• P
    User Attivo

    Codice sbagliato nel login

    ciao ragazzi...
    cosa c'è di sbagliato in qusto codice?
    PEchè vi spiego... mi crea le sessioni... anche se metto una user e una pass inventate.. perchè? non dovrebbe....
    //INIZIO CONTROLLI LOGIN
    session_start ();
    include "../dati.php" ;
    mysql_select_db($db_name, $db);
    if ( $_GET[action]=="login")
    {
    $sql_controllo="SELECT password,id FROM iscritti WHERE username = '$_POST[username]' ";
    $result_controllo = mysql_query($sql_controllo);
    $controllo = mysql_fetch_array($result_controllo);
    if ( $controllo[password] == "$_POST[password]" ) {
    $_SESSION[loggato]="si";
    $_SESSION[username]="$_POST[username]";
    $_SESSION[id_user]="$controllo[id]";
    setcookie ("username", "$_POST[username]",time()+31536000,"/") ;
    setcookie ("password", "$_POST[password]",time()+31536000,"/") ;
    }
    }
    elseif ( $_GET[action]=="logout")
    {
    $_SESSION[loggato]="no";
    session_destroy();
    setcookie ("username", "", time() - 31536000,"/");
    setcookie ("password", "", time() - 31536000,"/");
    }

    if ( $_SESSION[loggato]=="si" ) { $login="ok"; }
    elseif ( isset($_COOKIE[username]) AND isset ($_COOKIE[password]) )
    {
    $sql_controllo="SELECT password,id FROM iscritti WHERE username = '$_COOKIE[username]' ";
    $result_controllo = mysql_query($sql_controllo);
    $controllo = mysql_fetch_array($result_controllo);
    if ( $controllo[password] == "$_COOKIE[password]" ) {
    $_SESSION[loggato]="si";
    $_SESSION[username]="$_COOKIE[username]";
    $_SESSION[id_user]="$controllo[id]";
    $login="ok";
    }
    else
    {
    $login="no";
    }
    }
    else { $login="no"; }
    if ( $login=="ok" ) { $sql_user="SELECT * FROM iscritti WHERE id = '$_SESSION[id_user]' ";
    $result_user = mysql_query($sql_user);
    $users = mysql_fetch_array($result_user); }
    //FINE CONTROLLI LOGIN

    0
  • S
    User Attivo

    Prova questa modifica:

    [PHP]
    //INIZIO CONTROLLI LOGIN
    session_start ();
    include "../dati.php" ;
    mysql_select_db($db_name, $db);
    if ( $_GET["action"]=="login")
    {
    $sql_controllo="SELECT password,id FROM iscritti WHERE username = '" . $_POST["username"] . "'";
    $result_controllo = mysql_query($sql_controllo);
    $controllo = mysql_fetch_array($result_controllo);
    if ( $controllo["password"] == $_POST["password"]) {
    $_SESSION["loggato"]="si";
    $_SESSION["username"]=$_POST["username"];
    $_SESSION["id_user"]=$controllo["id"];
    setcookie ("username", $_POST["username"],time()+31536000,"/") ;
    setcookie ("password", $_POST["password"],time()+31536000,"/") ;
    }
    }
    elseif ( $_GET["action"]=="logout")
    {
    $_SESSION["loggato"]="no";
    session_destroy();
    setcookie ("username", "", time() - 31536000,"/");
    setcookie ("password", "", time() - 31536000,"/");
    }

    if ( $_SESSION["loggato"]=="si" ) { $login="ok"; }
    elseif ( isset($_COOKIE["username"]) AND isset ($_COOKIE["password"]) )
    {
    $sql_controllo="SELECT password,id FROM iscritti WHERE username = '". $_COOKIE["username"] ."'";
    $result_controllo = mysql_query($sql_controllo);
    $controllo = mysql_fetch_array($result_controllo);
    if ( $controllo["password"] == $_COOKIE["password"] ) {
    $_SESSION["loggato"]="si";
    $_SESSION["username"]= $_COOKIE["username"];
    $_SESSION["id_user"]= $controllo["id"];
    $login="ok";
    }
    else
    {
    $login="no";
    }
    }
    else { $login="no"; }
    if ( $login=="ok" ) { $sql_user="SELECT * FROM iscritti WHERE id = '" . $_SESSION["id_user"] . "'";
    $result_user = mysql_query($sql_user);
    $users = mysql_fetch_array($result_user); }
    //FINE CONTROLLI LOGIN
    [/PHP]

    Ciao :ciauz:

    0
Effettua l'accesso per rispondere