1 Replies - 2952 Views - Last Post: 13 June 2007 - 04:28 AM Rate Topic: -----

#1 javid4u  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 1
  • Joined: 12-June 07

Authentication with username in one page and password in another page

Posted 13 June 2007 - 02:36 AM

I have attached two php files.
generally we have username and passowrd in the same page.
But I am planning to authenticate with username in one page and passowrd in another page.
The second page with password will open when the username is present in the database.So, I tried to call the variable in first page, so that after opening the second page I should match the username and password.
But it is not working.
Plz see the attchement and explain me how can I do that.

Attached File(s)



Is This A Good Question/Topic? 0
  • +

Replies To: Authentication with username in one page and password in another page

#2 Styx  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 5
  • View blog
  • Posts: 192
  • Joined: 04-March 07

Re: Authentication with username in one page and password in another page

Posted 13 June 2007 - 04:28 AM

Why are you separating them? There's really no point to it other than to create more work for yourself. Just have it in the same page and check if the username and password combination exists at the same time in the database. There's no reason to separate them. If you really want to keep checking separate, check first if there's a username, and if there is, then, using the resulting row, compare the passwords. But don't go to another page.

It's not working because you're redirecting to the password page and not passing the username variable. Unless you pass it through a GET variable and reset it back in the password page, or you include the password page and separate the pages, it's not going to work.

But what is the point in this? It'd be simpler just to have a normal login.

Also, your password page appears to be defunct. It says, get the user information based on the username, then check, if a password is sent, check, if a password exists for the user we got information for, redirect to welcome. There's no checking between passwords for a match, so any submission will do. (Unless this was all just for testing purposes.)

On another note, your script is vulnerable to SQL injection attacks, which a malicious user could use to control your database:
http://us2.php.net/s...e.sql-injection
http://en.wikibooks....P:SQL_Injection
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1