neo Posted March 8, 2004 Report Share Posted March 8, 2004 (edited) Taatad no formas kas atrodas failaa page1.php nosuutaas uz scenaariju page2.php divi mainiigie: $username un $password. page1.php session_start(); echo 'Ieraksti username un paroli <br /><form action="page2.php" method="post"> <input type="text" name="username" /> <input type="password" name="password" /> <input type="submit" /> </form>'; page2.php session_start(); include("db.php"); $result = mysql_query("SELECT * FROM users WHERE username='$username'"); while($row = mysql_fetch_array($result)){ if ($_POST['username'] == $row["username"] && $_POST['password'] == $row["password"] ) { $_SESSION['auth'] = true; header("Location: page3.php"); } else{ $_SESSION['auth'] = false; header("Location: page1.php"); } } Tad kad tiek saliidzinaati username un paasword, un ja tie sakriit, tad veiskmiigi var tikt lapaa page3.php . Probleema saakas tad ja neko neievada, vai ievada nepareizi. Tad paraadaas vinkaarshi tuksha page2.php lapa. It kaa es uzrakstiiju else{ $_SESSION['auth'] = false; header("Location: page1.php"); } bet tas neko nedod. Ceru ka izteicos sakariigi. Edited March 8, 2004 by neo Link to comment Share on other sites More sharing options...
рпр Posted March 8, 2004 Report Share Posted March 8, 2004 labaak uzreiz taisiiit selektu $result = mysql_query("SELECT * FROM users WHERE username='$username' and password='$password'"); bez tam glabaat paswordus plaintextaa nav iipashi droshi, labaak criptee tos ar md5(). biezji vien iesaka pat md5 izmantot dubultiigi. par sesiju droshiibu atkal atsevishkjs staasts. Link to comment Share on other sites More sharing options...
hu_ha Posted March 8, 2004 Report Share Posted March 8, 2004 nu ir dazhas neskaidriibas: vispirms jau dati tev dotajaa piemeeraa posteejas uz page4.php (pienjemu, ka tur nav kljuuda) tad ieliec saakumaa: error_reporting(E_ALL); lai redzeetu vai ir kaadas kljuudas paskaties vai shiten: $row["username"] nevajag paarveidot par $row['username'] taa kaa kodu nepaarbaudu kaut kur rakstot (tik uz aci) tad paarbaudi vai mainiigajos ir tie dati, kurus tu sagaidi ar print_r(); funkciju pasties vai headeri netiek aizsuutiiti pirms laika... etc Link to comment Share on other sites More sharing options...
neo Posted March 8, 2004 Author Report Share Posted March 8, 2004 (edited) Tur bija drukas kluuda. Tagat nomainiiju. Izmeeginaaju visus varinatus, pagaidaam bez rezultaatiem. Ir veel kas. Ja ieraksta pareizi lietotaaja vaardu un nepareizu paroli, tad nostraadaa viss kaa naakas, t.i. atmet atpakal uz formu. Bet ja neieraksta neko vai abus nepareizi tad paraadaas vienkaarshi balta lapa. Mainiigajos nosuutaas visi dati kaa naakas. Edited March 8, 2004 by neo Link to comment Share on other sites More sharing options...
neo Posted March 8, 2004 Author Report Share Posted March 8, 2004 (edited) Starp citu, ja neizmanto datubaazi t.i. lapa2.php session_start(); if ($_POST['username'] == 'janis' && $_POST['password'] == 'parole' ) { $_SESSION['auth'] = true; header("Location: page3.php"); } else{ $_SESSION['auth'] = false; header("Location: page1.php"); } tad viss straadaa korekti. Edited March 8, 2004 by neo Link to comment Share on other sites More sharing options...
Aleksejs Posted March 8, 2004 Report Share Posted March 8, 2004 Tad tu raksti ar register globals on vai ar register globals off???? :o šī rindiņa man rādās ar on: $result = mysql_query("SELECT * FROM users WHERE username='$username'") bet šī ar off if ($_POST['username'] == $row["username"] && $_POST['password'] == $row["password"] ) { Varbūt tani pirmajā tomēr arī ieraksti $_POST['username']... Link to comment Share on other sites More sharing options...
hu_ha Posted March 8, 2004 Report Share Posted March 8, 2004 nu tad uzliec paarbaudi, ka ievadiitajam vaardam jaabuut vismaz vienam simbolam: if ($_POST['username'] == $row['username'] && $_POST['password'] == $row['password'] && strlen($_POST['username']>0)) { ... iesaku uzlikt kaut kaaadas izvades, lai tu redzi, kaapeec paliek balta lapa. uzliec katram zaram kaut kaadu echo "te iet"; echo "nav paroles"; kaut ko taadu. tiesa gan tavaa varianataa jaaskataas lai neizvadi pirms tiek suutiits header. un jaa Alekseja ieteikums arii ir veeraa njemams (nemaz nepamaniiju). tur tieshaam prasaas peec: $username=$_POST['username']; Link to comment Share on other sites More sharing options...
Vistu Zaglis Posted March 8, 2004 Report Share Posted March 8, 2004 Uz strlen() ir jāčeko noteikti šajā gadījumā, jo tukšs username un tukšs pswd pret MySql novalidēsies tā, ka redzēt nav ko! Šito piefiksēju ar zinātniskās bakstīšanas metodi un tāda nu tā lieta ir! Link to comment Share on other sites More sharing options...
Vistu Zaglis Posted March 8, 2004 Report Share Posted March 8, 2004 P.S. Droši zini, ka te nekas nav izlaists? "...$result = mysql_query("SELECT * FROM users WHERE username='$username'"); while($row = mysql_fetch_array($result)){..." Link to comment Share on other sites More sharing options...
Chickenz Posted March 9, 2004 Report Share Posted March 9, 2004 Eu a tev neliekas ka shamais topics ir iemaldiijies nepareizajaa sadaljaa Link to comment Share on other sites More sharing options...
neo Posted March 9, 2004 Author Report Share Posted March 9, 2004 (edited) tnx visiem. Atradu risinaajumu. Edited March 9, 2004 by neo Link to comment Share on other sites More sharing options...
stencilz Posted December 22, 2006 Report Share Posted December 22, 2006 tad varbūt varētu uzrakstīt kāds ir risinājums? Link to comment Share on other sites More sharing options...
Jancis Posted February 7, 2008 Report Share Posted February 7, 2008 jūtu kā briest potenciāls SQL injicējams ielogošanās skripts :D Link to comment Share on other sites More sharing options...
Aleksejs Posted February 7, 2008 Report Share Posted February 7, 2008 Domāju, ka pa šo laiku jau būs uztapis, un paspējis nobeigties... Link to comment Share on other sites More sharing options...
Recommended Posts