PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
Errica
Forum Newbie
Posts: 2 Joined: Wed Aug 29, 2007 9:53 am
Post
by Errica » Wed Aug 29, 2007 9:56 am
Can someone assist? Here's the login page:
Code: Select all
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title></title>
</head>
<body>
<table>
<form method="post" action="<? echo $PHP_SELF ?>?action=login">
<tr>
<td><b>Login name:</b><br>
<input type="text" size="30" name="loginname"></td>
</tr>
<tr>
<td><b>Password:</b><br>
<input type="password" size="30" name="password"></td>
</tr>
<tr>
<td><p><? if (substr($PHP_SELF,-9) == "login.php") { echo "<p>Do not link to this file!</p>"; } else { echo "<input class=send type=submit value=\"Login!\">"; } ?></p></td>
</tr>
</form>
</table>
</body>
</html>
Here's protect.php
Code: Select all
<?
$user_passwords = array (
"demo" => "demo"
);
$logout_page = "logout.php";
$login_page = "login.php";
$invalidlogin_page = "invalidlogin.php";
if ($action == "logout")
{
Setcookie("logincookie[pwd]","",time() -86400);
Setcookie("logincookie[user]","",time() - 86400);
include($logout_page);
exit;
}
else if ($action == "login")
{
if (($loginname == "") || ($password == ""))
{
include($invalidlogin_page);
exit;
}
else if (strcmp($user_passwords[$loginname],$password) == 0)
{
Setcookie("logincookie[pwd]",$password,time() + 86400);
Setcookie("logincookie[user]",$loginname,time() + 86400);
}
else
{
include($invalidlogin_page);
exit;
}
}
else
{
if (($logincookie[pwd] == "") || ($logincookie[user] == ""))
{
include($login_page);
exit;
}
else if (strcmp($user_passwords[$logincookie[user]],$logincookie[pwd]) == 0)
{
Setcookie("logincookie[pwd]",$logincookie[pwd],time() + 86400);
Setcookie("logincookie[user]",$logincookie[user],time() + 86400);
}
else
{
include($invalidlogin_page);
exit;
}
}
?>
TheMoose
Forum Contributor
Posts: 351 Joined: Tue May 23, 2006 10:42 am
Post
by TheMoose » Wed Aug 29, 2007 10:06 am
With register_globals OFF, the variable $PHP_SELF will no longer be set, along with all other $_SERVER based variables. Replace it with $_SERVER['PHP_SELF']
RobertGonzalez
Site Administrator
Posts: 14293 Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA
Post
by RobertGonzalez » Wed Aug 29, 2007 11:58 am
As a side note, $_SERVER['PHP_SELF'] is a bit insecure. You may want to search these boards for the many discussion we have had on this topic.
CoderGoblin
DevNet Resident
Posts: 1425 Joined: Tue Mar 16, 2004 10:03 am
Location: Aachen, Germany
Post
by CoderGoblin » Wed Aug 29, 2007 6:05 pm
You may also want to look at variables like $logincookie['pwd']. It should be, as far as I can tell at a quick glance $_COOKIE['logincookie']['pwd'].
Errica
Forum Newbie
Posts: 2 Joined: Wed Aug 29, 2007 9:53 am
Post
by Errica » Wed Aug 29, 2007 7:30 pm
Thanks to all that assisted. This works:
Code: Select all
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title></title>
<link rel="stylesheet" href="../docs/misc/styles.css" type="text/css">
</head>
<body>
<table style="height: 100%; text-align: center; width: 90%">
<tr>
<td style="vertical-align: middle">
<table>
<form method="post" action="<? echo $_SERVER['PHP_SELF'] ?>?action=login">
<tr>
<td><b>Login name:</b><br>
<input type="text" size="30" name="loginname"></td>
</tr>
<tr>
<td><b>Password:</b><br>
<input type="password" size="30" name="password"></td>
</tr>
<tr>
<td><p><? if (substr($_SERVER['PHP_SELF'],-9) == "login.php") { echo "<p>Never link directly to this file, always link to the protected file!</p>"; } else { echo "<input class=send type=submit value=\"Login!\">"; } ?></p></td>
</tr>
</form>
</table>
</td>
</tr>
</table>
</body>
</html>
protect.php
Code: Select all
<?
$loginname = $_POST['loginname'];
$password = $_POST['password'];
$action = $_GET['action'];
$user_passwords = array (
"demo" => "demo"
);
$logout_page = "logout.php";
$login_page = "login.php";
$invalidlogin_page = "invalidlogin.php";
if ($action == "logout")
{
Setcookie("logincookie[pwd]","",time() -86400);
Setcookie("logincookie[user]","",time() - 86400);
include($logout_page);
exit;
}
else if ($action == "login")
{
if (($loginname == "") || ($password == ""))
{
include($invalidlogin_page);
exit;
}
else if (strcmp($user_passwords[$loginname],$password) == 0)
{
Setcookie("logincookie[pwd]",$password,time() + 86400);
Setcookie("logincookie[user]",$loginname,time() + 86400);
}
else
{
include($invalidlogin_page);
exit;
}
}
else
{
if (($_COOKIE['logincookie']['pwd'] == "") || ($_COOKIE['logincookie']['user'] == ""))
{
include($login_page);
exit;
}
else if ($user_passwords[$_COOKIE['logincookie']['user']] == $_COOKIE['logincookie']['pwd'])
{
Setcookie("logincookie[pwd]",$_COOKIE['logincookie']['pwd'],time() + 86400);
Setcookie("logincookie[user]",$_COOKIE['logincookie']['user'],time() + 86400);
}
else
{
include($login_page);
exit;
}
}
?>