hay clay letts start over
1st page where u ll take input into a from n post it ----------------------------------------------------- echo(" <form action=logn_p.php method=POST> <input type=text name=frm_login></input>"); echo(" password <input type=password name=frm_pw></input> <input type=submit value=login ></input> </form> "); ****** a simple form ! ! ! ! ****** -------------------------------------------- logn_p.php --------------- include"cnctdb.php"; // a file for ur connection to database with the connection query n all // get the variables passed from the form $flogin=$_POST['frm_login']; $fpw=$_POST['frm_pw']; // qry for gettin the login and password fields from db table $query = "SELECT role_id,fName, logn.memb_id FROM mbr_inf, logn WHERE logn.login = '$flogin' and logn.pw = '$fpw' and mbr_inf.memb_id = logn.memb_id "; $result = mysql_query ($query) or die ('qry failed ! DA tbl must xixt in DA db specifyd bov ....'); $rows = mysql_num_rows($result); if($rows>0) { // chk n disply fo membrz only ! ! ! ! $data = mysql_fetch_row($result); if ($data[0] == 0 && $flogin != "") // chk fo mbr { $name=$data[1]; // initiate a session session_start(); // register some session variables session_register("SESSION"); header("Location: /dir_path/mbrchk.php?flogin=" . $flogin. "&varble2=" .$varble2); exit(); } // endda membr chk ! ! ! ! else { // no lgn found header("Location: /dir_path/nologn.php"); exit(); } ------------------------------------------------------- mbrchk.php -------------- ****** now this is the file that actually displayz the material only a member has access to ****** // session check session_start(); if (!session_is_registered("SESSION")) { // if session check fails, invoke error handler header("Location: /sir/nolgn.php"); exit(); } $flogin=$_GET['flogin']; $name_qry = "select fName,lastName from mbr_inf where email='$flogin'"; $name_qry_result = mysql_query ($name_qry) or die ('qry failed ! DA tbl must xixt in DA db specifyd bov ....'); **** and after this u can fetch row or dsply what ever u want to ***** ------------------------------------------------------- hope this helps ..... good luck toby ...... --- Clay Culver <[EMAIL PROTECTED]> wrote: > Hi, > I am having a problem trying to set a cookie with > the > register_globals variable turned OFF. I have a > script that just checks a > password in a MySQL database through a form, if the > password is the same > in the db then the cookie is set and access is > allowed to any page that > has the other part of the code. Right now the > password is not being > validated, below is the code I am using. > > [html form] > <form method="post" action="validate.php"> > <h5>Enter Password</h5> > <p><input type="password" name="password" size="20" > /></p> > <input type="submit" value="Enter" /> > [/html form] > > [validate.php] > <?php > include("phpDB.php"); > include("db.php"); > $result = $db->execute("SELECT Password FROM > password WHERE > Location='members'"); > if (!strcasecmp($result->fields['Password'], > $password)) { > > setcookie ("access", "access", 0, "", "weburlhere", > 0); > > ?> > <html> > <head> > <title>Identification</title> > <!-- > <META HTTP-EQUIV="Expires" CONTENT="Fri, Jun 12 1981 > 08:20:00 GMT"> > <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> > <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache"> > --> > </head> > <body> > <div align="center"> > Password accepted > </div> > <?php > include("footer.htm"); > ?> > <?php } else { // bad password > ?> > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 > Transitional//EN" > "http://www.w3.org/tr/xhtml1/dtd/transitional.dtd"> > <?php print("<?xml version=\"1.0\" > encoding=\"iso-8859-1\"?>\n"); ?> > <html> > <head> > <title>Bad Password</title> > </head> > <body> > <div align="center"> > Bad Password > <?php > include("footer.htm"); > ?> > </div> > <?php }?> > </body> > </html> > [/validate.php] > [password.php this is what is included at the top of > the pages I wish to > protect] > <?php > if (isset ($access)) { > if (!strcasecmp("access", $access)) { > } > else { > header ("Location: http://url/breach.php"); // > Redirect > browser > exit; // Make sure that code below does not get > executed when we redirect. > } > } > else { > header ("Location: http://url/breach.php"); // > Redirect browser > exit; // Make sure that code below does not get > executed when we > redirect. > } > ?> > [/password.php] > > I have tried changing > if (!strcasecmp($result->fields['Password'], > $password)) { > > to > > if > (!strcasecmp($result->fields{$_POST['Password']}, > $password)) > { > > But when I do this you can just click on the submit > button and it will > say you are authenticated, and the cookie is not > set. When just > if (!strcasecmp($result->fields['Password'], > $password)) { is used the > cookie is not set thus not allowing access to the > pages protected by the > script. I hope I have explained this so everyone can > understand me. > > Clay > > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php