Page 1 of 1

Cookie error

Posted: Tue Mar 20, 2012 4:46 am
by Vilash
Hi, when i open my admin log in section using correct username and password it displays the members list and everything whatever i have included, but the problem is when i copy the url of the page after log in and paste it in other browser it displays the contents of that page, so there is no authentication or authorization anybody can copy-paste and view the details,if anybody knows the soln for this please help me....


this s my code...
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<script src="../gen_validatorv4.js" type="text/javascript"></script>
</head>

<body>

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="myform" method="post" action="member_checklogin.php" id="myform">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#E4E4E4">
<tr>
<td colspan="3"><strong> Login </strong><div class='short_explanation'>(<span style="color:#F00">*</span>required fields)</div></td>

</tr>

<tr>
<td width=78 bgcolor="#E4E4E4">Username</td>
<td width=6 bgcolor="#E4E4E4">:<span style="color:#F00">*</span></td>
<td width="294"><input name="username" type="text" id="myusername"></td>
</tr>
<tr>
<td bgcolor="#E4E4E4">Password</td>
<td bgcolor="#E4E4E4">:<span style="color:#F00">*</span></td>
<td><input name="password" type="password" id="mypassword"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><label>

<input type="submit" name="Submit" value="Login">
</label></td>
</tr>

<!--<tr>
<td>&nbsp;</td>
<td colspan="2"><a href="forgot-password.php">Forgot Password</a> | <a href="register.php">Register</a></td>
</tr>-->
</table>
</td>
</form>
</tr>
</table>

<script type="text/javascript">
var frmvalidator = new Validator("myform");
frmvalidator.addValidation("username","req","Please enter your username");
// frmvalidator.addValidation("CompanyName","maxlen=20",
// "Max length for Name is 20");
//frmvalidator.addValidation("LastName","req");
// frmvalidator.addValidation("LastName","maxlen=20");

frmvalidator.addValidation("password","req","Please enter your password");
//frmvalidator.addValidation("BEmail","maxlen=50");
// frmvalidator.addValidation("BEmail","req");
// frmvalidator.addValidation("BEmail","email");
// frmvalidator.addValidation("Phone","maxlen=50");
// frmvalidator.addValidation("Phone","numeric");
//frmvalidator.addValidation("Address","maxlen=50");
// frmvalidator.addValidation("Country","dontselect=000");
</script>

</body>
</html>

Re: Cookie error

Posted: Tue Mar 20, 2012 5:02 am
by requinix
That's nice but it's not the code we need to see. How about posting member_checklogin.php?

Re: Cookie error

Posted: Tue Mar 20, 2012 5:09 am
by Vilash
this s member_checklogin.php




<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Udupi | Udupi Travel Guide | Udupi & Manipal information</title>
<meta name="keywords" content="Udupi, Udupi Travel Guide, Udupi & Manipal information" />
<meta name="description" content="Udupi tourist places and traveling information for tourists who visit Udupi & Manipal." />
<link href="style/style.css" rel="stylesheet" type="text/css" />
<script type="text/javascript"
src="http://ajax.googleapis.com/ajax/libs/jq ... "></script>
<script type="text/javascript" src="tabs.js"></script>
<script src="gen_validatorv4.js" type="text/javascript"></script>
</head>

<body>
<div class="block">
<?php include("../includes/header.php"); ?>
<div class="mainBLock">
<!-- Header Starts -->
<!-- Header Ends -->
<!-- main Banner Starts -->
<!-- main Banner Ends -->
<div>
<?php include("../includes/leftMenu.php"); ?>
<!-- Page content starts-->
<div class="pageContent">

<?php include("dbConfig.php");?>
<?php
//$host="localhost"; // Host name
//$username="login"; // Mysql username
//$password="login123"; // Mysql password
//$db_name="test"; // Database name
//
//// Connect to server and select databse.
//mysql_connect("$host", "$username", "$password")or die("cannot connect");
//mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['username'];
$mypassword=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM login_admin WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
//session_register("myusername");
//session_register("mypassword");
include("login_success.php");
//header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

</div>
<!-- Page content Ends-->
<!-- Right Menu starts-->
<?php include("../includes/rightMenu.php"); ?>
<?php include("../includes/footerTop.php"); ?>
</div>
</div>
<div class="footer-block">
<?php include("../includes/footer.php"); ?>
</div>
</div>
</body>
</html>

Re: Cookie error

Posted: Tue Mar 20, 2012 6:09 am
by requinix
1. There's a big PHP block in that file and an include(dbConfig.php) above. Move both, together, to the very top of the file. Before all of the HTML.
2. Just inside the start of that big block, add a call to session_start().
3. Change

Code: Select all

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
//session_register("myusername");
//session_register("mypassword"); 
include("login_success.php");
//header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
to

Code: Select all

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION["myusername"] = $myusername;
$_SESSION["mypassword"] = $mypassword;
header("location:login_success.php");
exit;
}
4. Put the "wrong username or password" message where the code block used to be. Right into the HTML. No PHP code needed.


With that done, every single PHP file that has to be protected needs to check for the myusername and/or mypassword in the session.

Re: Cookie error

Posted: Tue Mar 20, 2012 6:38 am
by Vilash
ok i ill check....