admin log in problem

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

petro
New php-forum User
New php-forum User
Posts: 3
Joined: Mon Feb 04, 2013 6:26 am

admin log in problem

Postby petro » Mon Feb 04, 2013 6:36 am

i have written several code here below so that admin can log into the system but still i can not get accesss , only the last header function works hat redirects to incorrect log in page but no verification is being done to be logged in. i need help plss!
<?php
session_start();
if(isset($_SESSION['username']))
{
header("location:admin_logged_in.php?action=yes");
}

?>

<?php
//connect the database.......
require("admin_connect.php");
if(!con) die("Database failed to connect:".mysql_error());


//initialise variables.
$username=$_POST['username'];
$password=sha1($_POST['password']);

//For Security reasons and protecting from SQL injection
$clean_username = strip_tags(stripslashes(mysql_real_escape_string($username)));
$clean_password = sha1(strip_tags(stripslashes(mysql_real_escape_string($password))));

$query="SELECT * FROM adminstrator WHERE username='$clean_username' AND password='$clean_password'";
$result=mysql_query($query);

//mysql counts table rows for approval..
$count=mysql_num_rows($result);

if($count>0)
{
session_register($username);
header("location:admin_logged_in.php?action=yes");
}
else
{
header("location:admin_incorrect_login.php");
}

?>

User avatar
simplypixie
php-forum Active User
php-forum Active User
Posts: 300
Joined: Sun Dec 11, 2011 12:51 am
Location: Shrewsbury, Shropshire
Contact:

Re: admin log in problem

Postby simplypixie » Mon Feb 04, 2013 10:28 pm

Firstly, I would suggest doing your security cleaning on the post data as you allocate it to variables so that for one you ensure your password is trimmed etc before it is changed to SHA1 and secondly it removes the extra lines of code. Plus stripslashes and strip_tags are not required as mysql_real_escape_string will do everything you need, however trim is essential really.

Secondly session_register is deprecated and therefore should not be used, just assign it to the session as below

Code: Select all

//initialise variables.
$username=mysql_real_escape_string(trim($_POST['username']));
$password=sha1(mysql_real_escape_string(trim($_POST['password'])));

$query=mysql_query("SELECT * FROM adminstrator WHERE username='$username' AND password='$password'");

//mysql counts table rows for approval..
$count=mysql_num_rows($query);

if($count>0)
{
$_SESSION['username'] = $username;
header("location:admin_logged_in.php?action=yes");   
}
else
{
header("location:admin_incorrect_login.php");
}


Then make sure you also have session_start() at the top of every page that needs to use sessions

petro
New php-forum User
New php-forum User
Posts: 3
Joined: Mon Feb 04, 2013 6:26 am

Re: admin log in problem

Postby petro » Wed Feb 06, 2013 3:59 am

thank you


Return to “PHP coding => General”

Who is online

Users browsing this forum: No registered users and 2 guests