1 reply to this topic

[justsachin4u]

Hello frz, i have following script files. Actually it is a login stystem script. The purpose of this program is to allow user to login. After login they enter in a page where they can go to protected area after clicking the link. If user cookie is set then he can go to the protected area otherwise he will be redirected to login page. This program runs well when user cookie is not set but when the cookie is set, then page doesn't redirect to the destination. Plz help me. Here are the code files -

File No.1 LoginDesg.php -

<html>

<head>

<title>LoginDesg</title>

</head>

<body>

<form id="form1" name="form1" method="post" action="LoginCode.php">

<table width="25%" align="center">

<tr>

<th><div align="right">Username: </div></th>

<td><input type="text" name="txtuname" id="txtuname" /></td>

</tr>

<tr>

<th><div align="right">Password: </div></th>

<td><input type="password" name="txtpass" id="txtpass" /></td>

</tr>

<tr>

<th><div align="right">Remember me: </div></th>

<td><input type="checkbox" name="chk" id="chk" /></td>

</tr>

<tr>

<th><div align="right">

<input type="submit" class="btn" name="btnlogin" id="btnlogin" value="Login" />

</div></th>

<td></td>

</tr>

</table>

</form>

</body>

</html>

File No.2 -

<?php

$uname=$_REQUEST["txtuname"];

$pass=$_REQUEST["txtpass"];

if($uname=="test" && $pass==12345)

{

    if(isset($_REQUEST["chk"]))

        {

            setcookie("uname",$uname,time()+60*60*24);

        }

        header("location:Account.php");

}

else

{

    header("location:LoginDesg.php");

}            

?>

File No. 3 -

<html>

<head>

<title>Account</title>

</head>

<body style="text-align:center">

<div>

<?php

$uname=$_COOKIE["uname"];

if(isset($_COOKIE["uname"]))

{

    echo "You are logged in as $uname.";

}

else

{

        echo "You entered here as a guest<p>";

}

?>

</div>

<h3>Member Area</h3>

<a href="ProtectedArea.php">Go to member area</a>

</body>

</html>

File No. 4 -

<?php

if(isset($_COOKIE["uname"]))

{

    header("location:ProtectedArea.php");

}

else

{

    header("location:LoginDesg.php");    

}

?>

File No. 5 -

<?php

include("CheckLogin.php");

?>

<html>

<head>

<title>Protected Area</title>

</head>

<body style="text-align:center">

<h1>Welcome to protected area</h1>

</body>

</html>

Note -

Username is "test" and password is "12345";

In IE the page is loading and loading and in Firfox following msg appears -




 PHP.JPG   73.75K   31 downloads

[bbqroast]

Firefox is being redirected back and forward and has decided that 'Yep, he [the server] is not making his mind up soon :('.

I recommend you use sessions, cookies are client side and can be spoofed (I think... If I am right then the user could just change 'uname' to say 'justsachin4u' which could be disastrous!). Sessions just put a very long ID in the cookie and then store the actual data on the server. Unless the cracker (He/she could be considered a hacker in this instance if he/she is doing this by his/her self) manages to work out the ID of an active session its hard to break in (also session IDs are giant random strings, a proper website will change the ID every time the user visits a page to).