On Fri, November 11, 2005 5:20 am, sunaram patir wrote:
> session_start();
This one here... (see below)
> header("Location: login.php");
Not crucial, but you'd save some HTTP connections by just doing:
require 'login.php';
exit;
instead of bouncing the user's agent back and forth
> session_cache_limiter('private_no_expire');
> session_set_cookie_params(0,"/","schools.zenrays.com");
> session_start();
... will probably not match this one here.
You've set the Cookie Parameters here to very specific values.
You should do that consitently on every session_start() to make sure
your site's cookies are always operating under the same conditions.
> if(isset($_POST['submit'])){
> include("../database.inc");
> $login=trim($_POST['login']);
> $pass=trim($_POST['pass']);
> $Effectivelogin=strtoupper($login);
> $auth=false;
You really ought to do more validation than that...
http://php.net/mysql_real_escape_string
Possibly limit 'login' to alphanumeric and 'pass' to non-control
characters.
> then the user is redirected back to the page he visited. it workd fine
You also won't need to re-direct the user back to what they wanted --
The URL will already be what they asked for when the login works.
Change the ACTION= to ACTION="<?php echo $_SERVER['PHP_SELF']?>"
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
