HOMEDIR is a constant defined in the config file included above, and $pagename, I believe, is passed in from the calling page - though if it's not, it would be undefined, I suppose. Would that pose a problem?
Loginverify.php calls login.php if the login fails (and passes in $Error, hence the "if ($Error != " ")
Those on the only 3 variables I can see in the whole script - everything else is HTML or commented out.
Code: Select all
<?
#
# Declare all session variables here?
#
include ("gumgums_config.php");
session_register("Authorized");
$Authorized = "False";
session_register("CanRead");
$CanRead = "False";
session_register("CanWrite");
$CanWrite = "False";
session_register("CanEdit");
$CanEdit = "False";
session_register("CanDelete");
$CanDelete = "False";
session_register("Username");
//$Username = "";
session_register("UserDir");
$UserDir = "/img";
?>
<html>
<head>
<title>Verify Login</title>
<META HTTP-EQUIV="REFRESH" CONTENT="15; URL=<?if ($pagename=="") {echo "/index.html"; } else {echo "$pagename";} ?>">
</head>
<body>
<?
#
# Open a connection to the database
#
function openDB2($dbName,$dbLocation, $dbUsername, $dbPassword)
{
$dbh = mysql_connect($dbLocation, $dbUsername, $dbPassword)
or die ("Unable to connect to database.");
mysql_select_db($dbName, $dbh)
or die ("Unable to select database.");
return $dbh;
}
#
# Close the Database Down
#
function closeDB2($dbh)
{
mysql_close($dbh);
}
function logUser($table, $message, $dbh)
{
$dateTime = date("l dS of F Y h:i:s A");
$IPaddress = getenv("REMOTE_ADDR");
$sessionID = session_id();
$OS = getenv("HTTP_UA_OS");
$browserType = getenv("HTTP_USER_AGENT");
# echo "Login: $Login";
switch ($table)
{
case "imageusers":
$userSQL = "UPDATE imageusers SET lastdate='$dateTime', IPaddress='$IPaddress', OS='$OS', browserType='$browserType', sessionID='$sessionID' WHERE username='$message'";
break;
case "hackers":
$userSQL = "INSERT into hackers (IPaddress, borndate, browserType, sessionID, OS, failure) VALUES ('$IPaddress', '$dateTime', '$browserType', '$sessionID', '$OS', '$message')";
break;
}
# echo "userSQL: $userSQL<br>";
$result = mysql_query($userSQL, $dbh)
or die ("Can't update the database");
}
function authorizeUser($Login, $Password ,$dbh)
{
switch($Login)
{
case "":
return "False";
break;
default:
$userSQL = "SELECT * from imageusers WHERE username='$Login'";
# echo "userSQL: $userSQL";
$result = mysql_query($userSQL, $dbh)
or die("Bad query: ".mysql_error());
# echo "result: $result";
$numrows = mysql_numrows($result); // , $dbh);
if ($numrows == 0)
{
# echo "That account doesn't exist<br>";
return "False";
break;
} else {
$DBLogin = (mysql_result($result,0,"username"));
# echo "DBLogin: $DBLogin<br>";
$DBPassword = (mysql_result($result,0,"password"));
# echo "DBPassword: $DBPassword<br>";
if ($Login == $DBLogin and $Password == $DBPassword)
{
# echo "You are Authorized<br>";
logUser ("imageusers", $Login, $dbh);
$dateTime = date("l dS of F Y h:i:s A");
$IPaddress = getenv("REMOTE_ADDR");
$sessionID = session_id();
$OS = getenv("HTTP_UA_OS");
$browserType = getenv("HTTP_USER_AGENT");
$userSQL = "UPDATE imageusers SET lastdate='$dateTime', IPaddress='$IPaddress', OS='$OS', browserType='$browserType', sessionID='$sessionID' WHERE username='$Login'";
# echo "userSQL: $userSQL<br>";
$result = mysql_query($userSQL, $dbh)
or die ("Can't update the database");
$tmp = "True";
} else {
$failure = "Login ($Login) or Password ($Password) incorrect";
logUser ("hackers", $failure, $dbh);
# echo "You are NOT Authorized<br>";
$tmp = "False";
}
}
return $tmp;
}
}
function authorizeVar($Login, $varField, $dbh)
{
switch($Login)
{
case "":
return "False";
break;
default:
$userSQL = "SELECT * from imageusers WHERE username='$Login'";
# echo "userSQL: $userSQL";
$result = mysql_query($userSQL, $dbh)
or die("Bad query: ".mysql_error());
# echo "result: $result";
$numrows = mysql_numrows($result); // , $dbh);
if ($numrows == 0)
{
# echo "That account doesn't exist<br>";
return "False";
break;
} else {
return (mysql_result($result,0,"$varField"));
}
}
}
function testName ($name)
