Richard Lynch wrote:
And using a re-direct instead of an include is a shocking waste of
HTTP resources imho, but that may not matter if traffic is low.
I generally redirect there because on occasion the login process does
stuff like clear out potentially pre-existing session data from another
On Fri, February 2, 2007 7:05 am, Jürgen Wind wrote:
>> // Set up the session here, or however you're tracking the
>> // current customer/user/whatever
>>
>> header('Location: /somewhere_else');
>> ?>
>>
>> Hope that helps.
>>
>> -Stut
>>
>>
> be aware that you need a session_write_close(); before
If you are splicing $_POST directly into your SQL, you are DEFINITELY
doing it wrong, but not in the way that you think.
Start reading here:
http://phpsec.org
On Fri, February 2, 2007 6:10 am, Dave Carrera wrote:
> Hi Stut,
>
> I think i have found where i am going wrong.
>
> Its in the com
On Fri, February 2, 2007 5:33 am, Satyam wrote:
> In login scripts you usually don't tell which part of the login is
> wrong,
> otherwise, you are hinting at what is right. Once the customer is
> logged
> in, you are right to be as helpful as possible, but until the customer
> proves who he/she is
On Fri, February 2, 2007 5:19 am, Dave Carrera wrote:
> Having a grey brain moment here and need some advise on the logic of
> this, should be simple, login script.
>
> I am checking validity of
>
> customer number
> customer email
> customer password (md5 in mysql)
>
> So i have my form with relev
Stut wrote:
>
>
>
> I'm not totally clear what the question was in there. Personally I keep
> this simple...
>
> $_POST['number'] =
> (isset($_POST['number']) ? trim($_POST['number']) : '');
> $_POST['email'] =
> (isset($_POST['email']) ? trim($_POST['email']) : '');
>
>
On p, 2007-02-02 at 12:10 +, Dave Carrera wrote:
> Hi Stut,
>
> I think i have found where i am going wrong.
>
> Its in the comparison login for the db result.
>
> So i select * from jfjfjfjf where custno=$_POST[number]
>
> But now i am getting messed up with if cust no not found then a
Hi Stut,
I think i have found where i am going wrong.
Its in the comparison login for the db result.
So i select * from jfjfjfjf where custno=$_POST[number]
But now i am getting messed up with if cust no not found then all i get
is a blank page but hoping for an error
And i dont think i
Dave Carrera wrote:
Hi All,
Having a grey brain moment here and need some advise on the logic of
this, should be simple, login script.
I am checking validity of
customer number
customer email
customer password (md5 in mysql)
So i have my form with relevant fields
Now i am getting problems
- Original Message -
From: "Dave Carrera" <[EMAIL PROTECTED]>
Hi All,
Having a grey brain moment here and need some advise on the logic of this,
should be simple, login script.
I am checking validity of
customer number
customer email
customer password (md5 in mysql)
So i have my for
Hi All,
Having a grey brain moment here and need some advise on the logic of
this, should be simple, login script.
I am checking validity of
customer number
customer email
customer password (md5 in mysql)
So i have my form with relevant fields
Now i am getting problems with either sql or ho
11 matches
Mail list logo
