Yahoo Answers is shutting down on May 4th, 2021 (Eastern Time) and beginning April 20th, 2021 (Eastern Time) the Yahoo Answers website will be in read-only mode. There will be no changes to other Yahoo properties or services, or your Yahoo account. You can find more information about the Yahoo Answers shutdown and how to download your data on this help page.

Trending News

Promoted
ahmedeleven
ahmedeleven asked in Computers & InternetProgramming & Design · 1 decade ago

problem in session (PHP) :(?

im beginner in PHP ... and i have problem with my first script using sessions and here is the code :

1st page :

<?

//page.php

session_start();

?>

<html>

<head></head>

<body>

<form name="form1" method="post" action="page2.php">

User Name <input type="text" name="userName"/><br>

Password <input type="password" name="pass"/><br>

<input type="submit" value="eb3at"/>

</form>

<?

$User=$_GET['userName'];

$pass=$_GET['pass'];

$conn=mysql_connect("localhost","root","***********");

$db=mysql_select_db("fake",$conn);

$query="select * from privacy where user='$User' and pass='$pass'";

$result=mysql_query($query);

$num=mysql_num_rows($result);

if($num==1)

{

$_SESSION['auth']="yes";

$_SESSION['user']=$User;

header("Location: page2.php");

}

?>

</body>

</html>

2nd page :

<?

//page2.php

session_start();

if($_SESSION['auth']!=yes)

{

include("page.php");

echo " invalid user and pass " ;

}

else

{

echo " welcome";

}

?>

wats wrong with this code ???!!! .. :(:(

Update:

@ colnic : thnxxx .. i will use $_POST .... but i really dont know wats wrong with the code? ... i compared it to another scripts and i havent found the error yet :S

3 Answers

Relevance
  • bustin98
    Lv 4
    1 decade ago
    Favorite Answer

    Here's some help, but seriously look into security concerns.

    <?

    session_start();

    //page.php

    if((isset($_POST['act'])) && ($_POST['act'] == 'login')){

    $User = $_POST['userName'];

    $pass = $_POST['pass'];

    $conn=mysql_connect("localhost","root"...

    $db=mysql_select_db("fake",$conn);

    $query="SELECT * FROM privacy WHERE user = '".$User."' AND pass = '".$pass."' LIMIT 1";

    $result=mysql_query($query);

    $num=mysql_num_rows($result);

    if($num==1){

    $_SESSION['auth']="yes";

    $_SESSION['user']=$User;

    header("Location: page2.php");

    }else{

    $_GET['auth'] == 'no';

    }

    }

    ?>

    <html>

    <head>

    <title></title>

    </head>

    <body>

    <?php

    if((isset($_GET['auth'])) && ($_GET['auth'] == 'no')){

    echo '<p>Invalid username and/or password</p>';

    }

    ?>

    <form name="form1" method="post" action="page.php">

    User Name <input type="text" name="userName" />< br />

    Password <input type="password" name="pass" />< br />

    <input type="submit" value="eb3at" />

    <input type="hidden" name="act" value="login" />

    </form>

    </body>

    </html>

    2nd page :

    <?

    session_start();

    //page2.php

    if((isset($_SESSION['auth'])) && ($_SESSION['auth'] == 'yes')){

    echo " welcome";

    }else{

    header("Location: page.php?auth=no");

    }

    ?>

  • Anonymous
    1 decade ago

    More important than session problems, you must NEVER use a GET to pass user names and passwords, as this makes the password visible on the address bar. You will make your site wide open to attack. It will also seriously upset any web hosting company. Learn a bit more about security before you even try to set up a logon system.

  • Anonymous
    1 decade ago

    take out the comment before session

    and make sure your sessionstart in on line 1 of your code

Still have questions? Get your answers by asking now.