Jump to content

Im having problem with a login script

- - - - -
Started by doingit08, Oct 25 2010 01:39 AM

This topic has been archived. This means that you cannot reply to this topic.
3 replies to this topic

#1
doingit08
Posted 25 October 2010 - 01:39 AM

doingit08

    Newbie

  • Members
  • Pip
  • 2 posts
Please im having troubles login in to my old script and i really need to collect some details from there. Im guessing its cos of the change of version but if anyone could help me out on what to change so that i can use the same script and it logs on on php5.. :crying:

The login codes below..

<? 


include("../includes/config.php");


include("../includes/db_connect.php");	


	if ($btnLogin == "Login") 


	{


		$sql = "select username, password,status from accounts where username = '".$userid."'";


		$result=mysql_query($sql);


		if(mysql_num_rows($result)==0)


			header("Location: login.php?login=l");


		else


		{	


			$row = mysql_fetch_row($result);


			if($userid == $row[0] && $passwd == $row[1]) {


				if($row[2] == 0) {


					header("Location: login.php?login=s");


					exit;


				}


				session_start();


				session_register('allow');


				session_register('macid');


				session_register('start');								$start=time();


				$allow="True";


				$macid=trim($userid);


				header("Location: main.php?PHPSESSID=".$PHPSESSID);				


			}


			else{


				header("Location: login.php?login=f");


			}


		}


	}


?>


<? include("../includes/templates/header1.php"); ?>


<? include("../includes/languages/".LANGUAGE."/login.php"); ?>


<div align="center">


<FONT FACE="VERDANA" SIZE="2" COLOR="red">


<? 


	If($login== "f")


		echo ERROR_TEXT_LOGIN_FAIL; 


	elseif($login == "l")


		echo ERROR_TEXT_NO_LOGIN;


	elseif($login == "a") 


		echo ERROR_TEXT_SESSION_EXPIRED;


	elseif ($login == "s") 


		echo "Your account is disabled. You cannot login.";


?>


</font>


<FONT FACE="VERDANA" SIZE="2" COLOR="#000000">


<CENTER>


<BR>


<IMG SRC="../images/connect.gif" WIDTH="134" HEIGHT="57" BORDER=0 ALT=""><IMG SRC="../images/1.gif" WIDTH="52" HEIGHT="54" BORDER=0 ALT="">


<BR><BR>


<IMG SRC="../images/new1.gif" WIDTH="35" HEIGHT="17" BORDER=0 ALT=""><FONT SIZE="3" COLOR="<?=$dark_color?>"><B>Statements</B></FONT>


</CENTER>


<H4><? echo sprintf(HEADING_TITLE,$sTitle); ?>.</H4>


	<form method="post" action="login.php" name="Login" onSubmit="return validateLogin()">




		<TABLE>


		<TR>


			<TD>


			<DIV ALIGN="RIGHT">


				<B><? echo FORM_TITLE_USERID; ?> </B>


			</DIV>


			</TD>


			<TD>


				<input type="text" name="userid" size="20">


			</TD>


		</TR>


		<TR>


			<TD>


			<DIV ALIGN="RIGHT">


				<B><? echo FORM_TITLE_PASSWORD; ?> </B>


			</DIV>


			</TD>


			<TD>


				<input type="password" name="passwd" size="20">


			</TD>


		</TR>


		<TR>


			<TD>


				<B> </B>				


			</TD>


			<TD>


				<input type="submit" name="btnLogin" value="<?echo FORM_SUBMIT_BUTTON_LOGIN;?>">


			</TD>


		</TR>				


		</TABLE>


	</form>	


	<BR>


	<?echo TEXT_NEW_USER;?> <A HREF="signup.php"><FONT COLOR="<?=$sText?>"><?echo TEXT_SIGNUP;?></FONT></A>


	<BR>


	<A HREF="forgot.php"><FONT COLOR="<?=$sText;?>"><?echo TEXT_FORGOT_YOUR_PASSWORD;?></FONT></A>


</FONT>


</div><br><br><br><br><br>


<? include("../includes/templates/footer.php"); ?>

Edited by doingit08, 25 October 2010 - 02:20 AM.

#2
Alexander
Posted 25 October 2010 - 02:51 AM

Alexander

    It's Science!

  • Moderators
  • 4,124 posts
Do you get any errors, problems or a blank page? There is a lot of code that you had not listed, so it is hard to tell what is wrong without you telling us.
Be sure to read the updated FAQ! || Health is achieved through the same 10,000 steps.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.

#3
doingit08
Posted 25 October 2010 - 03:15 AM

doingit08

    Newbie

  • Members
  • Pip
  • 2 posts
I get the same page reloaded back with no errors and no login. formally it returns a page like this login.php?login=l but now its just login.php it returns.

#4
SoN9ne
Posted 26 October 2010 - 12:30 PM

SoN9ne

    Programmer

  • Members
  • PipPipPipPip
  • 129 posts
You have some serious security risks in the code that should be resolved too.
Never use PHPSESSID in the URL the session can easily be hijacked...
You have another possilbe security risk with the query to fetch the login credentials.

Where is $userid being initiated at? Are you typecasting this to an int? How do you get the id?

Actually, after looking at the code a bit more, the $userid is the login name!? You will need to use mysql_real_escape_string to prevent SQL injection (don't forget to check it magic quotes are on so you can decide if you need to stripslashes).

Without seeing any other code it's hard to tell if you have a logic flaw or a more serious issue. Also check your php error log to see if any errors are being thrown.
"Life would be so much easier if we only had the source code."
Back to PHP Development




  1. CODECALL Programming Forum
  2. Web Development Forum
  3. PHP Development
IPB skins by Skinbox