"koolyio" <kmfa18@hotmail.com> wrote in message
news:5929c25b.0404211816.72b2e5a@posting.google.co m...[color=blue]
> Hey, could you please tell me what is wrong with my login script. I
> just started learning php.
> CODE:
>
> login.php
>
> <?
> session_start();
> header("Cache-Control: private");
> ?>
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
>
> <html>
> <head>
> <title>Please Login</title>
> </head>
> <body>
> <form action="script.php" method="get">
> <table summary="Login Table">
> <tr>
> <td>username:</td>
> <td><input type="text" name="login"></td>
> </tr>
> <tr>
> <td>password:</td>
> <td><input type="password" name="pass"></td>
> </tr>
> <tr>
> <td><input type="submit" value="login"></td>
> </tr>
> </table>
>
> </body>
> </html>
>
> script.php
>
> <?
> session_start(); //start session
> header("Cache-Control: private");
> if (!$_GET["login"] || !$_GET["login"])
> {
> print<<<END
> I'm sorry, but your not logged in or there was an error logging you[/color]
"you're".
[color=blue]
> in. Please<br>
> <a href="login.php">go here</a> to try again. Sorry for any
> inconvienince.
> END;
> }
> else
> {
> //register session variable: 'login' and 'pass'
> $_SESSION["login"] = $_GET["login"];
> $_SESSION["pass"] = $_GET["pass"];
> if ($_SESSION["login"] == "Koolyio" && $_SESSION["pass"] == "wow")[/color]
I'm hoping that, one day, this goes to a database or something with md5()'d
passwords. 8)
[color=blue]
> //if credentials are true
> {
> $_SESSION["access"] = true;
> }
> else
> {
> $_SESSION["access"] = false;
> }
> }
> if ($_SESSION["access"] == true)
> {
> print<<<END
> <html>
> <script language="JavaScript" type="text/javascript">
> <!--
> location.href = "main.php";
> //-->
> </script>
> <noscript>Sorry, but your browser doesn't support JavaScript, ergo you
> cannot
> login</noscript></html>
> END;
> }
> else
> {
> print<<<END;[/color]
Semicolon is wrong here - heredoc not only doesn't require them, it breaks
it. But you know that, because you got it right elsewhere.
[color=blue]
> I'm sorry, but one or more of the credentials you supplied were
> incorrect. Please
> try to login again <a href="login.php">here</a>.
> END;[/color]
Missing } here.
[color=blue]
> ?>
>
>
> logout.php
>
> <?
> session_start(); //start session
> header("Cache-Control: private");
> if ($_SESSION["access"] == true)
> {
> $_SESSION = array();
> session_destroy();
> print("<a href=/"login.php/">log in</a>[/color]
Aside from the lack of a closing quote, bracket and semi-colon, /" is wrong,
use \" to escape double quotes. Better still, put your quoted string in
single quotes and use the unescaped version (since you don't have any
variable substitution in there).
[color=blue]
> }
> ?>
>
>
> main.php
>
> <?
> session_start(); //start session
> header("Cache-Control: private");
> if ($_SESSION["access"] == true)
> {
> print<<<END
>
> <html>
> <head>
> <title>Members Only</title>
> </head>
> <body>
> You have succesfully logged in. You can now <a href="logout.php">log
> out</a>
> </body>
> </html>
> END;
> }
> else
> {
> print<<<END
> Sorry, You have not logged in correctly. Please try again <a
> href="login.php">here</a>.
> END;
> }
> ?>[/color]
See embedded comments. I'm sure there's more than I found, but I got it
working at least.
For forms, use method="POST" unless you want your username and password of
your failed attempts appearing in your browser's address history. Then use
$_POST instead of $_GET (or better yet, $_REQUEST).
Otherwise, nice first attempt, and I'm pleased you produced a simple example
(no functions or classes, globals that aren't superglobals, databases, etc)
to reduce the problem set.
Garp
