Page 2 of 3

Posted: Mon Mar 12, 2007 2:50 pm
by feyd
Is your code still echoing $page?

Have you added

Code: Select all

error_reporting(E_ALL);
ini_set('display_errors', 1);
to the beginning of the file?

Posted: Mon Mar 12, 2007 2:56 pm
by jamiller
feyd wrote:Is your code still echoing $page?

Have you added

Code: Select all

error_reporting(E_ALL);
ini_set('display_errors', 1);
to the beginning of the file?
Yes it is. When I login with the correct values the echo appears on the page, "admin.php" without the quotes.

Code: Select all

$page = $dbarray['page'];
echo $page;
I added your code to the beginning of the file and when I tested it I got nothing.

Thanks, really, everybody for all the help. It is very appreciated.

Posted: Mon Mar 12, 2007 3:14 pm
by feyd
Run the following in a new file and tell us the results please.

Code: Select all

<?php

$neg = array('off', 0, false, '', null);
$flags = array(
	'Register Globals' => 'register_globals',
	'Short Tags' => 'short_open_tag',
	'Display Errors' => 'display_errors',
	'Magic Quotes GPC' => 'magic_quotes_gpc',
	'Magic Quotes Runtime' => 'magic_quotes_runtime',
	'Magic Quotes Sybase' => 'magic_quotes_sybase',
);
$ve = phpversion();
$os = PHP_OS;
$er = intval(error_reporting());
foreach ($flags as $n => $v)
{
	$flags[$n] = (in_array(strtolower(ini_get($v)), $neg) ? 'Off' : 'On');
}
$flags['Config file'] = get_cfg_var('cfg_file_path');
if (empty($flags['Config file']))
{
	$flags['Config file'] = '-';
}
$cli = (php_sapi_name() == 'cli');
$eol = "\n";

$gle = get_loaded_extensions();
$rows = array();
$le = '';
$wide = 4;
$j = count($gle);
$pad = $wide - $j % $wide;
$len = max(array_map('strlen', $gle));
$func = create_function('$a', 'return str_pad($a, ' . intval($len) . ');');
$gle = array_map($func, $gle);
for($i = 0; $i < $j; $i += $wide)
{
	$le .= '   ' . implode('   ', array_slice($gle, $i, $wide)) . $eol;
}

$ec = array(
	'E_STRICT' => 2048, 'E_ALL' => 2047, 'E_USER_NOTICE' => 1024,
	'E_USER_WARNING' => 512, 'E_USER_ERROR' => 256, 'E_COMPILE_WARNING' => 128,
	'E_COMPILE_ERROR' => 64, 'E_CORE_WARNING' => 32, 'E_CORE_ERROR' => 16,
	'E_NOTICE' => 8, 'E_PARSE' => 4, 'E_WARNING' => 2, 'E_ERROR' => 1,
);

$e = array();
$t = $er;
foreach ($ec as $n => $v)
{
	if (($t & $v) == $v)
	{
		$e[] = $n;
		$t ^= $v;
	}
}
if (ceil(count($ec) / 2) + 1 < count($e))
{
	$e2 = array();
	foreach ($ec as $n => $v)
	{
		if (!in_array($n, $e) and $n != 'E_ALL')
		{
			$e2[] = $n;
		}
	}
	$er = $er . ' ((E_ALL | E_STRICT) ^ ' . implode(' ^ ', $e2) . '))';
}
else
{
	$er = $er . ' (' . implode(' | ', $e) . ')';
}

if (!$cli)
{
	echo '<html><head><title>quick info</title></head><body><pre>', $eol;
}

echo 'PHP Version: ', $ve, $eol;
echo 'PHP OS: ', $os, $eol;
echo 'Error Reporting: ', $er, $eol;
foreach ($flags as $n => $v)
{
	echo $n, ': ', $v, $eol;
}
echo 'Loaded Extensions:', $eol, $le, $eol;

if (!$cli)
{
	echo '</pre></body></html>', $eol;
}

?>

Posted: Mon Mar 12, 2007 3:21 pm
by jamiller
feyd wrote:Run the following in a new file and tell us the results please.

