my login script - Dev Articles

Dev Articles Community Forums Sponsor:

November 6th, 2002, 06:43 AM

wAr-AnGeL

Forum Security

Join Date: Apr 2002

Location: Behind You

Posts: 479

Time spent in forums: 6 m 50 sec
Reputation Power: 7

my login script

i know alot of people are wondering on how to make a password protected members area. here's a login script that you can use to verify a user's username & password against the database. it was derived from many other scripts. i have removed some parts like setting cookies... etc. enjoy

PHP Code:


		
			
<?php

ob_start();

mysql_connect("host", "username", "password");

mysql_select_db("db");



global $HTTP_POST_VARS;

$username = $_POST["username"];

$password = $_POST["password"];



$auth = authenticate($username, $password);



// username/password correct

if($auth == 1) {

                 // redirect to members page

    header("Location: loggedin.php");

        

}



else

// username/password wrong

{

    // redirect to error page

    header("Location: [url]http://url.com[/url]");

    

}

ob_end_flush();



function authenticate($username, $password) {

    $sql = "SELECT * FROM usersTable WHERE username = '$username' AND user_password = md5('$password')";

    $query = mysql_query($sql);



    if(mysql_num_rows($query) == 1)

        return 1;

    else

        return 0;

}

?>

hope the copy & paste worked right. if it doesnt work tell me, i probably pasted something wrong.

__________________

"Only Linux users see the end of crashes."
- Pl4t0

November 6th, 2002, 08:02 AM

Lindset

weirdomoderator

Join Date: Jun 2002

Location: Alta, Norway

Posts: 370

Time spent in forums: < 1 sec
Reputation Power: 7

Nice

You don't need the line 'global $HTTP_POST_VARS;', though

and instead of having the multiline if structure at the end of the array, you could use this type of conditional

PHP Code:


		
			
return mysql_num_rows($query) ? true : false;

At least I think that's nicer

oh, and after the header() functions, you might want to exit;.. because I think it's possible to for example write a client that ignores Location headers

I found an error in this line: (I'm guessing that error got in while making it ready for posting)

header("Location: <a href="http://url.com" target="_blank">http://url.com</a>");

change it to

header('Location: <a href="http://url.com" target="_blank">http://url.com</a>');

or

header("Location: <a href=\"http://url.com\" target=\"_blank\">http://url.com</a>");

(I prefer the first one)

__________________
Best Regards,
Håvard Lindset

November 6th, 2002, 11:58 AM

jpenn

Contributing User

Join Date: Oct 2002

Location: Washington, DC

Posts: 317

Time spent in forums: 2 m 3 sec
Reputation Power: 6

Just a question -> why are you using '$HTTP_POST_VARS' which is now depreciated?

__________________
~ Joe Penn

We work for free to help make this a valuable resource on the internet. Do you appreciate the help - did we provide help that will help you prosper and help that has contributed to sharpening your current skill set?

Show your appreciation and purchase something from our Amazon Wishlist's - it's simple and a great way to say thank you.

November 6th, 2002, 12:48 PM

infamous-online

Moderator

Join Date: Apr 2002

Posts: 404

Time spent in forums: 1 Day 24 m 44 sec
Reputation Power: 7

please guys don't bash me but how does this exactly work. i want to know exactly what does this script do.

again don't bash me...

__________________
Apache Expert

November 6th, 2002, 02:08 PM

Lindset

weirdomoderator

Join Date: Jun 2002

Location: Alta, Norway

Posts: 370

Time spent in forums: < 1 sec
Reputation Power: 7

Quote:

Originally posted by jpenn
Just a question -> why are you using '$HTTP_POST_VARS' which is now depreciated?

he's not actually using it, he's just declaring it as a global variable.. as I pointed out in the post above

btw, what's that xuldeveloper going to be?

November 6th, 2002, 04:15 PM

jpenn

Contributing User

Join Date: Oct 2002

Location: Washington, DC

Posts: 317

Time spent in forums: 2 m 3 sec
Reputation Power: 6

Quote:

he's not actually using it, he's just declaring it as a global variable.. as I pointed out in the post above

Well, thats pretty much what I meant - why is it in his code as that syntax when it is depreciated - sorry, should of asked the question as that.......

November 6th, 2002, 05:38 PM

wAr-AnGeL

Forum Security

Join Date: Apr 2002

Location: Behind You

Posts: 479

Time spent in forums: 6 m 50 sec
Reputation Power: 7

Quote:

Originally posted by jpenn
Just a question -> why are you using '$HTTP_POST_VARS' which is now depreciated?

my server is weird. if use $_POST without declaring $HTTP_POST_VARS global it won't work.

as for the header error, yes it was an error

i think dreamweaver automatically changed it into html format. it's originally: header("Location: http://url.com");

November 6th, 2002, 07:18 PM

Ben Rowe

Guest

Posts: n/a
Time spent in forums:
Reputation Power:

Im currently writing a 6 part series on creating a members area, make sure to keep an eye out for it, its going to be huge

November 7th, 2002, 01:12 AM

Lindset

weirdomoderator

Join Date: Jun 2002

Location: Alta, Norway

Posts: 370

Time spent in forums: < 1 sec
Reputation Power: 7

Quote:

Originally posted by wAr-AnGeL

my server is weird. if use $_POST without declaring $HTTP_POST_VARS global it won't work.

as for the header error, yes it was an error i think dreamweaver automatically changed it into html format. it's originally: header("Location: http://url.com");

yeah, that is weird.. $_POST is a "superglobal" array, and should be available in all scopes

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread: