Hey guys, here is some code for a password security measure in a
website:
<?php
session_start();
$errorMessage = '';
if (isset($_POST['username']) && isset($_POST['password'])) {
if ($_POST['username'] === 'steven' && $_POST['password'] ===
'crocker') {
$_SESSION['basic_is_logged_in'] = true;
header('Location: http://users.cs.cf.ac.uk/S.J.Crocker/search.php');
} else {
$errorMessage = 'Sorry, wrong user id / password';
echo $errorMessage;
}
}
?>
The problem is, when i enter 'steven' as the username and 'crocker' as
the password.. nothing happerns, it should go to
"http://users.cs.cf.ac.uk/S.J.Crocker/search.php" but it remains on the
password enter screen. The error message works however, any idea where
im going wrong??
Cheers
Steve
14  3179 
Why are you using three equal signs?
The following is enough:
if(($_POST['username'] == 'steven') && ($_POST['password'] ==
'crocker'))
"student_steve" <gi*********@hotmail.com> wrote in message
news:11**********************@i40g2000cwc.googlegr oups.com... Hey guys, here is some code for a password security measure in a
website:
<?php
session_start();
$errorMessage = '';
if (isset($_POST['username']) && isset($_POST['password'])) {
if ($_POST['username'] === 'steven' && $_POST['password'] ===
'crocker') {
$_SESSION['basic_is_logged_in'] = true;
header('Location: http://users.cs.cf.ac.uk/S.J.Crocker/search.php');
} else {
$errorMessage = 'Sorry, wrong user id / password';
echo $errorMessage;
}
}
?>
The problem is, when i enter 'steven' as the username and 'crocker' as
the password.. nothing happerns, it should go to
"http://users.cs.cf.ac.uk/S.J.Crocker/search.php" but it remains on the
password enter screen. The error message works however, any idea where
im going wrong??
Have you checked that the session is being set correctly? Are you sure it's
actually working as expected?
Also, as you are using sessions, you should call session_write_close()
before you call header("location:...") - not doing so can cause serious
problems on some platforms.
Cheers
Steve
dave
"d" <d@example.com> wrote in message
news:KG******************@text.news.blueyonder.co. uk...
<snip> Also, as you are using sessions, you should call session_write_close()
before you call header("location:...") - not doing so can cause serious
problems on some platforms.
Dave,
Sorry to hijack the thread, but why would not calling session_write_close()
cause a problem on some platforms?
Cheers,
Rich (Still learning) pi************@hotmail.com wrote: Why are you using three equal signs?
The following is enough:
if(($_POST['username'] == 'steven') && ($_POST['password'] ==
'crocker'))
Three equal signs checks to ensure they are both the same type and the
same value.
Otherwise you can have the potential problem of the user entering a zero
for username and password. PHP could then try to compare as integers
instead of strings - and convert 'steven' and 'crocker' to zero. The
comparison would then be true.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
On Wed, 15 Mar 2006 16:13:29 GMT, student_steve posted in comp.lang.php: Hey guys, here is some code for a password security measure in a
website:
<?php
session_start();
$errorMessage = '';
if (isset($_POST['username']) && isset($_POST['password'])) {
if ($_POST['username'] === 'steven' && $_POST['password'] ===
'crocker') {
$_SESSION['basic_is_logged_in'] = true;
header('Location: http://users.cs.cf.ac.uk/S.J.Crocker/search.php');
} else {
$errorMessage = 'Sorry, wrong user id / password';
echo $errorMessage;
}
}
?>
The problem is, when i enter 'steven' as the username and 'crocker' as
the password.. nothing happerns, it should go to
"http://users.cs.cf.ac.uk/S.J.Crocker/search.php" but it remains on the
password enter screen. The error message works however, any idea where
im going wrong??
Correct me if I'm wrong (relatively new to PHP), but don't you need to exit()
immediately after a redirect?
header('Location: http://users.cs.cf.ac.uk/S.J.Crocker/search.php');
exit();
} else {
--
Mark A. Boyd
Keep-On-Learnin' :)
No, you don't. I don't see why you would need to, except for perhaps
exit() causing any buffers to flush, thus sending the headers to the
client.
