Posted by Gufo Rosso on 07/24/07 21:33

cover ha scritto:
> I'm trying to password the 'update' page of a MySQL database that runs
> on a company intranet w/Apache and PHP. I don't care about the
> 'entry' page to this database - just the 'update' page and want the
> five people (or so) who may be doing updates, to enter only a password
> and then write that password to the MySQL database field.
>
> On my entry page as the last part of my form, I'm using;
> <tr>
> <td>Password:</td><td align="left"><input type="password"
> name="password" size="15" maxlength="15" value=""></td>
> </tr>
> <tr>
> <td colspan="4" align="center"><input type="submit"
> value="Enter"></td>
> </tr>
> </table>
> </form>
>
> What I'm looking for is pointers on how to make the second page of
> this work query work based on meeting the criteria of a password
> element - i.e: 2nd page
>
> $password = $_POST['password'];
>
> if (!$password = 'password stored in database' allow write))
> {
> else echo PASSWORD must match file on record for this user;
> }
>
>
> I know this isn't the code precisely but am hopeful for any pointers
> in making it happen. Again, I'm not looking for a complete login
> since it IS an intranet - just looking to write to the database the
> user who did the update (provided the password criteria was met).
> TIA...


DO NOT use php.net example to authenticate user

db table:

id (aurto increment)
user varchar 25(unique)
password varchar (30)
casual_number (30)

login:
select * from utenti WHERE user=POST[user]
....
if(md5(POST[password].$row[casual_number])===$row[password]){
$_SESSION[ok]=true;
}else{
echo "wrong password";
$_SESSION[ok]=false;
}

in any page .php
<?php
session_start();
if(@$_SESSION[ok]==false){
// empty,false and hide empty
header('Location: http://www.example.com/login.php');
exit;
}

echo "proctected page";

?>

[Back to original message]