[SOLVED] php putting "root" user into html form

[drumhrd]

Hello,

 

I am trying to get this script to work, but having issues.  For some reason my html <form> by default is loading the page with a Username of "root" and a password of "*******".

 

I do not know where the php inside the html form is getting a $username of "root".  the table that is being called is a test table and does not have a username of root in it.

 

mysql> select * from users;

+---------+------------+-----------+----------+----------------------------------+

| user_id | first_name | last_name | username | password                        |

+---------+------------+-----------+----------+----------------------------------+

|      1 | Michele    | Davis    | mdavis  | 5ebe2294ecd0e0f08eab7690d2a6ee69 |

+---------+------------+-----------+----------+----------------------------------+

1 row in set (0.00 sec)

 

 

Here is my code

 

<html>
<head>
<title>Sample Form</title>

<script type="text/javascript" src="source.js"></script>
<script type="text/javascript">
function check_valid(form) {
    var error = "";
    error += verify_username(form.username.value);
    error += verify_password(form.password.value);
    error += verify_phone(form.phone.value);
    error += verify_email(form.email.value);
    if (error != "") {
        alert(error);
        return false;
    }
    return true;
}
</script>
</head>
<body>
<?php
// Check for form post submit
if ($_POST["submit"]){

    require_once('db_login.php');
    require_once('DB.php');
    $connection = DB::connect("mysql://$db_username:$db_password@$db_host/$db_database");
    if (DB::isError($connection)){
        die ("Could not connect to the database: <br />". DB::errorMessage($connection));
    }
    // Remember to use htmlentities to prevent cross-site scripting vulnerabilities
    $username = $_POST["username"];
    $username=mysql_real_escape_string(get_magic_quotes_gpc(  ) ? stripslashes($username) : $username);
    $password = $_POST["password"];
    $password=htmlentities(get_magic_quotes_gpc(  ) ? stripslashes($password) :$password);
    $email = $_POST["email"];
    $email=htmlentities(get_magic_quotes_gpc(  ) ? stripslashes($email) :$email);
    $phone = $_POST["phone"];
    $phone=htmlentities(get_magic_quotes_gpc(  ) ? stripslashes($phone) : $phone);
    $error = "";


    if (is_null($username == "")){
        $error .= "Username must not be null.<br />";
    }
    if ($password == ""){
        $error .= "Password must not be null.<br />";
    }
    if ($email == ""){
        $error .= "Email must not be null.<br />";
    }
    if ($phone == ""){
        $error .= "Phone must not be null.<br />";
    }

    // Query the posts with categories and user information
    $query = "SELECT * FROM users WHERE username='$username'";
    // Execute the database query
    $result = $connection->query($query);
    if (DB::isError($result)){
        die("Could not query the database: <br />".$query." ".DB::errorMessage($result));
    }

    $user_count = $result->numRows(  );
    if ($user_count > 0) {
        $error .= "Error: Username $username is taken already. Please select another.<br />";
    }
    if ($error){
        echo $error;
    } else {
        echo "Username is available.";
        exit;
    }
}


?>


<!-- This script will process the results as well as display the form -->

<form action="<?php echo htmlentities($_SERVER["PHP_SELF"]); ?>" method="POST"
onsubmit="return check_valid(this);" id="test1" name="test1">
    <table>
        <tr>
            <td width="30%" align="right">Username:</td>
            <td><input type="text" name="username"value="<?php echo ($username); ?>" />
</td>
        </tr>
        <tr>
            <td align="right">Password:</td>
            <td><input type="password" name="password"value="<?php echo ($password); ?>" />
</td>
        </tr>
        <tr>
            <td align="right">Phone:</td>
            <td><input type="phone" name="phone" value="<?php echo($phone); ?>" /></td>
        </tr>
        <tr>
            <td align="right">Email:</td>
            <td><input type="email" name="email" value="<?php echo($email); ?>" /></td>
        </tr>
        <tr>
            <td> </td>
            <td><input type="submit" name="submit" value="Submit" /></td>
         </tr>
    </table>
</form>
</body>
</html>

[Potatis]

Check this file: db_login.php The settings are most likely in there.

 

Sorry, I get what you mean. It is searching the database for user: root?

 

 

 

 

[Ken2k7]

Sorry, I get what you mean. It is searching the database for user: root?

I doesn't query the DB upon first page load.

[drumhrd]

db_login.php contains $db_username...not $username.  I also thought that it may have been coming from the pear DB.php

 

I changed all instances of $username to $form_username and am getting the same result.

