|
|
Posted by MaKroZ on 09/28/49 11:40
On Wed, 22 Feb 2006 00:15:51 +1100, Jimmy wrote:
> patrick_woflian wrote:
>> hey guys, basically i am inputting a simple password check on my
>> website.. but although when you get it wrong the page refreshes as it
>> should.. when correct the pages simply goes blank. here is my code: any
>> hints would be great. cheers.
>>
>>
>> <?php
>>
>> session_start();
>> $errorMessage = '';
>>
>> if (isset($_POST['username']) && isset($_POST['password'])) {
>>
>> if ($_POST['username'] === 'steven' && $_POST['password'] ===
>> 'crocker') {
>>
>> $_SESSION['basic_is_logged_in'] = true;
>>
>>
>> header('Location: http://users.cs.cf.ac.uk/S.J.Crocker/search.html');
>> exit;
>> } else {
>> $errorMessage = 'Sorry, wrong user id / password';
>> }
>> }
>> ?>
>>
>>
>> <html>
>> <head>
>>
>> </head>
>>
>> <body>
>>
>> <BODY BGCOLOR="teal">
>>
>> <left>
>> <img src="cardiff.bmp">
>> </left><br>
>>
>> <center>
>> <img src="reunited.bmp">
>> </center>
>>
>> <form method="post" name="frmLogin" id="frmLogin">
>>
>> <h1> login below to use search options: </h1>
>>
>>
>> <br>User Name: ><input name="username" type="text" id="username">
>> <font color = "black">*</font><br>
>>
>> <br>Password: ><input name="password" type="password" id="password">
>> <font color="black">*</font><br>
>>
>>
>> <br><input type="submit" name = "enter" value = "Enter">
>> <input type="reset" name = "clear" value = "Clear">
>>
>> </body>
>>
>> </html>
>>
>
>
> Sorry to say this, but that script would be easily hackable via SQL
> injection. ALWAYS check your input before querying the DB.
>
> jim
Jim, as for me I can't see any SQL in the script.
--
nn My bookmarks:
(oo) http://www.yakutia.org
| | http://www.theisplist.com
|/\| http://www.100megabit.com
Navigation:
[Reply to this message]
|