Jump to content

Coding problem.


Sorbee
 Share

Recommended Posts

I have installed a script that i got from sourceforge, and i installed it properly with all the files uploaded in the correct spot and i set up the datbase correctly. Now when i try to log in in getting an error saying i didnt enter a username or password into the fields. Any ideas how this could be happeneing. would it be a permission error or what could it be?

Link to comment
Share on other sites

The code is likely dependent on register_globals being ON (they were turned off over 7 years ago because they allow hackers to set session variables.)

 

You would need to post the relevant code in order to allow anyone to see what it might be doing that would cause the symptom.

Link to comment
Share on other sites

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Sales Leader - INDEX</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="GenImg/SLStyles.css" rel="stylesheet" type="text/css">
</head>

<body bgcolor="#9999CC" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<table width="750" border="0" cellpadding="0" cellspacing="0" bgcolor="GhostWhite" class="MainTable">
  <tr> 
    <td width="212" height="67" valign="top"><img src="GenImg/SalesLeader.jpg" width="212" height="65"></td>
    <td class="HeaderSliver">  </td>
  </tr>
  <tr> 
    <td height="546">  </td>
    <td valign="top"> <form action="php-bin/Login.php" method="post" enctype="multipart/form-data" name="Login" target="_top" id="Login">
        <table width="100%" border="0" cellpadding="0" cellspacing="0" class="BodyText">
          <tr> 
            <td width="18%"> </td>
            <td width="2%"> </td>
            <td width="80%" class="BTBold">Login Page</td>
          </tr>
          <tr> 
            <td> </td>
            <td> </td>
            <td> </td>
          </tr>
          <tr> 
            <td align="right">User Name</td>
            <td> </td>
            <td><input name="UserName" type="text" class="FieldBase" size="30" maxlength="24"></td>
          </tr>
          <tr> 
            <td> </td>
            <td> </td>
            <td> </td>
          </tr>
          <tr> 
            <td align="right">Password</td>
            <td> </td>
            <td><input name="Password" type="password" class="FieldBaseOptA" size="30" maxlength="24"></td>
          </tr>
          <tr>
            <td> </td>
            <td> </td>
            <td> </td>
          </tr>
          <tr> 
            <td> </td>
            <td> </td>
            <td><input name="Submit" type="submit" class="FieldBase" value="Log in"></td>
          </tr>
        </table>
        </form>
    </td>
  </tr>
</table>
<?php include("HTMLFrags/DefFoot.frag");?>
</body>
</html>

 

Thats the index.php where i can log in..and heres the login.php script:

 

<?php
$ErrorChecker = array();
$GreenLite = "true";
$SetDate;

if(!empty($UserName)){
if(($Length=strlen($UserName)) > 28){
	array_push($ErrorChecker,"<span class='Error'>Warning</span><br>Sorry, there's been a system error!<br>");
}
}else{
array_push($ErrorChecker,"<span class='Error'>Your UserName</span><br>You forgot to enter your UserName!<br>");
}
if(!empty($Password)){
if(($Length=strlen($Password)) > 28){
	array_push($ErrorChecker,"<span class='Error'>Warning</span><br>Sorry, there's been a system error!<br>");
}
}else{
array_push($ErrorChecker,"<span class='Error'>Your Password</span><br>You forgot to enter your password!<br>");
}

if(empty($ErrorChecker[0])){
include "../php-bin/modz/SLDBI.php";
//====----
$query = "SELECT UserID,Level,Name FROM 00_Users WHERE UserName LIKE '$UserName' AND Password LIKE '$Password' AND Status LIKE 'on'";
$result = mysql_query($query) or die("SL posting of $CompName failed: ".mysql_error());

if ($artrow = mysql_fetch_array($result)) {
	do {
		$UserID 		= $artrow["UserID"];
		$UserLevel		= $artrow["Level"];
		$UserRealName	= $artrow["Name"];						
	} while($artrow = mysql_fetch_array($result));
}
mysql_close($dblink);

if(empty($UserID)){
	array_push($ErrorChecker,"<span class='Error'>Your Login failed!</span><br>Could verify your identity, please try again.<br>");
}
}
//====----
if(empty($ErrorChecker[0])){
setcookie("SLUser", "UserID&$UserID&Name&$UserRealName","","/");
//Decide where to direct the user based on their
//User level, right now there's just 2 options
//either this is an administrator or it's a 
//regular user...

if($UserLevel > 1){
	setcookie("SLAdm", "UserID&$UserID&Name&$UserRealName","","/");
	header("Location: ../DefConsole.php");
}else{
	header("Location: ../AdmConsole.php");
}
}else{
include "../HTMLFrags/ErrorTop.frag";
foreach ($ErrorChecker as $tripper) {
		print "$tripper";
}
include "../HTMLFrags/ErrorFoot.frag";
}
//====----
?>

Link to comment
Share on other sites

The variables $UserName and $Password need to be set from the corresponding $_POST variables $_POST['UserName'] and $_POST['Password']

 

Unfortunately, once you fix that one small piece of code, you will probably find that all the rest of the code that makes up the application that is dependent on any POST/GET/COOKIE/SESSION/SERVER variable will need to be fixed as well. There is simply no excuses for code to still be posted around on the Internet that has not had any dependency on register_globals corrected at this point in time. Since it is unlikely that the original author is around or is willing to correct the code, you will need to do this or find a different script that does work.

Link to comment
Share on other sites

The code is likely dependent on register_globals being ON (they were turned off over 7 years ago because they allow hackers to set session variables.)

 

You would need to post the relevant code in order to allow anyone to see what it might be doing that would cause the symptom.

 

how can iturn it on temporarily so that it will work?

Link to comment
Share on other sites

Yes, except that since you are dealing with a log in script, that makes it possible for a hacker to bypass the security and set the session variables so that he can appear to be a logged in visitor. Register_globals have also been completely removed in php6, so the code will eventually need to be fixed or replaced.

Link to comment
Share on other sites

it would be just a lot easier to create a new script then use the one at hand. it looks a bit overkill and underkill at the same time. lots of code but i still see its not very secure. i dont think anyone here is going to help you create a security risk.

Link to comment
Share on other sites

There really isn't and its on a private server with private access. Its a simple business script for loggin information. Can u explain how i can fix it to work temporarily with the register_globals or some other method please?

 

You have started off strong here, and are just getting stronger.  You don't know jack squat about PHP, armed with an obsolete script you didn't write, about which we have no information, and then start arguing with the experts here, after they've explained to you the reasons the thing doesn't work.

 

You haven't provided a line of code, or even a link to the script you grabbed, but then have the nerve to start telling us there's no alternative.

 

Speaking for myself (and I know for many others here who actually know PHP)  I don't want to help you fix your problem with this one script, because this problem is going to exist on page after page, and we don't want to spend our time wading through all the posts you'll inevitably be making. 

 

Here's a novel approach for you -- how about doing some of your own legwork and reading up on the register globals setting and how to turn it on? 

 

Maybe there's another forum you should go to, begging for help, instead of this one.

 

The truth is, that this forum is one of the most welcoming to php noobs, often too welcoming, so you probably will find that your approach is met with far less friendlier responses, than what you've received here. 

Link to comment
Share on other sites

This thread is more than a year old. Are you sure you have something important to add to it?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.