When I go to the admin I am stuck on the login page

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
almossaid
Forum Newbie
Posts: 13
Joined: Sat Feb 25, 2012 11:27 am

When I go to the admin I am stuck on the login page

Post by almossaid »

Hi
I installed a script on my localhost. Everything on the front end of the site appears to be working perfectly. However, when I go to the admin I am stuck on the login page. I am putting in the correct username and password, but the page simply refreshes. I checked my database and everything matches alright. Has this happened to anyone else? And idea on what I can do to resolve it? Thanks.

OBS! I am a newbie

my files look like:

index.php

Code: Select all

<?php 
if(!isset($_SESSION))
{
session_start();
}  
error_reporting(0);
if (($_GET['error'])=="userorpass"){
$error="User Or Password Is Wrong";
}
if (($_GET['error'])=="fild"){
$error="Please Fill The Fields";
}
if (($_GET['error'])=="page"){
$error="You Can`t Access To This Page You Must Login";
}
if (($_GET['error'])=="ip"){
$error="You Have $_GET[n] Try , Your Ip is Locked";
}
if (($_GET['success'])=="logout"){
$success="Logout Successfully";
}

?>
<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<style type="text/css">
input.itext {
	background:transparent none repeat scroll 0 0;
	border:0 none;
	color: #505050;
	margin-left:7px;
	position:relative;
	width:160px;
	z-index:140;
}
input.ibutton {
	background:transparent none repeat scroll 0 0;
	border:0 none;
	color: #505050;
	margin-left:2px;
	position:relative;
	width:75px;
	z-index:140;
}
</style>
<link href="login.css" rel="stylesheet" type="text/css">
</head>
<body>
script...............
</body>
</html>
login.php

Code: Select all

<?php
if(!isset($_SESSION))
{
session_start();
}  
?>
<html>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<?php 
script.............
$pass = $line['password'].$line['secuirty'];
$user = $line['username'];
}
$name = md5(ereg_replace("^(www.)?([^.]+).[^.]+$", "\\2",$_SERVER['HTTP_HOST']));
$str = md5($_POST['pass']);
if ($str.$name=== $pass){
$_SESSION['adminlogin'] = true;
$_SESSION['admin'] = "$user";
?>
<SCRIPT LANGUAGE="JavaScript">
var URL= 'admin.php'
window.location.href = URL;
</SCRIPT>
<?php
}else{
echo"<SCRIPT LANGUAGE=\"JavaScript\">
var URL= 'index.php?error=userorpass'
window.location.href = URL;
</SCRIPT>";}}
$i = $_SESSION['loginip'];
if($i >=0 ) {
$i = $i +1 ;
$_SESSION['loginip']= $i;
}else{
$i  = 0 ;
$_SESSION['loginip']= $i;
};
} 
?>

Last edited by almossaid on Fri Jun 01, 2012 12:06 pm, edited 2 times in total.
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: When I go to the admin I am stuck on the login page

Post by social_experiment »

Change this

Code: Select all

// Turn off all error reporting
error_reporting(0);
to this (while in production mode)

Code: Select all

// Report all PHP errors
error_reporting(E_ALL);
There could be a php error which is not being displayed due to the error reporting being turned off
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
almossaid
Forum Newbie
Posts: 13
Joined: Sat Feb 25, 2012 11:27 am

Re: When I go to the admin I am stuck on the login page

Post by almossaid »

Hi social_experiment!
I did that but I get only this message > User Or Password Is Wrong but I am sure that both are correct.

Thank you
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: When I go to the admin I am stuck on the login page

Post by social_experiment »

Change this

Code: Select all

$str.$name=== $pass
to this

Code: Select all

$str.$name == $pass
From the php manual
$a === $b Identical TRUE if $a is equal to $b, and they are of the same type. (introduced in PHP 4)
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
temidayo
Forum Contributor
Posts: 109
Joined: Fri May 23, 2008 6:17 am
Location: Nigeria

Re: When I go to the admin I am stuck on the login page

Post by temidayo »

Remove this section from each page:

Code: Select all

if(!isset($_SESSION))
{
session_start();
} 
Replace it with:

Code: Select all

session_start();

You do not need to check if session exist to start or resume one.
almossaid
Forum Newbie
Posts: 13
Joined: Sat Feb 25, 2012 11:27 am

Re: When I go to the admin I am stuck on the login page

Post by almossaid »

I made this changes & the problem still the same
temidayo
Forum Contributor
Posts: 109
Joined: Fri May 23, 2008 6:17 am
Location: Nigeria

Re: When I go to the admin I am stuck on the login page

Post by temidayo »

You need to print out some results at interval to identify where the problem is.

