my login script page is not working on remote computers

[silverglade]

hi my login is working on my computer, but when i tried 2 computers from 2 different locations, they couldnt login. any help greatly appreciated. thanks. derek.

its setting the hack variable to Y on remote computers.

 

here is the code for the login page.

 

<?php
include("connect1.php");

session_start();  
$u = $_POST['username'];
$p = $_POST['password'];  
$logoff = $_GET['logoff']; 
$hack = $_GET['hack'];  


  



if($logoff){

    
   unset($_SESSION['userid']);
   
    

   $message = "You have been logged off";  

    
     

         }

  
if($hack){    

   $message = "Naughty Naughty!  "; // COOL

    }


// escape username and password for use in SQL//person said on board "looks fine" like this
//to prevent sql injections
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if(isset($u) && isset($p) && !empty($u) && !empty($p)){ ///changed from if ($u && $p)
   
   $query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

   $result = mysql_fetch_array($query);  
                                       
                                            
   if($result['username']){ // if username is set, go on...username is a key for $result, and a field in the table.
      
      $message = "You have been logged in";
       
      
      $_SESSION['userid'] = $result['username'];
   
      header("Location:old.mainsite.php"); // this will redirect them to the application.php page. and exit the script here.
      exit;
   
   
   }else{
      
      $message = "You do not exist on the system";
      
   }
   
   

}
?>
<?php
//IP BANNING CODE START HERE
$s=$_SERVER["REMOTE_ADDR"];
//draws IP address of visitor
$ipbancheck="SELECT * from banip where IP='$s'";
$ipbancheck2=mysql_query($ipbancheck);
while($ipbancheck3=mysql_fetch_array($ipbancheck2))
{
$IPBANNED=$ipbancheck3[iP];
}
//above lines check to see if user Ip is in banned IPs
if ($IPBANNED)
{
header('Location: http://derekvanderven.com/hacker.html');
//print "You have been banned ";

}
else
{

}
?>

 

 

here is the code for the form

 

<form id="form1" name="form1" method="post" action="">
  <p> </p>
  <table width="200" border="1" align="center">
    <tr>
      <td><span class="style2">Login to the secret pages</span></td>
    </tr>
    <tr>
      <td><label for="username"> User name </label>
      <input type="text" name="username" id="username" /></td>
    </tr>
    <tr>
      <td><label for="password"> Password </label>
      <input type="password" name="password" id="password" /></td>
    </tr>
    <tr>
      <td height="44"><input type="submit" name="submit" id="submit" value="Submit" /></td>
    </tr>
  </table>
</form>

[waynew]

What do you mean by remote computers? Is this login script on your localhost? How were you trying to access this script from remote computers?

[waynew]

Also, where is the code that defines $hack?

[silverglade]

i am hosting on a webhost. not my own computer, but i guess i worded it wrong. it doesnt work on other computers other than my own. i tried two other computers outside of my house, and they couldnt login to my site. here is the code to the "bouncer" that redirects them if unauthorized. also, could someone check my paypal button on my website http://oddnerdrum.com the button is at the bottom and i cant get it to work with internet explorer 6. please let me know if it works for you on internet explorer 6 or other versions.

 

<?php

session_start();// this is a session start declaration call. to let us know we are using sessions on this page.
                  // when you create a session you create an actual file on server that it writes to.
/*echo '<pre>';
print_r($_SESSION);
echo '</pre>';
exit;*//// TO TEST OUTPUT DEBUGGING WHY IT WOULDNT LET ME LOG IN
if(!isset($_SESSION["userid"])){ // why would they be on this page if session is not set!!!! this code is a bouncer..a cop.

header("Location:index.php?hack=y"); // if it hasnt been set and they are on this page, hack=y and redirect them back with the naught naughty message.


exit;
}

?>

[silverglade]

i got both the login to work and the paypal button to work by accepting ALL cookies in browser setting. but i cant possibly require all my visitors to do that to buy off the site. what should i do please?

[JJ2K]

Hi,

 

I don't see why adjusting Cookie settings should affect anything when you are using Sessions for the login system?

 

Anyhow with the problem occuring what exactly is happening.

 

You are entering a correct username and password in then you click login, then what happens (e.g are you redireced somewhere, are messages displayed etc..)?

[silverglade]

try going to http://oddnerdrum.info and type in the name : user and password:  password and look what it does, it just bounces you to the same page, with the hack variable having Y, as set in the "bouncer.php" code above. so you get the hacked message of "naughty Naughty" . thats the problem, its bouncing me back to the login page with the hacker message. and ONLY on IE6. i have no idea why. thanks. derek

ps, paypal sucks . i switched to google checkout and it works fine on ie6, but then again, i use ie6 for backwards compatible web developing reasons.

[JJ2K]

try going to http://oddnerdrum.info and type in the name : user and password:  password and look what it does, it just bounces you to the same page, with the hack variable having Y, as set in the "bouncer.php" code above. so you get the hacked message of "naughty Naughty" . thats the problem, its bouncing me back to the login page with the hacker message. and ONLY on IE6. i have no idea why. thanks. derek

ps, paypal sucks . i switched to google checkout and it works fine on ie6, but then again, i use ie6 for backwards compatible web developing reasons.

 

I just tested on IE6 and I get the message "You do not exist on the system", and also as PHP is a server side language it shouldn't matter what browser you are using, so this is the result I expected.

 

Are you logging in using actual credentials that exist, or ones that don't?

[JJ2K]

And also sesson_start(); should be at the very top of your page, this could cause a problem with the session not being created.

[silverglade]

try it in firefox, it will work, why? please. im putting the correct user and pass.

just use "user" "password" as the user and pass without the quotes. also i put session_start(). at the top and nothing. any more help greatly appreciated.

[JJ2K]

Well can you change bouncer to this temporarlily:

 

  echo "session test:".$_SESSION['userid'];

 

Just do some simple debugging!

[silverglade]

_SESSION is not being set, it showed up blank. what should i do now please? lol. when i accept all cookies in IE, it works, but i cant ask all the users to do that. any more help greatly appreciated. thanks. derek

[JJ2K]

Hi,

 

Sorry for the delayed response..

 

Firstly if you change the bouncer to print_t($_SESSION);

 

The log-in, does anything display at all?

 

e.g does it display something like

 

Array ( [userid] => )

 

??

[JJ2K]

Woops sorry I meant change the bouncer to:

 

<?php
sesson_start();
print_r($_SESSION);
?>