Page 1 of 1

PHP password problem

Posted: Thu Jan 06, 2005 7:04 am
by mab
feyd | Help us, help you. Please use

Code: Select all

and

Code: Select all

tags where approriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]


I am having trouble with the following PHP password files. I have set the permissions 755. The problem is two-fold. I can actually log in with any password. It is not authenticating. The other proglem is that the level of admin "abilities" that is set in the passwords.php file is not recognized. 

I also notice, in the first snippet of code, a reference to passwd.txt. Is this something that is supposed to be generated on it's own? In the script I uploaded I did not see a file named that.

Here is the checkpass.php code:

Code: Select all

<?php
include('passwords.php');                    

$pass=strtolower($_GET['pass']);
$dfile='passwd.txt';
if($lines = @file($dfile) or die('none')) {
	


foreach($lines as $str) {
   list($key,$var)= explode("\t", $str);
   $data[$key]=$var;
   
}


echo 'success=';
			 if(!$data[$pass]) { echo 'none'; }
			 else{ echo urlencode($data[$pass]); } 
			
	//	}
		
?>
and here is the passwords.php code:

Code: Select all

<?php
 
$data['guest'] = 'guest';

$data['admin'] = '*';

?>
Thanks in advance.

Mark


feyd | Help us, help you. Please use

Code: Select all

and

Code: Select all

tags where approriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]

Posted: Thu Jan 06, 2005 8:36 am
by feyd
it would appear that passwd.txt is supposed to be generated based on other users than guest and admin. The password isn't checked, as it's just checking to see if the user is there. i.e. $pass is being looked at as the user, not the password.

Code: Select all

if(isset($data[$user]) && $data[$user] == $pass)
{
  // valid user and password
}
else
{
  // invalid user and/or password
}

Posted: Thu Jan 06, 2005 8:56 am
by mab
Thanks for the reply and sorry for the bad ettiquete

Knowing nothing about PHP...should this then work as coded?

Here is the admin page in question updated with the code that follows:

http://66.223.107.175/upload/admin/

When I upload and set permissions to 755 I am now not able to log into the admin area based on the following PHP:

Code: Select all

<?php
include('passwords.php');                    

$pass=strtolower($_GET['pass']);
$dfile='passwd.txt';
if($lines = @file($dfile) or die('none')) {
	


foreach($lines as $str) {
   list($key,$var)= explode("\t", $str);
   $data[$key]=$var;
   
}


echo 'success=';
			 if(!$data[$pass]) { echo 'none'; }
			 else{ echo urlencode($data[$pass]); } 
			
	//	}
		

?>
and

Code: Select all

<?php
 
$data['guest'] = 'guest';

$data['admin'] = '*';

?>
With the above I cannot log in at all....

Posted: Thu Jan 06, 2005 9:04 am
by feyd
the code hasn't changed, I wouldn't expect it to suddenly work.