PHP Log-In indirection new page with the ID -


just want make sure php login page submitted new page comes login id, example "welcome, xx", xx login username. should codes below (i use recapture here):

 <!doctype html>  <head>  <title>recaptcha log-in</title>  <script src='https://www.google.com/recaptcha/api.js'></script>  </head>     <body> <!-- body tag required or captcha may not show on browsers -->       <!-- html content -->   <body>    <fieldset style="border:2px groove; border-color:blue; padding:15px 30px 15px;margin-right:5px;width:350px;height:400px">       <form method="post" action="recaptcha.php">        <p><b>user name </b>  <input type="text" name="username1" size="20px" maxlength="15"></p> <p><b>password  </b> <input type="password" name="password1" size="20px" maxlength="15"></p>           <?php           require_once('recaptchalib.php');           $publickey = "6lfxlgctaaaaalnywpdcyekbh8acc9dw6xaczt-0"; // got signup page           echo recaptcha_get_html($publickey);         ?>         <br/>         <div align="left"> <input type="submit" name="submit1" value=login></div>         </form>        <!-- more of html content -->     </body>   </html>      <?php    session_start();  require_once("require_pro.php");  if($_server["request_method"]=="post") {       if(isset($_post['submit1'])){ require_once('recaptchalib.php');   $privatekey = "6lfxlgctaaaaacugkayxfmc__38dtbi5mzduhkx-";   $resp = recaptcha_check_answer ($privatekey,                                 $_server["remote_addr"],                                 $_post["recaptcha_challenge_field"],                                 $_post["recaptcha_response_field"]);     if ((!$resp->is_valid)&&(isset($_post['username1']))) {     // happens when captcha entered incorrectly     echo "<p>sorry, please enter right recaptcha code</p>";     $error = $resp->error;   } else {     $myusername=addslashes($_post['username1']);     $mypassword=addslashes($_post['password1']);    $sql=" select * user              username='$myusername' , password='$mypassword'";      $result=mysql_query($sql);     $count=mysql_num_rows($result);        if($count == 1)      {   $user1=$_post['username1'];         echo "login successfully";         header("location:welcome.php?=$user1");      } else if(!empty($_post['username1'])){         echo "<p><font color='black'>login information wrong, please try again</font></p>";     }   }   }       }     ?>  <welcome.php> :   <!doctype html>  <html>  <head>    </head>     <body> <!-- body tag required or captcha may not show on browsers -->       <!-- html content -->   <body>    <fieldset style="border:2px groove; border-color:blue; padding:15px 30px 15px;margin-right:5px;width:350px;height:400px">     <?php       echo" welcome !".??????      </body>   </html>

first, addslashes isn't right function preventing sql injection. see examples of sql injections through addslashes()?.

second, mysql_* functions deprecated , should not used in new code. see big red box @ http://php.net/mysql_query. use pdo parameterized queries (which sql injection).

third, need store in session know they're logged in , user they're logged in as. when user logs in, like:

$_session['username'] = $_post['username1'];

which allow use in subsequent pages.


Comments

Post a Comment

Popular posts from this blog

angularjs - ADAL JS Angular- WebAPI add a new role claim to the token -

i have created angular spa webapi backend using adal js authentication.as there no roles in ad, need manually add role claims in order give users access different api controllers. the roles stored in database. expecting inject claim through call webapi after authentication ad. webapi code might this. identity.addclaim(new claim("role", "user")); var ticket = new authenticationticket(identity, props); var accesstoken = startup.oauthbeareroptions.accesstokenformat.protect(ticket); is possible replace adal idtoken new token? is viable solution or there other better way handle this? as initial token generated azuread, possible edit token add new claim? appreciated. graph api supporting group claims. see here: http://justazure.com/azure-active-directory-part-4-group-claims/ if @ examples on page, users assigned groups , app can check group in claims. in current version of portal, need app manifest , modify it.
Read more

node.js - Using Node without global install -

i'm working on few node & electron (atom shell) projects , i'm curious how them work without user having install node globally. i've seen few applications including node directory in project contains node.exe binary. how go setting node project use binary? edit: thought should add, i've searched everywhere answer this, unrelated results.
Read more

php - CakePHP HttpSockets send array of paramms -

i problem when make request (i can request). $link = 'http://uri/path/?param1=1&sid=2&sid=3&sid=4' $http = $httpsocket = new httpsocket(); $res = $httpsocket->get($link); if check request pr($http); i see : [line] => /url/path/?param1=1&sid%5b0%5d=2&sid%5b1%5d=3&sid%5b2%5d=4 http/1.1 and i'm getting empty response because server doesn't know parameters sid%5b0%5d=2 when try send parameters array : $data = array('param1' => '1', 'sid' => array('2','3', '4')); i see same changes %5b0%5d - additional indexes. how fix it? unfortunately , can not change server side, if send request in browser, i'll normal response in json format. when make request, can parameters this: $param1 = $_get['param1']; $sid= $_get['sid']; tip: use diferente names parameters. have multiples sid. use sid1, sid2, sid3... update: can parameters this:
Read more