I have this login script, and when the user fills in username and password it takes them to login.php and tells them the login was successful. But even if you type in url.com/login.php in the browser it will say the login was successful, so i want to make it so only if the referrer page is a, b, or c etc. then it will display this message.
So i tried this
PHP Code:
<?php
ob_start();
include("config.php");
// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());
// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());
$match = "select id from $table where username = '".$_POST['username']."'
and password = '".$_POST['password']."';";
$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);
if ($num_rows <= 0) {
echo "Sorry, there is no username $username with the specified password.<br>";
echo "<a href=login.html>Try again</a>";
exit;
}
elseif ($_SERVER['HTTP_REFERER'] != 'http://sgilligan.co.uk/2/index.php' || $_SERVER['HTTP_REFERER'] != 'http://www.sgilligan.co.uk/2/index.php' || $_SERVER['HTTP_REFERER'] != 'http://sgilligan.co.uk/2/' || $_SERVER['HTTP_REFERER'] != 'http://www.sgilligan.co.uk/2/'|| $_SERVER['HTTP_REFERER'] != $phpself) {
echo'
<html>
whatever here
</html>
';
exit; }
else {
setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("mysite_username", "$username");
echo "Thank you $username, You are now logged in!<br>";
echo "Continue to the <a href=members.php>members</a> section.";
}
ob_end_flush();
?>
But it won't work, it shows the html code even if the referrer is one of the list in the code. (aka shows the html code every time, regardless of the referrer) |
