|
-
Dec 8th, 2005, 06:44 PM
#1
Thread Starter
Lively Member
Authentication
I wrote this script today, and it works with check the password and everything, but how do i get it to go to another webpage when the password is right?
Code:
<form name="form1" method="post" action="<?php $_SERVER['PHP_SELF']; ?>?action=login">
Username:<input type="text" name="u"><br>
Password:<input type="text" name="p"><br>
<input type="submit" name="Submit" value="Submit">
</form>
<?php
$server = "localhost";
$username = "root";
$password = "";
$datebase = "login";
$a = 0;
$db = mysql_connect($server, $username, $password);
mysql_select_db($datebase, $db);
$result = mysql_query("SELECT * FROM users WHERE username='$u'",$db) or die(mysql_error());
while ( $r = mysql_fetch_array( $result ) ) {
$uu = $r['username'];
$pp = $r['password'];
}
if (isset($action) && $action == 'login') {
if ($uu == $u && $pp == $p){
echo "Right!";
$a ++;
}else
echo "Wrong!";
$a == 0;
}
print $a;
?>
thanks for any help 
Last edited by JoshUK; Dec 8th, 2005 at 06:47 PM.
-
Dec 8th, 2005, 08:02 PM
#2
PowerPoster
Re: Authentication
First of all can you do "?action=login" that? I always found that it didn't get passed, and I had to make a hidden form input to pass the text.
Secondly you should be checking if action is login, if it isn't, print out the sign in form, if it is do the database stuff.
As for the database stuff.. first of all turn off super globals in PHP, as thats very bad. Instead use $_POST["u"] to get the username. And you should limit the return results of that query to 1, elimates the need for a loop for starters, security secondly.
Once you've done all that and decided if password is valid,
PHP Code:
header("Location: http://" . $_SERVER['HTTP_HOST']
. rtrim(dirname($_SERVER['PHP_SELF']), '/\\')
. "/" . $relative_url);
http://php.mirrors.ilisys.com.au/man...ion.header.php
In order to do a redirect like that, you must make sure that no HTML has already been sent to the client, otherwise your gunna have to look at a Javascript redirect instead (means making "success!" "fail!" messages inside the file posted above.)
That help at all?
-
Dec 9th, 2005, 02:38 AM
#3
Re: Authentication
You should also escape your string before insterting them into a query:
Code:
$username = mysql_escape_string($_POST['username']);
Or an attacker could inject your query and cuase it to dump a file with ALL user names and passwords on the public web server.
-
Dec 9th, 2005, 02:40 AM
#4
PowerPoster
Re: Authentication
well if its got a LIMIT 1 then it can't dump as much. 
-
Dec 9th, 2005, 04:27 AM
#5
Re: Authentication
SELECT * FROM users WHERE username='$u' LIMIT 1
Enter a user name of:
' OR 1=1 LIMIT 2,1 UNION SELECT * FROM users WHERE 'A'='B
AND
' OR 1=1 LIMIT 2,2 UNION SELECT * FROM users WHERE 'A'='B
AND
' OR 1=1 LIMIT 2,3 UNION SELECT * FROM users WHERE 'A'='B
Last edited by visualAd; Dec 9th, 2005 at 04:44 AM.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
