Hermes Posted May 10, 2008 Share Posted May 10, 2008 When you go to login.php and type in "User" and "Password" and hit submit, it redirects you back to login.php saying you have the wrong username and password. Okay, so I think the problem with my script is that when it checks to see if the post information is the same as the set username, it rejects it. Here's my login.php code: <html> <head> <title>Admin Login</title> </head> <body> <table> <form action="source/check_log.php" method="post"> <td><b>UserName: <input type="text" size="20" name="username"></td><td> <b>Password: </b><input type="password" size="20" name="password"></td> <br> <tr><td><input type="submit" value="login"></td></tr> </form> </table> </body> </html> And here's the authentication (check_log.php) script: <?php // Set the login user here: $login_username == "User"; $login_password =="Password"; // Quick Cookie Check to see if user is logged in. // If the cookie 'user' exists and the MD5(IP+5) matches the cookie 'user' // Then jump him to the admin page. // Explanation for MD5(IP+5) coming up.. if(isset($_COOKIE['user']) && md5($_SERVER['REMOTE_ADDR']+5)!=$_COOKIE['user']){ header('Location: /admin/index.php'); exit(); } // Look for Posted Username and Password if (isset($_POST['username'])&&isset($_POST['password'])) { if ($_POST['username'] == $login_username && $pass == $login_password) { // Set cookie 'user' // Giving the MD5ed value of the user's IP+SomeNumber(5). This way the // user seesgibberish and doesn't quite know what's going on here. // Setting cookie expiration time in seconds (60s*60m*24h = 1 day) setcookie ('user',md5($_SERVER['REMOTE_ADDR']+5),time()+60*60*24); // Toss them to the admin page header('Location: /admin/index.php'); // Prevent any other scripts from executing exit(); }else{ // Login Failed - Toss back to the login page with an error. header('Location: ../login.php?error=Incorrect+username+or+password.'); exit(); } }else{ // No Username and Password field is set // Assuming there is a /login.php header('Location:/login.php'); } ?> Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted May 10, 2008 Share Posted May 10, 2008 what is the problem? Quote Link to comment Share on other sites More sharing options...
Hermes Posted May 10, 2008 Author Share Posted May 10, 2008 When you go to login.php and type in "User" and "Password" and hit submit, it redirects you back to login.php saying you have the wrong username and password. Quote Link to comment Share on other sites More sharing options...
ady01 Posted May 10, 2008 Share Posted May 10, 2008 Are you checking user & pass in MySQL ? Quote Link to comment Share on other sites More sharing options...
Hermes Posted May 10, 2008 Author Share Posted May 10, 2008 Are you checking user & pass in MySQL ? I plan on it, eventually, but for right now the username and password are set variables in the script as $username == User $password == Password I'm testing it out to see if it works from the foundation before using MYSQL Quote Link to comment Share on other sites More sharing options...
fanfavorite Posted May 10, 2008 Share Posted May 10, 2008 Where do you declare $pass? Should this not be: $_POST[password] == $login_password Quote Link to comment Share on other sites More sharing options...
Hermes Posted May 10, 2008 Author Share Posted May 10, 2008 Where do you declare $pass? Should this not be: $_POST[password] == $login_password I just now noticed that. Thanks! However the script still isn't working. Right now I have this: <?php // Set the login user here: $login_username == "User"; $login_password =="Password"; // Quick Cookie Check to see if user is logged in. // If the cookie 'user' exists and the MD5(IP+5) matches the cookie 'user' // Then jump him to the admin page. // Explanation for MD5(IP+5) coming up.. if(isset($_COOKIE['user']) && md5($_SERVER['REMOTE_ADDR']+5)!=$_COOKIE['user']){ header('Location: /admin/index.php'); exit(); } // Look for Posted Username and Password if (isset($_POST['username'])&&isset($_POST['password'])) { if ($_POST['username'] = $login_username && $_POST['password'] = $login_password) { // Set cookie 'user' // Giving the MD5ed value of the user's IP+SomeNumber(5). This way the // user seesgibberish and doesn't quite know what's going on here. // Setting cookie expiration time in seconds (60s*60m*24h = 1 day) setcookie ('user',md5($_SERVER['REMOTE_ADDR']+5),time()+60*60*24); // Toss them to the admin page header('Location: /admin/index.php'); // Prevent any other scripts from executing exit(); }else{ // Login Failed - Toss back to the login page with an error. header('Location: ../login.php?error=Incorrect+username+or+password.'); exit(); } }else{ // No Username and Password field is set // Assuming there is a /login.php header('Location:/login.php'); } Quote Link to comment Share on other sites More sharing options...
