Login script does not work properly

[nvee]

Hey Guys

 

Well I have a login script I wrote today, and it kinda took a turn for the worse as I cannot find the problem. I will try explain it as I go:

 

<?php
// CHECK IF SESSION IS ALREADY SET
if($_SESSION["id"] == "1") 
{
	echo "<p>Welcome back ".$uname."! <a href='news.php'>News</a> |<a href='profile.php'>Profile</a> |<a href='logout.php'>Logout</a></p>";
}
// CHECK IF THE USER PRESSED SUBMIT TO ATTEMPT A LOGIN
if($_POST["userlogin"] == "submit") {
			$username = $_POST["email"];
			$password = substr(md5($_POST["password"]),0,16);
			connectdb();
			$query = mysql_query("SELECT name, email, password, account_type FROM ov_users WHERE email = '".$email."' AND password = '".$password."' AND account_type = '2'");
			if(!$query) {
				echo "<p>Oops, this is strange ... we cannot seem to log you in at the moment! Please try again in 5 minutes. If this problem occurs again, please contact our support department at <a href='mailto:[email protected]'>[email protected]</a></p>";
			}
// This just assigns the users name to $uname so that I can use it as a message to welcome the user.
			while($result = mysql_fetch_array($query)) {
			$uname = $result["name"];	
			}
			$num = mysql_num_rows($query);
// CHECK IF THE USER DID NOT SELECT REMEMBER ME, OBVIOUSLY CREATING A SESSION AS APPOSE TO A COOKIE.	
				if($num > 0) {
				$_SESSION["username"] = $username;	
				$_SESSION["id"] = session_id();
				$_SESSION["active"] = "1";
				echo "<p>Welcome back ".$uname." Click <a href='profile.php'>here</a> to view your profile!</a></p>";
				}
// CHECK IF THE USER DID SELECT REMEMBER ME. THIS CREATES A COOKIE CALLED cookie_id WITH A RANDOM STRING AND MD5. THIS THEN GETS SAVED IN THE DATABASE AND WILL BE RECALLED LATER.
			if($num > 0 && $rememberme == "remember") {
				setcookie("username",$username,time()+30754400);
				$rand = rand(0,10000000);
				set_cookie("cookie_id",$rand,time()+30754400);
				$mdrand = md5($rand);
				$query = mysql_query("UPDATE ov_users SET cookie_id='".$mdrand."' WHERE email='".$username."'");
				echo "<p>Welcome back ".$username."! Click <a href='profile.php'>here</a> to view your profile!</a></p>";	
				if(!$query) {
				echo "<p>Oops, this is strange ... we cannot seem to log you in at the moment! Please try again in 5 minutes. If this problem occurs again, please contact our support department at <a href='mailto:[email protected]'>[email protected]</a></p>";
				}
				}
// THIS IS TRUE IF THE USERNAME AND PASSWORD DOES NOT MATCH
				if($num != 0) {
				echo "<p>The username and password you entered does not exist or your account needs to be verified. Please check your details and try again. | <a href='index.php'>TRY AGAIN</a> | <a href='forgotpass.php'>FORGOT MY PASSWORD</a> | <a href='register.php'>REGISTER A FREE ACCOUNT</a></p>";	
		}
// THIS IS TRUE IF THE USER DID NOT PRESS SUBMIT. THIS JUST SHOWS THE LOGIN FORM
		} else {
			?>
            <form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
		<p>
		Email: <input type="text" name="email" />
		Password: <input type="text" name="password" />
            Remember me:<input name="rememberme" type="checkbox" value="remember" /></input>
		<input name="userlogin" type="submit" value="submit"></input> 
		| Forgot my password
		</p>
		</form>
            <?php
		}
		?>

[sader]

First what's going wrong what is the problem u get errors or what?

 

well I looked at the code and fiew thinks I am interested are:

You using $_SESSION so question is: did u started session at the begining of the script?

 

Now this stuff action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" why in hell u need htmlentities here? I understand it's security but I am not sure that u need it here. Why not just use $_SERVER['PHP_SELF'] or even action=""(if I am not mistaken it will be same effect as $_SERVER['PHP_SELF'])

 

 

[PFMaBiSmAd]

The reason for htmlentities() on $_SERVER['PHP_SELF'] is in case someone posts a link to your site that contains XSS code as part of the link and gets someone else to click on that link.

[nvee]

Haha well, it would appear that the code proccesses a number of the items at once. It would e.g. display the menu as if I am logged in, but straigh below say Your login details we're incorrect.

 

The reason for the htmlentitities is explained in the following article :

 

http://www.html-form-guide.com/php-form/php-form-action-self.html

[Andy-H]

<?php
   // CHECK IF SESSION IS ALREADY SET
   if($_SESSION["id"] == "1") 
   {
      echo "<p>Welcome back ".$uname."! <a href='news.php'>News</a> |<a href='profile.php'>Profile</a> |<a href='logout.php'>Logout</a></p>";
   }
/* You are checking the SESSION key ["id"] rather than ["active"]. You set ["active"] to (str)"1" and are checking ["id"] against the (str)"1" */
               if($num > 0) {
               $_SESSION["username"] = $username;   
               $_SESSION["id"] = session_id();
               $_SESSION["active"] = "1";
               echo "<p>Welcome back ".$uname." Click <a href='profile.php'>here</a> to view your profile!</a></p>";
         ?>

 

EDIT

I don't see session_start anywhere either.

 

[sader]

Haha well, it would appear that the code proccesses a number of the items at once. It would e.g. display the menu as if I am logged in, but straigh below say Your login details we're incorrect.

 

The reason for the htmlentitities is explained in the following article :

 

http://www.html-form-guide.com/php-form/php-form-action-self.html

Thanx for droping that link

and whuu I always used static file names in my forms

[nvee]

haha, well the thing is, the code is part of a include on multiple pages, so I find it better to rather PHP_SELF it.