Page 1 of 2

Help with loging script and potential bugs....

Posted: Mon Jan 12, 2004 8:08 am
by gilbertwang
Can anyone help me to see whether there's any error in this code.
Right now, there's this error.

When I click the submit, there's an error. "Error 404 - File Not Found"
I have double check the file, it's there.

The url on the page returns "http://www.website.com/login.php%20meth ... bmit=Login"

Thanks alot

[Admin Edit: tags added - please use them it makes code much easier to read and allows for formatting (ie. tabs)][/b]

Code: Select all

<?php 
$hostname = "localhost"; 
$database = ""; 
$username = ""; 
$password = ""; 
$illuio = mysql_pconnect($hostname, $username, $password) or trigger_error(mysql_error(),E_USER_ERROR); 
?> 

<?php 
// *** Validate request to login to this site. 
session_start(); 

$loginFormAction = $_SERVER['PHP_SELF']; 
if (isset($accesscheck)) { 
$GLOBALS['PrevUrl'] = $accesscheck; 
session_register('PrevUrl'); 
} 

if (isset($_POST['username'])) { 
$loginUsername=$_POST['username']; 
$password=$_POST['password']; 
$MM_fldUserAuthorization = ""; 
$MM_redirectLoginSuccess = "waliwasadmin.php"; // *** The page to view if login sucsesful 
$MM_redirectLoginFailed = "test.php"; // *** The page to view when login failed 
$MM_redirecttoReferrer = false; 
mysql_select_db($database, $illuio); 

$LoginRS__query=sprintf("SELECT username, password FROM admin WHERE username='%s' AND password='%s'", 
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 

$LoginRS = mysql_query($LoginRS__query, $illuio) or die(mysql_error()); 
$loginFoundUser = mysql_num_rows($LoginRS); 
if ($loginFoundUser) { 
$loginStrGroup = ""; 

//declare two session variables and assign them 
$GLOBALS['MM_Username'] = $loginUsername; 
$GLOBALS['MM_UserGroup'] = $loginStrGroup; 

//register the session variables 
session_register("MM_Username"); 
session_register("MM_UserGroup"); 

if (isset($_SESSION['PrevUrl']) && false) { 
$MM_redirectLoginSuccess = $_SESSION['PrevUrl']; 
} 
header("Location: " . $MM_redirectLoginSuccess ); 
} 
else { 
header("Location: ". $MM_redirectLoginFailed ); 
} 
} 
?> 

<form action="<?php echo $loginFormAction; ?> method="post">
<div align="center"><p>
<table width="60%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>USername:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="text" name="password"></td>
</tr>
<tr> 
<td colspan="2">&nbsp;</td>
</tr>
<tr> 
<td colspan="2"><div align="center">
<p>
<input name="submit" type="submit" value="Login">
</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
</div></td>
</tr>
</table> </p>

</div></form>

Posted: Mon Jan 12, 2004 8:11 am
by Pyrite
%20method=

Take that part out.

Posted: Mon Jan 12, 2004 5:44 pm
by gilbertwang
I am a newbie, I can't figure where is the %20method.

Can you show me!

Thanks

Re: Help with loging script and potential bugs....

Posted: Mon Jan 12, 2004 6:39 pm
by Straterra
gilbertwang wrote: The url on the page returns "http://www.website.com/login.php[b]%20method=[/b]?username=username&password=password&submit=Login"
See what he is talking about now?[/b]

Posted: Mon Jan 12, 2004 8:53 pm
by Pyrite
Straterra, that avatar of yours should be banned. That is so annoying...

Posted: Tue Jan 13, 2004 11:14 am
by gilbertwang
I understand the %20method. But what I meant is how can I get rid of that in the php script.

Thanks

Posted: Tue Jan 13, 2004 11:25 am
by Straterra
Pyrite..where's the love? I bet you don't even know what the avatar is a picture of... Gilbertwang, hes saying get rid of that when you call the page. Use only http://www.website.com/login.php?userna ... bmit=Login

Posted: Tue Jan 13, 2004 11:29 am
by Straterra
I found your problem. This line

Code: Select all

<form action="<?php echo $loginFormAction; ?> method="post">
Should be

Code: Select all

<form action="<?php echo $loginFormAction; ?>" method="post">

Posted: Tue Jan 13, 2004 12:22 pm
by Pyrite
You're right, I don't. But it is giving me a headache..make it stop.

Posted: Tue Jan 13, 2004 12:25 pm
by Straterra
He he he, I will change it..It's a picture of my light on my fan that I took..I then resized it and inverted colors, and made a GIF..Pretty cool, eh?

Posted: Tue Jan 13, 2004 1:00 pm
by m3rajk
gilbertwang: how many files did you give us? seperating them with php tags will help a lot. it makes it much easier to read.

straterra: two things you should consider when deciding on an avatar:
1: strobe lights and anything with a similar pattern are proven to trigger issues for epileptics. (sp?) there's nothing that says they can't try web design....

2: for similar reasons, if something flashes too fast it can trigger headaches in others, and those prone to migranes, it WILL trigger them. i know that becasue my sister suffers from migranes. when i was younger, it was fun to take a flashlight and trigger them.

i have no issue with someone using an animated gif, i just think they need to put thought into it.. like using a lot of pictures on a page (and damn can i link to a lot of examples as to why someone whould need a liscence to do web design since most people do image overloading....)

Posted: Tue Jan 13, 2004 1:20 pm
by Pyrite
thank you m3rajk!

Posted: Tue Jan 13, 2004 1:46 pm
by gilbertwang
m3rajk; I will keep that in mind next time

Straterra: you solve the url problem, but how come the script is not doing anything, it's not directing me to the page if the username & password is right or the other way.

I'm not an expert, can you guys help?

Posted: Tue Jan 13, 2004 3:31 pm
by Straterra
He he, sorry about the icon...Would you guys mind if it didn't flash as quickly or not at all? Also...dude, check out your $loginFormAction variable...Check out the PHP site that you are posting to, your problem will be there.

Posted: Tue Jan 13, 2004 5:24 pm
by Straterra
Um..I am looking at your MySQL queries and getting mightily confused..I think I have an easier way. Check out what I use to log in..(Even though I use SQLite, just change the function to the MySQL functions...)

Code: Select all

<?php
include('banned.php');
?>
<?php
$username = strtolower($_POST['username']);
$password = strtolower($_POST['password']);
$dbname = 'eckbios';
if ($db = sqlite_open($dbname, 0666, $sqliteerror)){
$sql = "SELECT username, password FROM logintable WHERE username = '$username' and password = '$password'"; 

$sql_result = sqlite_query($db, $sql); 

if (sqlite_num_rows($sql_result) != 1) { 
     echo "Login Failed."; 
     exit; 
} else { 
$_SESSION["username"] = $username;
header("Location: pro.php?user=main");
}
} else {
  die ($sqliteerror);
}
?>