Page 2 - Login page help

Sara_lauren,

That's the reason you're not able to authorize any user. Because your passwords are stored as text and you're verifying using the PASSWORD() function, you will never have two identical strings. I would take ramz advice and use the PASSWORD() function for both INSERT and SELECT queries.

Sara_Laren,

i've noticed all the scripts you've posted include this:

$connection = @mysql_connect("localhost", "root", "") or die(mysql_error());

can i recommend not using the root account for regular access to the database? root access has a lot of privileges that the average php page probably doesn't need, and thus is a HUGE security risk.

Speaking of HUGE security risks, I'd also recommend added a password to the root account. From the sounds of it, you're not entirely confident with MySQL, to be honest I'm not either. But there's many good references to adding alternate users, and changing passwords.

How to make SQL secure against crackers:
http://www.mysql.com/doc/en/Security.html

Try this for adding new users (from the MySQL manual):
http://www.mysql.com/doc/en/Adding_users.html

My two cents.

Hi all! I finished the login and it's working properly as well!
Now I just need to edit it so that when someone logs in they can go to their 'personal' page. I think I just need to put in like some sort of headers to the specific pages.I'll figure it out anyway...hehe hopefully

Thanks a lot

sara_lauren,

Try this:


Please note that the usernames and pages are fictive.
A better solution would be to store the page, the user has to be directed to, in the user database as well. This realy pays off when you have to deal with a lot of users.

Good luck,

Or, you could modify the index file to dynamically regenerate itself based on the userlevel of the person logging in, and you can also put a switch statement in to generate the content based on either the login name or userid, whichever you are using

That's what I'm planning for my site, it's not up and running yet because I have basically no time right now with work and school.. but it's getting there..

Dynamic pages are alot more fun to write IMHO than static ones

And as for the headers, sara_lauren, you could build a custom header and then at the start of your page use a conditional statement depending on what page they are viewing to load that include file.. for example, some code from my site:



Something like that at the top of your page could do the trick, it would let you set independent banners <the html code is in the include files for the banners> for each page, and give the illusion of being on different pages when they are truely on the main index page.. the pageMethod could be passed like this:

http://www.yoururl.com/?pageMethod=feedback

just another option you have

- Justin

Hi all!

I've decided to use cookies for the personal pages of those who login.

I've tried this code from a book and guess what?....it's not working!

Please tell me what's wrong with it:

<?php

if ($_COOKIE[auth] == "ok") {

$msg = "<P>Welcome to secret page A, authorized user!</p>";

} else {

header( "Location: http://localhost/PatientsFront.html");
exit;
}

?>

<HTML>
<HEAD>
<TITLE>Secret Page A</TITLE>
</HEAD>
<BODY>

<? echo "$msg"; ?>

</BODY>
</HTML>


This is where I set the cookie values:

if ($num != 0) {
$cookie_name ="auth";
$cookie_value ="ok";
$cookie_expire ="0";
$cookie_domain ="localhost";

setcookie($cookie_name,$cookie_value,$cookie_expir e,"/", $cookie_domain,0);

$display_block ="
<p><strong>Secret Menu:</strong></p>
<ul>
<li><a href=\"secretA.php\">secret page A</a>
<li><a href=\"secretB.php\">secret page B</a>
</ul>";
}.....


I don't know where the problem is...When I click the "secretA.php" link after being authorised it takes me back to the login page again. Are the cookie values not being recorded?

PLEASE help me out

sara_lauren,

Setting 'cookies' must be done before outputting any information to the browser, like with the 'headers'.

See also http://www.php.net/manual/en/function.setcookie.php for additional information

Tip: Start this question as a new thread.

Regards,
Arjon