Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

Im having problem with a login script

align login

  • Please log in to reply
3 replies to this topic

#1 doingit08

doingit08

    CC Lurker

  • Just Joined
  • Pip
  • 2 posts

Posted 25 October 2010 - 01:39 AM

Please im having troubles login in to my old script and i really need to collect some details from there. Im guessing its cos of the change of version but if anyone could help me out on what to change so that i can use the same script and it logs on on php5.. :crying:

The login codes below..

<? 

include("../includes/config.php");

include("../includes/db_connect.php");

if ($btnLogin == "Login")

{

$sql = "select username, password,status from accounts where username = '".$userid."'";

$result=mysql_query($sql);

if(mysql_num_rows($result)==0)

header("Location: login.php?login=l");

else

{

$row = mysql_fetch_row($result);

if($userid == $row[0] && $passwd == $row[1]) {

if($row[2] == 0) {

header("Location: login.php?login=s");

exit;

}

session_start();

session_register('allow');

session_register('macid');

session_register('start'); $start=time();

$allow="True";

$macid=trim($userid);

header("Location: main.php?PHPSESSID=".$PHPSESSID);

}

else{

header("Location: login.php?login=f");

}

}

}

?>

<? include("../includes/templates/header1.php"); ?>

<? include("../includes/languages/".LANGUAGE."/login.php"); ?>

<div align="center">

<FONT FACE="VERDANA" SIZE="2" COLOR="red">

<?

If($login== "f")

echo ERROR_TEXT_LOGIN_FAIL;

elseif($login == "l")

echo ERROR_TEXT_NO_LOGIN;

elseif($login == "a")

echo ERROR_TEXT_SESSION_EXPIRED;

elseif ($login == "s")

echo "Your account is disabled. You cannot login.";

?>

</font>

<FONT FACE="VERDANA" SIZE="2" COLOR="#000000">

<CENTER>

<BR>

<IMG SRC="../images/connect.gif" WIDTH="134" HEIGHT="57" BORDER=0 ALT=""><IMG SRC="../images/1.gif" WIDTH="52" HEIGHT="54" BORDER=0 ALT="">

<BR><BR>

<IMG SRC="../images/new1.gif" WIDTH="35" HEIGHT="17" BORDER=0 ALT=""><FONT SIZE="3" COLOR="<?=$dark_color?>"><B>Statements</B></FONT>

</CENTER>

<H4><? echo sprintf(HEADING_TITLE,$sTitle); ?>.</H4>

<form method="post" action="login.php" name="Login" onSubmit="return validateLogin()">



<TABLE>

<TR>

<TD>

<DIV ALIGN="RIGHT">

<B><? echo FORM_TITLE_USERID; ?> </B>

</DIV>

</TD>

<TD>

<input type="text" name="userid" size="20">

</TD>

</TR>

<TR>

<TD>

<DIV ALIGN="RIGHT">

<B><? echo FORM_TITLE_PASSWORD; ?> </B>

</DIV>

</TD>

<TD>

<input type="password" name="passwd" size="20">

</TD>

</TR>

<TR>

<TD>

<B> </B>

</TD>

<TD>

<input type="submit" name="btnLogin" value="<?echo FORM_SUBMIT_BUTTON_LOGIN;?>">

</TD>

</TR>

</TABLE>

</form>

<BR>

<?echo TEXT_NEW_USER;?> <A HREF="signup.php"><FONT COLOR="<?=$sText?>"><?echo TEXT_SIGNUP;?></FONT></A>

<BR>

<A HREF="forgot.php"><FONT COLOR="<?=$sText;?>"><?echo TEXT_FORGOT_YOUR_PASSWORD;?></FONT></A>

</FONT>

</div><br><br><br><br><br>

<? include("../includes/templates/footer.php"); ?>

Edited by doingit08, 25 October 2010 - 02:20 AM.

  • 0

#2 Alexander

Alexander

    YOL9

  • Moderator
  • 3963 posts
  • Location:Vancouver, Eh! Cleverness: 200
  • Programming Language:C, C++, PHP, Assembly

Posted 25 October 2010 - 02:51 AM

Do you get any errors, problems or a blank page? There is a lot of code that you had not listed, so it is hard to tell what is wrong without you telling us.
  • 0

All new problems require investigation, and so if errors are problems, try to learn as much as you can and report back.


#3 doingit08

doingit08

    CC Lurker

  • Just Joined
  • Pip
  • 2 posts

Posted 25 October 2010 - 03:15 AM

I get the same page reloaded back with no errors and no login. formally it returns a page like this login.php?login=l but now its just login.php it returns.
  • 0

#4 SoN9ne

SoN9ne

    CC Addict

  • Advanced Member
  • PipPipPipPipPip
  • 118 posts
  • Programming Language:Java, PHP, JavaScript, Bash
  • Learning:C, Objective-C

Posted 26 October 2010 - 12:30 PM

You have some serious security risks in the code that should be resolved too.
Never use PHPSESSID in the URL the session can easily be hijacked...
You have another possilbe security risk with the query to fetch the login credentials.

Where is $userid being initiated at? Are you typecasting this to an int? How do you get the id?

Actually, after looking at the code a bit more, the $userid is the login name!? You will need to use mysql_real_escape_string to prevent SQL injection (don't forget to check it magic quotes are on so you can decide if you need to stripslashes).

Without seeing any other code it's hard to tell if you have a logic flaw or a more serious issue. Also check your php error log to see if any errors are being thrown.
  • 0
"Life would be so much easier if we only had the source code."





Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download