OK so maybe it's because it's getting or the fact that I work all day in .NET and come home
PHP so I've got my languages mixed up but I cannot for the life of me figure out the problem here.
Here's my
HTML log in form in index.
php:
- Code: Select all
<form method="post" action="/myadmin/validate.php">
<p><label for="username">Username:</label><br />
<input type="text" name="username" /></p>
<p><label for="password">Password:</label><br />
<input type="password" name="password" /></p>
<div class="fleft"><input type="image" src="/myadmin/i/login/input-submit.jpg" name="login" class="login" /></div>
<div class="fright" style="margin-top: 25px;"><a href="">Forgot your password?</a></div>
</form>
and here's my validate.
php
- PHP: Select all
<?
session_start();
$conn = mysql_connect("localhost", "username", "password");
mysql_select_db("mytable");
$auth = false; // Assume user is not authenticated
if (isset($_POST['username']) && isset($_POST['password'])) {
$userid = $_POST['username'];
$password = $_POST['password'];
$login = mysql_query ("select * from admin where userid='$userid' and password='$password'");
$num = mysql_num_rows($login);
if ($num != 0) {
$auth = true;
$_SESSION['loggedin'] = 1;
$_SESSION['user'] = $userid;
}
echo 'yes';
} else {
echo 'Please try again!';
}
if ($auth = false) {
// TODO: Create a better page for this
echo 'Authorization Required.';
exit;
} else {
//header( 'Location: /myadmin/home.php' );
echo 'alrighty then';
}
echo 'oh yeah right!';
?>
1. If I click on the login but from my form without entering anything, it acts like everything is fine.
2. I can't get my header() to work because of the session_start() that I have at the top so how can I send people to the next page if it validates?!
3. Am I doing this properly? I never really understood sessions and kinda grabbed code as I went.
Thanks!