Code: Select all

<?php

$neg = array('off', 0, false, '', null);
$flags = array(
	'Register Globals' => 'register_globals',
	'Short Tags' => 'short_open_tag',
	'Display Errors' => 'display_errors',
	'Magic Quotes GPC' => 'magic_quotes_gpc',
	'Magic Quotes Runtime' => 'magic_quotes_runtime',
	'Magic Quotes Sybase' => 'magic_quotes_sybase',
);
$ve = phpversion();
$os = PHP_OS;
$er = intval(error_reporting());
foreach ($flags as $n => $v)
{
	$flags[$n] = (in_array(strtolower(ini_get($v)), $neg) ? 'Off' : 'On');
}
$flags['Config file'] = get_cfg_var('cfg_file_path');
if (empty($flags['Config file']))
{
	$flags['Config file'] = '-';
}
$cli = (php_sapi_name() == 'cli');
$eol = "\n";

$gle = get_loaded_extensions();
$rows = array();
$le = '';
$wide = 4;
$j = count($gle);
$pad = $wide - $j % $wide;
$len = max(array_map('strlen', $gle));
$func = create_function('$a', 'return str_pad($a, ' . intval($len) . ');');
$gle = array_map($func, $gle);
for($i = 0; $i < $j; $i += $wide)
{
	$le .= '   ' . implode('   ', array_slice($gle, $i, $wide)) . $eol;
}

$ec = array(
	'E_STRICT' => 2048, 'E_ALL' => 2047, 'E_USER_NOTICE' => 1024,
	'E_USER_WARNING' => 512, 'E_USER_ERROR' => 256, 'E_COMPILE_WARNING' => 128,
	'E_COMPILE_ERROR' => 64, 'E_CORE_WARNING' => 32, 'E_CORE_ERROR' => 16,
	'E_NOTICE' => 8, 'E_PARSE' => 4, 'E_WARNING' => 2, 'E_ERROR' => 1,
);

$e = array();
$t = $er;
foreach ($ec as $n => $v)
{
	if (($t & $v) == $v)
	{
		$e[] = $n;
		$t ^= $v;
	}
}
if (ceil(count($ec) / 2) + 1 < count($e))
{
	$e2 = array();
	foreach ($ec as $n => $v)
	{
		if (!in_array($n, $e) and $n != 'E_ALL')
		{
			$e2[] = $n;
		}
	}
	$er = $er . ' ((E_ALL | E_STRICT) ^ ' . implode(' ^ ', $e2) . '))';
}
else
{
	$er = $er . ' (' . implode(' | ', $e) . ')';
}

if (!$cli)
{
	echo '<html><head><title>quick info</title></head><body><pre>', $eol;
}

echo 'PHP Version: ', $ve, $eol;
echo 'PHP OS: ', $os, $eol;
echo 'Error Reporting: ', $er, $eol;
foreach ($flags as $n => $v)
{
	echo $n, ': ', $v, $eol;
}
echo 'Loaded Extensions:', $eol, $le, $eol;

if (!$cli)
{
	echo '</pre></body></html>', $eol;
}

?>
PHP Version: 5.2.1
PHP OS: Linux
Error Reporting: 6135 ((E_ALL | E_STRICT) ^ E_STRICT ^ E_NOTICE))
Register Globals: Off
Short Tags: On
Display Errors: On
Magic Quotes GPC: Off
Magic Quotes Runtime: Off
Magic Quotes Sybase: Off
Config file: /etc/php5/cgi/php.ini
Loaded Extensions:
libxml xsl xmlwriter dom
xmlreader xml tokenizer session
pcre SimpleXML SPL PDO
SQLite standard Reflection pspell
posix pdo_sqlite pdo_mysql mysqli
mysql mcrypt mbstring json
iconv hash gettext gd
ftp filter exif date
curl ctype calendar zlib
openssl cgi-fcgi Zend Optimizer

Posted: Mon Mar 12, 2007 3:55 pm
by RobertGonzalez
Forgot to tell you to put and exit; call after the header call. On some servers, if you don't specify exit, the page will continue loading.

Code: Select all

<?php
header('Location: http://www.mysite.com/' . $page);
exit;
?>

Posted: Mon Mar 12, 2007 4:00 pm
by jamiller
Everah wrote:Forgot to tell you to put and exit; call after the header call. On some servers, if you don't specify exit, the page will continue loading.

Code: Select all

<?php
header('Location: http://www.mysite.com/' . $page);
exit;
?>
still didn't work lol. this is becoming insane!

Posted: Mon Mar 12, 2007 4:02 pm
by volka
next try

Code: Select all

<?php
error_reporting(E_ALL);
ini_set('display_errors', true);

if ( !isset($_POST['username'], $_POST['pass']) ) {
  die('missing login parameter');
}

$mysql = mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name, $mysql)or die("cannot select DB");

$myusername=mysql_real_escape_string($_POST['username'], $mysql);
$mypassword=mysql_real_escape_string($_POST['pass'], $mysql);

$sql="SELECT
    Username
  FROM
    $tbl_name
  WHERE
    Username='$myusername'
    AND Password='$mypassword'
  LIMIT
  	1";

