My Turnkey Career SiteAdmin is not logging on...PLEASE HELP

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mkkay
Forum Newbie
Posts: 16
Joined: Mon Oct 22, 2007 5:42 pm

My Turnkey Career SiteAdmin is not logging on...PLEASE HELP

Post by mkkay »

Everah | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]




here is the code for my career site siteadmin login

Code: Select all

<?php

session_start();

require_once "../adminmain.php";

if(!isset($aid)) {
  ?>
  <html>
  <head>
  <title> Admin Login  </title>
  </head>
  <body><center>
  <h1><font size="4" face="Arial, Helvetica, sans-serif">Job Site Admin</font></h1>

  <p><form method="post" action="<?=$PHP_SELF?>">
    <table>
      <tr> 
        <td><font size="2" face="Arial, Helvetica, sans-serif">Username:</font></td>
        <td> <input type="text" name="aid" size="8"></td>
      </tr>
      <tr> 
        <td><font size="2" face="Arial, Helvetica, sans-serif">Password:</font></td>
        <td><input type="password" name="apass" SIZE="8"></td>
      </tr>
      <tr> 
        <td colspan=2 align=right><input type="submit" value=" Login "></td>
      </tr>
      <tr> 
        <td colspan=2 align=center> <a class=TN href=forgot.php> <font size="2" face="Arial, Helvetica, sans-serif">Forgot 
          your password?</font> </a></td>
      </tr>
    </table>
  </form></p>
  </center>
  </body>
  </html>
  <?php
  exit;
}



session_register("aid");
session_register("apass");


$sql = "SELECT * FROM job_admin_login WHERE
        aid = '$aid' AND apass = '$apass'";
$result = mysql_query($sql);
if (!$result)
{
  echo "A database error occurred while checking your login details. <br>If this error persists, please contact crash@traffic-jam.ca";
}

elseif (mysql_num_rows($result) == 0) {
  session_unregister("aid");
  session_unregister("apass");
  ?>
  <html>
  <head>
  <title> Access Denied </title>
  </head>
  <body>
  <h1> Access Denied </h1>
  <p>Your user ID or password is incorrect, or you are not a
     registered user on this site. To try logging in again, click
     <a href="<?=$PHP_SELF?>">here</a>. </p>
  </body>
  </html>
  <?php
  exit;
}

?>



Everah | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Since you didn't really ask a question I am not really going to give you an answer. But I would suspect it might have something to do with register_globals.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

Ahhhhh PHP3 .... those were the days!!! ;)
(#10850)
toasty2
Forum Contributor
Posts: 361
Joined: Wed Aug 03, 2005 10:28 am
Location: Arkansas, USA

Post by toasty2 »

arborint wrote:Ahhhhh PHP3 .... those were the days!!! ;)
were? 8O Gosh you mean there's a newer version than 3.0.18? :lol:
mkkay
Forum Newbie
Posts: 16
Joined: Mon Oct 22, 2007 5:42 pm

PHP code for site admin

Post by mkkay »

Sorry about that my question is how do i get the log in to work because whenever i go to the site admin and put in the password and username it just kind of refreshes the page it doesnt go into the administrator control panel.....HELP!!!!
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

update your code, allow cookies in your browser, check, as Everah has suggested, whether your code depends on register_globals being on (most hosts disable that by default). If you code depends on it, start looking for an update - it's most likely a highly insecure web-application you're running.
mkkay
Forum Newbie
Posts: 16
Joined: Mon Oct 22, 2007 5:42 pm

Post by mkkay »

i dont understand, im sorry but im alittle bit new to this, what do you mean about the reigster globals?
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

http://php.net/register_globals

The manual is your friend.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

register_globals, in a nutshell, is essentially the superglobal arrays ($_GET, $_POST, $_COOKIE, etc) extracted into their corresponding key/value pairs without the need to call the superglobal itself.

It is like an assumption that a form field named 'user_password' will automatically be in the variable $user_password, when in reality it is not, it is in the superglobal $_POST['user_password'].
mkkay
Forum Newbie
Posts: 16
Joined: Mon Oct 22, 2007 5:42 pm

Post by mkkay »

so what changes do i make to the register so that it can read the password and username from the sql database?
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

mkkay wrote:so what changes do i make to the register so that it can read the password and username from the sql database?
Read the link I've provided above or, alternatively, find a PHP developer in your area to help you with this.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Post by onion2k »

Just looking at the code you've posted so far I really think you should take a step back and rethink your approach. The code in the first post is horrendously insecure. There are no considerations for security in it at all. If you can get it working by modifying your PHP configuration (and likely making it even less secure) your site would be pretty much an open door to a malicious hacker.

What makes this worse is that you mention it's a "career site". I assume that means it's a site where people advertise jobs, post CVs, etc. Monster.com is just such a site and was hacked not too long ago, they lost thousands of CVs and resumes to a hacker. I believe there are several people suing them over it at the moment. You don't want that to happen to you.
mkkay
Forum Newbie
Posts: 16
Joined: Mon Oct 22, 2007 5:42 pm

Post by mkkay »

thanks alot, i guess thats the end of my career site.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Post by onion2k »

If you have so little enthusiasm for it that you give up at the first problem then it wouldn't have succeeded anyway.
Post Reply