[PHP] How can i make it so....
Hi,
I have modified an authentication script to my own liking, but being new, don't know
how to go about my next stage.
Once the user has inserted the UN, and PW, it is campared against the MySQL database,
nowm what i want to do is get rid of the login form which still appears, and is very
annoying. I can't seem to see anything on this particular subject, but if their is
any, can u point me in the right direction.
It can be viewed at: http://www.stevewrightonline.co.uk/auth/auth.php
UN: guest
PW: guest
Here's the code:
P
FORM ACTION=? echo $PHP_SELF; ? METHOD=POST
PUserName:br
input type=text name=PHP_AUTH_USER size=15
/p
PPassword:br
input type=password name=PHP_AUTH_PW size=15
/p
input type=submit value=Log In
/form
/P
?php
$auth = false; // user is not authenticated yet
if (isset( $PHP_AUTH_USER ) isset($PHP_AUTH_PW)) {
// Connect the MySQL Database
mysql_connect( **.net', '**', '***' )
or die ( 'Unable to connect to server.' );
// Select database on MySQL server
mysql_select_db( 'Demonstration' )
or die ( 'Unable to select database.' );
// the query
$sql = SELECT * FROM users WHERE UserName = '$PHP_AUTH_USER' AND Password =
'$PHP_AUTH_PW';
// Execute query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
$num = mysql_numrows( $result );
if ( $num != 0 ) {
// matching row was found - user authenticated.
$auth = true;
}
}
if ( ! $auth ) {
echo 'Sign In Required.';
exit;
} else {
echo 'pYou are Signed In!/p';
}
?
Re: [PHP] How can i make it so....
Steve,
If you move your validation code to the top of the script you can use the
header (Location: loggedin.php);
exit;
to go to the next page if the user is validated
Chris
Steve Wright wrote:
Hi,
I have modified an authentication script to my own liking, but being new, don't know
how to go about my next stage.
Once the user has inserted the UN, and PW, it is campared against the MySQL
database, nowm what i want to do is get rid of the login form which still appears,
and is very annoying. I can't seem to see anything on this particular subject, but if
their is any, can u point me in the right direction.
It can be viewed at: http://www.stevewrightonline.co.uk/auth/auth.php
UN: guest
PW: guest
Here's the code:
P
FORM ACTION=? echo $PHP_SELF; ? METHOD=POST
PUserName:br
input type=text name=PHP_AUTH_USER size=15
/p
PPassword:br
input type=password name=PHP_AUTH_PW size=15
/p
input type=submit value=Log In
/form
/P
?php
$auth = false; // user is not authenticated yet
if (isset( $PHP_AUTH_USER ) isset($PHP_AUTH_PW)) {
// Connect the MySQL Database
mysql_connect( **.net', '**', '***' )
or die ( 'Unable to connect to server.' );
// Select database on MySQL server
mysql_select_db( 'Demonstration' )
or die ( 'Unable to select database.' );
// the query
$sql = SELECT * FROM users WHERE UserName = '$PHP_AUTH_USER' AND Password =
'$PHP_AUTH_PW';
// Execute query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
$num = mysql_numrows( $result );
if ( $num != 0 ) {
// matching row was found - user authenticated.
$auth = true;
}
}
if ( ! $auth ) {
echo 'Sign In Required.';
exit;
} else {
echo 'pYou are Signed In!/p';
}
?
--
Chris Fry
Quillsoft Pty Ltd
Specialists in Secure Internet Services and E-Commerce Solutions
10 Gray Street
Kogarah
NSW 2217
Australia
Phone: +61 2 9553 1691
Fax: +61 2 9553 1692
Mobile: 0419 414 323
eMail: [EMAIL PROTECTED]
http://www.quillsoft.com.au
You can download our Public CA Certificate from:-
https://ca.secureanywhere.com/htdocs/cacert.crt
**
This information contains confidential information intended only for
the use of the authorised recipient. If you are not an authorised
recipient of this e-mail, please contact Quillsoft Pty Ltd by return
e-mail.
In this case, you should not read, print, re-transmit, store or act
in reliance on this e-mail or any attachments, and should destroy all
copies of them.
This e-mail and any attachments may also contain copyright material
belonging to Quillsoft Pty Ltd.
