p2p.wrox.com Forums

Need to download code?

View our list of code downloads.


  Return to Index  

beginning_php thread: Login with register globals OFF


Message #1 by "Philipp Feer" <svaziphil@s...> on Mon, 28 Oct 2002 18:01:43 +0800
Hi all
 
 
An other problem I am facing is the authentification part of the site
with register globals OFF
 
I got it work, but it gives me notices (Undefined index: password /
LoginName) because the first time if I login the variable is POST from
the login form, but later on they are from the SESSION.
 
Does anyone know where I can find an example login script with reg
globals OFF, or knows how I can solve the problem?
 
 
 
 
 
ob_start();         //if header already sent, session still can be used
session_start();
 
include "dbconnect_inc.php";
 
//login
            if (!isset($_POST['LoginName'])){
              
                        echo "password and login name needed to access
this page";
                        echo " go here to <a HREF= '../login.htm'>
login</a>";
                        exit;
            }// end if
            else {
                        
                        $password = $_POST['password'];// else password
is not in the session
 

                        session_register("LoginName", "password");
                        
                        $LoginName = $_POST['LoginName'] 
authification($_POST['LoginName'], $_POST['password']);//function from
above
                        if (!$LoginName) {
                                    session_unregister("LoginName");
                                    session_unregister("password");
                                    echo "Session unregistered -- Login
failed, try again to <a HREF= '../login.htm'> login</a>";
                                    //echo "<p> password is :
$_POST[password]";
                                    exit;
                        } 
                        else {    
                                    //echo "welcome $LoginName to the
Newsletter subscription menu";
                        } // end if
            }// end if
    
            
// authentification function 
function authentification ($LoginName, $password){           //takes the
login name and password to login
            
            $result= mysql_query("select LoginName
 
from maillist 
 
where LoginName = '$_POST[LoginName]' 
 
and password = '$_POST[password]'
 
OR password = '$_SESSION[password]'");//selects the needed attributes
for login
            
            if (!mysql_num_rows($result)) return 0;
                        else {
                         $query_data =  mysql_fetch_array($result);
//gets the correct row of the login 
                         return $query_data[0]; 
                         
                         }// end if
}/******************** end authification($LoginName, $password)
**************************************/
 
 
 
 
function DisplayMenu(){
 
$LoginName = $_POST['LoginName'];
$password = $_POST['password'];
//retrieving all mail lists 
$newsletters = mysql_query("select newsletter_id, newsletterName,
newsletterInfo
 
FROM newsletter")
 
or die(mysql_error());
 
 
// retrieveing the subscriber_id from the current user
  $getSubscriber_id = mysql_query("select subscriber_id
 
FROM maillist
 
WHERE LoginName = '$LoginName'") 
 
or die(mysql_error());
 
  $subscriber_id = mysql_fetch_row($getSubscriber_id);
 
/*
 code continues 
 
 
---------------*/
 
 
Thank you, phil
 
 

Message #2 by "Nikolai Devereaux" <yomama@u...> on Mon, 28 Oct 2002 12:25:02 -0800
Always use $_SESSION to store the value if a user is logged in, not POST.  The
user will NOT be submitting their user name and password on every visit to your
protected pages!

A login form will submit to a receiving script.  The receiving script will
check the username and password values and, if they are good, set a SESSION var
that says they're logged in.

Each page that requires a valid user need only check to see if the session var
is set.


take care,

nik

Message #3 by "svazi" <svaziphil@s...> on Thu, 31 Oct 2002 14:11:53
ok I got it to work (finally... )
the problem, or one of them, was that the login script was in the same 
page as the rest of the functions. I tought it might be easier to do. 
After I separated it I got it to work.

code below:
I dunno how to post the code so it does not look so messy... sorry.
-----------------------------