{
trim($name);
if (ucfirst($name) == "False" || ucfirst($name) == "True")
{
echo "<b>Login or Password can't be '$name', choose again</b><br>";
return "False";
}
$tmp = strlen($name);
if ($tmp > 20 or $tmp < 4)
{
echo "Login or Password has to be between 4 and 20 characters long. Yours was $tmp characters long.<br>";
return "False";
}
# echo "String: $name<br>";
$NewName = ereg_replace ("[^0-9a-zA-Z]","",$name);
# echo "NewString: $NewName<br>";
if ($name != $NewName)
{
echo "<b>Can only have Characters and numbers in Login and Password</b><br>";
return "False";
}
return $NewName;
}
function createNewUser($Login, $Password, $dbh)
{
# echo "<b>Creating a new user account with the Login: $Login and Password: $Password</b><br>";
$Login = testName($Login);
if ($Login == "False")
{
# echo "<b>Failed Login test</b><br>";
return "False";
} else {
# echo "Login: $Login<br>";
# echo "Passed Login test<br>";
}
$Password = testName($Password);
if ($Password == "False")
{
# echo "<b>Failed Password test</b><br>";
return "False";
} else {
# echo "Password: $Password<br>";
# echo "<b>Passed Password test</b><br>";
}
switch($Login)
{
case "":
# echo "<b>Sorry, can't have a Zero Length Login</b><br>";
return "False";
break;
default:
$userSQL = "SELECT * from imageusers WHERE username='$Login'";
# echo "userSQL: $userSQL";
$result = mysql_query($userSQL, $dbh)
or die("Bad query: ".mysql_error());
# echo "result: $result";
$numrows = mysql_numrows($result); // , $dbh);
if ($numrows == 0)
{
# echo "That account doesn't exist (That's a good thing..)<br>";
# return "False";
$dateTime = date("l dS of F Y h:i:s A");
$IPaddress = getenv("REMOTE_ADDR");
$sessionID = session_id();
$OS = getenv("HTTP_UA_OS");
$browserType = getenv("HTTP_USER_AGENT");
$userSQL = "INSERT into imageusers (username, password, borndate, lastdate, IPaddress, OS, browserType, sessionID, bornIPaddress, bornOS, bornbrowserType, bornsessionID) VALUES ('$Login', '$Password', '$dateTime', '$dateTime', '$IPaddress', '$OS', '$browserType', '$sessionID','$IPaddress', '$OS', '$browserType', '$sessionID')";
# echo "userSQL: $userSQL<br>";
$result = mysql_query($userSQL, $dbh)
or die ("Can't update the database");
$userSQL = "SELECT * from imageusers WHERE username='$Login'";
# echo "userSQL: $userSQL";
$result = mysql_query($userSQL, $dbh)
or die("Bad query: ".mysql_error());
$DBLogin = (mysql_result($result,0,"username"));
# echo "DBLogin: $DBLogin<br>";
$DBPassword = (mysql_result($result,0,"password"));
# echo "DBPassword: $DBPassword<br>";
if ($Login == $DBLogin and $Password == $DBPassword)
{
# echo "You are Authorized<br>";
$tmp = "True";
} else {
# echo "You are NOT Authorized<br>";
$tmp = "False";
}
} else {
# echo "That Login name already exists, choose another<br>";
$tmp = "False";
}
}
return $tmp;
}
#
# Main starts here
#
# echo "Login: $Login<br>";
# echo "Password: $Password<br>";
# echo "NewUser: $NewUser<br>";
$dbh = openDB2('siterecords','localhost:3306', 'mysql', 'scrunchmail');
if ($NewUser == "True")
{
$Authorized = createNewUser($Login, $Password, $dbh);
} else {
$Authorized = authorizeUser($Login, $Password, $dbh);
# echo "Authorized: $Authorized<br>";
}
if ($Authorized == "True")
{
$Username = $Login;
$CanRead = authorizeVar($Login, "canread", $dbh);
$CanWrite = authorizeVar($Login, "canwrite", $dbh);
$CanEdit = authorizeVar($Login, "canedit", $dbh);
$CanDelete = authorizeVar($Login, "candelete", $dbh);
$UserDir = authorizeVar($Login, "userdir", $dbh);
# echo "Permissions: $CanRead $CanWrite $CanEdit $CanDelete $UserDir";
?>
<SCRIPT LANGUAGE=JAVASCRIPT>
window.location="<? if ($pagename=="") {echo "/index.html"; } else {echo "$pagename";} ?>"
</SCRIPT>
<NOSCRIPT>Your browser has disabled Javascript</NOSCRIPT>
<?
} else {
$Error = "Wrong Login or Password, or Account already exists<br>";
$Authorized = "False";
$Username = "Guest";
$UserDir = "/img";
?>
<SCRIPT LANGUAGE=JAVASCRIPT>
window.location="<? echo HOMEDIR;?>login.php?Error= <?echo $Error?>";
</SCRIPT>
<NOSCRIPT>Your browser has disabled Javascript</NOSCRIPT>
<?
}
?>
</html>