Board index   FAQ   Search  
Register  Login
Board index php forum :: php coding PHP coding => General

admin log in problem

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

admin log in problem

Postby petro » Mon Feb 04, 2013 6:36 am

i have written several code here below so that admin can log into the system but still i can not get accesss , only the last header function works hat redirects to incorrect log in page but no verification is being done to be logged in. i need help plss!
<?php
session_start();
if(isset($_SESSION['username']))
{
header("location:admin_logged_in.php?action=yes");
}

?>

<?php
//connect the database.......
require("admin_connect.php");
if(!con) die("Database failed to connect:".mysql_error());


//initialise variables.
$username=$_POST['username'];
$password=sha1($_POST['password']);

//For Security reasons and protecting from SQL injection
$clean_username = strip_tags(stripslashes(mysql_real_escape_string($username)));
$clean_password = sha1(strip_tags(stripslashes(mysql_real_escape_string($password))));

$query="SELECT * FROM adminstrator WHERE username='$clean_username' AND password='$clean_password'";
$result=mysql_query($query);

//mysql counts table rows for approval..
$count=mysql_num_rows($result);

if($count>0)
{
session_register($username);
header("location:admin_logged_in.php?action=yes");
}
else
{
header("location:admin_incorrect_login.php");
}

?>
petro
New php-forum User
New php-forum User
 
Posts: 3
Joined: Mon Feb 04, 2013 6:26 am

Re: admin log in problem

Postby simplypixie » Mon Feb 04, 2013 10:28 pm

Firstly, I would suggest doing your security cleaning on the post data as you allocate it to variables so that for one you ensure your password is trimmed etc before it is changed to SHA1 and secondly it removes the extra lines of code. Plus stripslashes and strip_tags are not required as mysql_real_escape_string will do everything you need, however trim is essential really.

Secondly session_register is deprecated and therefore should not be used, just assign it to the session as below

Code: Select all
//initialise variables.
$username=mysql_real_escape_string(trim($_POST['username']));
$password=sha1(mysql_real_escape_string(trim($_POST['password'])));

$query=mysql_query("SELECT * FROM adminstrator WHERE username='$username' AND password='$password'");

//mysql counts table rows for approval..
$count=mysql_num_rows($query);

if($count>0)
{
$_SESSION['username'] = $username;
header("location:admin_logged_in.php?action=yes");   
}
else
{
header("location:admin_incorrect_login.php");
}


Then make sure you also have session_start() at the top of every page that needs to use sessions
User avatar
simplypixie
php-forum Active User
php-forum Active User
 
Posts: 300
Joined: Sun Dec 11, 2011 12:51 am
Location: Shrewsbury, Shropshire

Re: admin log in problem

Postby petro » Wed Feb 06, 2013 3:59 am

thank you
petro
New php-forum User
New php-forum User
 
Posts: 3
Joined: Mon Feb 04, 2013 6:26 am


Return to PHP coding => General

Who is online

Users browsing this forum: Bing [Bot] and 2 guests

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.

cron