<?php
ob_start();
session_start();
include "dbconnect_inc.php";

function loginForm(){
?>
<table border="0" width="777">
  <tr>
    <td width="770" align="left" valign="top">
	<p>&nbsp;</p>
<table width="770" border="0" cellspacing="1" cellpadding="1">
        <tr> 
          <td width="95">&nbsp;</td>
          <td width="411"><font face="Tahoma" size="3"><b>Login to the 
SITM Mail 
            List</b></font></td>
          <td width="254">&nbsp;</td>
        </tr>
      </table>
      <form name="form1" method="post" action="<? echo "$_SERVER
[PHP_SELF]" ?>">
        <p>&nbsp;</p>
        <table width="770" border="0" cellspacing="1" cellpadding="1">
          <tr> 
            <td width="93">&nbsp;</td>
            <td width="176">Login Name:</td>
            <td width="491"> <input name="LoginName" type="text" 
id="LoginName" size="40" maxlength="40">
            </td>
          </tr>
          <tr> 
            <td width="93" height="21">&nbsp;</td>
            <td width="176" height="21">Password:</td>
            <td width="491" height="21"> <input name="password" 
type="password" id="password" size="15" maxlength="15"></td>
          </tr>
          <tr> 
            <td width="93">&nbsp;</td>
            <td width="176">&nbsp;</td>
            <td width="491">&nbsp; </td>
          </tr>
          <tr> 
            <td width="93">&nbsp;</td>
            <td width="176">&nbsp;</td>
            <td width="491"><input name="Login" type="submit" id="Login" 
value="Log in"> 
            </td>
          </tr>
          <tr> 
            <td width="93">&nbsp;</td>
            <td width="176">&nbsp;</td>
            <td width="491">&nbsp; </td>
          </tr>
          <tr> 
            <td>&nbsp;</td>
            <td>&nbsp;</td>
            <td>No password and Login Name yet? <a 
href="subscribeToList.php">subscribe</a></td>
          </tr>
          <tr>
            <td>&nbsp;</td>
            <td>&nbsp;</td>
            <td>&nbsp;</td>
          </tr>
        </table>
        <p>&nbsp;</p>
      </form>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
    </td>
  </tr>
  <tr>
    <td width="770">
      <hr width="95%" size="1" color="#4482B5">
      <p align="center"><font face="Tahoma" color="#10427b" 
size="1">Copyrights <span style="mso-fareast-font-family: Times New 
Roman; mso-bidi-font-family: Times New Roman; mso-ansi-language: EN-US; 
mso-fareast-language: EN-US; mso-bidi-language: AR-SA">
      2002. Research and Development Unit,<br>
      &nbsp;SITM, Sunway College</span>&nbsp;</font></td>
  </tr>
</table>
<? }/************************** end function loginForm() 
*************************************/

//login
	if (!isset($_POST['LoginName'])){
	  loginForm();
		exit;
	}// end if
	else {
				
		$LoginName = $_SESSION['LoginName'] = authification($_POST
['LoginName'], $_POST['password']);
		$password = $_SESSION['password'] = $_POST['password'];
		if (!$LoginName) {
			session_unregister("LoginName");
			session_unregister("password");
			echo "Session unregistered -- Login failed, try 
again to <a HREF= '../login.htm'> login</a>";
			exit;
		} 
			else {
				header("Location: subscriberMenu.php");
				exit;	
			} 
	}// end if
    
	
//authification function 
function authification($LoginName, $password){	//takes the login name 
and password to login
	
	$result= mysql_query("select LoginName
								from 
maillist 
								where 
LoginName = '$_POST[LoginName]' 
								and 
password = '$_POST[password]'");//selects the needed attributes for login
	
	if (!mysql_num_rows($result)) return 0;
		else {
		 $query_data =  mysql_fetch_array($result);	//gets 
the correct row of the login 
		 return $query_data[0]; 
		 
		 }// end if
}/******************** end authification($LoginName, $password) 
**************************************/

?>

--------------------------------------------



> 
Always use $_SESSION to store the value if a user is logged in, not 
POST.  The
user will NOT be submitting their user name and password on every visit 
to your
protected pages!

A login form will submit to a receiving script.  The receiving script will
check the username and password values and, if they are good, set a 
SESSION var
that says they're logged in.

Each page that requires a valid user need only check to see if the 
session var
is set.


take care,

nik


  Return to Index