The views expressed in this e-mail or attachments are the views of
the author and not the views of Quillsoft Pty Ltd.
You should only deal with the material contained in this e-mail if
you are authorised to do so.
This notice should not be removed.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] How can i make it so.
Steve,
The following should work:-
?php
$auth = false; // user is not authenticated yet
if (isset( $PHP_AUTH_USER ) isset($PHP_AUTH_PW)) {
// Connect the MySQL Database
mysql_connect( **.net', '**', '***' )
or die ( 'Unable to connect to server.' );
// Select database on MySQL server
mysql_select_db( 'Demonstration' )
or die ( 'Unable to select database.' );
// the query
$sql = SELECT * FROM users WHERE UserName = '$PHP_AUTH_USER' AND
Password = '$PHP_AUTH_PW';
// Execute query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
$num = mysql_numrows( $result );
if ( $num != 0 ) {
// matching row was found - user authenticated.
$auth = true;
}
}
if ( ! $auth ) {
echo 'Sign In Required.';
} else {
// you may need to pass the user id password here if you need it
later on
header (Location: loggedin.php);
exit;
}
?
P
FORM ACTION=? echo $PHP_SELF; ? METHOD=POST
PUserName:br
input type=text name=PHP_AUTH_USER size=15
/p
PPassword:br
input type=password name=PHP_AUTH_PW size=15
/p
input type=submit value=Log In
/form
/P
Regards
Chris
--
Chris Fry
Quillsoft Pty Ltd
Specialists in Secure Internet Services and E-Commerce Solutions
10 Gray Street
Kogarah
NSW 2217
Australia
Phone: +61 2 9553 1691
Fax: +61 2 9553 1692
Mobile: 0419 414 323
eMail: [EMAIL PROTECTED]
http://www.quillsoft.com.au
You can download our Public CA Certificate from:-
https://ca.secureanywhere.com/htdocs/cacert.crt
**
This information contains confidential information intended only for
the use of the authorised recipient. If you are not an authorised
recipient of this e-mail, please contact Quillsoft Pty Ltd by return
e-mail.
In this case, you should not read, print, re-transmit, store or act
in reliance on this e-mail or any attachments, and should destroy all
copies of them.
This e-mail and any attachments may also contain copyright material
belonging to Quillsoft Pty Ltd.
The views expressed in this e-mail or attachments are the views of
the author and not the views of Quillsoft Pty Ltd.
You should only deal with the material contained in this e-mail if
you are authorised to do so.
This notice should not be removed.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] How can i make it so....
The odd thing about PHP is sometimes you have to code backwards,
That is your code is in a different order than the pages it produces.
This is one of those times. You need to have the Successful login page
first, and the login form second in an if statement.
ie...
?php
$auth = false;
if (isset( $PHP_AUTH_USER ) isset($PHP_AUTH_PW))
/* Do MySQL Stuff */
$num = mysql_numrows( $result );
if ( $num != 0 )
echo 'pYou are Signed In!/p';
$auth = true;
} else {
echo 'Sign In Required.';
}
}
if ( ! $auth )
?
FORM ACTION=? echo $PHP_SELF; ? METHOD=POST
!-- Rest of Form --
?php
}
?
Hope that helps.
Sheridan Saint-Michel
Website Administrator
FoxJet, an ITW Company
www.foxjet.com
- Original Message -
From: Steve Wright [EMAIL PROTECTED]
To: PHP List [EMAIL PROTECTED]
Sent: Wednesday, August 01, 2001 4:37 AM
Subject: [PHP] How can i make it so
Hi,
I have modified an authentication script to my own liking, but being new,
don't know how to go about my next stage.
Once the user has inserted the UN, and PW, it is campared against the MySQL
database, nowm what i want to do is get rid of the login form which still
appears, and is very annoying. I can't seem to see anything on this
particular subject, but if their is any, can u point me in the right
direction.
It can be viewed at: http://www.stevewrightonline.co.uk/auth/auth.php
UN: guest
PW: guest
Here's the code:
P
FORM ACTION=? echo $PHP_SELF; ? METHOD=POST
PUserName:br
input type=text name=PHP_AUTH_USER size=15
/p
PPassword:br
input type=password name=PHP_AUTH_PW size=15
/p
input type=submit value=Log In
/form
/P
?php
$auth = false; // user is not authenticated yet
if (isset( $PHP_AUTH_USER ) isset($PHP_AUTH_PW))
// Connect the MySQL Database
mysql_connect( **.net', '**', '***' )
or die ( 'Unable to connect to server.' );
// Select database on MySQL server
mysql_select_db( 'Demonstration' )
or die ( 'Unable to select database.' );
// the query
$sql = SELECT * FROM users WHERE UserName = '$PHP_AUTH_USER' AND
Password = '$PHP_AUTH_PW';
// Execute query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
$num = mysql_numrows( $result );
if ( $num != 0 )
// matching row was found - user authenticated.
$auth = true;
}
}
if ( ! $auth )
echo 'Sign In Required.';
exit;
} else
echo 'pYou are Signed In!/p';
}
?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] How can i make it so....
That way people can type in www.yoursite.com/loggedin.php and
bypass the Authentication completely. Great! =P
Sheridan Saint-Michel
Website Administrator
FoxJet, an ITW Company
www.foxjet.com
- Original Message -
From: Chris Fry [EMAIL PROTECTED]
To: Steve Wright [EMAIL PROTECTED]
Cc: PHP List [EMAIL PROTECTED]
Sent: Wednesday, August 01, 2001 5:07 AM
Subject: Re: [PHP] How can i make it so
Steve,
If you move your validation code to the top of the script you can use the
header (Location: loggedin.php);
exit;
to go to the next page if the user is validated
Chris
Steve Wright wrote:
Hi,
I have modified an authentication script to my own liking, but being
new, don't know how to go about my next stage.
Once the user has inserted the UN, and PW, it is campared against the
MySQL database, nowm what i want to do is get rid of the login form which
still appears, and is very annoying. I can't seem to see anything on this
particular subject, but if their is any, can u point me in the right
direction.
It can be viewed at: http://www.stevewrightonline.co.uk/auth/auth.php
UN: guest
PW: guest
Here's the code:
P
FORM ACTION=? echo $PHP_SELF; ? METHOD=POST
PUserName:br
input type=text name=PHP_AUTH_USER size=15
/p
PPassword:br
input type=password name=PHP_AUTH_PW size=15
/p
input type=submit value=Log In
/form
/P
?php
$auth = false; // user is not authenticated yet
if (isset( $PHP_AUTH_USER ) isset($PHP_AUTH_PW)) {
// Connect the MySQL Database
mysql_connect( **.net', '**', '***' )
or die ( 'Unable to connect to server.' );
// Select database on MySQL server
mysql_select_db( 'Demonstration' )
or die ( 'Unable to select database.' );
// the query
$sql = SELECT * FROM users WHERE UserName = '$PHP_AUTH_USER' AND
Password = '$PHP_AUTH_PW';
// Execute query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
$num = mysql_numrows( $result );
if ( $num != 0 ) {
// matching row was found - user authenticated.
$auth = true;
}
}
if ( ! $auth ) {
echo 'Sign In Required.';
exit;
} else {
echo 'pYou are Signed In!/p';
}
?
--
Chris Fry
Quillsoft Pty Ltd
Specialists in Secure Internet Services and E-Commerce Solutions
10 Gray Street
Kogarah
NSW 2217
Australia
Phone: +61 2 9553 1691
Fax: +61 2 9553 1692
Mobile: 0419 414 323
eMail: [EMAIL PROTECTED]
http://www.quillsoft.com.au
You can download our Public CA Certificate from:-
https://ca.secureanywhere.com/htdocs/cacert.crt
**
This information contains confidential information intended only for
the use of the authorised recipient. If you are not an authorised
recipient of this e-mail, please contact Quillsoft Pty Ltd by return
e-mail.
In this case, you should not read, print, re-transmit, store or act
in reliance on this e-mail or any attachments, and should destroy all
copies of them.
This e-mail and any attachments may also contain copyright material
belonging to Quillsoft Pty Ltd.
The views expressed in this e-mail or attachments are the views of
the author and not the views of Quillsoft Pty Ltd.
You should only deal with the material contained in this e-mail if
you are authorised to do so.
This notice should not be removed.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
