Page 1 of 1

login validation prob..does not do anything

Posted: Fri Apr 09, 2004 8:30 am
by getphp
I am using cncat to setup an online directory

My authorisation is as below that checks another file for alogin and apassword :

Code: Select all

....
if (!isset($sid)) {
    /* Authorisation */
	if ($action=="enter") {
		if ($login==$dbї"alogin"] && md5($password)==$dbї"apassword"]) 
		{
			$sid=md5(time());
			Header("Location: ./");
			die();
			}
		}
....
The file that contains the alogin and apassword is setup like:

Code: Select all

...
$dbї"alogin"]="admin";

$dbї"apassword"]="63a9f0ea7bb98050796b649e85481845";
...
WHen i type in admin as the username and the password which is root on the admin page. It does not load the next page.

it only seems to reload the same page again :blink:
Why does it not go directly to the next page ?


<!-------------------------------------------------------->
Below is a copy of auth.php if you would like to look through

Code: Select all

<?
/**************************************************************/
/*                         (c) CN-Software CNCat                              */
/*************************************************************/
error_reporting(E_ALL & ~E_NOTICE);
if (version_compare(phpversion(), "4.2.0", ">=")) $ob=TRUE; else $ob=FALSE;

if ($ob) &#123;ob_start();ob_implicit_flush(0);&#125;
require "../config.php";
require "../lang/".$LANGFILE;
if ($ob) &#123;ob_clean();ob_implicit_flush(1);&#125;

session_register("sid");

if (!isset($sid)) &#123;
    /* Authorisation */
	if ($action=="enter") &#123;
		if ($login==$db&#1111;"alogin"] && md5($password)==$db&#1111;"apassword"]) &#123;
			$sid=md5(time());
			Header("Location: ./");
			die();
			&#125;
		&#125;
	/* Displaying authorisation form */
?>
<HTML>
<HEAD>
<TITLE>CNCat ::: <?=$LANG&#1111;"moderators"];?></TITLE>
<STYLE>
<!--
body &#123;font-family:verdana;font-size:11px;&#125;
th &#123;color:white;text-align:left;font-family:verdana;font-size:11px;&#125;
td &#123;font-family:verdana;font-size:11px;&#125;
input,select &#123;font-family:verdana;font-size:11px;&#125;
.t1 &#123;background-color:#EFE5F0;&#125;
.t2 &#123;background-color:#D9C2DC;&#125;
.white &#123;color:white;&#125;
//-->
</STYLE>
</HEAD>
<BODY>
<table cellspacing=0 cellpadding=6 border=0 width=100%><tr><th background='<?=$ADLINK;?>../cat/tablebg.gif'>CNCat ::: <?=$LANG&#1111;"moderators"];?></th></tr></table><br>

<table border=0 height=80% width=100%><tr><td>
<table border=0 cellspacing=0 cellpadding=0 align=center width=250>
<tr><th background='<?=$ADLINK;?>../cat/tablebg.gif' colspan=2><a href=http://www.cn-software.com/><img src='<?=$ADLINK;?>../cat/cnlogo.gif' width=31 height=25 border=0></a></th><th background='<?=$ADLINK;?>../cat/tablebg.gif' width=100%><a href=http://www.cn-software.com/><font color=white>CNCat 1.4</font></a></th></tr>
</table>
<table border=0 cellspacing=1 cellpadding=6 align=center width=250>
<form action='<?=$ADLINK;?>index.php' method=post>
<tr class=t1><td>Login:</td><td><input type=text name=login value=''></td></tr>
<tr class=t1><td>Password:</td><td><input type=password name=password value=''></td></tr>
</tr>
<tr><td class=t2 align=right colspan=2><input type=submit value='Enter >>'></th></tr>
<input type=hidden name=action value='enter'>
</form>
</table>
</td></tr></table>
<?
	include "_bottom.php";
	die();
	&#125;

function GetParentName($cid) &#123;
	GLOBAL $db;

	do &#123;
		$r=mysql_query("SELECT name,parent FROM ".$db&#1111;"prefix"]."cat WHERE cid='$cid';");
		if (mysql_num_rows($r)==1) &#123;
			$name=" ::: ".mysql_result($r,0,0).$name;
			$cid=mysql_result($r,0,1);
			&#125;
		&#125; while (mysql_num_rows($r)==1);
	return(substr($name,5,strlen($name)));
	&#125;

function sync_names() &#123;
	GLOBAL $db;
	
	$r=mysql_query("SELECT cid,name FROM ".$db&#1111;"prefix"]."cat") or die(mysql_error());
	while ($a=mysql_fetch_array($r)) &#123;
		mysql_query("DELETE FROM ".$db&#1111;"prefix"]."cat_linear WHERE cid='".$a&#1111;"cid"]."';") or die(mysql_error());
		mysql_query("INSERT INTO ".$db&#1111;"prefix"]."cat_linear SET name='".GetParentName($a&#1111;"cid"])."', cid='".$a&#1111;"cid"]."';") or die(mysql_error());
		&#125;
	&#125;

function sync() &#123;
	GLOBAL $db;
	$R=Array();

	mysql_query("UPDATE ".$db&#1111;"prefix"]."cat SET count='0';") or die(mysql_error());
	$r=mysql_query("select cat1,count(*) from ".$db&#1111;"prefix"]."main where type=1 and cat1!=0 group by cat1;") or die(mysql_error());
	for ($i=0;$i<mysql_num_rows($r);$i++) &#123;
		$cid=mysql_result($r,$i,0);
		$count=mysql_result($r,$i,1);
		if (!isset($R&#1111;$cid])) $R&#1111;$cid]=0;
		$R&#1111;$cid]+=$count;
		&#125;

	while (list($k, $v)=each($R)) &#123;
		mysql_query("UPDATE ".$db&#1111;"prefix"]."cat SET count=count+'$v' WHERE cid='$k';") or die(mysql_error());
		$id=$k;
		do &#123;
			$r=mysql_query("SELECT parent FROM ".$db&#1111;"prefix"]."cat WHERE cid='$id';") or die(mysql_error());
			$id=mysql_result($r,0,0);
			if ($id!=0) &#123;
				mysql_query("UPDATE ".$db&#1111;"prefix"]."cat SET count=count+'$v' WHERE cid='$id';") or die(mysql_error());
				&#125;
			&#125; while ($id!=0);
		&#125;
	&#125;

?>

Re: login validation prob..does not do anything

Posted: Fri Apr 09, 2004 11:16 am
by allenmak
Try to change it as:

if ($_POST["action"] =="enter") {
if ($_POST["login"] ==$db["alogin"] && md5($_POST["password"])==$db["apassword"])

Posted: Fri Apr 09, 2004 11:37 am
by getphp
Just tried that..didnt seem to work :(

I have been suggested that the following may be the problems:

The following problems are possible:

1. Server-side session can not be created.
2. On the client side cookies are turned off in a browser.

If they are then how do I get rid of them?