PDA

Click to See Complete Forum and Search --> : would this work

sicknote
04-09-2005, 11:16 AM
i have a login page that the code for it is like this

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Please login</title>
</head>

<body>

<form action="index.php" method="post">
<table border="1" width="100%" id="table1">
<tr>
<td>
<p align="center"><font face="BalloonEFExtraBold">Username:</font></td>
</tr>
<tr>
<td>
<p align="center">
<input type="text" name="username" size="27" tabindex="1" style="font-family: BalloonEFExtraBold" /></td>
</tr>
<tr>
<td>
<p align="center"><font face="BalloonEFExtraBold">Password:</font></td>
</tr>
<tr>
<td>
<p align="center">
<input type="password" name="password" size="23" tabindex="1" style="font-family: MS Reference Sans Serif" /></td>
</tr>
<tr>
<td>
<p align="center">
<input type="submit" value="Login" name="submit" style="font-family: BalloonEFExtraBold; color: #FFFFFF; background-color: #000000" /></td>
</tr>
</table>
</form>

</body>

</html>

and then the page that it submits to, the code looks like this

<?php

if (isset($_POST['submit'))
{
$username=$_POST['username'];
$password=$_POST['password'];
$password=md5($password);
$query = "select";
$result = mysql_query($query) or die(mysql_error());
$result2= mysql_fetch_array($result);
if($result2)
{
session_start();
$_SESSION['admin']=$username;
print "Logged in succesfully, please go to <a href='adminpanel.php'>Admin Panel</a>";
}
else
{
print "Wrong Username or Password";
}
}

?>

would this work
JayM
04-09-2005, 11:49 AM
I'm fairly new to php so I couldn't tell you if it works. But while I was reading your code (and trying to learn from it), I noticed that you forgot a bracket:

if (isset($_POST['submit'))

But (I think) it should be this:

if (isset($_POST['submit']))

Edit: Regarding your font, BalloonEFExtraBold, what if a user does not have that font installed on their computer?
NogDog
04-09-2005, 12:50 PM
I hope there's more to your query than just "select"?

Does adminpanel.php check for a valid $_SESSION['admin'] variable or else either display an error page or redirect the user to the login page?
spufi
04-09-2005, 01:28 PM
And it looks like you are open to SQL injections.
sicknote
04-09-2005, 01:58 PM
i donno what to put there because i am new ... i saw it on a different code and then tried to recreate it myself
spufi
04-09-2005, 02:41 PM
Login Example (http://www.sitepoint.com/forums/showthread.php?t=165812&highlight=mysql_query+count)

This will at least get you closer. :)