[PHP] Wierd PHP Problem
Hi
i use the following code as a login page for a restricted area
it works fine on some servers when i enter the right username and password
but it doesn't work on some servers when i enter the right username
and password, and returns wrong username and password
can any one tell me what possible reasons could make this code works
on some servers and doesn't on other servers ?
here is the code :
?
session_start();
include 'config.php';
$username = $HTTP_POST_VARS['username'];
$password = $HTTP_POST_VARS['password'];
if((!$username) || (!$password)){
include 'header.html';
echo font color=\#99\bPlease enter ALL of the
information!/b/font br /;
include 'login_form.html';
include 'footer.html';
exit();
}
$sql = mysql_query(SELECT * FROM users WHERE username='$username'
AND password='$password');
$login_check = mysql_num_rows($sql);
if($login_check 0){
session_register('user_id');
$_SESSION['user_id'] = $user_id;
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key = $val ){
$$key = stripslashes( $val );
}
session_register('username');
$_SESSION['username'] = $username;
header(Location: login_success.php);
}
}else{
include 'header.html';
echo font color=\#99\bYou could not be logged in!
Either
the username and password do not match!/b/fontbr /
font color=\#99\bPlease try again!/b/fontbr /;
include 'login_form.html';
include 'footer.html';
}
?
--
Ahmed Abdel-Aliem
Web Developer
www.ApexScript.com
0101108551
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Wierd PHP Problem
$HTTP_*_VARS is deprecated in PHP5, so if the server is running PHP5, this code won't work. Instead, you should use $_POST $username = $HTTP_POST_VARS['username']; $password = $HTTP_POST_VARS['password']; change to: $username = $_POST['username']; $password = $_POST['password']; -- Regards, Matthew Fonda http://mfonda.info -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Wierd PHP Problem
Matthew Fonda wrote: $HTTP_*_VARS is deprecated in PHP5, so if the server is running PHP5, this code won't work. Instead, you should use $_POST On this subject, is there anything 'wrong' with using $_REQUEST instead of specifying between $_POST and $_GET? Will Beers smime.p7s Description: S/MIME Cryptographic Signature
Re: [PHP] Wierd PHP Problem
Hello Will, Wednesday, February 23, 2005, 2:39:27 PM, you wrote: W On this subject, is there anything 'wrong' with using $_REQUEST W instead of specifying between $_POST and $_GET? $_REQUEST includes POST, GET, and cookies. It basically boils down to knowing where the information is coming from. If they should *only* be able to log in from a login screen and the form method is POST, then you should only be checking POST variables for a match. -- Leif (TB lists moderator and fellow end user). Using The Bat! 3.0.2.3 Rush under Windows XP 5.1 Build 2600 Service Pack 2 on a Pentium 4 2GHz with 512MB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Wierd PHP Problem
On Wed, 2005-02-23 at 16:39 -0500, Will Beers wrote: Matthew Fonda wrote: $HTTP_*_VARS is deprecated in PHP5, so if the server is running PHP5, this code won't work. Instead, you should use $_POST On this subject, is there anything 'wrong' with using $_REQUEST instead of specifying between $_POST and $_GET? Will Beers It really depends on the circumstance. Typically, do not use it unless you are totally okay with the data coming from $_GET or $_POST. For security-minded people, it's best to not use this unless you really need to. -Robby -- /*** * Robby Russell | Owner.Developer.Geek * PLANET ARGON | www.planetargon.com * Portland, OR | [EMAIL PROTECTED] * 503.351.4730 | blog.planetargon.com * PHP/PostgreSQL Hosting Development * --- Now hosting Ruby on Rails Apps --- / -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
