...

View Full Version : Problem with login.php



sesc
09-04-2007, 07:22 PM
I have a login form with username and password fields. and a login button. I am getting the values from the fields using javascript, and I am comparing with the DB values using php. for this

<script>
function validate()
{
var uname=loginfrm.user.value
var pwd = loginfrm.password.value
<?php
$Query = "Select pwd from tab where uname='abc'";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$dbpwd = $row['pwd'];
?>
if(pwd != <?php echo $dbpwd; ?>)
{
alert("Record Not found!");
return false
}
else
{
location.href = "logindetails.php";
}
}
</script>


<form name="loginfrm" method="POST" action="LoginAfter.php">
<input type="text" name="user" />
<input type="password" name="pass" />
<input type="Submit" name="Login" value="Login" onclick = "return validate()" />

here if I remove the php code block with in the <script> tag then logging into the page, but without any validations. If I keep the php code, then a javascript error is coming. can anybody help me in this. Thanks in advance!

Fumigator
09-04-2007, 08:11 PM
View the source of the page, you'll see the problem with your Javascript.

angst
09-04-2007, 09:26 PM
try:



<script>
function validate(){

var uname= document.loginfrm.user.value
var pwd = document.loginfrm.password.value
<?php
$res = mysql_query("Select pwd from tab where uname='abc'");
$row = mysql_fetch_assoc($res);
$dbpwd = $row['pwd'];
?>
if(pwd !== '<?=$dbpwd?>'){
alert("Record Not found!");
return false
} else {
location.href = "logindetails.php";
}
}
</script>

rafiki
09-05-2007, 12:18 PM
thats not very secure...
compare in php then output


<script>
function validate(){

var uname= document.loginfrm.user.value
var pwd = document.loginfrm.password.value
<?php
$pass = $_POST['password'];
$res = mysql_query("Select pwd from tab where uname='abc'");
$row = mysql_fetch_assoc($res);
$dbpwd = $row['pwd'];
if($pass != $dbpwd){
echo 'alert("Record Not found!")';
}else{
header("Location: LoginDetails.php");
}
?>
}
</script>

venkib097
09-05-2007, 12:42 PM
the above posts are not secured.encrypt the password and store the db and get the password , decrypt it and then compare with text box value

rafiki
09-05-2007, 01:06 PM
why? you sha1() the password store it in the database and sha1() the text box field then compare, thats more secure than decrypting the database value.
but you should compare the passwords in php not javascript as they can then check the correct value of the password in the source of the page.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum