Administration login problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
lucgeme
Forum Newbie
Posts: 5
Joined: Wed Sep 07, 2011 12:19 pm

Administration login problem

Post by lucgeme »

Hello.
My problem is as follows: the site contains an administration panel, but it seems that i can't login although i have populated the "admin" table with the necessary fields(username and password) as the below picture illustrates. I have also posted all the codes from the administration folder.
Image
index.php

Code: Select all

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Libraria ToraiBooks</title>
<style type="text/css">
	body, p, td {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:12px; }
	h1 {font-family:"Times New Roman", Times, serif; font-size:18px; font-weight:bold; color:#336699; font-style:italic;}
	.titlu {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:14px; font-weight:bold; color:#0066CC; }
	.back {border-style:outset; border-color:#000000; background-color:#FFFFFF; height:300px; background-color:#E1F0F0; margin-left:25%; margin-right:25%; }
	.title {color:#003300; font:"Times New Roman", Times, serif; text-align:center; font-size:34px;}	
</style>
</head>
<body class="back">
<p class="title"><img  src="pictures/adminlogo.png" width=343 height=49/></p>
<h1>&nbsp;Autentificare Administrator</h1>
<form  action="login.php" method="post">
	<table>
		<tr>
			<td align="right">Nume: </td>
			<td><input type="text" name="nume" /></td>
		</tr>
		<tr>
			<td align="right">Parola: </td>
			<td><input type="password" name="parola" /></td>
		</tr>
		<tr>
			<td></td>
			<td><input type="submit" value="Autentificare" /></td>
		</tr>
	</table>
</form>
</body>
</html>
login.php

Code: Select all

<?php
	if (($_POST['nume'] == "") || ($_POST['parola'] == ""))
	{
		print 'Username or password is missing!<br>
				<a href="index.php"><< Inapoi </a>';
		exit;
	}
	
	include("../conectare.php");
	$parolaEncriptata = md5($_POST['parola']);
	
	$sql = "SELECT * FROM admin WHERE admin_nume='".$_POST['nume']."' AND admin_parola='".$parolaEncriptata."'";
	$resursa = mysql_query($sql);
	if (mysql_num_rows($resursa) != 1)
	{
		print 'Wrong username or password!<br>
				<a href="index.php">Inapoi</a>';
		exit;
	}
	
	session_start();
	$_SESSION['nume_admin'] = $_POST['nume'];
	$_SESSION['parola_encriptata'] = $parolaEncriptata;
	$_SESSION['key_admin'] = session_id();
	
	header("location: ../administrare/admin.php");
?>
autorizare.php

Code: Select all

<?php
	session_start();
	if ($_SESSION['key_admin'] != session_id())
	{
		print 'Unauthorized access!';
		exit;
	}
	
	include("../conectare.php");
	$sql = "SELECT * FROM admin WHERE admin_nume='".$_SESSION['nume_admin']."' AND admin_parola='".$_SESSION['parola_encriptata']."'";

	$resursa = mysql_query($sql);
	
	//daca nu afiseaza un singur rand inseamna ca ceva nu este in ordine si oprim imediat executia
	if (mysql_num_rows($resursa) != 1)
	{
		print 'Acces neautorizat';
	}
?>
admin.php

Code: Select all

<?php
	include("autorizare.php");
	include("admin_top.php");
?>
admin_top.php

Code: Select all

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Libraria ToraiBooks</title>
<style type="text/css">
	body, p, td {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:12px; }
	h1 {font-family:"Times New Roman", Times, serif; font-size:18px; font-weight:bold; color:#336699; font-style:italic;}
	.titlu {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:14px; font-weight:bold; color:#0066CC; }
	.back {border-style:outset; border-color:#000000; background-color:#FFFFFF; height:700px; background-color:#E1F0F0; margin-left:21%; margin-right:21%; }
	.title {color:#003300; font:"Times New Roman", Times, serif; text-align:center; font-size:34px;}	
</style>
</head>
<body class="back">
<p class="title"><a href="admin.php"><img  src="pictures/adminlogo.png" width=343 height=49 border="0"/></a></p>
<table width="525" border="1" cellpadding="4" cellspacing="0" bgcolor="#F9F1E7" align="center">
	<tr align="center">
		<td width="88"><a href="adaugare.php">Adauga</a></td>
		<td width="151"><a href="modificare_stergere.php">Modifica sau sterge</a></td>
		<td width="128"><a href="opinii.php">Opinii vizitatori</a></td>
		<td width="116"><a href="comenzi.php">Comenzi</a></td>
	</tr>
</table>
Last edited by lucgeme on Wed Sep 07, 2011 2:45 pm, edited 2 times in total.
User avatar
twinedev
Forum Regular
Posts: 984
Joined: Tue Sep 28, 2010 11:41 am
Location: Columbus, Ohio

Re: Administration login problem

Post by twinedev »

Quick look, login is looking for the MD5 hash of the password in the database, yet you have it plain text in the database.

-Greg
lucgeme
Forum Newbie
Posts: 5
Joined: Wed Sep 07, 2011 12:19 pm

Re: Administration login problem

Post by lucgeme »

I also have this in my config.php file:

Code: Select all

<?php
$error = 'Codul de Verificare este INCORECT'  ;
$error_display_mode = 0 ;
$error_page=  '' ;
$font_size =  16  ;
$hight = 60  ;
$width =  240  ;
$text_length = 7  ;
$font_file =  'CENTURY.TTF' ;
$border =  5  ;
$form =  'index-4.html'  ;
$CaseSenstive = true  ;
$user = 'admin'  ;
$pass =  '21232f297a57a5a743894a0e4a801fc3' ;
$redirect = false ;
$success_page = ''  ;
?>
I have replaced the old plain text password("parola") in the "admin" data table with the $pass("21232f297a57a5a743894a0e4a801fc3") which is in md5. Nothing happens.
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Administration login problem

Post by social_experiment »

Are any messages printed to the browser when the login attempt fails
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
lucgeme
Forum Newbie
Posts: 5
Joined: Wed Sep 07, 2011 12:19 pm

Re: Administration login problem

Post by lucgeme »

Actually there is one: "Wrong username or password!"(see login.php)
User avatar
twinedev
Forum Regular
Posts: 984
Joined: Tue Sep 28, 2010 11:41 am
Location: Columbus, Ohio

Re: Administration login problem

Post by twinedev »

Well, md5('parola') is NOT 21232f297a57a5a743894a0e4a801fc3 it is 8287458823facb8ff918dbfabcd22ccb

So if you were trying to login with the password parola, it won't match.

-Greg
lucgeme
Forum Newbie
Posts: 5
Joined: Wed Sep 07, 2011 12:19 pm

Re: Administration login problem

Post by lucgeme »

It's not working
User avatar
twinedev
Forum Regular
Posts: 984
Joined: Tue Sep 28, 2010 11:41 am
Location: Columbus, Ohio

Re: Administration login problem

Post by twinedev »

Then at this point, what I would do is right before the following line:

Code: Select all

$resursa = mysql_query($sql);
add the line:

Code: Select all

echo 'EXECUTING SQL: ',$sql,"<br>\n";
And then take that SQL statement and manually run it on the database.

Still no results, double check that a row does match.

-Greg
lucgeme
Forum Newbie
Posts: 5
Joined: Wed Sep 07, 2011 12:19 pm

Re: Administration login problem

Post by lucgeme »

Thank you. That solved my problem!
Post Reply