Hi All,
Having a grey brain moment here and need some advise on the logic of
this, should be simple, login script.
I am checking validity of
customer number
customer email
customer password (md5 in mysql)
So i have my form with relevant fields
Now i am getting problems with either sql or
- Original Message -
From: Dave Carrera [EMAIL PROTECTED]
Hi All,
Having a grey brain moment here and need some advise on the logic of this,
should be simple, login script.
I am checking validity of
customer number
customer email
customer password (md5 in mysql)
So i have my form
Dave Carrera wrote:
Hi All,
Having a grey brain moment here and need some advise on the logic of
this, should be simple, login script.
I am checking validity of
customer number
customer email
customer password (md5 in mysql)
So i have my form with relevant fields
Now i am getting problems
Hi Stut,
I think i have found where i am going wrong.
Its in the comparison login for the db result.
So i select * from jfjfjfjf where custno=$_POST[number]
But now i am getting messed up with if cust no not found then all i get
is a blank page but hoping for an error
And i dont think
On p, 2007-02-02 at 12:10 +, Dave Carrera wrote:
Hi Stut,
I think i have found where i am going wrong.
Its in the comparison login for the db result.
So i select * from jfjfjfjf where custno=$_POST[number]
But now i am getting messed up with if cust no not found then all i get
Stut wrote:
I'm not totally clear what the question was in there. Personally I keep
this simple...
?php
$_POST['number'] =
(isset($_POST['number']) ? trim($_POST['number']) : '');
$_POST['email'] =
(isset($_POST['email']) ? trim($_POST['email']) : '');
if
On Fri, February 2, 2007 5:19 am, Dave Carrera wrote:
Having a grey brain moment here and need some advise on the logic of
this, should be simple, login script.
I am checking validity of
customer number
customer email
customer password (md5 in mysql)
So i have my form with relevant
On Fri, February 2, 2007 5:33 am, Satyam wrote:
In login scripts you usually don't tell which part of the login is
wrong,
otherwise, you are hinting at what is right. Once the customer is
logged
in, you are right to be as helpful as possible, but until the customer
proves who he/she is, you
If you are splicing $_POST directly into your SQL, you are DEFINITELY
doing it wrong, but not in the way that you think.
Start reading here:
http://phpsec.org
On Fri, February 2, 2007 6:10 am, Dave Carrera wrote:
Hi Stut,
I think i have found where i am going wrong.
Its in the
On Fri, February 2, 2007 7:05 am, Jürgen Wind wrote:
// Set up the session here, or however you're tracking the
// current customer/user/whatever
header('Location: /somewhere_else');
?
Hope that helps.
-Stut
be aware that you need a session_write_close(); before
header('Location...
Richard Lynch wrote:
And using a re-direct instead of an include is a shocking waste of
HTTP resources imho, but that may not matter if traffic is low.
I generally redirect there because on occasion the login process does
stuff like clear out potentially pre-existing session data from another
11 matches
Mail list logo