 

new code

 

<html>
<head>
<title>Sample Form</title>

<script type="text/javascript" src="source.js"></script>
<script type="text/javascript">
function check_valid(form) {
    var error = "";
    error += verify_username(form.username.value);
    error += verify_password(form.password.value);
    error += verify_phone(form.phone.value);
    error += verify_email(form.email.value);
    if (error != "") {
        alert(error);
        return false;
    }
    return true;
}
</script>
</head>
<body>
<?php
// Check for form post submit
if ($_POST["submit"]){

    require_once('db_login.php');
    require_once('DB.php');
    $connection = DB::connect("mysql://$db_username:$db_password@$db_host/$db_database");
    if (DB::isError($connection)){
        die ("Could not connect to the database: <br />". DB::errorMessage($connection));
    }
    // Remember to use htmlentities to prevent cross-site scripting vulnerabilities
    $form_username = $_POST["form_username"];
    $form_username=mysql_real_escape_string(get_magic_quotes_gpc(  ) ? stripslashes($form_username) : $form_username);
    $password = $_POST["password"];
    $password=htmlentities(get_magic_quotes_gpc(  ) ? stripslashes($password) :$password);
    $email = $_POST["email"];
    $email=htmlentities(get_magic_quotes_gpc(  ) ? stripslashes($email) :$email);
    $phone = $_POST["phone"];
    $phone=htmlentities(get_magic_quotes_gpc(  ) ? stripslashes($phone) : $phone);
    $error = "";


    if (is_null($form_username == "")){
        $error .= "Username must not be null.<br />";
    }
    if ($password == ""){
        $error .= "Password must not be null.<br />";
    }
    if ($email == ""){
        $error .= "Email must not be null.<br />";
    }
    if ($phone == ""){
        $error .= "Phone must not be null.<br />";
    }

    // Query the posts with categories and user information
    $query = "SELECT * FROM users WHERE username='$form_username'";
    // Execute the database query
    $result = $connection->query($query);
    if (DB::isError($result)){
        die("Could not query the database: <br />".$query." ".DB::errorMessage($result));
    }

    $user_count = $result->numRows(  );
    if ($user_count > 0) {
        $error .= "Error: Username $form_username is taken already. Please select another.<br />";
    }
    if ($error){
        echo $error;
    } else {
        echo "Username is available.";
        exit;
    }
}


?>


<!-- This script will process the results as well as display the form -->

<form action="<?php echo htmlentities($_SERVER["PHP_SELF"]); ?>" method="POST"
onsubmit="return check_valid(this);" id="test1" name="test1">
    <table>
        <tr>
            <td width="30%" align="right">Username:</td>
            <td><input type="text" name="form_username"value="<?php echo ($form_username); ?>" />
</td>
        </tr>
        <tr>
            <td align="right">Password:</td>
            <td><input type="password" name="password"value="<?php echo ($password); ?>" />
</td>
        </tr>
        <tr>
            <td align="right">Phone:</td>
            <td><input type="phone" name="phone" value="<?php echo($phone); ?>" /></td>
        </tr>
        <tr>
            <td align="right">Email:</td>
            <td><input type="email" name="email" value="<?php echo($email); ?>" /></td>
        </tr>
        <tr>
            <td> </td>
            <td><input type="submit" name="submit" value="Submit" /></td>
         </tr>
    </table>
</form>
</body>
</html>

 

[attachment deleted by admin]

[Ken2k7]

Can you view that page with JavaScript disabled? Maybe the JS is doing it?

[Potatis]

What is it you are echoing here? A variable that is created after the form is submitted?

 

<td><input type="text" name="username"value="<?php echo ($username); ?>" />

 

If the form isn't processed until it is submitted, what is the value of $username?

[drumhrd]

I removed the JS and same result.

 

The idea of the form is to initially load blank.  If a user picks a username that is already in use.  The form will stay populated but give an error (so the user doesn't have to reinput the other data).

 

 

[Ken2k7]

What if you changed

<td><input type="text" name="username"value="<?php echo ($username); ?>" />

 

To

<td><input type="text" name="username"value="<?php echo $user_name; ?>" />

 

I just want to see if it's always "root".

[drumhrd]

Very strang..yes...it's still root.

 

<td><input type="text" name="form_username"value="<?php echo ($user_name); ?>" />

[Ken2k7]

What if you delete root from the input field and then reload the page?

[drumhrd]

tried it..it repopulates username and password.

 

this sucks.  show can this form possibly know what to put into the fields..there is no $form_username object!!!!!

[Ken2k7]

Do you have this page up live for me to view?

[drumhrd]

Dammit..I feel like a fool!!!!!!!

 

it was firefox all along.

 

it was autopopulating the freaking fields based on saved passwords.

 

I removed the <?php echo ($form_username); ?> from the input type...and when I still saw the username of root...I had to suspect something else besides PHP..I cleared my private data and it worked.

 

Guys,

 

I am so sorry for wasting all your time.