/*
I set the login name and password and session variables such as ... If they are not saved from the next page, a session state variable is not good for everyone, it will be. Because it will return "fake" and redirect to the login page?
*/
The code is as follows |
Copy Code |
Ob_clean (); Ob_start (); SET COOKIE DIRECTORY if (Isset ($_server[' http_host ')) { if (Strpos ($_server[' http_host '], ': ')!=-1) { $domain = substr ($_server[' http_host '), 0, Strpos ($_server[' http_host '], ': ')); } else{ $domain = $_server[' http_host ']; } $domain = Preg_replace (' ^www. ', ', ', $domain); Per RFC 2109, cookies domains must contain at least one dot other than the First. For hosts such as ' localhost ', we don t set a cookie domain. If Count (Explode ('. ', $domain)) > 2) { Ini_set (' Session.cookie_domain ', $domain); } } End SET COOKIE DIRECTORY Start session Session_Start ();
Include Database Connection Details Require_once (' config.php ');
ERROR REPORTING ... COMMENT out when going live! ///////////////////////////////// echo ini_get (' display_errors '); if (!ini_get (' display_errors ')) { Ini_set (' display_errors ', 1); //} echo ini_get (' display_errors '); End of ERROR REPORTING/////////////////////////////////
Domain Info used to header redirects $host = $_server[' http_host ']; $uri = RTrim (dirname ($_server[' php_self ')), '/\ ');
Array to store validation errors $errmsg _arr = Array ();
Validation Error Flag $errflag = false;
Connect to MySQL tutorial server $link = mysql_connect (Db_host, Db_user, Db_password); if (! $link) { Die (' Failed to connect to server: '. mysql_error ()); }
Select Database $db = mysql_select_db (db_database); if (! $db) { Die ("Unable to select database"); }
Function to sanitize values received from the form. Prevents SQL injection function Clean ($STR) { $str = @trim ($STR); if (GET_MAGIC_QUOTES_GPC ()) { $str = Strips Tutorial Lashes ($STR); } Return mysql_real_escape_string ($STR); }
Sanitize the POST values $login = Clean ($_post[' login ')); $password = Clean ($_post[' password ']);
Input validations if ($login = = ") { $errmsg _arr[] = ' Login ID missing '; $errflag = true; } if ($password = = ") { $errmsg _arr[] = ' Password missing '; $errflag = true; }
If There are input validations, redirect back to the login form if ($errflag) { $_session[' Errmsg_arr ' = $errmsg _arr; Session_write_close ();
echo "<meta http-equiv=refresh content=1;url= ' login-form.php ' >"; $extra 1 = ' login-form.php '; Header ("location:http://$host $uri/$extra 1"); Exit }
Create Query $qry = "SELECT * FROM members WHERE login= ' $login ' and passwd= '". MD5 ($password). "'"; $result =mysql_query ($qry);
Check whether the query is successful or not if ($result) { if (mysql_num_rows ($result) = = 1) { Login Successful
This line appears to cause IE7 SOME PROBLEMS!!!!!!! ////////////////////////////////////////// SESSION_REGENERATE_ID (TRUE); This line appears to cause IE7 SOME PROBLEMS!!!!!!! ////////////////////////////////////////// $member = Mysql_fetch_assoc ($result); $_session[' sess_member_id ' = $member [' member_id ']; $_session[' sess_first_name ' = $member [' FirstName ']; $_session[' sess_last_name ' = $member [' LastName ']; $_session[' sess_address ' = $member [' Address ']; $_session[' sess_city ' = $member [' City ']; $_session[' sess_state ' = $member [' state ']; $_session[' sess_login ' = $member [' LOGIN ']; $_session[' sess_captain ' = $member [' Captain ']; $_session[' sess_team ' = $member [' Team_name ']; $_session[' sess_manual_team ' = $member [' Manual_team '];
Session_write_close ();
echo "<meta http-equiv=refresh content=1;url= ' member-index.php ' >";
$extra 2 = ' member-index.php '; Header ("location:http://$host $uri/$extra 2"); Exit
}else { Login failed
echo "<meta http-equiv=refresh content=1;url= ' login-failed.php ' >";
$extra 3 = ' login-failed.php '; Header ("location:http://$host $uri/$extra 3"); Exit } }else { Die ("Query failed"); } |
Method Two
The code is as follows |
Copy Code |
if ( Isset ($_server[' http_host ')) { if (Strpos ($_server[' http_host '], ': ')!=-1) { $domain = substr ($_server[' http_host '), 0, Strpos ($_server[' http_host '], ': ')); } else{ $domain = $_server[' http_host ']; } $domain = preg_replace (' ^www. ', ', $domain); //per RFC 2109, cookies domains must contain at least one dot other than the //. For hosts such as ' localhost ', we don t set a cookie domain. if (count (Explode ('. ', $domain)) > 2) { ini_set (' Session.cookie_domain ', $domain); } } |