On Thu, 16 Mar 2006 05:27:29 GMT, Richard Levasseur posted in comp.lang.php: No, you don't. I don't see why you would need to, except for perhaps
exit() causing any buffers to flush, thus sending the headers to the
client.
Thanks for the correction. I'm not sure what gave me that impression.
--
Mark A. Boyd
Keep-On-Learnin' :)
"Rich" <rf****@gmail.com> wrote in message
news:RZ******************@text.news.blueyonder.co. uk... "d" <d@example.com> wrote in message
news:KG******************@text.news.blueyonder.co. uk...
<snip> Also, as you are using sessions, you should call session_write_close()
before you call header("location:...") - not doing so can cause serious
problems on some platforms.
Dave,
Sorry to hijack the thread, but why would not calling
session_write_close() cause a problem on some platforms?
Cheers,
Rich (Still learning)
No problem :)
Due to the way PHP's default session handler locks the session data file, if
the browser is re-directed to the new page *before* closing the connection
to the current script, the second script will be waiting for the first
script to close, and the first script is (apparently) not closed until the
second one is loaded. Essentially, I found that nearly all mac clients
would hang on issuing a Location: header. As soon as I added that command,
the problems disappeared. Windows was never affected, btw.
dave
"Mark A. Boyd" <mb****@sanDotrr.com.invalid> wrote in message
news:Xn********************************@66.75.164. 120... On Thu, 16 Mar 2006 05:27:29 GMT, Richard Levasseur posted in
comp.lang.php:
No, you don't. I don't see why you would need to, except for perhaps
exit() causing any buffers to flush, thus sending the headers to the
client.
Thanks for the correction. I'm not sure what gave me that impression.
I was under the same impression, but I think that's just because it makes
sense to not output any content that the browser isn't going to render :-P
--
Mark A. Boyd
Keep-On-Learnin' :)
Jerry Stuckle wrote: pi************@hotmail.com wrote: Why are you using three equal signs?
The following is enough:
if(($_POST['username'] == 'steven') && ($_POST['password'] ==
'crocker'))
Three equal signs checks to ensure they are both the same type and the
same value.
Otherwise you can have the potential problem of the user entering a zero
for username and password. PHP could then try to compare as integers
instead of strings - and convert 'steven' and 'crocker' to zero. The
comparison would then be true.
But because $_POST["username"] is a string, and 'steven' is a string, a
string comparison will be done with ==, and the problem you mention with
a numeric comparison won't happen, right? I just tried some PHP code
with a simple variable ($str) in place of $_POST["username"] set to "0",
and a string comparison is done.
Steve Chapel wrote: Jerry Stuckle wrote:
pi************@hotmail.com wrote:
Why are you using three equal signs?
The following is enough:
if(($_POST['username'] == 'steven') && ($_POST['password'] ==
'crocker'))
Three equal signs checks to ensure they are both the same type and the
same value.
Otherwise you can have the potential problem of the user entering a
zero for username and password. PHP could then try to compare as
integers instead of strings - and convert 'steven' and 'crocker' to
zero. The comparison would then be true.
But because $_POST["username"] is a string, and 'steven' is a string, a
string comparison will be done with ==, and the problem you mention with
a numeric comparison won't happen, right? I just tried some PHP code
with a simple variable ($str) in place of $_POST["username"] set to "0",
and a string comparison is done.
Steve,
In this particular example, that's true - it will compare OK, at current
versions of PHP. But it's still a good habit to get into.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
"Jerry Stuckle" <js*******@attglobal.net> wrote in message
news:tf********************@comcast.com... Steve Chapel wrote: Jerry Stuckle wrote:
pi************@hotmail.com wrote:
Why are you using three equal signs?
The following is enough:
if(($_POST['username'] == 'steven') && ($_POST['password'] ==
'crocker'))
Three equal signs checks to ensure they are both the same type and the
same value.
