...

View Full Version : login script problem



hosefo81
01-18-2004, 07:21 AM
i have a login.php that will check the authentication of the user.
however, when i type a wrong userid and password or a real userid and password,
it just refresh the page.
Please tell me what's wrong with it.i follow the example from the wrox beginning php book.

<?php
session_start();
include "common_db.inc";


function auth_user($userid, $userpassword)
{
$query = "SELECT emp_id FROM user WHERE userid = '$userid' AND userpassword = password('$userpassword')";
$result = mysql_query($query);
if(!mysql_num_rows($result))
return 0;
else
{
$query_data = mysql_fetch_row($result);
return $query_data[0];
}
}

function login_form()
{
global $PHP_SELF;
?>
<HTML>
<HEAD>
<TITLE>Login</TITLE>
</HEAD>
<BODY>
<FORM METHOD="POST" ACTION="<? echo $PHP_SELF ?>">
<DIV ALIGN="CENTER"><CENTER>
<H3>Please log in to access the page you requested.</H3>
<TABLE BORDER="1" WIDTH="200" CELLPADDING="2">
<TR>
<TH WIDTH="18%" ALIGN="RIGHT" NOWRAP>ID</TH>
<TD WIDTH="82%" NOWRAP>
<INPUT TYPE="TEXT" NAME="userid" SIZE="8">
</TD>
</TR>
<TR>
<TH WIDTH="18%" ALIGN="RIGHT" NOWRAP>Password</TH>
<TD WIDTH="82%" NOWRAP>

<INPUT TYPE="PASSWORD" NAME="userpassword" SIZE="8">
</TD>
</TR>
<TR>
<TD WIDTH="100%" COLSPAN="2" ALIGN="CENTER" NOWRAP>
<INPUT TYPE="SUBMIT" VALUE="LOGIN" NAME="Submit">
</TD>
</TR>
</TABLE>
</CENTER></DIV>
</FORM>
</BODY>
</HTML>
<?
}

if(!isset($userid))
{
login_form();
exit;
}
else
{
session_register("userid", "userpassword");
$username = auth_user($userid, $userpassword);
if(!$username)
{
session_unregister("userid");

session_unregister("userpassword");
echo "Authorization failed. " .
"You must enter a valid userid and password combo. " .
"Click on the following link to try again.<BR>\n";
echo "<A HREF=\"$PHP_SELF\">Login</A><BR>";
echo "If you're not a member yet, click " .
"on the following link to register.<BR>\n";
echo "<A HREF=\"$register_script\">Membership</A>";
exit;
}
else echo "Welcome, $username!";
}
?>

Nightfire
01-18-2004, 12:09 PM
The code you copied is quite old now. You should be using the super globals :) eg

$PHP_SELF should be $_SERVER['PHP_SELF']
$userid should be $_POST['userid']
$userpassword should be $_POST['userpassword']
session_register should be $_SESSION

session_unregister doesn't exist anymore, should do this

$_SESSION['userid'] = array();
session_destroy();



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum