I have a log in script that is not working. It is taken from a lesson book that I read about a year or so ago so the lessons are not fresh in my mind. My questions are. 1. Why is this not working? 2. Does is look secure? 3. In researching the issue, I was reading some older threads that it was a better idea to use some commercial ready made scripts. Are there any recommendations? Here is the code to the script I am trying to get to work. I get no error message, however if it will not log me in with a correct un/pw or if I leave it blank, I get the same message and it allows the next page to be viewed (which I do not want). DB is set up with data in it. Login Page: <?php // Start the session session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> <html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>xxx- Log In</title> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <body> <h3>xxx- Log In</h3> <?php // If the session var is empty, show any error message and the log-in form; otherwise confirm the log-in if (empty($_SESSION['username'])) { echo '<p class="error">' . $error_msg . '</p>'; ?> <form method="post" action="story.php"> <fieldset> <legend>Log In</legend> <label for="username">Username:</label> <input type="text" name="username" value="<?php if (!empty($username)) echo $username; ?>" /><br /> <label for="password">Password:</label> <input type="password" name="password" /> </fieldset> <input type="submit" value="Log In" name="submit" /> </form> <?php } else { // Confirm the successful log-in echo('<p class="login">You are logged in as ' . $_SESSION['username'] . '.</p>'); } ?> </body> </html> Processing page: <?php // Start the session session_start(); // Clear the error message $error_msg = ""; // If the user isn't logged in, try to log them in if (!isset($_SESSION['username'])) { if (isset($_POST['submit'])) { // Connect to the database $dbc = mysqli_connect(host, 'un', 'pw', 'db')//sanitized for board or die('Error connecting with MySQL Database'); // Grab the user-entered log-in data $username = mysqli_real_escape_string($dbc, trim($_POST['username'])); $password = mysqli_real_escape_string($dbc, trim($_POST['password'])); if (!empty($username) && !empty($password)) { // Look up the username and password in the database $query = "SELECT username, password FROM family WHERE username = '$username' AND password = SHA('password')"; $data = mysqli_query($dbc, $query)or die(mysqli_error($dbc)); if (mysqli_num_rows($data) == 1) { // The log-in is OK so set the user ID and username session vars (and cookies), and redirect to the home page $row = mysqli_fetch_array($data); $_SESSION['username'] = $row['username']; setcookie('username', $row['username'], time() + (60 * 60 * 24 * 30)); // expires in 30 days $home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php'; header('Location: ' . $home_url); } else { // The username/password are incorrect so set an error message $error_msg = 'Sorry, you must enter a valid username and password to log in.'; } } else { // The username/password weren't entered so set an error message $error_msg = 'Sorry, you must enter your username and password to log in.'; } } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> <html xmlns="http://www.w3.org/1999/xhtml";><!-- InstanceBegin template="/Templates/blindowl.dwt.php" codeOutsideHTMLIsLocked="false" --> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <!-- InstanceBeginEditable name="doctitle" --> <title>xxx</title> <!-- InstanceEndEditable --> <style type="text/css"> </style> <link href="p7pmm/p7PMMh03.css" rel="stylesheet" type="text/css" media="all" /> <script type="text/javascript" src="p7pmm/p7PMMscripts.js"></script> <script src="Scripts/AC_RunActiveContent.js" type="text/javascript"></script> <link href="xxx.css" rel="stylesheet" type="text/css" /> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> </head> <body> <div id="wrap"> <div id="header"> <div id="headercontent"></div> </div> <div id="menu"> <?php include('includes/menu.inc.php');?> </div> <div id="mainwrap"><!-- InstanceBeginEditable name="main" --> <?php // If the session var is empty, show any error message and the log-in form; otherwise confirm the log-in if (empty($_SESSION['username'])) { echo '<p class="error">' . $error_msg . '</p>'; ?> <?php } else { // Confirm the successful log-in echo('<p class="login">You are logged in as ' . $_SESSION['username'] . '.</p>'); } ?> Story//text to let me know if the page opened <!-- InstanceEndEditable --></div> <div id="footer"><?php include('includes/footer.inc.php');?></div> </div> </body> <!-- InstanceEnd --></html> __________ Information from ESET Smart Security, version of virus signature database 5265 (20100709) __________ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
