Yes, as they appear in the function; however, I don't have any PHP newline characters. Output to the browser is separated by a series of tabs and spaces, not line breaks. "Mikey" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Are those line breaks as they would appear in the function? I have always > thought it best not to split tags over line breaks... just a thought... > > Mikey > > > -----Original Message----- > > From: Brian Graham [mailto:[EMAIL PROTECTED]] > > Sent: 24 June 2002 20:01 > > To: [EMAIL PROTECTED] > > Subject: Re: [PHP-WIN] Get/Post and Security Issues > > > > > > Here it is. Please note that all of this output from a function; if you > > would like the PHP code that outputs this, please just ask. > > > > > > <form > > action=<?=$_SERVER["PHP_SELF"]?> > > method=post > > name="login" > > > > > <tr> > > <td> > > <center> > > <!-- .:Login Table - Name & Pass:. --!> > > <table> > > <tr> > > <td> > > <span class=text>Name: > > </td> > > <td> > > <input > > type=text > > size=10 > > name=usern > > > > > </td> > > </tr> > > <tr> > > <td> > > <span class=text>Pass: > > </td> > > <td> > > <input > > type=password > > size=10 > > name=userp > > > > > </td> > > </tr> > > <tr> > > <td colspan=2><center> > > <input > > type=submit > > value="Login" > > class="submit" > > name="login" > > onsubmit="document.login.login.disabled='true'" > > ></center> > > </td> > > </tr> > > </form> > > > > And there we are! > > > > "Mikey" <[EMAIL PROTECTED]> wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Can you send a copy of the HTML form that posts to your function? > > > > > > > -----Original Message----- > > > > From: Brian Graham [mailto:[EMAIL PROTECTED]] > > > > Sent: 24 June 2002 08:27 > > > > To: [EMAIL PROTECTED] > > > > Subject: [PHP-WIN] Get/Post and Security Issues > > > > > > > > > > > > Apache 1.3.26 > > > > PHP 4.2.1 > > > > > > > > When I enter username and password information onto a page, it > > > > uses Get and > > > > puts the session ID along with the username and the password into the > > URL, > > > > despite my saying "method=post" in the form attributes. > > > > > > > > This seems like it would be a common problem, but my research > > > > isn't bringing > > > > up anything even remotely about it. > > > > > > > > I've done very, very little tweaking to my php.ini and httpd.conf to > > give > > > > you an idea of what defaults are in place still. Here is the > > > > function code: > > > > > > > > function user_login() { > > > > global $usern; > > > > global $userp; > > > > global $feedback; > > > > global $loginswitch; > > > > if (!isSet($usern) && !isSet($userp)) > > > > return FALSE; > > > > if ($usern == '' or $userp == '') { > > > > $loginswitch = FALSE; > > > > $feedback = "Username and/or password is missing."; > > > > return FALSE; > > > > } > > > > $uname = strtolower($usern); > > > > $query = "SELECT user_name, user_pass, user_isconfirmed > > > > FROM user > > > > WHERE user_name = '$usern' > > > > AND user_pass = '$userp'"; > > > > $results = mysql_query($query) or die(mysql_error()); > > > > $row = mysql_fetch_row($results); > > > > if ($usern == $row[0] && $userp == $row[1]) { > > > > $_SESSION['loginswitch'] = TRUE; > > > > $_SESSION['username'] = $usern; > > > > $feedback = "You are now logged in."; > > > > return TRUE; > > > > } > > > > else { > > > > $_SESSION['loginswitch'] = FALSE; > > > > $feedback = "Username of password are incorrect."; > > > > return FALSE; > > > > } > > > > } > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > PHP Windows Mailing List (http://www.php.net/) > > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > PHP Windows Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > >
-- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
