Jump to content

can anyone spot the error in this login script?


dazzathedrummer

Recommended Posts

Hi,

 

I'm having some trouble with this login script, I thought it was ok until I noticed that after an unsucessful login, you are able to access the hidden content anyway!!

 

For some reason the code is setting a cookie despite an unsuccessful login and should only set a cookie if the username is found in the DB.

 

Also, for some reason, the password field is coming from the form and not the encrypted version.

<?php
$setcookie_username = setcookie(guard_member, $_POST['username'], $hour); 
$setcookie_pass = setcookie(guard_member_key, $_POST['pass'], $hour);

// Connects to your Database 
mysql_connect("database.com", "user", "password") or die(mysql_error()); 
mysql_select_db("db") or die(mysql_error()); 

//Checks if there is a login cookie
if(isset($_COOKIE['guard_member']))

//if there is one, it logs you in and directes you to the members page
{ 
$username = $_COOKIE['guard_member']; 
$pass = $_COOKIE['guard_member_key'];
$check = mysql_query("SELECT * FROM users WHERE is_guard = '1' and username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check )) 
{
if ($pass != $info['password']) 
{
}
else
{
header("Location: guard_admin.php");

}
}
}

//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted

// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database

if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE is_guard = '1' and username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('ooooooo sorry my friend, you\'re just not special enough to go there Click  <a href="http://www.the-guards.org.uk">Here</a> to get back to where you belong. <br> ...You could try registering <a href="http://www.the-guards.org.uk/private/reg.php">here</a>, but even then I doubt you\'ll be given access to the private/secret/special admin area - only actual Guards alowd in y\'see, sorry about that. <br> Well anyway, its been nice talking to you - it gets a bit lonely here, guarding the Guards admin area, they dont even pay me y\'know and they make me listen to their music all day, god its depressing.');
}
while($info = mysql_fetch_array( $check )) 
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}
else 
{ 

// if login is ok then we add a cookie 
$_POST['username'] = stripslashes($_POST['username']); 
$hour = time() + 2592000;
$setcookie_username;
$setcookie_pass;


//then redirect them to the members area 
header("Location: guard_admin.php"); 

} 
} 
} 
else 
{	

// if they are not logged in 
?>
<head>
</head>
<body>
</body>
</html>

 

I'm beginning to think I should start again haha.

 

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.