Re: Where to insert a phrase in the right place

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, April 9, 2007 2:51 pm, Mário Gamito wrote:
> I'm making this site that was static and now has some dynamic
> features,
> so it's a little bit patched :)
>
> If you care to visit
> http://www.telbit.pt/2/login.php
>
> you'll notice that the word "Welcome" is already present, and only
> should be after the download.
>
> Also, the error "You didn't fill all fields, please try again." is
> being
> displayed on page load.
>
> This is my problem and to which i ask you for your help.
>
> How can i make the word "Welcome" appear only after the login ?
>
> My code follows my signature.
>
> Any help would be appreciated.
>
> Warm Regards
> --
> :wq! Mário Gamito
> --
>
> <p><a href="recover-password.php">Forgot your password ?</a>
>
> <?php
> if ($_GET['error']) {

It might be better to use:
if (isset($_GET['error'])) {

> // SESSION

You have to do:
session_start();
before you can use $_SESSION.

> $field1 = $_SESSION['field1'];
> $field2 = $_SESSION['field2'];

Why did you bother to get $_SESSION data if you're about to throw it
away?

> // GET
> $field1 = urldecode($_GET['field1']);
> $field2 = urldecode($_GET['field2']);

$_GET is already urldecoded before you ever see it.

This is not Perl. :-)

So unless you've got something doing an extra extra bogus urlencode()
before it SENDS you the GET data, you shouldn't be doing urldecode.

[But you get bonus points for trying to do this all neat and proper.]

> }
>
> $email = mysql_escape_string($_REQUEST['email']);
> $pass  = mysql_escape_string($_REQUEST['pass']);

Excellent!

Some folks would claim you should use POST or GET specifically, but if
your application wants to response equally well to either, that's okay
too, imho -- Especially in the bad old days when you couldn't style
butotns/links to look like links/buttons. :-)

> include('config.php');
> include('adodb/adodb.inc.php');

include is NOT a function, so these parens are not doing what you
think they are doing...

> // connect to MySQL
> $conn->debug=1;
> $conn = &ADONewConnection('mysql');
> $conn->PConnect($host,$user,$password,$database);

I wouldn't recommend that a beginner use PConnect, as it is just going
to mess you up...

> // get password from db
> $rsSel = "SELECT name, password FROM subscribers WHERE email =
> '$email'
> AND valid = '1'";
> $rs = $conn->Execute($rsSel);
>
> $name        = $rs->fields[0];
> $password_db = $rs->fields[1];
>
> if ($pass != $password_db) {

It is customary to store the password in the DB as a one-way encrypted
hash.  For example, you could store the http://php.net/md5 of the
password, and then compare md5($password) with $password_db

The point being that your DB has something like:
4975gb87987hi2uh4rhvvyrt57ty
in it, instead of the actual password, so if somebody manages to break
into the DB or snag the data from it somehow, they STILL don't have
anybody's password.

"&field1=".urlencode($_POST['field1'])."&field2=".urlencode($_POST['field2']);
>                   echo "<div class=\"blocoApresentacao\">

There are some lines missing here or something...

In addition to urlencoding() the data, you should also call
htmlentities on the whole URL before you dump it to the browser.

> <p>Wrong password, please try again.</p>
> </div>";
> exit;
> }
>
> print('Welcome ' . $name);

This print() statement is not inside an if(){ } block.

It's ALWAYS going to print.

> unset ($_SESSION['error']);
>
> $conn->Close();
>
> ?>
>
>
>                         <!-- end .titulo -->
>                         </div>
>                 <!-- end #secContent -->
>                 </div>
>
>                 <!-- end #Content e #picContent-->
>          </div>
>         </div>
>
>         <div id="footer">
>                 <p id="copyright">Copyright&copy;2006 Telbit -
> Tecnologias de Informa&ccedil;&atilde;o, Lda.</p>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux