Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New to the CF scene
    Join Date
    Jan 2004
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts

    login script problem

    i have a login.php that will check the authentication of the user.
    however, when i type a wrong userid and password or a real userid and password,
    it just refresh the page.
    Please tell me what's wrong with it.i follow the example from the wrox beginning php book.

    <?php
    session_start();
    include "common_db.inc";


    function auth_user($userid, $userpassword)
    {
    $query = "SELECT emp_id FROM user WHERE userid = '$userid' AND userpassword = password('$userpassword')";
    $result = mysql_query($query);
    if(!mysql_num_rows($result))
    return 0;
    else
    {
    $query_data = mysql_fetch_row($result);
    return $query_data[0];
    }
    }

    function login_form()
    {
    global $PHP_SELF;
    ?>
    <HTML>
    <HEAD>
    <TITLE>Login</TITLE>
    </HEAD>
    <BODY>
    <FORM METHOD="POST" ACTION="<? echo $PHP_SELF ?>">
    <DIV ALIGN="CENTER"><CENTER>
    <H3>Please log in to access the page you requested.</H3>
    <TABLE BORDER="1" WIDTH="200" CELLPADDING="2">
    <TR>
    <TH WIDTH="18%" ALIGN="RIGHT" NOWRAP>ID</TH>
    <TD WIDTH="82%" NOWRAP>
    <INPUT TYPE="TEXT" NAME="userid" SIZE="8">
    </TD>
    </TR>
    <TR>
    <TH WIDTH="18%" ALIGN="RIGHT" NOWRAP>Password</TH>
    <TD WIDTH="82%" NOWRAP>

    <INPUT TYPE="PASSWORD" NAME="userpassword" SIZE="8">
    </TD>
    </TR>
    <TR>
    <TD WIDTH="100%" COLSPAN="2" ALIGN="CENTER" NOWRAP>
    <INPUT TYPE="SUBMIT" VALUE="LOGIN" NAME="Submit">
    </TD>
    </TR>
    </TABLE>
    </CENTER></DIV>
    </FORM>
    </BODY>
    </HTML>
    <?
    }

    if(!isset($userid))
    {
    login_form();
    exit;
    }
    else
    {
    session_register("userid", "userpassword");
    $username = auth_user($userid, $userpassword);
    if(!$username)
    {
    session_unregister("userid");

    session_unregister("userpassword");
    echo "Authorization failed. " .
    "You must enter a valid userid and password combo. " .
    "Click on the following link to try again.<BR>\n";
    echo "<A HREF=\"$PHP_SELF\">Login</A><BR>";
    echo "If you're not a member yet, click " .
    "on the following link to register.<BR>\n";
    echo "<A HREF=\"$register_script\">Membership</A>";
    exit;
    }
    else echo "Welcome, $username!";
    }
    ?>

  • #2
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,266
    Thanks
    6
    Thanked 48 Times in 48 Posts
    The code you copied is quite old now. You should be using the super globals eg

    $PHP_SELF should be $_SERVER['PHP_SELF']
    $userid should be $_POST['userid']
    $userpassword should be $_POST['userpassword']
    session_register should be $_SESSION

    session_unregister doesn't exist anymore, should do this

    $_SESSION['userid'] = array();
    session_destroy();


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •