Click here to Skip to main content
15,441,629 members
Home / Discussions / Linux, Apache, MySQL, PHP
   

Linux, Apache, MySQL, PHP

 
QuestionRequest: Php 7 Tutorial/Course Recommendation From You Pin
Member 127834388-Oct-16 16:36
MemberMember 127834388-Oct-16 16:36 
QuestionRun multiple PHP versions on same server Pin
manhfh7-Oct-16 6:14
Membermanhfh7-Oct-16 6:14 
QuestionOnly Home page opening after going live Pin
Member 1275803925-Sep-16 20:28
MemberMember 1275803925-Sep-16 20:28 
SuggestionRe: Only Home page opening after going live Pin
Richard Deeming26-Sep-16 2:07
mveRichard Deeming26-Sep-16 2:07 
AnswerRe: Only Home page opening after going live Pin
Richard MacCutchan26-Sep-16 2:48
mveRichard MacCutchan26-Sep-16 2:48 
AnswerRe: Only Home page opening after going live Pin
ZurdoDev26-Sep-16 3:18
professionalZurdoDev26-Sep-16 3:18 
QuestionI am really stumped on how to check if user exists and redirects. Pin
samflex15-Sep-16 7:08
Membersamflex15-Sep-16 7:08 
AnswerRe: I am really stumped on how to check if user exists and redirects. Pin
Richard Deeming15-Sep-16 7:27
mveRichard Deeming15-Sep-16 7:27 
First off, your urgently need to fix the SQL Injection[^] vulnerabilities in your code.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]



Next, fix your password storage. You're currently storing password in plain text, which is an extremely bad idea. You should only ever store a salted hash of the user's password, using a unique salt per record.

Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

Also, NEVER put the user's password in the URL. The browser retains a history of every URL visited, making it trivial for someone with access to the user's history to discover their password.



Finally, to fix your problem, you need to split your validation into two steps:
  1. Is the username and password valid?
  2. Has the user completed the test?

Currently, you're trying to do both at once, which is why you're getting confused.



"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer


GeneralRe: I am really stumped on how to check if user exists and redirects. Pin
samflex15-Sep-16 7:41
Membersamflex15-Sep-16 7:41 
GeneralRe: I am really stumped on how to check if user exists and redirects. Pin
Richard Deeming15-Sep-16 7:52
mveRichard Deeming15-Sep-16 7:52 
GeneralRe: I am really stumped on how to check if user exists and redirects. Pin
samflex15-Sep-16 9:10
Membersamflex15-Sep-16 9:10 
GeneralRe: I am really stumped on how to check if user exists and redirects. Pin
samflex15-Sep-16 10:30
Membersamflex15-Sep-16 10:30 
GeneralRe: I am really stumped on how to check if user exists and redirects. Pin
Richard Deeming15-Sep-16 10:50
mveRichard Deeming15-Sep-16 10:50 
GeneralRe: I am really stumped on how to check if user exists and redirects. Pin
samflex15-Sep-16 11:14
Membersamflex15-Sep-16 11:14 
QuestionButton working on second click and not first. Pin
Member 1189879629-Aug-16 4:51
MemberMember 1189879629-Aug-16 4:51 
AnswerRe: Button working on second click and not first. Pin
Planet Thomas4-Jul-17 1:22
MemberPlanet Thomas4-Jul-17 1:22 
QuestionPassing Values to the next Page in PHP Pin
Androoidhotspot Hotspot19-Aug-16 2:28
MemberAndrooidhotspot Hotspot19-Aug-16 2:28 
AnswerRe: Passing Values to the next Page in PHP Pin
ZurdoDev19-Aug-16 3:26
professionalZurdoDev19-Aug-16 3:26 
QuestionBasic Join Not Working Pin
Django_Untaken19-Aug-16 0:43
MemberDjango_Untaken19-Aug-16 0:43 
SuggestionRe: Basic Join Not Working Pin
Richard MacCutchan19-Aug-16 2:00
mveRichard MacCutchan19-Aug-16 2:00 
GeneralRe: Basic Join Not Working Pin
Django_Untaken19-Aug-16 2:17
MemberDjango_Untaken19-Aug-16 2:17 
GeneralRe: Basic Join Not Working Pin
Richard MacCutchan19-Aug-16 3:14
mveRichard MacCutchan19-Aug-16 3:14 
GeneralRe: Basic Join Not Working Pin
johnjonny10-Oct-16 8:18
Memberjohnjonny10-Oct-16 8:18 
Questionassignment Pin
Eto'o3-Aug-16 12:15
MemberEto'o3-Aug-16 12:15 
AnswerRe: assignment Pin
Richard MacCutchan3-Aug-16 22:02
mveRichard MacCutchan3-Aug-16 22:02 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.