talas Posted May 10, 2008 Share Posted May 10, 2008 If you want it to go by a sql database, I can help you, I have about 5 sites powered by the same code that is a sql database admin system. Quote Link to comment Share on other sites More sharing options...
talas Posted May 10, 2008 Share Posted May 10, 2008 If you want it to go by a sql database, I can help you, I have about 5 sites powered by the same code that is a sql database admin system. Sorry for the double post but here: http://flh.tidesofwar.net/ams/phpauth.zip In passwordreader.php, you need to edit the mysql login info and the location of your admin page (you might need to use the full url here) In your database, you need table login with rows user and pass, both varchar(32) Quote Link to comment Share on other sites More sharing options...
Btown2 Posted May 11, 2008 Share Posted May 11, 2008 Where do you declare $pass? Should this not be: $_POST[password] == $login_password I just now noticed that. Thanks! However the script still isn't working. Right now I have this: <?php // Set the login user here: $login_username == "User"; $login_password =="Password"; // Quick Cookie Check to see if user is logged in. // If the cookie 'user' exists and the MD5(IP+5) matches the cookie 'user' // Then jump him to the admin page. // Explanation for MD5(IP+5) coming up.. if(isset($_COOKIE['user']) && md5($_SERVER['REMOTE_ADDR']+5)!=$_COOKIE['user']){ header('Location: /admin/index.php'); exit(); } // Look for Posted Username and Password if (isset($_POST['username'])&&isset($_POST['password'])) { if ($_POST['username'] = $login_username && $_POST['password'] = $login_password) { // Set cookie 'user' // Giving the MD5ed value of the user's IP+SomeNumber(5). This way the // user seesgibberish and doesn't quite know what's going on here. // Setting cookie expiration time in seconds (60s*60m*24h = 1 day) setcookie ('user',md5($_SERVER['REMOTE_ADDR']+5),time()+60*60*24); // Toss them to the admin page header('Location: /admin/index.php'); // Prevent any other scripts from executing exit(); }else{ // Login Failed - Toss back to the login page with an error. header('Location: ../login.php?error=Incorrect+username+or+password.'); exit(); } }else{ // No Username and Password field is set // Assuming there is a /login.php header('Location:/login.php'); } I may be an idiot but in your code it looks like you have your boolean comparitors and assignment operators confused. you put $login_username == "User"; this is a compare operation, not an assignment operation. use $login_username = "User"; instead, also in you if statement u use the assignment instead of compare. So in essence = is assignment and == is compare. I think that is your problem. Quote Link to comment Share on other sites More sharing options...
papaface Posted May 11, 2008 Share Posted May 11, 2008 Where do you declare $pass? Should this not be: $_POST[password] == $login_password I just now noticed that. Thanks! However the script still isn't working. Right now I have this: <?php // Set the login user here: $login_username == "User"; $login_password =="Password"; // Quick Cookie Check to see if user is logged in. // If the cookie 'user' exists and the MD5(IP+5) matches the cookie 'user' // Then jump him to the admin page. // Explanation for MD5(IP+5) coming up.. if(isset($_COOKIE['user']) && md5($_SERVER['REMOTE_ADDR']+5)!=$_COOKIE['user']){ header('Location: /admin/index.php'); exit(); } // Look for Posted Username and Password if (isset($_POST['username'])&&isset($_POST['password'])) { if ($_POST['username'] = $login_username && $_POST['password'] = $login_password) { // Set cookie 'user' // Giving the MD5ed value of the user's IP+SomeNumber(5). This way the // user seesgibberish and doesn't quite know what's going on here. // Setting cookie expiration time in seconds (60s*60m*24h = 1 day) setcookie ('user',md5($_SERVER['REMOTE_ADDR']+5),time()+60*60*24); // Toss them to the admin page header('Location: /admin/index.php'); // Prevent any other scripts from executing exit(); }else{ // Login Failed - Toss back to the login page with an error. header('Location: ../login.php?error=Incorrect+username+or+password.'); exit(); } }else{ // No Username and Password field is set // Assuming there is a /login.php header('Location:/login.php'); } I may be an idiot but in your code it looks like you have your boolean comparitors and assignment operators confused. you put $login_username == "User"; this is a compare operation, not an assignment operation. use $login_username = "User"; instead, also in you if statement u use the assignment instead of compare. So in essence = is assignment and == is compare. I think that is your problem. You are correct. The OP has mixed up the operators. Quote Link to comment Share on other sites More sharing options...
Hermes Posted May 11, 2008 Author Share Posted May 11, 2008 Thanks! However, the script is still not working. I think maybe it might actually be the one for checking whether or not the person is logged in? So on the admin/index.php, I have: if(!isset($_COOKIE['user']) || (isset($_COOKIE['user']) && md5($_SERVER['REMOTE_ADDR']+5)!=$_COOKIE['user'])){ header('Location: /login.php'); exit(); } Quote Link to comment Share on other sites More sharing options...
Btown2 Posted May 11, 2008 Share Posted May 11, 2008 Thanks! However, the script is still not working. I think maybe it might actually be the one for checking whether or not the person is logged in? So on the admin/index.php, I have: if(!isset($_COOKIE['user']) || (isset($_COOKIE['user']) && md5($_SERVER['REMOTE_ADDR']+5)!=$_COOKIE['user'])){ header('Location: /login.php'); exit(); } Well, i dont know exactly what this is supposed to do, but there is an issue... if(!isset($_COOKIE['user']) || (isset($_COOKIE['user']) && md5($_SERVER['REMOTE_ADDR']+5)!=$_COOKIE['user'])){ header('Location: /login.php'); exit(); } when you put if(!isset(blah blah lbah) || isset(blah blah blah) ... you have created a tautology. This will always evaluate to true since you are using or operators. so if there is a variable set, it will be (TRUE or FASLE), and if there isnt a variable set it will be (FALSE or TRUE) both of these since you are using or will evaluate to true. Quote Link to comment Share on other sites More sharing options...
Hermes Posted May 11, 2008 Author Share Posted May 11, 2008 Thanks! However, the script is still not working. I think maybe it might actually be the one for checking whether or not the person is logged in? So on the admin/index.php, I have: if(!isset($_COOKIE['user']) || (isset($_COOKIE['user']) && md5($_SERVER['REMOTE_ADDR']+5)!=$_COOKIE['user'])){ header('Location: /login.php'); exit(); } Well, i dont know exactly what this is supposed to do, but there is an issue... if(!isset($_COOKIE['user']) || (isset($_COOKIE['user']) && md5($_SERVER['REMOTE_ADDR']+5)!=$_COOKIE['user'])){ header('Location: /login.php'); exit(); } when you put if(!isset(blah blah lbah) || isset(blah blah blah) ... you have created a tautology. This will always evaluate to true since you are using or operators. so if there is a variable set, it will be (TRUE or FASLE), and if there isnt a variable set it will be (FALSE or TRUE) both of these since you are using or will evaluate to true. Once I have the user is logged in, it's supposed to check that the cookie is working on every page. I'm really new to PHP and so cookies still really confuse me. Quote Link to comment Share on other sites More sharing options...
Btown2 Posted May 11, 2008 Share Posted May 11, 2008 Well if i were doing this i would use sessions. heres a quick example. <?php session_start(); $username = "User"; $password = "Password"; if(isset($_POST['username']) && isset($_POST['password'])) { $chk_user = $_POST['username']; $chk_pass = $_POST['password']; if($chk_user == $username && $chk_pass == $password) { $_SESSION['is_valid'] = "true"; header(Location : the admin page); } else { echo "Bad username/password"; $_SESSION['is_valid'] = "false"; } } else { /* Make your form here*/ } ?> and then i would use this on every page to see if they are logged in... <?php session_start(); if(isset($_SESSION['is_valid'])) { if($_SESSION['is_valid'] == "true") { /* then they are logged in, do appropraite stuff here */ } else { /* they are not logged in*/ } } else { /* they are not logged in */ } ?> eddited for typos. (probably not very well either lol) Quote Link to comment Share on other sites More sharing options...
talas Posted May 11, 2008 Share Posted May 11, 2008 include_once protect.php on every page Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.