hughesa1 Posted January 30, 2015 Share Posted January 30, 2015 <html> <head> <title>Admin Panel</title> <style> body {font-family:verdana; font-size:12; font-weight:bold; color:black; background-color:white} td {font-family:verdana; font-size:12; font-weight:bold; color:black} .style1 { font-size: 12px; font-weight: bold; } </style> </head> <body onLoad="document.f1.username1.focus();"> <!-- main table start here --> <table width=761 height=500 align=center border=0 bordercolor=black cellspacing=0 cellpadding=0> <tr> <td align=center> <!-- second table start here --> <table width="757" border="0" cellspacing="0" cellpadding="0" height="100%" bgcolor=white> <tr> <td align=center> <form method="post" action="login.php" name="f1"> <table align=center width=400 border=0 bordercolor=black cellspacing=0 cellpadding=5> <caption align=center><?=$MyError?></center> <tr bgcolor=#333333> <td colspan=2 align=center bgcolor="#333333"><span class="style1"><font color="#FFFFFF">Site Admin Login </font></span></td> </tr> <tr bgcolor=#77D2FF> <td bgcolor="#FFFFFF">Username: <font size="1"> </font></td> <td bgcolor="#FFFFFF"><input type="text" name="username1" maxlength="20"></td> </tr> <tr bgcolor=#77D2FF> <td bgcolor="#FFFFFF">Password: <font size="1"> </font></td> <td bgcolor="#FFFFFF"><input type="password" name="password1" maxlength="20"></td> </tr> </table> <br> <center> <input type="submit" name="s2" value="Login" style="background-color:#6598CD; font-size:11; color:black; font-family:verdana, arial; font-weight:bold; border-width:1; border-color:#333333"> </center> </form> </table> <!-- second table end here --> </td> </tr> </table> <!-- main table end here --> <? require_once("../conn.php"); if(isset($_POST[s2])) { $MyUsername1 = strip_tags($_POST[username1]); $MyPassword1 = strip_tags($_POST[password1]); if(empty($MyUsername1) || empty($MyPassword1)) { $MyError = "<center><font color=red size=2 face=verdana><b>All fields are required!</b></font></center>"; } else { //check the login info if exists $q1 = "select * from re2_admin where AdminID = '$MyUsername1' and AdminPass = '$MyPassword1' "; $r1 = mysql_query($q1); if(!$r1) { echo mysql_error(); header("Location:error1.php"); exit(); } else { if(mysql_num_rows($r1) == '1') { $a1 = mysql_fetch_array($r1); $_SESSION[AdminID] = $MyUsername1; $_SESSION[AdminEmail] = $a1[AdminEmail]; $_SESSION[AdminName] = $a1[AdminName]; header("location:index.php"); exit(); } } } } ?> I have listed the HTML then the PHP. In the actual file, the PHP comes before the HTML. I have a script I sell over again. I have installed it many times. The script has a 'site admin' backend to manage the site from. The default user and password to login to the script is 'admin.' It works everytime. But I installed it last night for a customer on their host and 'admin' does not work. I checked PHPMyAdmin to see if that was the username/password in there and it is. I would much appreciate your help in solving this. I am guessing the fact that my script is very old has something to do with it. Quote Link to comment Share on other sites More sharing options...
Solution QuickOldCar Posted January 30, 2015 Solution Share Posted January 30, 2015 Try using full php tags <?php versus short tags <? BTW, no password hashing? Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted January 30, 2015 Share Posted January 30, 2015 If QuickOldCar's suggestion doesn't work...are you getting any errors? Are PHP errors and warning being displayed? Note that you can add the following to the top of your script to show them: <?php error_reporting(E_ALL); ini_set('display_errors', 1); ?> Of course, you'll want to remove the above code once you are done debugging. Also, if you're not doing so already, you'll want to look into preventing SQL injection attacks. One way is to use mysql_real_escape_string(): http://php.net/manual/en/function.mysql-real-escape-string.php Quote Link to comment Share on other sites More sharing options...
hughesa1 Posted January 30, 2015 Author Share Posted January 30, 2015 Fantastic, that was all was needed. Thanks for that. What is password hashing? Quote Link to comment Share on other sites More sharing options...
Tom8001 Posted January 30, 2015 Share Posted January 30, 2015 password hashing is encrypting your database passwords so if a hacker uses SQL Injection to display confidential information the web page from your database the passwords will not display as the normal password for example $2y$12$QjSH496pcT5CEbzjD/vtVeH03tfHKFy36d4J0Ltp3lRtee9HDxY3K That's what the password would look like but it depends on the algorithms you use. Example: <?php //Get values $username = $_POST['username']; $password = $_POST['password']; //Hash the password $password = hash('md5', $password); ?> Now obviously you would have to use escape string and strip tags on the two variables, but that is just an example do not use md5 it's too common and it's the easiest to decrypt You can display a list of algorithms on a webpage and pick one. <?php print_r(hash_algos()); ?> Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted January 30, 2015 Share Posted January 30, 2015 In case you are interested, there is more information about hashing passwords here: http://php.net/manual/en/faq.passwords.php Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.