Have you added
Code: Select all
error_reporting(E_ALL);
ini_set('display_errors', 1);Moderator: General Moderators
Code: Select all
error_reporting(E_ALL);
ini_set('display_errors', 1);Yes it is. When I login with the correct values the echo appears on the page, "admin.php" without the quotes.feyd wrote:Is your code still echoing $page?
Have you addedto the beginning of the file?Code: Select all
error_reporting(E_ALL); ini_set('display_errors', 1);
Code: Select all
$page = $dbarray['page'];
echo $page;Code: Select all
<?php
$neg = array('off', 0, false, '', null);
$flags = array(
'Register Globals' => 'register_globals',
'Short Tags' => 'short_open_tag',
'Display Errors' => 'display_errors',
'Magic Quotes GPC' => 'magic_quotes_gpc',
'Magic Quotes Runtime' => 'magic_quotes_runtime',
'Magic Quotes Sybase' => 'magic_quotes_sybase',
);
$ve = phpversion();
$os = PHP_OS;
$er = intval(error_reporting());
foreach ($flags as $n => $v)
{
$flags[$n] = (in_array(strtolower(ini_get($v)), $neg) ? 'Off' : 'On');
}
$flags['Config file'] = get_cfg_var('cfg_file_path');
if (empty($flags['Config file']))
{
$flags['Config file'] = '-';
}
$cli = (php_sapi_name() == 'cli');
$eol = "\n";
$gle = get_loaded_extensions();
$rows = array();
$le = '';
$wide = 4;
$j = count($gle);
$pad = $wide - $j % $wide;
$len = max(array_map('strlen', $gle));
$func = create_function('$a', 'return str_pad($a, ' . intval($len) . ');');
$gle = array_map($func, $gle);
for($i = 0; $i < $j; $i += $wide)
{
$le .= ' ' . implode(' ', array_slice($gle, $i, $wide)) . $eol;
}
$ec = array(
'E_STRICT' => 2048, 'E_ALL' => 2047, 'E_USER_NOTICE' => 1024,
'E_USER_WARNING' => 512, 'E_USER_ERROR' => 256, 'E_COMPILE_WARNING' => 128,
'E_COMPILE_ERROR' => 64, 'E_CORE_WARNING' => 32, 'E_CORE_ERROR' => 16,
'E_NOTICE' => 8, 'E_PARSE' => 4, 'E_WARNING' => 2, 'E_ERROR' => 1,
);
$e = array();
$t = $er;
foreach ($ec as $n => $v)
{
if (($t & $v) == $v)
{
$e[] = $n;
$t ^= $v;
}
}
if (ceil(count($ec) / 2) + 1 < count($e))
{
$e2 = array();
foreach ($ec as $n => $v)
{
if (!in_array($n, $e) and $n != 'E_ALL')
{
$e2[] = $n;
}
}
$er = $er . ' ((E_ALL | E_STRICT) ^ ' . implode(' ^ ', $e2) . '))';
}
else
{
$er = $er . ' (' . implode(' | ', $e) . ')';
}
if (!$cli)
{
echo '<html><head><title>quick info</title></head><body><pre>', $eol;
}
echo 'PHP Version: ', $ve, $eol;
echo 'PHP OS: ', $os, $eol;
echo 'Error Reporting: ', $er, $eol;
foreach ($flags as $n => $v)
{
echo $n, ': ', $v, $eol;
}
echo 'Loaded Extensions:', $eol, $le, $eol;
if (!$cli)
{
echo '</pre></body></html>', $eol;
}
?>PHP Version: 5.2.1feyd wrote:Run the following in a new file and tell us the results please.Code: Select all
<?php $neg = array('off', 0, false, '', null); $flags = array( 'Register Globals' => 'register_globals', 'Short Tags' => 'short_open_tag', 'Display Errors' => 'display_errors', 'Magic Quotes GPC' => 'magic_quotes_gpc', 'Magic Quotes Runtime' => 'magic_quotes_runtime', 'Magic Quotes Sybase' => 'magic_quotes_sybase', ); $ve = phpversion(); $os = PHP_OS; $er = intval(error_reporting()); foreach ($flags as $n => $v) { $flags[$n] = (in_array(strtolower(ini_get($v)), $neg) ? 'Off' : 'On'); } $flags['Config file'] = get_cfg_var('cfg_file_path'); if (empty($flags['Config file'])) { $flags['Config file'] = '-'; } $cli = (php_sapi_name() == 'cli'); $eol = "\n"; $gle = get_loaded_extensions(); $rows = array(); $le = ''; $wide = 4; $j = count($gle); $pad = $wide - $j % $wide; $len = max(array_map('strlen', $gle)); $func = create_function('$a', 'return str_pad($a, ' . intval($len) . ');'); $gle = array_map($func, $gle); for($i = 0; $i < $j; $i += $wide) { $le .= ' ' . implode(' ', array_slice($gle, $i, $wide)) . $eol; } $ec = array( 'E_STRICT' => 2048, 'E_ALL' => 2047, 'E_USER_NOTICE' => 1024, 'E_USER_WARNING' => 512, 'E_USER_ERROR' => 256, 'E_COMPILE_WARNING' => 128, 'E_COMPILE_ERROR' => 64, 'E_CORE_WARNING' => 32, 'E_CORE_ERROR' => 16, 'E_NOTICE' => 8, 'E_PARSE' => 4, 'E_WARNING' => 2, 'E_ERROR' => 1, ); $e = array(); $t = $er; foreach ($ec as $n => $v) { if (($t & $v) == $v) { $e[] = $n; $t ^= $v; } } if (ceil(count($ec) / 2) + 1 < count($e)) { $e2 = array(); foreach ($ec as $n => $v) { if (!in_array($n, $e) and $n != 'E_ALL') { $e2[] = $n; } } $er = $er . ' ((E_ALL | E_STRICT) ^ ' . implode(' ^ ', $e2) . '))'; } else { $er = $er . ' (' . implode(' | ', $e) . ')'; } if (!$cli) { echo '<html><head><title>quick info</title></head><body><pre>', $eol; } echo 'PHP Version: ', $ve, $eol; echo 'PHP OS: ', $os, $eol; echo 'Error Reporting: ', $er, $eol; foreach ($flags as $n => $v) { echo $n, ': ', $v, $eol; } echo 'Loaded Extensions:', $eol, $le, $eol; if (!$cli) { echo '</pre></body></html>', $eol; } ?>
Code: Select all
<?php
header('Location: http://www.mysite.com/' . $page);
exit;
?>still didn't work lol. this is becoming insane!Everah wrote:Forgot to tell you to put and exit; call after the header call. On some servers, if you don't specify exit, the page will continue loading.
Code: Select all
<?php header('Location: http://www.mysite.com/' . $page); exit; ?>
Code: Select all
<?php
error_reporting(E_ALL);
ini_set('display_errors', true);
if ( !isset($_POST['username'], $_POST['pass']) ) {
die('missing login parameter');
}
$mysql = mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name, $mysql)or die("cannot select DB");
$myusername=mysql_real_escape_string($_POST['username'], $mysql);
$mypassword=mysql_real_escape_string($_POST['pass'], $mysql);
$sql="SELECT
Username
FROM
$tbl_name
WHERE
Username='$myusername'
AND Password='$mypassword'
LIMIT
1";
$result=mysql_query($sql) or die(mysql_error());
$dbarray = mysql_fetch_array($result);
if ( false===$dbarray ) {
?>
<html>
<head>
<title>login failed</title>
<meta http-equiv="refresh" content="10; Location: index.php?badlogin=true">
</head>
<body>
<p>login failed</p>
<a href="index.php?badlogin=true">try again</a>
</body>
</html>
<?php
die();
}
else {
session_start();
$_SESSION['myusername'] = $_POST['username'];
?>
<html>
<head>
<title>login failed</title>
<meta http-equiv="refresh" content="10; Location: '.$page.'">
</head>
<body>
<p>logged in</p>
<a href="'.$page.'">proceed</a>
</body>
</html>
<?php
die();
}Code: Select all
<?php
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// These will be null if there is no POST array
$myusername=$_POST['username'];
$mypassword=$_POST['pass'];
// You are now going to pass NULL to the query if there was no POST array
$sql="SELECT * FROM $tbl_name WHERE Username='$myusername' and Password='$mypassword'";
// Error checking may have helped here, maybe not
$result=mysql_query($sql);
// If there was no POST array, this would return false or 0
$count=mysql_num_rows($result);
// This would also return false or empty if the POST array was empty
$dbarray = mysql_fetch_array($result);
// No POST, this never executes
if($count==1)
{
session_register("myusername");
session_register("mypassword");
if($myusername == "myusername")
{
header("location:".$page);
}
}
else
{
header("location:index.php?badlogin=true");
}
?>Code: Select all
else {
session_start();
$_SESSION['myusername'] = $_POST['username'];
?>
<html>
<head>
<title>login failed</title>
<meta http-equiv="refresh" content="10; Location: <?php echo $page; ?>">
</head>
<body>
<p>logged in</p>
<a href="<?php echo $page; ?>">proceed</a>
</body>
</html>
<?php
die();
}Code: Select all
<?php
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");
// check our needed post array vars
if (isset($_POST['username']) && isset($_POST['pass']))
{
// Assign them as needed
$myusername = $_POST['username'];
$mypassword = $_POST['pass'];
// Query with the data
$sql = "SELECT * FROM $tbl_name WHERE Username='$myusername' and Password='$mypassword'";
// Error check to make sure we are clean
if (!$result = mysql_query($sql))
{
die('Could not execute the query:' . $sql . ' because ' . mysql_error());
}
// Find out how many results were returned
$count = mysql_num_rows($result);
// If there are results...
if ($count)
{
// If there is one result only, set some vars
if($count==1)
{
$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;
// And send them home
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_FILENAME']) . $page);
exit;
}
else
{
// This means there were more than one returns
die('Data return was not in the appropriate context.');
}
}
else
{
// This means there were none returns
die('Your information was not found');
}
}
else
{
// The form was not posted
echo 'the form was not posted.';
}
?>getting close. I just get a big ass error now when I click the proceed button...volka wrote:my badCode: Select all
else { session_start(); $_SESSION['myusername'] = $_POST['username']; ?> <html> <head> <title>login failed</title> <meta http-equiv="refresh" content="10; Location: <?php echo $page; ?>"> </head> <body> <p>logged in</p> <a href="<?php echo $page; ?>">proceed</a> </body> </html> <?php die(); }