My $%!$*( login script refuses to work!!

itskaliber

Hi ive written this script to authenticate a user, but i eithe keep gettting a parse error for on the line just after the PHP tags, or hwen i test it locally i get a 500 Server error.
When i check the server error log i get this message
[error] [client 127.0.0.1] Premature end of script headers:

Thus is the code iam using:

<?
if ($POST[op] == "ds") {
if (($POST[username] != "admin") || ($_POST[password] != "mbc123")) {
header("Location: http://0000.00.000.0/login.htm");
exit;
}
$cookie_name = "auth";
$cookie_value = "ok";
$cookie_expire = "0";
$cookie_domain = "00.000.000.00";
setcookie($cookie_name, $cookie_value, $cookie_expire, "/", $cookie_domain, 0);
header("Location: http://00.00.000.0/update_menu.php");
?>

Its just a very very simple script to check password and username details.

i dont know what im doing wrong. Is there a better alternative??
(The IP address have been replace with examples)
Thanks

ZibingsCoder

Two things. One, you should use single or double quotes around array indexes. PHP will try to count them as constants if you don't do this, and therefore, it may not work.

Second, use the [/code] tags.

<? 
if ($_POST['op'] == "ds") { 
if (($_POST['username'] != "admin") || ($_POST['password'] != "mbc123")) { 
header("Location: [url]http://0000.00.000.0/login.htm[/url]"); 
exit; 
} 
$cookie_name = "auth"; 
$cookie_value = "ok"; 
$cookie_expire = "0"; 
$cookie_domain = "00.000.000.00"; 
setcookie($cookie_name, $cookie_value, $cookie_expire, "/", $cookie_domain, 0); 
header("Location: [url]http://00.00.000.0/update_menu.php[/url]"); 
?>

Roger_Ramjet

Try this for an easy to use authorisation script without a database

<?php 
 session_start(); 

 if ($_POST['username'] == 'kevin' and 
     $_POST['password'] == 'secret') 
   $_SESSION['authorized'] = true; 
?> 
<?php if (!$_SESSION['authorized']): ?> 
 <!-- Display HTML Form prompting user to log in --> 
<?php else: ?> 
 <!-- Super-secret HTML content goes here --> 
<?php endif; ?>

It comes from this article by Kevin Yank: http://www.sitepoint.com/print/write-secure-scripts-php-4-2.
It uses the session array $_SESSION instead of cookies so each page checks there to see if the user is authorised.

MarkR

PLEASE do not imagine that setting a cookie "auth" to "ok" is a secure way of recording the fact that the user is authorised.

A user has total control over their cookies, they can be edited directly. Therefore you should not put anything in them which can be guessed easily. By guessed easily, I mean including by anybody with your source code.

Use session variables, they will fix things up for you.

Mark