Building A Login System
Asked Modified Viewed 785 times
asked
Can someone please tell me why this doesn't seem to work right? I can't get my scripts to honor SESSION variables. I'm running 9.03.110 and my scripts are running Bootstrap 4.
This is from my login script.
And this is from my register script.
This is from my login script.
Code Download source
$username = stripinput($_POST['username']);
$pass = stripinput($_POST['password']);
$result = dbquery("SELECT * FROM ".DB_MY_TABLE." WHERE active='1' AND username='$username'");
while($data = dbarray($result)) {
$username = $data['username'];
$_SESSION['user'] = $username;
$password = $data['password'];
if(password_verify($pass, $password)) {
$_SESSION['valid'] === true;
}
}
}
redirect(BASEDIR."my_dir/my_file.php");
}And this is from my register script.
Code Download source
if(isset($_POST['username']) && !empty($_POST['email']) && !empty($_POST['password'])) {
$username = stripinput($_POST['username']);
$email = stripinput($_POST['email']);
$password = stripinput($_POST['password']);
$hash = password_hash($password, PASSWORD_DEFAULT);
$reg_time = date("Y-m-d");
$active = 1;
$result = dbquery("INSERT INTO ".DB_MY_TABLE." (acct_id, username, email, password, reg_time, active) VALUES ('', '$username', '$email', '$hash', '$reg_time', '$active')");
$_SESSION['valid'] === false;
}
redirect(BASEDIR."my_dir/login.php");
}Edited by Grimloch on 16-03-2021 20:33,
douwe_yntema
douwe_yntema 33
- Senior Member, joined since
- Contributed 667 posts on the community forums.
- Started 57 threads in the forums
- Answered 1 question
Two things I See:
1 - In the register script you are inserting the acct_id field, which I believe is Autoincrement? Don do this.
2 - Not use stripinputs for password, unless you are using Welcome01 as password. I can tell you having problems with complex passwords i.c. stripinput.
1 - In the register script you are inserting the acct_id field, which I believe is Autoincrement? Don do this.
2 - Not use stripinputs for password, unless you are using Welcome01 as password. I can tell you having problems with complex passwords i.c. stripinput.
answered
Thanks for your input douwe.
#1 it's OK to use the increment field as long as you show a null for the it's value but I can change that. But the register script works fine, the user info is inserted in the table that's not my problem.
#2 you're right using stripinput is not a good idea; easily changeable.
What I am trying to find out is if I'm doing the session variables correctly because it doesn't work right. If I stop a script mid-point with a print session and then exit, it shows nothing for the session variables.
#1 it's OK to use the increment field as long as you show a null for the it's value but I can change that. But the register script works fine, the user info is inserted in the table that's not my problem.
#2 you're right using stripinput is not a good idea; easily changeable.
What I am trying to find out is if I'm doing the session variables correctly because it doesn't work right. If I stop a script mid-point with a print session and then exit, it shows nothing for the session variables.
douwe_yntema
douwe_yntema 33
- Senior Member, joined since
- Contributed 667 posts on the community forums.
- Started 57 threads in the forums
- Answered 1 question
And of course you called a session_start() before?
answered
Of course! Every script/page that uses a session variable.
Category Forum
Modifications and Requests - 9Labels
Statistics
- Views 0 views
- Posts 4 posts
- Votes 0 votes
- Topic users 2 members
2 participants
Grimloch 31
Energy can neither be created nor destroyed; only transformed !
- Senior Member, joined since
- Contributed 722 posts on the community forums.
- Started 141 threads in the forums
- Started this discussions
- Answered 2 questions
douwe_yntema 33
- Senior Member, joined since
- Contributed 667 posts on the community forums.
- Started 57 threads in the forums
- Answered 1 question
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions