Hi,
I am having a problem trying to set a cookie with the
register_globals variable turned OFF. I have a script that just checks a
password in a MySQL database through a form, if the password is the same
in the db then the cookie is set and access is allowed to any page that
has the other part of the code. Right now the password is not being
validated, below is the code I am using.
[html form]
<form method="post" action="validate.php">
<h5>Enter Password</h5>
<p><input type="password" name="password" size="20" /></p>
<input type="submit" value="Enter" />
[/html form]
[validate.php]
<?php
include("phpDB.php");
include("db.php");
$result = $db->execute("SELECT Password FROM password WHERE
Location='members'");
if (!strcasecmp($result->fields['Password'], $password)) {
setcookie ("access", "access", 0, "", "weburlhere", 0);
?>
<html>
<head>
<title>Identification</title>
<!--
<META HTTP-EQUIV="Expires" CONTENT="Fri, Jun 12 1981 08:20:00 GMT">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
-->
</head>
<body>
<div align="center">
Password accepted
</div>
<?php
include("footer.htm");
?>
<?php } else { // bad password
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/tr/xhtml1/dtd/transitional.dtd";>
<?php print("<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n"); ?>
<html>
<head>
<title>Bad Password</title>
</head>
<body>
<div align="center">
Bad Password
<?php
include("footer.htm");
?>
</div>
<?php }?>
</body>
</html>
[/validate.php]
[password.php this is what is included at the top of the pages I wish to
protect]
<?php
if (isset ($access)) {
if (!strcasecmp("access", $access)) {
}
else {
header ("Location: http://url/breach.php";); // Redirect
browser
exit; // Make sure that code below does not get
executed when we redirect.
}
}
else {
header ("Location: http://url/breach.php";); // Redirect browser
exit; // Make sure that code below does not get executed when we
redirect.
}
?>
[/password.php]
I have tried changing
if (!strcasecmp($result->fields['Password'], $password)) {
to
if (!strcasecmp($result->fields{$_POST['Password']}, $password))
{
But when I do this you can just click on the submit button and it will
say you are authenticated, and the cookie is not set. When just
if (!strcasecmp($result->fields['Password'], $password)) { is used the
cookie is not set thus not allowing access to the pages protected by the
script. I hope I have explained this so everyone can understand me.
Clay
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
