|
|
Posted by Rik Wasmus on 02/02/08 11:44
On Sat, 02 Feb 2008 07:03:05 +0100, Melih Onveral =
<melih.onvural@gmail.com> wrote:
> I'm having a very bizarre situation. I have a log-in form. When I use
> $_GET, the values are passed, and everything seems to work. When I use=
> $_POST nothing is passed, and obviously nothing works. I have
> absolutely no idea where to even start. Any help would be greatly
> appreciated. Thanks,
> Here is the code:
>
> <form name=3D"memberLogin" method=3D"post" action=3D"/myAccount/login.=
php">
> <input name=3D"email" type=3D"text" class=3D"formfield" id=3D"ema=
il"
> size=3D"19" value=3D"<?php if(isset($_COOKIE['e'])) echo
> base64_decode($_COOKIE['e']); else echo "";?>" />
Can you spell XSS? htmlspecialchars() over this at least.
I can't see anything obviously wrong. What does a var_dump($_POST) tell =
=
you? And are you redirected in any way (which would destroy POST values)=
? =
If you're not sure about the latter part, try FireFox with the =
LiveHTTPHeaders plugin.
> if (isset($_POST['email')){
> echo "email exists\n";
> $pass =3D $_POST['pass'];
> $exists =3D mysql_query("select * from mem where email =3D '$email';"=
);
Some mysql_real_escape_string() on $email would be advisable. And where =
=
does $email come from? It is not set anywhere in this code?
> include("/mnt/gs02/herd03/29557/domains/horseonality.net/_include/
> cookiecreate.inc");
This would work, it's more flexible to use either relative includes, or =
=
relative to the document root (usually in $_SERVER['DOCUMENT_ROOT']).
-- =
Rik Wasmus
Navigation:
[Reply to this message]
|