Otherwise you can have the potential problem of the user entering a zero
for username and password. PHP could then try to compare as integers
instead of strings - and convert 'steven' and 'crocker' to zero. The
comparison would then be true.
But because $_POST["username"] is a string, and 'steven' is a string, a
string comparison will be done with ==, and the problem you mention with
a numeric comparison won't happen, right? I just tried some PHP code with
a simple variable ($str) in place of $_POST["username"] set to "0", and a
string comparison is done.
Steve,
In this particular example, that's true - it will compare OK, at current
versions of PHP. But it's still a good habit to get into.
Maybe it is the "C" (and Java) in me, but I always compare with
if (!strcmp(first, second))
or strcasecmp. That way I am always sure I am comparing the contents of
strings. (Am I wasting my effort?)
Shelly
Shelly wrote: "Jerry Stuckle" <js*******@attglobal.net> wrote in message
news:tf********************@comcast.com...
Steve Chapel wrote:
Jerry Stuckle wrote:
pi************@hotmail.com wrote:
>Why are you using three equal signs?
>
>The following is enough:
>if(($_POST['username'] == 'steven') && ($_POST['password'] ==
>'crocker'))
>
Three equal signs checks to ensure they are both the same type and the
same value.
Otherwise you can have the potential problem of the user entering a zero
for username and password. PHP could then try to compare as integers
instead of strings - and convert 'steven' and 'crocker' to zero. The
comparison would then be true.
But because $_POST["username"] is a string, and 'steven' is a string, a
string comparison will be done with ==, and the problem you mention with
a numeric comparison won't happen, right? I just tried some PHP code with
a simple variable ($str) in place of $_POST["username"] set to "0", and a
string comparison is done.
Steve,
In this particular example, that's true - it will compare OK, at current
versions of PHP. But it's still a good habit to get into.
Maybe it is the "C" (and Java) in me, but I always compare with
if (!strcmp(first, second))
or strcasecmp. That way I am always sure I am comparing the contents of
strings. (Am I wasting my effort?)
Shelly
Shelly,
$first === $second
does the same thing.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
Well, I'm calling die() after header("Location: ..."). A script is
supposed to not to continue in executing, if I'm redirecting client
somewhere else, but it does. Calling of die() this excecution stops and
that's what you probably want if you're redirecting client.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Adams-Blake Co. |
last post by:
I want to allow the user to enter her own username and password.
I want to validate the password the way lots of programs do.... that it has
to be:
- 6 or more characters.
- must be at...
|
by: John Victor |
last post by:
In my mysql database, I've stored all the passwords using the PASSWORD()
function. Now I'm running a test and need to compare the password in my php
document to that saved in the database. I used...
|
by: joltman |
last post by:
We're working on an intranet site where we will require user's to only
be able to access their own page in some instances. Rather than
introducing another password to the mix, we were thinking...
|
by: Frederick |
last post by:
Hi,
I am using ADAM as my Data Store for my web application and although this
seems to be fine when using windows authentication with my local account when
I try to create a new user and use...
|
by: nikou_70 |
last post by:
I have a problem with ("auth_user") in asp,I try to use windows
username and password in asp page for limitation user access to pages,
but this server variable returns empty string, can you help me...
|
by: Afshar |
last post by:
Hi everybody there,
I have a special Login page that wants users to enter 3 passwords
rather than a single password. But can't do it with Login control. I
tried following scenarios:
1. Put an...
|
by: Sheik Ishmael |
last post by:
Hi, I'm trying to get password recognition calling data froma table
called users('user_name' and 'user_password' using the below (bottom
of page) code.
However, I get the following warning...
|
by: 3srt |
last post by:
Hello.
I am still relatively new to perl and have hit a few bumps along my way to finishing my program. Some background to my question: There are two files: info.html and run.cgi. A user...
|
by: Vasuki Masilamani |
last post by:
Hi, Please find the simple code below for checking password.
<HTML>
<Body>
<h2>Checking the Password</h2><br><hr>
<Form name=form1>
Enter the Password:
<Input type=password name=text1>
<br>
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
