!"; $a == 0; } print $a; ?>

thanks for any help :)
Dec 8th, 2005, 08:02 PM
Pc_Madness

Re: Authentication

First of all can you do "?action=login" that? I always found that it didn't get passed, and I had to make a hidden form input to pass the text.

Secondly you should be checking if action is login, if it isn't, print out the sign in form, if it is do the database stuff.

As for the database stuff.. first of all turn off super globals in PHP, as thats very bad. Instead use $_POST["u"] to get the username. And you should limit the return results of that query to 1, elimates the need for a loop for starters, security secondly.

Once you've done all that and decided if password is valid,

PHP Code:

header("Location: http://" . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . "/" . $relative_url);

http://php.mirrors.ilisys.com.au/man...ion.header.php

In order to do a redirect like that, you must make sure that no HTML has already been sent to the client, otherwise your gunna have to look at a Javascript redirect instead (means making "success!" "fail!" messages inside the file posted above.)

That help at all?
Dec 9th, 2005, 02:38 AM
visualAd

Re: Authentication

You should also escape your string before insterting them into a query:

Code:

$username = mysql_escape_string($_POST['username']);

Or an attacker could inject your query and cuase it to dump a file with ALL user names and passwords on the public web server.
Dec 9th, 2005, 02:40 AM
Pc_Madness

Re: Authentication

well if its got a LIMIT 1 then it can't dump as much. :p
Dec 9th, 2005, 04:27 AM
visualAd

Re: Authentication

SELECT * FROM users WHERE username='$u' LIMIT 1

Enter a user name of:

' OR 1=1 LIMIT 2,1 UNION SELECT * FROM users WHERE 'A'='B

AND

' OR 1=1 LIMIT 2,2 UNION SELECT * FROM users WHERE 'A'='B

AND

' OR 1=1 LIMIT 2,3 UNION SELECT * FROM users WHERE 'A'='B