admin log in problem

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

Post Reply
User avatar
simplypixie
php-forum Active User
php-forum Active User
Posts: 300
Joined: Sun Dec 11, 2011 12:51 am
Location: Shrewsbury, Shropshire
Contact:

Re: admin log in problem

Post by simplypixie » Mon Feb 04, 2013 10:28 pm

Firstly, I would suggest doing your security cleaning on the post data as you allocate it to variables so that for one you ensure your password is trimmed etc before it is changed to SHA1 and secondly it removes the extra lines of code. Plus stripslashes and strip_tags are not required as mysql_real_escape_string will do everything you need, however trim is essential really.

Secondly session_register is deprecated and therefore should not be used, just assign it to the session as below

Code: Select all

//initialise variables.
$username=mysql_real_escape_string(trim($_POST['username']));
$password=sha1(mysql_real_escape_string(trim($_POST['password'])));

$query=mysql_query("SELECT * FROM adminstrator WHERE username='$username' AND password='$password'");

//mysql counts table rows for approval..
$count=mysql_num_rows($query);

if($count>0)
{
$_SESSION['username'] = $username;
header("location:admin_logged_in.php?action=yes");	
}
else
{
header("location:admin_incorrect_login.php");
}
Then make sure you also have session_start() at the top of every page that needs to use sessions

Post Reply

Who is online

Users browsing this forum: Baidu [Spider] and 9 guests