Mysterious Log In

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

shakeosm
New php-forum User
New php-forum User
Posts: 1
Joined: Fri Jun 24, 2011 8:54 am

Mysterious Log In

Postby shakeosm » Fri Jun 24, 2011 9:08 am

Hello Experts,
I am using a log in page, which works very well while loaded just that file. But wen I call this page as include("files/loginphp"); it loads without any problem, but seems like not processing log in script. If I do mistake it tells me the error, but while codes are OK it doesn't process. :help:
I do change the
<?php require_once('Connections/databaseLink.php'); ?>
to connect Database while loaded from Index.php file using "
include("files/loginphp")
" command. "session_start();" is also set on top.

I am adding the code below, please advise me what to change.
Thanks in advance.

Login.php

Code: Select all

<?php require_once('Connections/DeshiDB.php'); ?>
<?php
// *** Validate request to login to this site.
   if (!isset($_SESSION)) {  session_start();}

   if (isset($_GET['accesscheck'])) {
     $_SESSION['PrevUrl'] = $_GET['accesscheck'];
   }

   if (isset($_POST['Submit']) || isset($_POST['submit'])) {
      if (empty($_POST['loginid']) || empty($_POST['password'])) {
         header("Location: ". $MM_redirectLoginFailed );         
      }
     $loginUsername=$_POST['loginid'];
     $password= $_POST['password'];
     $MM_fldUserAuthorization = "";
     $MM_redirectLoginSuccess = "index.php";
     $MM_redirectLoginFailed = "index.php?pageid=login";
     $MM_redirecttoReferrer = false;
     mysql_select_db($database_DeshiDB, $DeshiDB_Link);
    
     $LoginRS__query=sprintf("SELECT * FROM customer WHERE loginiD=%s AND password=%s",
      GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
      
     $LoginRS = mysql_query($LoginRS__query, $DeshiDB_Link) or die(mysql_error());
      echo "Going to check if any found";         
   
     $loginFoundUser = mysql_num_rows($LoginRS);
     if ($loginFoundUser) {
      $loginStrGroup = "";
        $customerName="";
      $_SESSION['custLoginID'] = $loginUsername;
      $_SESSION['MM_UserGroup'] = $loginStrGroup;
      $customerName = mysql_result($LoginRS, 0, "FName") . ' ' . mysql_result($LoginRS, 0, "LName");
      $_SESSION['customerName'] = $customerName;
      $_SESSION['cust_LoggedIn'] = true;
      echo "record found: " . $customerName;
     mysql_close();
      if (empty($_SESSION['customerName'])){
         echo "customerName is Session is Empty:";
      }else{
         echo "Customer name is: " . $customerName;
      }
   
      if (isset($_SESSION['PrevUrl']) && false) {        $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];   }// else It will go to HOME page
      header("Location: " . $MM_redirectLoginSuccess );
     }   // ELSE OF if (isset($_POST['loginid']))
     else {
      header("Location: ". $MM_redirectLoginFailed );
     }// END OF if (isset($_POST['loginid']))
   }
?>

Return to “PHP & MySQL Security”

Who is online

Users browsing this forum: No registered users and 1 guest

cron