On Mon, April 9, 2007 2:51 pm, Mário Gamito wrote:
> I'm making this site that was static and now has some dynamic
> features,
> so it's a little bit patched :)
>
> If you care to visit
> http://www.telbit.pt/2/login.php
>
> you'll notice that the word "Welcome" is already present, and only
> should be after the download.
>
> Also, the error "You didn't fill all fields, please try again." is
> being
> displayed on page load.
>
> This is my problem and to which i ask you for your help.
>
> How can i make the word "Welcome" appear only after the login ?
>
> My code follows my signature.
>
> Any help would be appreciated.
>
> Warm Regards
> --
> :wq! Mário Gamito
> --
>
> <p><a href="recover-password.php">Forgot your password ?</a>
>
> <?php
> if ($_GET['error']) {
It might be better to use:
if (isset($_GET['error'])) {
> // SESSION
You have to do:
session_start();
before you can use $_SESSION.
> $field1 = $_SESSION['field1'];
> $field2 = $_SESSION['field2'];
Why did you bother to get $_SESSION data if you're about to throw it
away?
> // GET
> $field1 = urldecode($_GET['field1']);
> $field2 = urldecode($_GET['field2']);
$_GET is already urldecoded before you ever see it.
This is not Perl. :-)
So unless you've got something doing an extra extra bogus urlencode()
before it SENDS you the GET data, you shouldn't be doing urldecode.
[But you get bonus points for trying to do this all neat and proper.]
> }
>
> $email = mysql_escape_string($_REQUEST['email']);
> $pass = mysql_escape_string($_REQUEST['pass']);
Excellent!
Some folks would claim you should use POST or GET specifically, but if
your application wants to response equally well to either, that's okay
too, imho -- Especially in the bad old days when you couldn't style
butotns/links to look like links/buttons. :-)
> include('config.php');
> include('adodb/adodb.inc.php');
include is NOT a function, so these parens are not doing what you
think they are doing...
> // connect to MySQL
> $conn->debug=1;
> $conn = &ADONewConnection('mysql');
> $conn->PConnect($host,$user,$password,$database);
I wouldn't recommend that a beginner use PConnect, as it is just going
to mess you up...
> // get password from db
> $rsSel = "SELECT name, password FROM subscribers WHERE email =
> '$email'
> AND valid = '1'";
> $rs = $conn->Execute($rsSel);
>
> $name = $rs->fields[0];
> $password_db = $rs->fields[1];
>
> if ($pass != $password_db) {
It is customary to store the password in the DB as a one-way encrypted
hash. For example, you could store the http://php.net/md5 of the
password, and then compare md5($password) with $password_db
The point being that your DB has something like:
4975gb87987hi2uh4rhvvyrt57ty
in it, instead of the actual password, so if somebody manages to break
into the DB or snag the data from it somehow, they STILL don't have
anybody's password.
"&field1=".urlencode($_POST['field1'])."&field2=".urlencode($_POST['field2']);
> echo "<div class=\"blocoApresentacao\">
There are some lines missing here or something...
In addition to urlencoding() the data, you should also call
htmlentities on the whole URL before you dump it to the browser.
> <p>Wrong password, please try again.</p>
> </div>";
> exit;
> }
>
> print('Welcome ' . $name);
This print() statement is not inside an if(){ } block.
It's ALWAYS going to print.
> unset ($_SESSION['error']);
>
> $conn->Close();
>
> ?>
>
>
> <!-- end .titulo -->
> </div>
> <!-- end #secContent -->
> </div>
>
> <!-- end #Content e #picContent-->
> </div>
> </div>
>
> <div id="footer">
> <p id="copyright">Copyright©2006 Telbit -
> Tecnologias de Informação, Lda.</p>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
