Re: [PHP] Where to insert a phrase in the right place
Hi, it seems that you set the $_SESSION['greeted'] variable and
do not unset it anywhere.
If user wants to log-in, and his credentials are OK, you then create
session and set this varaible you want. If it isn't OK, you need to
unset the variable or/and destroy the session so that the variable
won't be set to 1 any more.
Then, you need also to have some logout form/page/whatever to destroy
the session in case user wants to. And unset the variable accordingly.
Hope that helps.
J.
Mário Gamito wrote:
Hi,
André Medeiros wrote:
?php
session_start();
if(!isset($_SESSION['greeted'])) {
echo Welcome;
$_SESSION['greeted'] = 1;
}
?
It doesn't work :(
if ($_SESSION['greeted'] == 1)
print('Welcome ' . $name);
$_SESSION['greeted'] is always equal to 1 as set in the beginning of the
file.
http://www.telbit.pt/2/login.php
Warm Regards
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Where to insert a phrase in the right place
On Mon, April 9, 2007 2:51 pm, Mário Gamito wrote:
I'm making this site that was static and now has some dynamic
features,
so it's a little bit patched :)
If you care to visit
http://www.telbit.pt/2/login.php
you'll notice that the word Welcome is already present, and only
should be after the download.
Also, the error You didn't fill all fields, please try again. is
being
displayed on page load.
This is my problem and to which i ask you for your help.
How can i make the word Welcome appear only after the login ?
My code follows my signature.
Any help would be appreciated.
Warm Regards
--
:wq! Mário Gamito
--
pa href=recover-password.phpForgot your password ?/a
?php
if ($_GET['error']) {
It might be better to use:
if (isset($_GET['error'])) {
// SESSION
You have to do:
session_start();
before you can use $_SESSION.
$field1 = $_SESSION['field1'];
$field2 = $_SESSION['field2'];
Why did you bother to get $_SESSION data if you're about to throw it
away?
// GET
$field1 = urldecode($_GET['field1']);
$field2 = urldecode($_GET['field2']);
$_GET is already urldecoded before you ever see it.
This is not Perl. :-)
So unless you've got something doing an extra extra bogus urlencode()
before it SENDS you the GET data, you shouldn't be doing urldecode.
[But you get bonus points for trying to do this all neat and proper.]
}
$email = mysql_escape_string($_REQUEST['email']);
$pass = mysql_escape_string($_REQUEST['pass']);
Excellent!
Some folks would claim you should use POST or GET specifically, but if
your application wants to response equally well to either, that's okay
too, imho -- Especially in the bad old days when you couldn't style
butotns/links to look like links/buttons. :-)
include('config.php');
include('adodb/adodb.inc.php');
include is NOT a function, so these parens are not doing what you
think they are doing...
// connect to MySQL
$conn-debug=1;
$conn = ADONewConnection('mysql');
$conn-PConnect($host,$user,$password,$database);
I wouldn't recommend that a beginner use PConnect, as it is just going
to mess you up...
// get password from db
$rsSel = SELECT name, password FROM subscribers WHERE email =
'$email'
AND valid = '1';
$rs = $conn-Execute($rsSel);
$name= $rs-fields[0];
$password_db = $rs-fields[1];
if ($pass != $password_db) {
It is customary to store the password in the DB as a one-way encrypted
hash. For example, you could store the http://php.net/md5 of the
password, and then compare md5($password) with $password_db
The point being that your DB has something like:
4975gb87987hi2uh4rhvvyrt57ty
in it, instead of the actual password, so if somebody manages to break
into the DB or snag the data from it somehow, they STILL don't have
anybody's password.
field1=.urlencode($_POST['field1']).field2=.urlencode($_POST['field2']);
echo div class=\blocoApresentacao\
There are some lines missing here or something...
In addition to urlencoding() the data, you should also call
htmlentities on the whole URL before you dump it to the browser.
pWrong password, please try again./p
/div;
exit;
}
print('Welcome ' . $name);
This print() statement is not inside an if(){ } block.
It's ALWAYS going to print.
unset ($_SESSION['error']);
$conn-Close();
?
!-- end .titulo --
/div
!-- end #secContent --
/div
!-- end #Content e #picContent--
/div
/div
div id=footer
p id=copyrightCopyrightcopy;2006 Telbit -
Tecnologias de Informaccedil;atilde;o, Lda./p
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Some people have a gift link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Where to insert a phrase in the right place
Hi,
I'm making this site that was static and now has some dynamic features,
so it's a little bit patched :)
If you care to visit
http://www.telbit.pt/2/login.php
you'll notice that the word Welcome is already present, and only
should be after the download.
Also, the error You didn't fill all fields, please try again. is being
displayed on page load.
This is my problem and to which i ask you for your help.
How can i make the word Welcome appear only after the login ?
My code follows my signature.
Any help would be appreciated.
Warm Regards
--
:wq! Mário Gamito
--
pa href=recover-password.phpForgot your password ?/a
?php
if ($_GET['error']) {
// SESSION
$field1 = $_SESSION['field1'];
$field2 = $_SESSION['field2'];
// GET
$field1 = urldecode($_GET['field1']);
$field2 = urldecode($_GET['field2']);
}
$email = mysql_escape_string($_REQUEST['email']);
$pass = mysql_escape_string($_REQUEST['pass']);
include('config.php');
include('adodb/adodb.inc.php');
// connect to MySQL
$conn-debug=1;
$conn = ADONewConnection('mysql');
$conn-PConnect($host,$user,$password,$database);
// get password from db
$rsSel = SELECT name, password FROM subscribers WHERE email = '$email'
AND valid = '1';
$rs = $conn-Execute($rsSel);
$name= $rs-fields[0];
$password_db = $rs-fields[1];
if ($pass != $password_db) {
field1=.urlencode($_POST['field1']).field2=.urlencode($_POST['field2']);
echo div class=\blocoApresentacao\
pWrong password, please try again./p
/div;
exit;
}
print('Welcome ' . $name);
unset ($_SESSION['error']);
$conn-Close();
?
!-- end .titulo --
/div
!-- end #secContent --
/div
!-- end #Content e #picContent--
/div
/div
div id=footer
p id=copyrightCopyrightcopy;2006 Telbit -
Tecnologias de Informaccedil;atilde;o, Lda./p
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Where to insert a phrase in the right place
[snip] How can i make the word Welcome appear only after the login ? [/snip] If you set a cookie upon login you can then check for the existence of the cookie. If the cookie exists do not display 'Welcome'. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Where to insert a phrase in the right place
Hi,
Jay Blanchard wrote:
[snip]
How can i make the word Welcome appear only after the login ?
[/snip]
If you set a cookie upon login you can then check for the existence of the
cookie. If the cookie exists do not display 'Welcome'.
I have:
session_start();
session_register(email);
in the beginning of the file.
I've tried:
if (isset($_SESSION['email']))
print('Welcome ' . $name);
but obviously it prints the Welcome word as the same.
Any ideas ?
Thanks in advance.
Warm Regards
--
:wq! Mário Gamito
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Where to insert a phrase in the right place
Hi,
André Medeiros wrote:
?php
session_start();
if(!isset($_SESSION['greeted'])) {
echo Welcome;
$_SESSION['greeted'] = 1;
}
?
It doesn't work :(
if ($_SESSION['greeted'] == 1)
print('Welcome ' . $name);
$_SESSION['greeted'] is always equal to 1 as set in the beginning of the
file.
http://www.telbit.pt/2/login.php
Warm Regards
--
:wq! Mário Gamito
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
