That way people can type in www.yoursite.com/loggedin.php and
bypass the Authentication completely. Great! =P
Sheridan Saint-Michel
Website Administrator
FoxJet, an ITW Company
www.foxjet.com
----- Original Message -----
From: Chris Fry <[EMAIL PROTECTED]>
To: Steve Wright <[EMAIL PROTECTED]>
Cc: PHP List <[EMAIL PROTECTED]>
Sent: Wednesday, August 01, 2001 5:07 AM
Subject: Re: [PHP] How can i make it so....
> Steve,
>
> If you move your validation code to the top of the script you can use the
>
> header ("Location: loggedin.php");
> exit;
>
> to go to the next page if the user is validated
>
> Chris
>
> Steve Wright wrote:
>
> > Hi,
> >
> > I have modified an authentication script to my own liking, but being
new, don't know how to go about my next stage.
> >
> > Once the user has inserted the UN, and PW, it is campared against the
MySQL database, nowm what i want to do is get rid of the login form which
still appears, and is very annoying. I can't seem to see anything on this
particular subject, but if their is any, can u point me in the right
direction.
> >
> > It can be viewed at: http://www.stevewrightonline.co.uk/auth/auth.php
> > UN: guest
> > PW: guest
> >
> > Here's the code:
> > <P>
> > <FORM ACTION="<? echo "$PHP_SELF"; ?>" METHOD="POST">
> > <P>UserName:<br>
> > <input type="text" name="PHP_AUTH_USER" size=15>
> > </p>
> >
> > <P>Password:<br>
> > <input type="password" name="PHP_AUTH_PW" size=15>
> > </p>
> >
> > <input type="submit" value="Log In">
> > </form>
> > </P>
> >
> > <?php
> >
> > $auth = false; // user is not authenticated yet
> >
> > if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {
> >
> > // Connect the MySQL Database
> >
> > mysql_connect( **************.net', '**********', '***********' )
> > or die ( 'Unable to connect to server.' );
> >
> > // Select database on MySQL server
> >
> > mysql_select_db( 'Demonstration' )
> > or die ( 'Unable to select database.' );
> >
> > // the query
> >
> > $sql = "SELECT * FROM users WHERE UserName = '$PHP_AUTH_USER' AND
Password = '$PHP_AUTH_PW'";
> >
> > // Execute query and put results in $result
> >
> > $result = mysql_query( $sql )
> > or die ( 'Unable to execute query.' );
> >
> > // Get number of rows in $result.
> >
> > $num = mysql_numrows( $result );
> >
> > if ( $num != 0 ) {
> >
> > // matching row was found - user authenticated.
> >
> > $auth = true;
> >
> > }
> >
> > }
> >
> > if ( ! $auth ) {
> >
> > echo 'Sign In Required.';
> > exit;
> >
> > } else {
> >
> > echo '<p>You are Signed In!</p>';
> > }
> >
> > ?>
>
> --
>
> Chris Fry
> Quillsoft Pty Ltd
> Specialists in Secure Internet Services and E-Commerce Solutions
> 10 Gray Street
> Kogarah
> NSW 2217
> Australia
>
> Phone: +61 2 9553 1691
> Fax: +61 2 9553 1692
> Mobile: 0419 414 323
> eMail: [EMAIL PROTECTED]
> http://www.quillsoft.com.au
>
> You can download our Public CA Certificate from:-
> https://ca.secureanywhere.com/htdocs/cacert.crt
>
> **********************************************************************
>
> This information contains confidential information intended only for
> the use of the authorised recipient. If you are not an authorised
> recipient of this e-mail, please contact Quillsoft Pty Ltd by return
> e-mail.
> In this case, you should not read, print, re-transmit, store or act
> in reliance on this e-mail or any attachments, and should destroy all
> copies of them.
> This e-mail and any attachments may also contain copyright material
> belonging to Quillsoft Pty Ltd.
> The views expressed in this e-mail or attachments are the views of
> the author and not the views of Quillsoft Pty Ltd.
> You should only deal with the material contained in this e-mail if
> you are authorised to do so.
>
> This notice should not be removed.
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
