Posted by "Richard Lynch" on 11/11/05 19:47

On Fri, November 11, 2005 5:20 am, sunaram patir wrote:
> session_start();

This one here... (see below)

> header("Location: login.php");

Not crucial, but you'd save some HTTP connections by just doing:

require 'login.php';
exit;

instead of bouncing the user's agent back and forth

> session_cache_limiter('private_no_expire');
> session_set_cookie_params(0,"/","schools.zenrays.com");
> session_start();

.... will probably not match this one here.

You've set the Cookie Parameters here to very specific values.

You should do that consitently on every session_start() to make sure
your site's cookies are always operating under the same conditions.

> if(isset($_POST['submit'])){
> include("../database.inc");
> $login=trim($_POST['login']);
> $pass=trim($_POST['pass']);
> $Effectivelogin=strtoupper($login);
> $auth=false;

You really ought to do more validation than that...
http://php.net/mysql_real_escape_string

Possibly limit 'login' to alphanumeric and 'pass' to non-control
characters.

> then the user is redirected back to the page he visited. it workd fine

You also won't need to re-direct the user back to what they wanted --
The URL will already be what they asked for when the login works.
Change the ACTION= to ACTION="<?php echo $_SERVER['PHP_SELF']?>"

--
Like Music?
http://l-i-e.com/artists.htm

[Back to original message]