Posted by Jimmy on 09/28/51 11:40

patrick_woflian wrote:
> hey guys, basically i am inputting a simple password check on my
> website.. but although when you get it wrong the page refreshes as it
> should.. when correct the pages simply goes blank. here is my code: any
> hints would be great. cheers.
>
>
> <?php
>
> session_start();
> $errorMessage = '';
>
> if (isset($_POST['username']) && isset($_POST['password'])) {
>
> if ($_POST['username'] === 'steven' && $_POST['password'] ===
> 'crocker') {
>
> $_SESSION['basic_is_logged_in'] = true;
>
>
> header('Location: http://users.cs.cf.ac.uk/S.J.Crocker/search.html');
> exit;
> } else {
> $errorMessage = 'Sorry, wrong user id / password';
> }
> }
> ?>
>
>
> <html>
> <head>
>
> </head>
>
> <body>
>
> <BODY BGCOLOR="teal">
>
> <left>
> <img src="cardiff.bmp">
> </left><br>
>
> <center>
> <img src="reunited.bmp">
> </center>
>
> <form method="post" name="frmLogin" id="frmLogin">
>
> <h1> login below to use search options: </h1>
>
>
> <br>User Name: ><input name="username" type="text" id="username">
> <font color = "black">*</font><br>
>
> <br>Password: ><input name="password" type="password" id="password">
> <font color="black">*</font><br>
>
>
> <br><input type="submit" name = "enter" value = "Enter">
> <input type="reset" name = "clear" value = "Clear">
>
> </body>
>
> </html>
>


Sorry to say this, but that script would be easily hackable via SQL
injection. ALWAYS check your input before querying the DB.

jim

[Back to original message]