Code: Select all
<?php
if(session_id() == "")
session_start();
require_once 'Sha256.class.php';
require_once 'StringInput.class.php';
error_reporting(E_ALL);
if(!isset($_SESSION['user']))
header('Location: admin.php?log=out&res=1');
if(!isset($_POST['oldpass']))
header('Location: admin.php');
if($_POST['tester']=="gargoyled") //js was on and passed
process($_POST['oldpass'], $_POST['newpass']);
elseif($_POST['tester']=="failed") //js was on and failed
header('Location: 1_adminedit.php?res=11');
elseif($_POST['tester']=="notnull") //js was off
{
echo "<br />should get here first"; //these echos are telling me what happens.
preprocess($_POST['oldpass'], $_POST['newpass'], $_POST['newpass2']);
echo "<br />hmm, why did I get here?"; //these echos are telling me what happens.
}
function preprocess($p1, $p2, $p3)
{
if(strlen($p1)<6 || strlen($p2)<6 || $p2!=$p3)
{
echo "<br />should get here second"; //these echos are telling me what happens.
badpass();
}
echo "<br />Why did I get into preprocess?"; //these echos are telling me what happens.
$p1 = $p1 . $_SESSION['user'] . "56v2jxa9er73qse";
$p1 = sha256($p1);
$p2 = $p2 . $_SESSION['user'] . "56v2jxa9er73qse";
$p2 = sha256($p2);
$p3 = $p2;
process($p1, $p2);
}
function sha256($p)
{
$feyd = new Sha256v2();
$p = $feyd->hash(new StringInput($p));
return $p;
}
function process($p1, $p2)
{
echo "<br />WHY did I get into process?"; //these echos are telling me what happens.
$db=mysql_connect ("localhost", "barb_admin", "whoopsForgotToEditThisOut") or die(mysql_error());
mysql_select_db ("barb_administration");
$user = strtolower($_SESSION['user']);
$p1 = mysql_real_escape_string($p1);
$p2 = mysql_real_escape_string($p2);
//make sure user exists
$sql = "SELECT * FROM auther WHERE name = '" . $user . "'";
$data = mysql_fetch_array(mysql_query($sql));
if(isset($data['password']) && $data['password']==$p1)
{
$sql = "UPDATE auther SET password='" . $p2 . "' WHERE name='" . $user . "'";
mysql_query($sql) or die(mysql_error());
mysql_close($db);
header('Location: 1_adminedit.php?res=12');
}
else
{
badpass();
}
mysql_close($db); //important
}
function badpass()
{
echo "<br />Should get here last, and shouldn't get anywhere else"; //these echos are telling me what happens.
header('Location: 1_adminedit.php?res=11');
}
?>oldpass: myoldpass
newpass: lkj
newpass2: abc
password is changed to the hash of lkj (plus my salt).
here's what the screen shows:
Code: Select all
should get here first
should get here second
Should get here last, and shouldn't get anywhere else
Warning: Cannot modify header information - headers already sent by (output started at /home/barb/public_html/newdesign/1_cyp.php:22) in /home/barb/public_html/newdesign/1_cyp.php on line 84
Why did I get into preprocess?
WHY did I get into process?
Warning: Cannot modify header information - headers already sent by (output started at /home/barb/public_html/newdesign/1_cyp.php:22) in /home/barb/public_html/newdesign/1_cyp.php on line 72
Warning: mysql_close(): 7 is not a valid MySQL-Link resource in /home/barb/public_html/newdesign/1_cyp.php on line 78
hmm, why did I get here?Thanks