Jump to content

Recommended Posts

Okay here's my php script. The first part is the login and what it's supposed to do is check the username with the auth level it has in the DB and then if it's 1 then bring up the admin panel if it's a 2 then bring up user panel all in the same script. Also is there any problems with the script so far.

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Backstage V1 Administration Console</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<?php include('backstage.css'); ?>
</head>

<body>
<?php
ini_set ("display_errors", "1");
error_reporting(E_ALL);

ob_start();
session_start();
$host="?"; // Host name
$username="?"; // Mysql username
$password="?"; // Mysql password
$db_name="?"; // Database name
$tbl_name="?"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$encrypted_mypassword=md5($mypassword); //MD5
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'" or die(mysql_error());
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$user = mysql_fetch_assoc($result);
$_SESSION['user_id'] = $user['id'];
header("location:welcome.php");
}
else {
  echo "$sql";
echo "Wrong Username or Password<br><br>Return to <a href=\"login.php\">login</a>";
}

ob_end_flush();

?>
<div id="login"> 
<center>
<h1>KOW Backstage</h1><br>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p>Username:</p>
<input type="text" name="username" maxlength="40" size="40">
<br><br> 
<p>Password:</p>
<input type="password" name="pass" maxlength="50" size="40"> 
<br><br>
<input type="submit" name="login" value="Login >>"><br><br>
</form>
</center>
</div>
</body>
</html>

 

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/135214-solved-checking-authlevel-of-script/
Share on other sites

Well when I load the script as it is now it shows the actual login screen but with this above it:

 

 

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php:6) in /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php on line 15

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php:6) in /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php on line 15

 

Notice: Undefined index: myusername in /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php on line 27

 

Notice: Undefined index: mypassword in /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php on line 28

SELECT * FROM users WHERE username='' and password='d41d8cd98f00b204e9800998ecf8427e'Wrong Username or Password

 

Return to login

I wouldnt worry about the notices, and they can be turned off.

Dude shut up, why tell someone to ignore errors/notices, they are important or they wouldn't be shown.

 

Learn to correct all errors and notices to make your code better and to help prevent errors.

 

Okay I went back through and did something different.

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Backstage V1 Administration Console</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<?php include('backstage.css'); ?>
</head>
<?php 

require ('database.php');

//if the login form is submitted
if(isset($_POST['login']))
{
    // makes sure they filled it in
    if(!$_POST['username'] || !$_POST['pass'])
    {
        die('You did not fill in a required field.');
    }

    $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

    //Gives error if user dosen't exist
    $check2 = mysql_num_rows($check);
    if ($check2 == 0)
    {
        die('That user does not exist in our database.');
    }
    while($info = mysql_fetch_array( $check )) 
    {
        $_POST['pass'] = md5(stripslashes($_POST['pass']));
        $info['password'] = stripslashes($info['password']);
        //$_POST['pass'] = md5($_POST['pass']); THIS IS DONE IN THE ABOVE STATEMENT
        //gives error if the password is wrong
        if ($_POST['pass'] != $info['password'])
        {
            die('Incorrect password, please try again.');
        }
        else 

	// if login is ok then we add a cookie and send them to the correct page
        { 
            $_POST['username'] = stripslashes($_POST['username']); 
            session_start();
		$_SESSION['username'] = $_POST['username']; 
		$_SESSION['loggedin'] = time();
            
            // Finds out the user type
            $query = "SELECT `type` FROM `users` WHERE `username` = '" . $username . "'";
            $result = mysql_query($query) or die(mysql_error()); 
            $row = mysql_fetch_array($result); 
            $authLevel = $row['type'];
		$_SESSION['authlevel'] = $authLevel;
        
            // Sends them to correct page after login
            if($authLevel == "1")
            {
                $page = "admin.php";
            }
            else
            {
                $page = "backstage.php";
            }
            header("Location: $page"); 
        } 
    } 
} 
else 
{ 
// if they have not submitted the form
?> 
<body>

<div id="login"> 
<center>
<h1>KOW Backstage</h1><br>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p>Username:</p>
<input type="text" name="username" maxlength="40" size="40">
<br><br> 
<p>Password:</p>
<input type="password" name="pass" maxlength="50" size="40"> 
<br><br>
<input type="submit" name="login" value="Login >>"><br><br>
</form>
</center>
</div>
</body>
</html>

 

With this when I start the script it says:

 

 

Parse error: syntax error, unexpected $end in /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php on line 90

 

So far so good but when I put in my username and password and it worked right it brought this up in the next window:

 

 

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php:6) in /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php on line 44

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php:6) in /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php on line 44

 

Warning: Cannot modify header information - headers already sent by (output started at /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php:6) in /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php on line 64

 

I wouldnt worry about the notices, and they can be turned off.

Dude shut up, why tell someone to ignore errors/notices, they are important or they wouldn't be shown.

 

Learn to correct all errors and notices to make your code better and to help prevent errors.

 

 

"Dude" - i edited my post almost immediately. Actually before you posted your "Shut up" message. So hows about you check things before you post comments like that.

 

And, they are only notices, not errors. so from a "i need to fix this now" perspective, id look at fixing the errors first and not worry too much about the notices. As per my original advice.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.