I have a login form that posts back to itself
I start it off with ob_start()
then session_start()
check to see if there is a $_POST
if so do some logic.. If it’s a failed login I assign the variable $err with a string.
if not – it does the header() function to redirect to another page…
if there is an error – it goes back to the form. On the form I echo out $err – but nothing shows..
The logic works and if I take out the ob_start() the error will show – of course with a header error.
here’s the code:
[code=php]
<?php
ob_start();
session_start(); // Start the session
// Simple protection of session attacks.
if(!isset($_SESSION[‘iqinit’]))
{
session_regenerate_id();
$_SESSION[‘iqinit’] = 1;
}
include(‘inc/header.php’);
include(‘inc/validation.class.php’);
$valid = new validation;
if($_POST)
{
// DB
$dbhost = ‘localhost’;
$dbuser = ‘xxxx’;
$dbpass = ‘xxxx’;
$db = ‘xxxx’;
$link = mysql_connect($dbhost, $dbuser, $dbpass) or die(‘Could not connect to the server’);
mysql_select_db($db, $link) or die(‘Could not select the DB’);
// Query user
$sql = ‘SELECT `uid`, `uname`, `joindate`, `lastlogin`, `password` FROM `users` WHERE `uname` = ”.$valid->slash($_POST[‘user’]).” LIMIT 1′;
$qry = mysql_query($sql) or die($sql.’: ‘.mysql_error());
$cnt = mysql_num_rows($qry);
$row = mysql_fetch_assoc($qry);
// If 0 records…
if($cnt == 0)
{
$err = ‘Incorrect User / Pass combination’;
}
if(empty($err))
{
// Get the salt
$salt = $row[‘joindate’].$row[‘lastlogin’];
// Check password
$pass = sha1(md5($_POST[‘pass’].$salt));
if($pass != $row[‘password’])
{
$err = ‘Incorrect User / Pass combination’;
}
}
if(empty($err))
{
// Update salt and password
$dt = date(‘Y-m-d H:i:s’);
$pass = sha1(md5($_POST[‘pass’].$row[‘joindate’].$dt));
$sql = ‘UPDATE `users` SET `lastlogin` = ”.$dt.”, `password` = ”.$pass.” WHERE `uid` = ”.$row[‘uid’].”’;
mysql_query($sql) or die($sql.’: ‘.mysql_error());
// Generate session
$agnt = $_SERVER[‘HTTP_USER_AGENT’];
$ip = $_SERVER[‘REMOTE_ADDR’];
$salt = date(‘l F the dS of Y’);
$salt .= (date(‘Y’)+date(‘W’));
$_SESSION[‘HTTP_USER_AGENT’] = sha1(md5($agnt.$ip.$salt));
}
// Go to the secure page
header(‘location: ?action=secure’);
}
if(!$_POST || $err != ”)
{
echo $err;
?>
<form id=”login” name=”login” action=”” method=”post”>
User: <input type=”text” id=”user” name=”user” value=”” /><br />
Pass: <input type=”password” id=”pass” name=”pass” value=”” /><br />
<input type=”submit” id=”submit” name=”submit” value=”Login” />
</form>
<?php
}
?>