Hey guys, here is some code for a password security measure in a
website:
<?php
session_start() ;
$errorMessage = '';
if (isset($_POST['username']) && isset($_POST['password'])) {
if ($_POST['username'] === 'steven' && $_POST['password'] ===
'crocker') {
$_SESSION['basic_is_logge d_in'] = true;
header('Locatio n: http://users.cs.cf.ac. uk/S.J.Crocker/search.php');
} else {
$errorMessage = 'Sorry, wrong user id / password';
echo $errorMessage;
}
}
?>
The problem is, when i enter 'steven' as the username and 'crocker' as
the password.. nothing happerns, it should go to
"http://users.cs.cf.ac. uk/S.J.Crocker/search.php" but it remains on the
password enter screen. The error message works however, any idea where
im going wrong??
Cheers
Steve 14 3192
Why are you using three equal signs?
The following is enough:
if(($_POST['username'] == 'steven') && ($_POST['password'] ==
'crocker'))
"student_st eve" <gi*********@ho tmail.com> wrote in message
news:11******** **************@ i40g2000cwc.goo glegroups.com.. . Hey guys, here is some code for a password security measure in a website:
<?php session_start() ; $errorMessage = ''; if (isset($_POST['username']) && isset($_POST['password'])) { if ($_POST['username'] === 'steven' && $_POST['password'] === 'crocker') { $_SESSION['basic_is_logge d_in'] = true; header('Locatio n: http://users.cs.cf.ac. uk/S.J.Crocker/search.php');
} else { $errorMessage = 'Sorry, wrong user id / password'; echo $errorMessage; } } ?>
The problem is, when i enter 'steven' as the username and 'crocker' as the password.. nothing happerns, it should go to "http://users.cs.cf.ac. uk/S.J.Crocker/search.php" but it remains on the password enter screen. The error message works however, any idea where im going wrong??
Have you checked that the session is being set correctly? Are you sure it's
actually working as expected?
Also, as you are using sessions, you should call session_write_c lose()
before you call header("locatio n:...") - not doing so can cause serious
problems on some platforms.
Cheers Steve
dave
"d" <d@example.co m> wrote in message
news:KG******** **********@text .news.blueyonde r.co.uk...
<snip> Also, as you are using sessions, you should call session_write_c lose() before you call header("locatio n:...") - not doing so can cause serious problems on some platforms.
Dave,
Sorry to hijack the thread, but why would not calling session_write_c lose()
cause a problem on some platforms?
Cheers,
Rich (Still learning) pi************@ hotmail.com wrote: Why are you using three equal signs?
The following is enough: if(($_POST['username'] == 'steven') && ($_POST['password'] == 'crocker'))
Three equal signs checks to ensure they are both the same type and the
same value.
Otherwise you can have the potential problem of the user entering a zero
for username and password. PHP could then try to compare as integers
instead of strings - and convert 'steven' and 'crocker' to zero. The
comparison would then be true.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
On Wed, 15 Mar 2006 16:13:29 GMT, student_steve posted in comp.lang.php: Hey guys, here is some code for a password security measure in a website:
<?php session_start() ; $errorMessage = ''; if (isset($_POST['username']) && isset($_POST['password'])) { if ($_POST['username'] === 'steven' && $_POST['password'] === 'crocker') { $_SESSION['basic_is_logge d_in'] = true; header('Locatio n: http://users.cs.cf.ac. uk/S.J.Crocker/search.php');
} else { $errorMessage = 'Sorry, wrong user id / password'; echo $errorMessage; } } ?>
The problem is, when i enter 'steven' as the username and 'crocker' as the password.. nothing happerns, it should go to "http://users.cs.cf.ac. uk/S.J.Crocker/search.php" but it remains on the password enter screen. The error message works however, any idea where im going wrong??
Correct me if I'm wrong (relatively new to PHP), but don't you need to exit()
immediately after a redirect?
header('Locatio n: http://users.cs.cf.ac. uk/S.J.Crocker/search.php');
exit();
} else {
--
Mark A. Boyd
Keep-On-Learnin' :)
No, you don't. I don't see why you would need to, except for perhaps
exit() causing any buffers to flush, thus sending the headers to the
client.
On Thu, 16 Mar 2006 05:27:29 GMT, Richard Levasseur posted in comp.lang.php: No, you don't. I don't see why you would need to, except for perhaps exit() causing any buffers to flush, thus sending the headers to the client.
Thanks for the correction. I'm not sure what gave me that impression.
--
Mark A. Boyd
Keep-On-Learnin' :)
"Rich" <rf****@gmail.c om> wrote in message
news:RZ******** **********@text .news.blueyonde r.co.uk... "d" <d@example.co m> wrote in message news:KG******** **********@text .news.blueyonde r.co.uk... <snip> Also, as you are using sessions, you should call session_write_c lose() before you call header("locatio n:...") - not doing so can cause serious problems on some platforms.
Dave,
Sorry to hijack the thread, but why would not calling session_write_c lose() cause a problem on some platforms?
Cheers, Rich (Still learning)
No problem :)
Due to the way PHP's default session handler locks the session data file, if
the browser is re-directed to the new page *before* closing the connection
to the current script, the second script will be waiting for the first
script to close, and the first script is (apparently) not closed until the
second one is loaded. Essentially, I found that nearly all mac clients
would hang on issuing a Location: header. As soon as I added that command,
the problems disappeared. Windows was never affected, btw.
dave
"Mark A. Boyd" <mb****@sanDotr r.com.invalid> wrote in message
news:Xn******** *************** *********@66.75 .164.120... On Thu, 16 Mar 2006 05:27:29 GMT, Richard Levasseur posted in comp.lang.php:
No, you don't. I don't see why you would need to, except for perhaps exit() causing any buffers to flush, thus sending the headers to the client. Thanks for the correction. I'm not sure what gave me that impression.
I was under the same impression, but I think that's just because it makes
sense to not output any content that the browser isn't going to render :-P -- Mark A. Boyd Keep-On-Learnin' :) This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Adams-Blake Co. |
last post by:
I want to allow the user to enter her own username and password.
I want to validate the password the way lots of programs do.... that it has
to be:
- 6 or more characters.
- must be at least one upper and one lower case letter in the password.
- must be at least one number in the password.
|
by: John Victor |
last post by:
In my mysql database, I've stored all the passwords using the PASSWORD()
function. Now I'm running a test and need to compare the password in my php
document to that saved in the database. I used the string
"Select name From users Where password = PASSWORD('$testPass')"
and ran mysql_query() using the string. But nothing was returned. So I
decided to run a test and try to change a password from my php page using
the string
|
by: joltman |
last post by:
We're working on an intranet site where we will require user's to only
be able to access their own page in some instances. Rather than
introducing another password to the mix, we were thinking about seeing
if we could use the same credentials (username and password) as their
linux credentials. The web site will be running off of the same machine
that we want to access the credentials on.
Thanx!
-joltman
|
by: Frederick |
last post by:
Hi,
I am using ADAM as my Data Store for my web application and although this
seems to be fine when using windows authentication with my local account when
I try to create a new user and use this to log on to the adam instance an
exception with the following message is thrown "Logon Failure: unknown
username or bad password"
I set up the user in the ADAM instance and have assigned this user as a
member of the Administrators group. I...
|
by: nikou_70 |
last post by:
I have a problem with ("auth_user") in asp,I try to use windows
username and password in asp page for limitation user access to pages,
but this server variable returns empty string, can you help me ,I
appreciate it.
| |
by: Afshar |
last post by:
Hi everybody there,
I have a special Login page that wants users to enter 3 passwords
rather than a single password. But can't do it with Login control. I
tried following scenarios:
1. Put an Login in the page and set its Visible = False instead put my
own username and 3 password on the form. Then I checked 2nd and 3rd
password seperately and passed username and password to Login control
via its Username and Password properties but...
|
by: Sheik Ishmael |
last post by:
Hi, I'm trying to get password recognition calling data froma table
called users('user_name' and 'user_password' using the below (bottom
of page) code.
However, I get the following warning from my browser
"Parse error: parse error, unexpected ';' in /data/members/paid/g/l/
glastonburytv.eu/htdocs/www/check_password.php3 on line 19
This is the line I have replaced my password with "MY PASSWORD"
|
by: 3srt |
last post by:
Hello.
I am still relatively new to perl and have hit a few bumps along my way to finishing my program. Some background to my question: There are two files: info.html and run.cgi. A user navigates to http://www.mysite.com/info.html and enters a user ID. The user ID is given to run.cgi, which creates a temporary, random password on a remote server. I output the userID, the time of the request, and the server name to a log file.
...
|
by: Vasuki Masilamani |
last post by:
Hi, Please find the simple code below for checking password.
<HTML>
<Body>
<h2>Checking the Password</h2><br><hr>
<Form name=form1>
Enter the Password:
<Input type=password name=text1>
<br>
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |