Are those line breaks as they would appear in the function? I have always thought it best not to split tags over line breaks... just a thought...
Mikey > -----Original Message----- > From: Brian Graham [mailto:[EMAIL PROTECTED]] > Sent: 24 June 2002 20:01 > To: [EMAIL PROTECTED] > Subject: Re: [PHP-WIN] Get/Post and Security Issues > > > Here it is. Please note that all of this output from a function; if you > would like the PHP code that outputs this, please just ask. > > > <form > action=<?=$_SERVER["PHP_SELF"]?> > method=post > name="login" > > > <tr> > <td> > <center> > <!-- .:Login Table - Name & Pass:. --!> > <table> > <tr> > <td> > <span class=text>Name: > </td> > <td> > <input > type=text > size=10 > name=usern > > > </td> > </tr> > <tr> > <td> > <span class=text>Pass: > </td> > <td> > <input > type=password > size=10 > name=userp > > > </td> > </tr> > <tr> > <td colspan=2><center> > <input > type=submit > value="Login" > class="submit" > name="login" > onsubmit="document.login.login.disabled='true'" > ></center> > </td> > </tr> > </form> > > And there we are! > > "Mikey" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Can you send a copy of the HTML form that posts to your function? > > > > > -----Original Message----- > > > From: Brian Graham [mailto:[EMAIL PROTECTED]] > > > Sent: 24 June 2002 08:27 > > > To: [EMAIL PROTECTED] > > > Subject: [PHP-WIN] Get/Post and Security Issues > > > > > > > > > Apache 1.3.26 > > > PHP 4.2.1 > > > > > > When I enter username and password information onto a page, it > > > uses Get and > > > puts the session ID along with the username and the password into the > URL, > > > despite my saying "method=post" in the form attributes. > > > > > > This seems like it would be a common problem, but my research > > > isn't bringing > > > up anything even remotely about it. > > > > > > I've done very, very little tweaking to my php.ini and httpd.conf to > give > > > you an idea of what defaults are in place still. Here is the > > > function code: > > > > > > function user_login() { > > > global $usern; > > > global $userp; > > > global $feedback; > > > global $loginswitch; > > > if (!isSet($usern) && !isSet($userp)) > > > return FALSE; > > > if ($usern == '' or $userp == '') { > > > $loginswitch = FALSE; > > > $feedback = "Username and/or password is missing."; > > > return FALSE; > > > } > > > $uname = strtolower($usern); > > > $query = "SELECT user_name, user_pass, user_isconfirmed > > > FROM user > > > WHERE user_name = '$usern' > > > AND user_pass = '$userp'"; > > > $results = mysql_query($query) or die(mysql_error()); > > > $row = mysql_fetch_row($results); > > > if ($usern == $row[0] && $userp == $row[1]) { > > > $_SESSION['loginswitch'] = TRUE; > > > $_SESSION['username'] = $usern; > > > $feedback = "You are now logged in."; > > > return TRUE; > > > } > > > else { > > > $_SESSION['loginswitch'] = FALSE; > > > $feedback = "Username of password are incorrect."; > > > return FALSE; > > > } > > > } > > > > > > > > > > > > > > > > > > > > > > > > -- > > > PHP Windows Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > > > > > > > > > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
