Lite frågor om php !!

forcevision · Post by **forcevision** » 2007-10-23 22:56:30

Hejsan !

På min första sida där man loggar in ser det ut som följande:

<?php
if (!isset($_POST['submit'])) {
echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="post">' . "\n";
echo "\t" . '&nbsp;Användarnamn:<br />' . "\n";
echo "\t" . '&nbsp;<input type="text" name="username" class="knapp"/><br />' . "\n";
echo "\t" . '&nbsp;Lösenord:<br />' . "\n";
echo "\t" . '&nbsp;<input type="password" name="password" class="knapp"/><p>' . "\n";
echo "\t" . '&nbsp;<input type="submit" name="submit" class="knapp" value="Access" /></p>' . "\n";
echo '</form>' . "\n";
} else {
    $conn = mysql_connect('localhost', 'användarnamn', 'lösen') or die(mysql_error());
    mysql_select_db('databas') or die(mysql_error());

    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string(sha1($_POST['password']));

    $query = mysql_query("SELECT uid, username, password FROM login WHERE username = '$username' AND password = '$password' LIMIT 1") or die(mysql_error());
    $count = mysql_num_rows($query);

    if (!$count)
        die('<p>Felaktigt användarnamn eller lösenord.</p>');

    $row = mysql_fetch_assoc($query);

    if ($username == $row['username'] && $password == $row['password']) {
        $_SESSION['sess_user'] = $username;
      echo "<script type='text/javascript'>location='login.php'</script>";
    } else
        die('<p>Felaktigt användarnamn eller lösenord.</p>');

    mysql_close($conn);
}
?>

När man skrivit in fel lösen eller användarnamn står det som ni ser i scripten Felaktigt användarnamn eller lösenord. men jag skulle vilja att scripten hänvisar till en annan sida hur skall jag skriva i koden istället då ?

Mvh Forcevision

Peter Wall · Post by **Peter Wall** » 2007-10-24 8:06:14

http://se2.php.net/manual/sv/function.header.php

Ramza · Post by **Ramza** » 2007-10-24 9:17:25

Jag tog mig friheten att förgylla din kod lite:

Code: Select all

<?php

if (!isset($_POST['submit']) || !isset($_POST['username']) || !isset($_POST['password'])) {
?>
   <form action="<?= $_SERVER['PHP_SELF'] ?>" method="post">
   &nbsp;Användarnamn:<br />
   &nbsp;<input type="text" name="username" class="knapp"/><br />
   &nbsp;Lösenord:<br />
   &nbsp;<input type="password" name="password" class="knapp"/><br /><br/>
   &nbsp;<input type="submit" name="submit" class="knapp" value="Access" /><br />>
</form>
<?
} else {
   $conn = mysql_connect('localhost', 'användarnamn', 'lösen') or die(mysql_error());
   mysql_select_db('databas') or die(mysql_error());

   $username = mysql_real_escape_string($_POST['username']);
   $password = mysql_real_escape_string(sha1($_POST['password']));

   $query = mysql_query("SELECT uid, username, password FROM login WHERE username = '$username' AND password = '$password' LIMIT 1") or die(mysql_error());
   // Redirect user to 'wrong username/password' page 
   if ($query === false)
   {
      $errorPage = "/errorLogin.php?reason=badauth";
      Header("Location: $errorPage");
   }
   // Correct username and password 
   $row = mysql_fetch_assoc($query);

   // This line is useless. Already checked by SQL once before (line 19) 
   //if ($username == $row['username'] && $password == $row['password']) {
   //}

   // Clean up resources 
   mysql_close($conn);
   // User is logged in - store in session
   session_start();
   // Go ahead and store uid, makes it faster to extract user details
   $_SESSION['sess_uid'] = $row['uid'];
   $_SESSION['sess_user'] = $row['username'];
   $redirect = "/welcome.php";
   Header("Location: $redirect");
}
?>

Det essentiella i det jag gjorde var att effektivisera din hanting av databasobjekten litegrann. Jag stoppade även in header-anropen som du letade efter.