$result=mysql_query($sql) or die(mysql_error());
$dbarray = mysql_fetch_array($result);

if ( false===$dbarray ) {
?>	
<html>
  <head>
    <title>login failed</title>
    <meta http-equiv="refresh" content="10; Location: index.php?badlogin=true">
  </head>
  <body>
    <p>login failed</p>
    <a href="index.php?badlogin=true">try again</a>
  </body>
</html>
<?php
  die();
}
else {
  session_start();
  $_SESSION['myusername'] = $_POST['username'];
?>
<html>
  <head>
    <title>login failed</title>
    <meta http-equiv="refresh" content="10; Location: '.$page.'">
  </head>
  <body>
    <p>logged in</p>
    <a href="'.$page.'">proceed</a>
  </body>
</html>
<?php
  die();
}

Posted: Mon Mar 12, 2007 4:16 pm
by jamiller
missing login parameter...

Posted: Mon Mar 12, 2007 4:17 pm
by volka
Then you need to check your form again.

Posted: Mon Mar 12, 2007 4:20 pm
by jamiller
wait... this is suppost to take the place of my checklogin.php isn't it? if that's the case then it still doesn't work. nothing at all shows up if the correct login is entered.

Posted: Mon Mar 12, 2007 4:22 pm
by RobertGonzalez

Code: Select all

<?php
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// These will be null if there is no POST array
$myusername=$_POST['username'];
$mypassword=$_POST['pass'];

// You are now going to pass NULL to the query if there was no POST array
$sql="SELECT * FROM $tbl_name WHERE Username='$myusername' and Password='$mypassword'";

// Error checking may have helped here, maybe not
$result=mysql_query($sql);

// If there was no POST array, this would return false or 0
$count=mysql_num_rows($result);

// This would also return false or empty if the POST array was empty
$dbarray = mysql_fetch_array($result);

// No POST, this never executes
if($count==1)
{
    session_register("myusername");
    session_register("mypassword");
    if($myusername == "myusername")
    {
        header("location:".$page);
    }
}
else
{
    header("location:index.php?badlogin=true");
}
?>
I believe most of your problem would have been solved with a proper check for the POST array.

Posted: Mon Mar 12, 2007 4:23 pm
by jamiller
stupid me... anyways.

it kind of worked. it at least said, logged in with a button to proceed but when i clicked it this is where it took me...

http://www.mysite.com/'.$page.'

Posted: Mon Mar 12, 2007 4:25 pm
by volka
my bad

Code: Select all

else {
  session_start();
  $_SESSION['myusername'] = $_POST['username'];
?>
<html>
  <head>
    <title>login failed</title>
    <meta http-equiv="refresh" content="10; Location: <?php echo $page; ?>">
  </head>
  <body>
    <p>logged in</p>
    <a href="<?php echo $page; ?>">proceed</a>
  </body>
</html>
<?php
  die();
}

Posted: Mon Mar 12, 2007 4:32 pm
by RobertGonzalez

Code: Select all

<?php
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");

// check our needed post array vars
if (isset($_POST['username']) && isset($_POST['pass']))
{
    // Assign them as needed
    $myusername = $_POST['username'];
    $mypassword = $_POST['pass'];
    
    // Query with the data
    $sql = "SELECT * FROM $tbl_name WHERE Username='$myusername' and Password='$mypassword'";
    
    // Error check to make sure we are clean
    if (!$result = mysql_query($sql))
    {
        die('Could not execute the query:' . $sql . ' because ' . mysql_error());
    }
    
    // Find out how many results were returned
    $count = mysql_num_rows($result);
    
    // If there are results...
    if ($count)
    {
        // If there is one result only, set some vars
        if($count==1)
        {
            $_SESSION['myusername'] = $myusername;
            $_SESSION['mypassword'] = $mypassword;
            
            // And send them home
            header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_FILENAME']) . $page);
            exit;
        }
        else
        {
            // This means there were more than one returns
            die('Data return was not in the appropriate context.');
        }
    }
    else
    {
        // This means there were none returns 
        die('Your information was not found');
    }
}
else
{
    // The form was not posted
    echo 'the form was not posted.';
}
?>

Posted: Mon Mar 12, 2007 4:37 pm
by jamiller
volka wrote:my bad

Code: Select all

else {
  session_start();
  $_SESSION['myusername'] = $_POST['username'];
?>
<html>
  <head>
    <title>login failed</title>
    <meta http-equiv="refresh" content="10; Location: <?php echo $page; ?>">
  </head>
  <body>
    <p>logged in</p>
    <a href="<?php echo $page; ?>">proceed</a>
  </body>
</html>
<?php
  die();
}
getting close. I just get a big ass error now when I click the proceed button...