First, make sure the line
session_start();
is the very first line without space or empty line before it.

second, print out content of posted data before comparing to the one in
database. Then also print out the result gotten from database

Here is a sample of what I mean:

Code: Select all

if (isset($_POST['user']) and isset($_POST['pass'])) {
        require_once "../config.php";
$link = mysql_connect("$host", "$user", "$password")
  or die ("Could not connect to MySQL");
mysql_select_db ("$db")
  or die ("Could not select database");
//print out the content of $_POST
 print_r($_POST);
  $postuser=mysql_real_escape_string($_POST['user']);
//print out the variable $postuser
print('<br> postuser: '.$postuser); 
 $query = "SELECT * FROM admin where username ='$postuser'";
  $result = mysql_query ($query)
    or die ("Query failed");
  while ($line = mysql_fetch_array($result)) {
$pass = $line['password'].$line['secuirty'];
$user = $line['username'];
//print out values from database
print('<br>pass : '.$pass);
print('<br>user : '.$user);

}
almossaid
Forum Newbie
Posts: 13
Joined: Sat Feb 25, 2012 11:27 am

Re: When I go to the admin I am stuck on the login page

Post by almossaid »

Hi temidayo!
I did that and I get this
Arry([user])=> admin [pass] => XXXXXXX
postuser: admin
pass: xxxxxxxxxxxxx(md5decrypter)
user: admin Deprecated: Function ereg_replace() is deprecated in C:\home\www\webb\admin\login.php on line 62

Code: Select all

line 62=> $name = md5(ereg_replace("^(www.)?([^.]+).[^.]+$", "\\2",$_SERVER['HTTP_HOST']));
temidayo
Forum Contributor
Posts: 109
Joined: Fri May 23, 2008 6:17 am
Location: Nigeria

Re: When I go to the admin I am stuck on the login page

Post by temidayo »

The password comparison is the problem. The creator of that script is matching the script to a certain host name.
To make your script work. do this: remove the security addition to the password comparison:

Code: Select all

 $query = "SELECT * FROM admin where username ='$postuser'";
  $result = mysql_query ($query)
    or die ("Query failed");
  while ($line = mysql_fetch_array($result)) {
//I removed the security part here - temidayo
$pass = $line['password']; //.$line['secuirty'];
$user = $line['username'];
}
//remove this line it wont be needed again
//$name = md5(ereg_replace("^(www.)?([^.]+).[^.]+$", "\\2",$_SERVER['HTTP_HOST']));
$str = md5($_POST['pass']);
//adjusment is made to the actuall comparison
if ($str === $pass){
$_SESSION['adminlogin'] = true;
$_SESSION['admin'] = "$user";
}
almossaid
Forum Newbie
Posts: 13
Joined: Sat Feb 25, 2012 11:27 am

Re: When I go to the admin I am stuck on the login page

Post by almossaid »

Temidayo you are an ANGLE :D
It works like a charme, Thank you very much to you and to all pple who tried to help
temidayo
Forum Contributor
Posts: 109
Joined: Fri May 23, 2008 6:17 am
Location: Nigeria

Re: When I go to the admin I am stuck on the login page

Post by temidayo »

almossaid wrote:Temidayo you are an ANGLE :D
I guess you mean an ANGEL :D

You are welcome.
almossaid
Forum Newbie
Posts: 13
Joined: Sat Feb 25, 2012 11:27 am

Re: When I go to the admin I am stuck on the login page

Post by almossaid »

Yes this is what I mean "ANGEL" sorry about my english
Post Reply