Here it is. Please note that all of this output from a function; if you
would like the PHP code that outputs this, please just ask.
<form
action=<?=$_SERVER["PHP_SELF"]?>
method=post
name="login"
>
<tr>
<td>
<center>
<!-- .:Login Table - Name & Pass:. --!>
<table>
<tr>
<td>
<span class=text>Name:
</td>
<td>
<input
type=text
size=10
name=usern
>
</td>
</tr>
<tr>
<td>
<span class=text>Pass:
</td>
<td>
<input
type=password
size=10
name=userp
>
</td>
</tr>
<tr>
<td colspan=2><center>
<input
type=submit
value="Login"
class="submit"
name="login"
onsubmit="document.login.login.disabled='true'"
></center>
</td>
</tr>
</form>
And there we are!
"Mikey" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Can you send a copy of the HTML form that posts to your function?
>
> > -----Original Message-----
> > From: Brian Graham [mailto:[EMAIL PROTECTED]]
> > Sent: 24 June 2002 08:27
> > To: [EMAIL PROTECTED]
> > Subject: [PHP-WIN] Get/Post and Security Issues
> >
> >
> > Apache 1.3.26
> > PHP 4.2.1
> >
> > When I enter username and password information onto a page, it
> > uses Get and
> > puts the session ID along with the username and the password into the
URL,
> > despite my saying "method=post" in the form attributes.
> >
> > This seems like it would be a common problem, but my research
> > isn't bringing
> > up anything even remotely about it.
> >
> > I've done very, very little tweaking to my php.ini and httpd.conf to
give
> > you an idea of what defaults are in place still. Here is the
> > function code:
> >
> > function user_login() {
> > global $usern;
> > global $userp;
> > global $feedback;
> > global $loginswitch;
> > if (!isSet($usern) && !isSet($userp))
> > return FALSE;
> > if ($usern == '' or $userp == '') {
> > $loginswitch = FALSE;
> > $feedback = "Username and/or password is missing.";
> > return FALSE;
> > }
> > $uname = strtolower($usern);
> > $query = "SELECT user_name, user_pass, user_isconfirmed
> > FROM user
> > WHERE user_name = '$usern'
> > AND user_pass = '$userp'";
> > $results = mysql_query($query) or die(mysql_error());
> > $row = mysql_fetch_row($results);
> > if ($usern == $row[0] && $userp == $row[1]) {
> > $_SESSION['loginswitch'] = TRUE;
> > $_SESSION['username'] = $usern;
> > $feedback = "You are now logged in.";
> > return TRUE;
> > }
> > else {
> > $_SESSION['loginswitch'] = FALSE;
> > $feedback = "Username of password are incorrect.";
> > return FALSE;
> > }
> > }
> >
> >
> >
> >
> >
> >
> >
> > --
> > PHP Windows Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> >
>
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
