Scusate, riposto il codice almeno è più comprensibile così
PS: a me sembra giusto (o almeno funzionava fino alla versione php4):
conf.inc.php:
do_login:Codice PHP:<?
//Set information server
$db_host = 'localhost';
$db_user = 'root';
$db_pwd = 'mysql';
$db_name = 'user';
$result = '';
//connessione al database
//$connessione = mysql_connect($db_host,$db_user,$db_pwd,$db_name) or die(mysql_error());
//$db = mysql_select_db($db_name,$connessione);
//fine connessione
//Connect to mysql server
$connessione = mysql_connect($db_host,$db_user,$db_pwd) or die('Failed to connect to server: ' . mysql_error());
//Select database
$db = mysql_select_db($db_name,$connessione) or die(”Unable to select database”);
?>
Help meCodice PHP:<?
//Start session
session_start();
global $db_host;
global $db_user;
global $db_pwd;
global $db_name;
global $result;
//Include database connection details
require('config.inc.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str){
$str = @trim($str);
if(get_magic_quotes_gpc()){
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//richiamiamo i dati inseriti nel form mettendo $_POST['id campo di testo']; trasformandoli in variabili
$user = clean($_POST['user']);
$pwd = clean($_POST['pwd']);
//Input Validations
if($user == 'user'){
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($pwd == 'password'){
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag){
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: index.html");
exit();
}
//Verifichiamo che user e pwd esistano nel database e siano nello stesso record
// Traduzione: Conta i campi id nel cui record sono presenti i dati inseriti nel form e chiama il risultato login (as login)
//$sql = "SELECT COUNT(id) as login FROM utente WHERE user = '$user' AND pwd = '$pwd'";
// Formulate Query
// This is the best way to perform a SQL query
// For more examples, see mysql_real_escape_string()
$query = sprintf("SELECT COUNT(id) as login FROM members WHERE user = '$user' AND pwd = '".md5($_POST['pwd'])."'", mysql_real_escape_string($user), mysql_real_escape_string($pwd));
// Perform Query
$result = mysql_query($query);
// Interroga il database
//$query = mysql_query($sql,$connessione) or die(mysql_error());
//$query = mysql_query($sql) or die(mysql_error());
// Richiama il risultato e trasformalo in una variabile
//$risultato = mysql_result($result,'login');
//session_start();
//session_destroy();
//session_unset();
//session_start();
//Check whether the query was successful or not
if($result){
if(mysql_num_rows($result) == 1){
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_ID'] = $member['id'];
$_SESSION['SESS_NOME'] = $member['nome'];
$_SESSION['SESS_COGNOME'] = $member['cognome'];
$_SESSION['stuatus'] = 'logged';
$_SESSION['user'] = $user;
session_write_close();
header("location: reserved.php?user=$user");
exit();
}else {
//Login failed
header("location: login-failed.php");
exit();
}
}else{
die("Query failed");
}
// Free the resources associated with the result set
// This is done automatically at the end of the script
mysql_free_result($result);
?>
Grazie
Rispondi quotando