Friday, November 20, 2009

How can I make this PHP script work?

%26lt;?php



ob_start();



$host="localhost"; // Host name



$username=""; // Mysql username



$password=""; // Mysql password



$db_name="log"; // Database name



$tbl_name="administrator"; // Table name



// Connect to server and select databse.



mysql_connect("$host", "$username", "$password")or die("cannot connect");



mysql_select_db("$db_name")or die("cannot select DB");



// Define $myusername and $mypassword



$myusername=$_POST['myusername'];



$mypassword=$_POST['mypassword'];



$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";



$result=mysql_query($sql);



if(!$result){



die(mysql_error());



}



// Mysql_num_row is counting table row



$count=mysql_num_rows($result);



// If result matched $myusername and $mypassword, table row must be 1 row



if($count==1){



// Register $myusername, $mypassword and redirect to file "login_success.php"



session_register("myusername");



session_register("mypassword");



header("location:login_success.php");



}



How can I make this PHP script work?windows 98



take a look at the session_register



it should be:



session_register($myusername);



session_register($mypassword);



How can I make this PHP script work?microsoft support internet explorer



Carrying clear text passwords in the data is dangerous. Pssing it around in session variables is as bad. You should save the password using the password() function , then when it is entered to log in compare the encrypted from of your entry to the stored one. Then set a security level for the person, and set matching security levels to the files.



Up to the database selection you are OK, except you should assign a connection id.



$conn = mysql_connect .......;



You do not need the single quotes in the post brackets :



$myusername = $_POST[myusername]



$sql ="select id, security_level from $tbl_name where username = '$myusername' and password = password('$mypassowrd');



$result = mysql_query($sql,$conn);



if(mysql_num_rows($result) == 1){



while($rec = mysql_fetch_array($result){



$_SESSION[user_id] = $rec[id];



$_SESSION[sec_level] = $rev[security_level];}



}else{



echo // your error routine}



this way you pass 2 totally meaningless numbers around the site, no real use to anyone but you. Make the user id an int(6 ) primary key auto_increment or similar. The scripts and data lookups will be faster also. Store the security level information for each page in a table against the page name.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
c++