Page 1 of 1

When I go to the admin I am stuck on the login page

Posted: Sat Feb 25, 2012 11:57 am
by almossaid
Hi
I installed a script on my localhost. Everything on the front end of the site appears to be working perfectly. However, when I go to the admin I am stuck on the login page. I am putting in the correct username and password, but the page simply refreshes. I checked my database and everything matches alright. Has this happened to anyone else? And idea on what I can do to resolve it? Thanks.

OBS! I am a newbie

my files look like:

index.php

Code: Select all

<?php 
if(!isset($_SESSION))
{
session_start();
}  
error_reporting(0);
if (($_GET['error'])=="userorpass"){
$error="User Or Password Is Wrong";
}
if (($_GET['error'])=="fild"){
$error="Please Fill The Fields";
}
if (($_GET['error'])=="page"){
$error="You Can`t Access To This Page You Must Login";
}
if (($_GET['error'])=="ip"){
$error="You Have $_GET[n] Try , Your Ip is Locked";
}
if (($_GET['success'])=="logout"){
$success="Logout Successfully";
}

?>
<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<style type="text/css">
input.itext {
	background:transparent none repeat scroll 0 0;
	border:0 none;
	color: #505050;
	margin-left:7px;
	position:relative;
	width:160px;
	z-index:140;
}
input.ibutton {
	background:transparent none repeat scroll 0 0;
	border:0 none;
	color: #505050;
	margin-left:2px;
	position:relative;
	width:75px;
	z-index:140;
}
</style>
<link href="login.css" rel="stylesheet" type="text/css">
</head>
<body>
script...............
</body>
</html>
login.php

Code: Select all

<?php
if(!isset($_SESSION))
{
session_start();
}  
?>
<html>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<?php 
script.............
$pass = $line['password'].$line['secuirty'];
$user = $line['username'];
}
$name = md5(ereg_replace("^(www.)?([^.]+).[^.]+$", "\\2",$_SERVER['HTTP_HOST']));
$str = md5($_POST['pass']);
if ($str.$name=== $pass){
$_SESSION['adminlogin'] = true;
$_SESSION['admin'] = "$user";
?>
<SCRIPT LANGUAGE="JavaScript">
var URL= 'admin.php'
window.location.href = URL;
</SCRIPT>
<?php
}else{
echo"<SCRIPT LANGUAGE=\"JavaScript\">
var URL= 'index.php?error=userorpass'
window.location.href = URL;
</SCRIPT>";}}
$i = $_SESSION['loginip'];
if($i >=0 ) {
$i = $i +1 ;
$_SESSION['loginip']= $i;
}else{
$i  = 0 ;
$_SESSION['loginip']= $i;
};
} 
?>


Re: When I go to the admin I am stuck on the login page

Posted: Sun Feb 26, 2012 4:33 pm
by social_experiment
Change this

Code: Select all

// Turn off all error reporting
error_reporting(0);
to this (while in production mode)

Code: Select all

// Report all PHP errors
error_reporting(E_ALL);
There could be a php error which is not being displayed due to the error reporting being turned off

Re: When I go to the admin I am stuck on the login page

Posted: Mon Feb 27, 2012 2:26 am
by almossaid
Hi social_experiment!
I did that but I get only this message > User Or Password Is Wrong but I am sure that both are correct.

Thank you

Re: When I go to the admin I am stuck on the login page

Posted: Mon Feb 27, 2012 5:23 am
by social_experiment
Change this

Code: Select all

$str.$name=== $pass
to this

Code: Select all

$str.$name == $pass
From the php manual
$a === $b Identical TRUE if $a is equal to $b, and they are of the same type. (introduced in PHP 4)

Re: When I go to the admin I am stuck on the login page

Posted: Mon Feb 27, 2012 7:01 am
by temidayo
Remove this section from each page:

Code: Select all

if(!isset($_SESSION))
{
session_start();
} 
Replace it with:

Code: Select all

session_start();

You do not need to check if session exist to start or resume one.

Re: When I go to the admin I am stuck on the login page

Posted: Mon Feb 27, 2012 9:40 am
by almossaid
I made this changes & the problem still the same

Re: When I go to the admin I am stuck on the login page

Posted: Mon Feb 27, 2012 11:49 am
by temidayo
You need to print out some results at interval to identify where the problem is.

First, make sure the line
session_start();
is the very first line without space or empty line before it.

second, print out content of posted data before comparing to the one in
database. Then also print out the result gotten from database

Here is a sample of what I mean:

Code: Select all

if (isset($_POST['user']) and isset($_POST['pass'])) {
        require_once "../config.php";
$link = mysql_connect("$host", "$user", "$password")
  or die ("Could not connect to MySQL");
mysql_select_db ("$db")
  or die ("Could not select database");
//print out the content of $_POST
 print_r($_POST);
  $postuser=mysql_real_escape_string($_POST['user']);
//print out the variable $postuser
print('<br> postuser: '.$postuser); 
 $query = "SELECT * FROM admin where username ='$postuser'";
  $result = mysql_query ($query)
    or die ("Query failed");
  while ($line = mysql_fetch_array($result)) {
$pass = $line['password'].$line['secuirty'];
$user = $line['username'];
//print out values from database
print('<br>pass : '.$pass);
print('<br>user : '.$user);

}

Re: When I go to the admin I am stuck on the login page

Posted: Mon Feb 27, 2012 12:15 pm
by almossaid
Hi temidayo!
I did that and I get this
Arry([user])=> admin [pass] => XXXXXXX
postuser: admin
pass: xxxxxxxxxxxxx(md5decrypter)
user: admin Deprecated: Function ereg_replace() is deprecated in C:\home\www\webb\admin\login.php on line 62

Code: Select all

line 62=> $name = md5(ereg_replace("^(www.)?([^.]+).[^.]+$", "\\2",$_SERVER['HTTP_HOST']));

Re: When I go to the admin I am stuck on the login page

Posted: Mon Feb 27, 2012 12:52 pm
by temidayo
The password comparison is the problem. The creator of that script is matching the script to a certain host name.
To make your script work. do this: remove the security addition to the password comparison:

Code: Select all

 $query = "SELECT * FROM admin where username ='$postuser'";
  $result = mysql_query ($query)
    or die ("Query failed");
  while ($line = mysql_fetch_array($result)) {
//I removed the security part here - temidayo
$pass = $line['password']; //.$line['secuirty'];
$user = $line['username'];
}
//remove this line it wont be needed again
//$name = md5(ereg_replace("^(www.)?([^.]+).[^.]+$", "\\2",$_SERVER['HTTP_HOST']));
$str = md5($_POST['pass']);
//adjusment is made to the actuall comparison
if ($str === $pass){
$_SESSION['adminlogin'] = true;
$_SESSION['admin'] = "$user";
}

Re: When I go to the admin I am stuck on the login page

Posted: Mon Feb 27, 2012 1:25 pm
by almossaid
Temidayo you are an ANGLE :D
It works like a charme, Thank you very much to you and to all pple who tried to help

Re: When I go to the admin I am stuck on the login page

Posted: Mon Feb 27, 2012 1:36 pm
by temidayo
almossaid wrote:Temidayo you are an ANGLE :D
I guess you mean an ANGEL :D

You are welcome.

Re: When I go to the admin I am stuck on the login page

Posted: Mon Feb 27, 2012 1:40 pm
by almossaid
Yes this is what I mean "ANGEL" sorry about my english