On 8 Oct 2008, at 19:52, Bernhard Kohl wrote:
<?php
# I would recommend using the include method. Redirects should always
be second choice, because they are just evil.
In this case I would disagree. On successful login it's normal to
redirect to a useful page rather than just display a page that says
"congratulations, you're a real user". In the case of an unsuccessful
login why would you need to include another file? Surely the logic
that follows is part of the login script.
It's all a personal preference tho. I used to think that redirects
should not be used unless absolutely necessary but the reasons people
give are generally religious rather than logical.
# Example code below
$password = md5('swordfish');
$user = 'Trucker Joe';
if ($_POST['user'] == $user && md5($_POST['password']) == $password) {
include_once('login_successful.php');
} else {
include_once('login_failed.php');
}
# Some may also hash the user to prevent injection
# http://us.php.net/manual/en/function.include.php
# http://en.wikipedia.org/wiki/Code_injection#PHP_Injection
I see nothing in that code that would be open to code injection.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
