By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
431,827 Members | 2,267 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 431,827 IT Pros & Developers. It's quick & easy.

php login script error

P: n/a
Hey, could you please tell me what is wrong with my login script. I
just started learning php.
CODE:

login.php

<?
session_start();
header("Cache-Control: private");
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title>Please Login</title>
</head>
<body>
<form action="script.php" method="get">
<table summary="Login Table">
<tr>
<td>username:</td>
<td><input type="text" name="login"></td>
</tr>
<tr>
<td>password:</td>
<td><input type="password" name="pass"></td>
</tr>
<tr>
<td><input type="submit" value="login"></td>
</tr>
</table>

</body>
</html>

script.php

<?
session_start(); //start session
header("Cache-Control: private");
if (!$_GET["login"] || !$_GET["login"])
{
print<<<END
I'm sorry, but your not logged in or there was an error logging you
in. Please<br>
<a href="login.php">go here</a> to try again. Sorry for any
inconvienince.
END;
}
else
{
//register session variable: 'login' and 'pass'
$_SESSION["login"] = $_GET["login"];
$_SESSION["pass"] = $_GET["pass"];
if ($_SESSION["login"] == "Koolyio" && $_SESSION["pass"] == "wow")
//if credentials are true
{
$_SESSION["access"] = true;
}
else
{
$_SESSION["access"] = false;
}
}
if ($_SESSION["access"] == true)
{
print<<<END
<html>
<script language="JavaScript" type="text/javascript">
<!--
location.href = "main.php";
//-->
</script>
<noscript>Sorry, but your browser doesn't support JavaScript, ergo you
cannot
login</noscript></html>
END;
}
else
{
print<<<END;
I'm sorry, but one or more of the credentials you supplied were
incorrect. Please
try to login again <a href="login.php">here</a>.
END;
?>
logout.php

<?
session_start(); //start session
header("Cache-Control: private");
if ($_SESSION["access"] == true)
{
$_SESSION = array();
session_destroy();
print("<a href=/"login.php/">log in</a>
}
?>
main.php

<?
session_start(); //start session
header("Cache-Control: private");
if ($_SESSION["access"] == true)
{
print<<<END

<html>
<head>
<title>Members Only</title>
</head>
<body>
You have succesfully logged in. You can now <a href="logout.php">log
out</a>
</body>
</html>
END;
}
else
{
print<<<END
Sorry, You have not logged in correctly. Please try again <a
href="login.php">here</a>.
END;
}
?>
Jul 17 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Hi,

looks great. Does it fulfill any requirements, ie. any error messages
not showing up ;-)

HTH, Jochen

P.S.: What is the error message?

On 21 Apr 2004 19:16:33 -0700, km****@hotmail.com (koolyio) wrote:
Hey, could you please tell me what is wrong with my login script. I
just started learning php.
CODE:

login.php

<?
session_start();
header("Cache-Control: private");
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title>Please Login</title>
</head>
<body>
<form action="script.php" method="get">
<table summary="Login Table">
<tr>
<td>username:</td>
<td><input type="text" name="login"></td>
</tr>
<tr>
<td>password:</td>
<td><input type="password" name="pass"></td>
</tr>
<tr>
<td><input type="submit" value="login"></td>
</tr>
</table>

</body>
</html>

script.php

<?
session_start(); //start session
header("Cache-Control: private");
if (!$_GET["login"] || !$_GET["login"])
{
print<<<END
I'm sorry, but your not logged in or there was an error logging you
in. Please<br>
<a href="login.php">go here</a> to try again. Sorry for any
inconvienince.
END;
}
else
{
//register session variable: 'login' and 'pass'
$_SESSION["login"] = $_GET["login"];
$_SESSION["pass"] = $_GET["pass"];
if ($_SESSION["login"] == "Koolyio" && $_SESSION["pass"] == "wow")
//if credentials are true
{
$_SESSION["access"] = true;
}
else
{
$_SESSION["access"] = false;
}
}
if ($_SESSION["access"] == true)
{
print<<<END
<html>
<script language="JavaScript" type="text/javascript">
<!--
location.href = "main.php";
//-->
</script>
<noscript>Sorry, but your browser doesn't support JavaScript, ergo you
cannot
login</noscript></html>
END;
}
else
{
print<<<END;
I'm sorry, but one or more of the credentials you supplied were
incorrect. Please
try to login again <a href="login.php">here</a>.
END;
?>
logout.php

<?
session_start(); //start session
header("Cache-Control: private");
if ($_SESSION["access"] == true)
{
$_SESSION = array();
session_destroy();
print("<a href=/"login.php/">log in</a>
}
?>
main.php

<?
session_start(); //start session
header("Cache-Control: private");
if ($_SESSION["access"] == true)
{
print<<<END

<html>
<head>
<title>Members Only</title>
</head>
<body>
You have succesfully logged in. You can now <a href="logout.php">log
out</a>
</body>
</html>
END;
}
else
{
print<<<END
Sorry, You have not logged in correctly. Please try again <a
href="login.php">here</a>.
END;
}
?>


--
Jochen Daum - Cabletalk Group Ltd.
PHP DB Edit Toolkit -- PHP scripts for building
database editing interfaces.
http://sourceforge.net/projects/phpdbedittk/
Jul 17 '05 #2

P: n/a
I noticed that Message-ID:
<59*************************@posting.google.com> from koolyio contained
the following:
if (!$_GET["login"] || !$_GET["login"]) if (!$_GET["login"] || !$_GET["pass"])
{
print<<<END
I'm sorry, but your not logged in or there was an error logging you you're
in. Please<br>
<a href="login.php">go here</a> to try again. Sorry for any
inconvienince.

inconvenience

Got fed up after this because I don't know what I'm looking for.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jul 17 '05 #3

P: n/a

"koolyio" <km****@hotmail.com> wrote in message
news:59*************************@posting.google.co m...
Hey, could you please tell me what is wrong with my login script. I
just started learning php.
CODE:

login.php

<?
session_start();
header("Cache-Control: private");
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title>Please Login</title>
</head>
<body>
<form action="script.php" method="get">
<table summary="Login Table">
<tr>
<td>username:</td>
<td><input type="text" name="login"></td>
</tr>
<tr>
<td>password:</td>
<td><input type="password" name="pass"></td>
</tr>
<tr>
<td><input type="submit" value="login"></td>
</tr>
</table>

</body>
</html>

script.php

<?
session_start(); //start session
header("Cache-Control: private");
if (!$_GET["login"] || !$_GET["login"])
{
print<<<END
I'm sorry, but your not logged in or there was an error logging you
"you're".
in. Please<br>
<a href="login.php">go here</a> to try again. Sorry for any
inconvienince.
END;
}
else
{
//register session variable: 'login' and 'pass'
$_SESSION["login"] = $_GET["login"];
$_SESSION["pass"] = $_GET["pass"];
if ($_SESSION["login"] == "Koolyio" && $_SESSION["pass"] == "wow")
I'm hoping that, one day, this goes to a database or something with md5()'d
passwords. 8)
//if credentials are true
{
$_SESSION["access"] = true;
}
else
{
$_SESSION["access"] = false;
}
}
if ($_SESSION["access"] == true)
{
print<<<END
<html>
<script language="JavaScript" type="text/javascript">
<!--
location.href = "main.php";
//-->
</script>
<noscript>Sorry, but your browser doesn't support JavaScript, ergo you
cannot
login</noscript></html>
END;
}
else
{
print<<<END;
Semicolon is wrong here - heredoc not only doesn't require them, it breaks
it. But you know that, because you got it right elsewhere.
I'm sorry, but one or more of the credentials you supplied were
incorrect. Please
try to login again <a href="login.php">here</a>.
END;
Missing } here.
?>
logout.php

<?
session_start(); //start session
header("Cache-Control: private");
if ($_SESSION["access"] == true)
{
$_SESSION = array();
session_destroy();
print("<a href=/"login.php/">log in</a>
Aside from the lack of a closing quote, bracket and semi-colon, /" is wrong,
use \" to escape double quotes. Better still, put your quoted string in
single quotes and use the unescaped version (since you don't have any
variable substitution in there).
}
?>
main.php

<?
session_start(); //start session
header("Cache-Control: private");
if ($_SESSION["access"] == true)
{
print<<<END

<html>
<head>
<title>Members Only</title>
</head>
<body>
You have succesfully logged in. You can now <a href="logout.php">log
out</a>
</body>
</html>
END;
}
else
{
print<<<END
Sorry, You have not logged in correctly. Please try again <a
href="login.php">here</a>.
END;
}
?>


See embedded comments. I'm sure there's more than I found, but I got it
working at least.

For forms, use method="POST" unless you want your username and password of
your failed attempts appearing in your browser's address history. Then use
$_POST instead of $_GET (or better yet, $_REQUEST).

Otherwise, nice first attempt, and I'm pleased you produced a simple example
(no functions or classes, globals that aren't superglobals, databases, etc)
to reduce the problem set.

Garp
Jul 17 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.