[quote=joe2kiss,Mar 3 2005, 07:46 AM]
Sorry I took so long to reply to this. Yup Si, the sql query was correct
I've started fresh on the CMS now and still getting the error, on the
login form this time
And I can't see whats wrong with it because I used the exact same code before and it worked.
http://www.joe2torials.com/cms/index.phpMy code;
PHP
<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<meta name="author" content="Joseph Skidmore" />
<meta name="Copyright" content="Copyright (c) 2005 Joseph Skidmore" />
<meta name="keywords" content="" />
<meta name="description" content="" />
<meta name="MSSmartTagsPreventParsing" content="true" />
<title>Joe2Torials Content Management System Login</title>
<link href="index.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<div id="loginform">
<form method="post" action="
<?php echo $_SERVER['SCRIPT_NAME']?>">
<p><label for="username"><strong>Username :</strong><br />
<input type="text" name="username" size="30" id="username" /></label></p>
<p><label for="password"><strong>Password :</strong><br />
<input type="password" name="password" size="30" id="password" /></label></p>
<p><input type="submit" name="submit" value="Submit" class="button" /> <input type="reset" name="reset" value="Reset" class="button" /></p>
</form>
<?php
/* ---v---------v--------------------v-------------------- move to top of page ------ */
?>
<?
if(isset($_POST['submit'])) {
include 'config.php';
$username = $_POST['username'];
$password = $_POST['password'];
$username = Encrypt($username);
$password = Encrypt($password);
$username = safeAddSlashes($username);
$password = safeAddSlashes($password);
$db = mysql_connect($dbHost,$dbUser,$dbPass);
mysql_select_db($dbname,$db);
$query = "SELECT user, pass FROM login WHERE user = '$username' AND pass = '$password'";
$result = mysql_query($query, $db) or die(mysql_error());
if(mysql_num_rows($result)) {
$_SESSION['loggedin'] = 1;
header('Location: '.$domain.'admin.php');
exit();
}
else {
header('Location: '.$domain.'index.php?error=1'); /* <------------- cannot be sent once you have sent any HTML headers. */
exit();
}
}
?>
</div>
</div>
</body>
</html>
--------------------- Try this instead to work perfectly -------------------------------
PHP
<?php
session_start();
if(isset($_POST['submit'])) {
include 'config.php';
$username = $_POST['username'];
$password = $_POST['password'];
$username = Encrypt($username); /* <--- smart move */
$password = Encrypt($password); /* <--- smart move */
$username = safeAddSlashes($username); /* <-- would recommend base64_encode for easy transport. */
$password = safeAddSlashes($password);/* <-- would recommend base64_encode for easy transport. */
$db = mysql_connect($dbHost,$dbUser,$dbPass);
mysql_select_db($dbname,$db);
$query = "SELECT user, pass FROM login WHERE user = '$username' AND pass = '$password'";
$result = mysql_query($query, $db) or die(mysql_error());
/* --------- Recommend alternate solution below -------------
if(mysql_num_rows($result)) {
$_SESSION['loggedin'] = 1; // <---- careful - That's a session hijacker's dream (See below).
header('Location: '.$domain.'admin.php');
exit();
}
else {
header('Location: '.$domain.'index.php?error=1'); // <----now if query succeeds send header.
exit();
}
}
*/
/* -------------------------------------------------------------------------------- */
if(mysql_num_rows($result) > 0) {
$_SESSION['loggedin'] = Encrypt($something);
$redirect_admin = $domain."admin.php";
header(sprintf("Location: %s", $redirect_admin));
exit();
} else {
$_SESSION['error'] = "Invalid Username or Password";
/* this way you can show an error and it will just re-display this page. */
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<meta name="author" content="Joseph Skidmore" />
<meta name="Copyright" content="Copyright (c) 2005 Joseph Skidmore" />
<meta name="keywords" content="" />
<meta name="description" content="" />
<meta name="MSSmartTagsPreventParsing" content="true" />
<title>Joe2Torials Content Management System Login</title>
<link href="index.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<div id="loginform">
<?php /* Display error message if invalid login */ ?>
<center>
<?php if(isset($_SESSION['error'])) { echo $_SESSION['error']; } ?></center>
<form method="post" action="
<?php echo $_SERVER['SCRIPT_NAME']; ?>">
<p><label for="username"><strong>Username :</strong><br />
<input type="text" name="username" size="30" id="username" /></label></p>
<p><label for="password"><strong>Password :</strong><br />
<input type="password" name="password" size="30" id="password" /></label></p>
<p><input type="submit" name="submit" value="Submit" class="button" /> <input type="reset" name="reset" value="Reset" class="button" /></p>
</form>
</div>
</div>
</body>
</html>
You have the right idea. Just in the wrong spot.
good luck
Chipgraphics
www.chipgraphics.net
