|
-
Jun 13th, 2010, 02:27 AM
#81
Re: login problems
well, that means you must not have read my post. anything between these lines in your script is not being executed:
PHP Code:
if($_SERVER['REQUEST_METHOD'] == "POST"){
// .. all of the code here is never been executed
}
the request method is only ever "POST" after you've submitted a form. what you're doing is submitting the form (index.php) to another script (login.php) and then redirecting that page back to the form (index.php). once you submit the form, login.php's REQUEST_METHOD is POST. once you redirect from login.php to index.php, the REQUEST_METHOD is back to GET (default). you should be authenticating the user and getting user information in login.php.
-
Jun 14th, 2010, 08:48 PM
#82
Thread Starter
Hyperactive Member
Re: login problems
 Originally Posted by kows
well, that means you must not have read my post. anything between these lines in your script is not being executed:
PHP Code:
if($_SERVER['REQUEST_METHOD'] == "POST"){
// .. all of the code here is never been executed
}
the request method is only ever "POST" after you've submitted a form. what you're doing is submitting the form (index.php) to another script (login.php) and then redirecting that page back to the form (index.php). once you submit the form, login.php's REQUEST_METHOD is POST. once you redirect from login.php to index.php, the REQUEST_METHOD is back to GET (default). you should be authenticating the user and getting user information in login.php.
Even if I block them it doesn't change anything.
-
Jun 14th, 2010, 08:55 PM
#83
Re: login problems
.. block what? please say so if you're having a hard time understanding something. you're not trying to block anything -- you need to move things around. the login authentication that is inside your index.php script should be moved to your login.php script.
-
Jun 14th, 2010, 09:00 PM
#84
Thread Starter
Hyperactive Member
Re: login problems
Originally Posted by kows
.. block what? please say so if you're having a hard time understanding something. you're not trying to block anything -- you need to move things around. the login authentication that is inside your index.php script should be moved to your login.php script.
Oh so you mean the following has to move to login.php:
PHP Code:
if($_SERVER['REQUEST_METHOD'] == "POST"){
if(empty($_POST['username'])){
$errors[] = "username was empty";
}
if(empty($_POST['password'])){
$errors[] = "password was empty";
}
if(empty($_POST['email'])){
$errors[] = "e-mail was empty";
}
if(count($errors) == 0){
//fix magic_quotes_gpc() being on
if(get_magic_quotes_gpc()){
foreach($_GET as $k => $v){
$_GET[$k] = stripslashes($v);
}
foreach($_POST as $k => $v){
$_POST[$k] = stripslashes($v);
}
foreach($_COOKIE as $k => $v){
$_COOKIE[$k] = stripslashes($v);
}
}
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site'])){ //if there is, it logs you in and directs you to the members page
$myusername = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$admin = $_COOKIE['Admin_my_site'];
$user = $_COOKIE['User_my_site'];
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".mysql_real_escape_string($myusername)."'";
$check = mysql_query($sql)or die(mysql_error());
while($info = mysql_fetch_array( $check )){
if($pass == $info['password']){
$writeusername = "Welcome ".$myusername."! <br />Visit your <a href=\"member.php\">member's stat</a> <br /><a href=\"login/logout.php\">Logout</a>";
}
}
}
//variable to keep track of whether to show the user the login form or not
$showlogin = true; //we show the form by default, -unless- we know they have logged in
//if the login form is submitted
if (isset($_POST['submit'])){ // if form has been submitted
if(!$_POST['username'] || !$_POST['pass']) {// makes sure they filled it in
$writeemptyfield = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">You did not fill in a required field.</td></tr>";
}// checks it against the database
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$db['username'] = mysql_real_escape_string($_POST['username']);
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".$db['username']."'";
$check = mysql_query($sql) or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
$writeusernoexist = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">That user does not exist in our database.</td></tr>";
}
while($info = mysql_fetch_array( $check )){
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']){
$writewrongpassword = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">Incorrect password, please try again.</td></tr>";
}else{
// if login is ok then we add a cookie
$hour = time() + 3600;
setcookie("ID_my_site", $_POST['username'], $hour);
setcookie("Key_my_site", $_POST['pass'], $hour);
//they are logged in. no need to show the login form
$showlogin = false;
if($_POST["admin"]=="yes"){
setcookie("Admin_my_site", $_POST['admin'], $hour);
}else{
setcookie("User_my_site", $_POST['admin'], $hour);
}
header("Location: login.php");
}
}
}
}
}
-
Jun 14th, 2010, 10:39 PM
#85
Re: login problems
yes. except you are sending a header at the end that redirects to login.php, and you'll want to get rid of that.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote