include() 1

[csniffer]

have tried to use an include file to store $username but it is not returning to the calling page index.php can anyone see the prob and am i going about it the correct way? thx
index.php

<?php
$PageTitle = &quot;JST&quot;;
require(&quot;header.php&quot;);
//phpinfo();
if($message == &quot;Invalid&quot;) {
print(&quot;<B><CENTER><FONT COLOR=RED>The Username and password do not match please try again!</FONT>
</CENTER></B>\n&quot;);
}

print(&quot;<FORM ACTION=include(\&quot;handleLogin.php&quot;)// METHOD=POST>\n&quot;);
$username = include(&quot;handleLogin.php&quot;);
print(&quot;Username: <INPUT TYPE=TEXT NAME=\&quot;UserName\&quot;><BR>\n&quot;);
print(&quot;Password: <INPUT TYPE=PASSWORD NAME=\&quot;Password\&quot;><BR>\n&quot;);
print(&quot;<INPUT TYPE=SUBMIT NAME=SUBMIT VALUE=\&quot;Submit!\&quot;>\n&quot;);

//print(&quot;<P> <A HREF=\&quot;login.php\&quot;>Login</A> To go the next page.\n&quot;);
echo $username;
require(&quot;footer.php&quot;); 
?>

login.php

<?php
if(($_POST[&quot;UserName&quot;]==&quot;t&quot;)&&($_POST[&quot;Password&quot;]==&quot;t&quot;)) {
$username=$_POST[&quot;UserName&quot;];
return $username;
//header(&quot;Location: index.php?UserName=$UserName&quot;); 
} else {
//header(&quot;Location: index.php?message=Invalid&quot;);
return &quot;username is invalid&quot;;
}
<?

what u think ?

To err is human, to completely mess up takes a computer.

 

[thedaver]

Uh, what I think I see is that login.php is returning a value for $message to nothing. You aren't using cookies, and you aren't making index.php call itself with the login code - which is more customary for a form call.

I have no idea what you're trying to do here:
> ACTION=include(\"handleLogin.php&quot
in your form, but that's pretty wrong.

Perhaps just stick the login.php at the top of the index.php code and have the form call itself (index.php). Have the "security logic" determine if it should try to even consider the $message value by testing whether $_POST has any values or not. A new form has no $_POST values, a submitted form does.

"Surfinbox Shares" - A fundraising program that builds revenue from dialup Internet users.

http://www.surfinbox.com/shares/

 

[DRJ478]

When you check for $message in index.php you are assuming that register_globals is ON. Howevever, in all newer versions of PHP it is set to OFF by default (and I can't say it often enough, for good reasons).

You correctly use $_POST in your login script. So, you will find the message parameter as $_GET['message'].

 

[csniffer]

hmm
DRJ478 i don't understand, you say that i am assuming register_globals is on, in fact it is not, so why does my script tell u that (sorry only bin using php 4 2 week)

ACTION=include(\"handleLogin.php&quot that was a test to see if i could include a file with this method, just wandered off track a bit there! i will do a bit of study into into super globals and php and forms. thx

To err is human, to completely mess up takes a computer.

 

[DRJ478]

When register_globals is ON values passed to a script through GET, POST, COOKIE etc. can be addressed as $varname - that's what you do.

When register_globals is OFF, which is the case, then the passed values have to be accessed using the explicit superglobal arrays. Since you use $message it is just an empty, uninitialized variable. You have to use @_POST['message'] to get the value.

Ok?

 

[csniffer]

I see, this seems to be an area that causes much confusion 4 newbies to php. That clears it up thx 4 the simplified explanation. I am sure it will help a lot of new php programmes understand the difference in the way this problem should be approached with the newer versions of php as appose to the way that is shown in most books.

To err is human, to completely mess up takes a computer.