Vraag over Simpel login systeem.
Ik heb een simpel login systeem gedownload.
Alleen werkt hij niet helemaal goed.
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
<?php
//Include database connection details
require_once('config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$fname = clean($_POST['fname']);
$lname = clean($_POST['lname']);
$login = clean($_POST['login']);
$password = clean($_POST['password']);
$cpassword = clean($_POST['cpassword']);
//Input Validations
if($fname == '') {
$errmsg_arr[] = 'First name missing';
$errflag = true;
}
if($lname == '') {
$errmsg_arr[] = 'Last name missing';
$errflag = true;
}
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
if($cpassword == '') {
$errmsg_arr[] = 'Confirm password missing';
$errflag = true;
}
if( strcmp($password, $cpassword) != 0 ) {
$errmsg_arr[] = 'Passwords do not match';
$errflag = true;
}
//Check for duplicate login ID
if($login != '') {
$qry = "SELECT * FROM members WHERE login='$login'";
$result = mysql_query($qry);
if($result) {
if(mysql_num_rows($result) > 0) {
$errmsg_arr[] = 'Login ID already in use';
$errflag = true;
}
@mysql_free_result($result);
}
else {
die("Query failed");
}
}
//If there are input validations, redirect back to the registration form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
("location: index.php?page=register-form");
exit();
}
//Create INSERT query
$qry = "INSERT INTO members(firstname, lastname, login, passwd) VALUES('$fname','$lname','$login','".md5($_POST['password'])."')";
$result = @mysql_query($qry);
//Check whether the query was successful or not
if($result) {
header("location: register-success.php");
exit();
}else {
die("Query failed");
}
?>
//Include database connection details
require_once('config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$fname = clean($_POST['fname']);
$lname = clean($_POST['lname']);
$login = clean($_POST['login']);
$password = clean($_POST['password']);
$cpassword = clean($_POST['cpassword']);
//Input Validations
if($fname == '') {
$errmsg_arr[] = 'First name missing';
$errflag = true;
}
if($lname == '') {
$errmsg_arr[] = 'Last name missing';
$errflag = true;
}
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
if($cpassword == '') {
$errmsg_arr[] = 'Confirm password missing';
$errflag = true;
}
if( strcmp($password, $cpassword) != 0 ) {
$errmsg_arr[] = 'Passwords do not match';
$errflag = true;
}
//Check for duplicate login ID
if($login != '') {
$qry = "SELECT * FROM members WHERE login='$login'";
$result = mysql_query($qry);
if($result) {
if(mysql_num_rows($result) > 0) {
$errmsg_arr[] = 'Login ID already in use';
$errflag = true;
}
@mysql_free_result($result);
}
else {
die("Query failed");
}
}
//If there are input validations, redirect back to the registration form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
("location: index.php?page=register-form");
exit();
}
//Create INSERT query
$qry = "INSERT INTO members(firstname, lastname, login, passwd) VALUES('$fname','$lname','$login','".md5($_POST['password'])."')";
$result = @mysql_query($qry);
//Check whether the query was successful or not
if($result) {
header("location: register-success.php");
exit();
}else {
die("Query failed");
}
?>
Hij geeft aan: Headers already sent.
Het zit hem in de location:
Kan ik dat veranderen?
Mvg, Kevin
Je hebt dit tussen je body tags staan gok ik? Zet het eens boven alles inclusief <html>
Verder moet je nooit die() voor foutafhandeling gebruiken...
Dus ik heb 1 index.php en elke pagina include ik met index.php?page=register-form
Hoe doe ik dat dan?
door dit appart op te slaan en dan boven de output te includen.
Hoe bedoel je?
Hoe groot is PHP include script? post hem anders hier even als hij niet te groot is.
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
<?php
/****** INSTELLINGEN ******/
$path = ''; // zet een slash achter de naam van de map
$default_page = 'home'; // zonder extensie
$page = isset( $_GET['page'] ) ? $_GET['page'] : $default_page;
$notallowed = array( '.', '\\', '/' );
if( file_exists( $path . $page . '.php' ) and !in_array( substr( $page, 1, 1 ), $notallowed ) and strpos( $page, '../' ) === false and strpos( $page, '..\\' ) === false )
{
include( $path . $page . '.php' );
}
else
{
include( $path . $default_page . '.php' );
}
?>
/****** INSTELLINGEN ******/
$path = ''; // zet een slash achter de naam van de map
$default_page = 'home'; // zonder extensie
$page = isset( $_GET['page'] ) ? $_GET['page'] : $default_page;
$notallowed = array( '.', '\\', '/' );
if( file_exists( $path . $page . '.php' ) and !in_array( substr( $page, 1, 1 ), $notallowed ) and strpos( $page, '../' ) === false and strpos( $page, '..\\' ) === false )
{
include( $path . $page . '.php' );
}
else
{
include( $path . $default_page . '.php' );
}
?>
Dit staat binnen de body tags neem ik aan?
Ja die staat in het midden van de pagina.
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<?php
/****** INSTELLINGEN ******/
$path = ''; // zet een slash achter de naam van de map
$default_page = 'home'; // zonder extensie
$page = isset( $_GET['page'] ) ? $_GET['page'] : $default_page;
$notallowed = array( '.', '\\', '/' );
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>
<body>
<?php
if( file_exists( $path . $page . '.php' ) and !in_array( substr( $page, 1, 1 ), $notallowed ) and strpos( $page, '../' ) === false and strpos( $page, '..\\' ) === false )
{
include( $path . $page . '.php' );
}
else
{
include( $path . $default_page . '.php' );
}
?>
</body>
</html>
/****** INSTELLINGEN ******/
$path = ''; // zet een slash achter de naam van de map
$default_page = 'home'; // zonder extensie
$page = isset( $_GET['page'] ) ? $_GET['page'] : $default_page;
$notallowed = array( '.', '\\', '/' );
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>
<body>
<?php
if( file_exists( $path . $page . '.php' ) and !in_array( substr( $page, 1, 1 ), $notallowed ) and strpos( $page, '../' ) === false and strpos( $page, '..\\' ) === false )
{
include( $path . $page . '.php' );
}
else
{
include( $path . $default_page . '.php' );
}
?>
</body>
</html>