joshh131 Posted October 31, 2010 Share Posted October 31, 2010 I'm new to this forum, and PHP in general. So, hello to everyone! I'm having a problem verifying whether or not my authentication script works. I'm not new to programming...just PHP. Here it is.. <?php //check if user is already logged in if(isset($_session['username'])) { //init database information $db_server = ""; $db_user = ""; $db_password = ""; $db_name = ""; //connect to the database $connection = mysql_connect($db_server, $db_user, $db_password); if(!$connection) { die('Failed to connect: ' . mysql_error()); } mysql_select_db($db_name, $connection); //verify login information $username = $_POST['username']; $password = $_POST['password']; $query = mysql_query("SELECT * FROM users WHERE username='$username'"); if($query) { $array = mysql_fetch_array($query); if($_POST['password'] = $array['password']) { $_session['username'] = $array['username']; $_session['email'] = $array['email']; $_session['user_level'] = $array['user_level']; $_session['ip'] = $array['ip']; $_session['date_registered'] = $array['date_registered']; echo $_session['username']; } else { echo 'Bad Login Information!'; } } else { die('Failed to login: ' . mysql_error()); } } ?> <form action="auth.php" method="post"> <input name="username" type="text" size="20" maxlength="16"> <input name="password" type="text" size="20" maxlength="20"> <input name="submit" type="submit" value="Submit"> </form> Quote Link to comment Share on other sites More sharing options...
rwwd Posted October 31, 2010 Share Posted October 31, 2010 Sanitise that incoming $_POST data if your using it directly into an sql statement, and for your login logic, you need to see if any rows get returned if you check the username and password, then check that that result returns a row by using mysql_num_rows() and if it's more than 0, you have a match, then you can carry on from there and assign the values in that 'success' clause.. Hope that makes some sense... Rw Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted October 31, 2010 Share Posted October 31, 2010 Php variables are case-sensitive and $_SESSION is all upper-case. You also need a session_start(); statement on any page that sets or references a $_SESSION variable, before any $_SESSION variables. Quote Link to comment Share on other sites More sharing options...
gevans Posted October 31, 2010 Share Posted October 31, 2010 Also it looks like you're checking if a user is logged in, and if they are allowing them to login again, whereas users that are not logged in willnot be able to attempt as the session username will not be set; if(isset($_SESSION['username'])) Quote Link to comment Share on other sites More sharing options...
joshh131 Posted October 31, 2010 Author Share Posted October 31, 2010 Thank you all for the help! The solution was right at the beginning...lol. Forgot a ! before isset... Thank you again! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.