2 replies to this topic

[Blue Indian]

I am testing the following code. The problem I am having is "Invalid username and password." is being printed on the first trip to login.php. I don't want this to happen until after the user has submitted an invalid username and password.

<?php

    session_start();

    if ($_GET['submit'] == 'login'){
        
        if ($_GET['uName'] == 'admin' && $_GET['pWord'] == '1234'){
            $_SESSION['access'] = "yes";
            header('Location:CoffeeSearch.php');
        }
        
        
        else{
            echo "Invalid username and password combination.";
        }
        
    }

?>

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html 
  PUBLIC "-//W3C//DTD XHTML 1.1//EN"
  "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
  <title>DBA Login Page</title>
  
  <style type='text/css'>
      td#col1 {text-align:right;}
    td#col2 {text-align:left; padding-left:10px}
  </style>
</head>
<body>
    
  <form action='login.php' method='get'>

    <table style='text-align:right;'>
        <tr>
            <td id='col1'>Enter username:</td>
            <td id='col2'><input type='text' name='uName' id='uName'/></td>
        </tr>
        <tr>
            <td id='col1'>Password:</td>
            <td id='col2'>
                <input type='password' name='pWord' id ='pWord'/>
            </td>
        </tr>
        <tr>
            <td></td><td><input type='submit' name='submit' value='login'/></td>
        </tr>
    </table>

  </form>
    
</body>
</html>

[Orjan]

if the address is without submit=login, then it shoudn't be printed. I'd recommend to change to POST instead of GET by the way, so the username & password wont be stored in the browser history...

[Blue Indian]

Great! I will change to the POST.

Everything is working fine now!!

:thumbup: