Page 1 of 1

Help needed with login coding - Please

Posted: Wed Apr 19, 2006 3:58 pm
by advisual
Jcart | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi All,

On my login page, for some reason the login file will not recognize the correct login number as supplied by the admin file as it should. It continually says login failed, please try again.
Can anyone see where the code may be going awry. Any help would be appreciated.

login.php file reads;

Code: Select all

<?php
 
session_start();
$_SESSION["loggedin"] = false;
require("admin_1.php");

if ($_REQUEST["submit"]) {
	if ($_REQUEST["username"] == $adminUsername && md5($_REQUEST["password"]."phpCart") == $adminPassword){
		$loggedin = true;
		session_register("loggedin");
		$_SESSION["loggedin"] = true;
		header("Location: index.php");
		exit();
	}
	else
		$errormessage = "Login failed, please try again.<br>\n";
}
	require("hf.php");
	pageHeader();
	echo $errormessage;
	?>
	<form action='login.php' method='post'>
	<div align='center'>
	<center>
	<table border='0' cellpadding='0' cellspacing='8' width='55%'>
		<tr>
			<td width='59%'><font size='2' face='Verdana'>Login Username:</font></td>
			<td width='41%'><input type='text' name='username' size='20' value='<? echo $_REQUEST["username"]; ?>'></td>
		</tr>
		<tr>
			<td width='59%'><font size='2' face='Verdana'>Password:</font></td>
			<td width='41%'><input type='password' name='password' size='20'></td>
		</tr>
		<tr>
			<td width='100%' colspan='2'>
			<p align='center'><input type='submit' name='submit' value='Login'></p>
			</td>
		</tr>
	</table>
	</center>
	</div>
	</form>
<?
pageFooter();
?>

admin_1.php file which is called reads;

<?php
$adminUsername	= "admin";
$adminPassword	= "admin";
?>
Thanks


Jcart | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Wed Apr 19, 2006 4:17 pm
by John Cartwright
change your admin password to the result of

Code: Select all

echo md5('adminphpCart');
then it should work. You were trying to compare the raw password with an encrypted one, as well as you were appending a salt "phpCart".

Posted: Wed Apr 19, 2006 8:19 pm
by advisual
Thanks Jcart for the assist. But I'm not quite sure where you want me to place that code.

Thanks

Posted: Wed Apr 19, 2006 8:35 pm
by RobertGonzalez

Code: Select all

<?php
if ($_REQUEST["username"] == $adminUsername && md5($_REQUEST["password"]."phpCart") == $adminPassword) {
    $loggedin = true;
    session_register("loggedin");
    $_SESSION["loggedin"] = true;
    header("Location: index.php");
    exit();
}
?>
There are a couple of things you should look to change in this snippet:

1. Use post instead of request.
2. Where is $adminUsername being set? If this fails you trigger the 'else'.
3. Where is $adminPassword set? Is it set to an md5 hash? If this fails you trigger the 'else'
4. Don't use session_register if you are using the $_SESSION array.
5. Use a full URL for the header loaction.

Try change these things and see what you get. Post the results if you are still having problems.