swatisonee Posted April 11, 2010 Share Posted April 11, 2010 hi, i have the foll. code that works in a fashion. Problem is the sql query doesnt check whether the un/pw is present in the table. here's what the code is supposed to do: there are 3 databases . some users are present across all 3 and some in just one. so when a user logs in, the code is supposed to check which database they want to log into and then check whether that user is authorised to log into that db. Currently, with this code , even if someone types abcd as u/n and xyz as p/w , they get a successful login message . i'm missing something but havent been able to pinpoint it. FILE : login.php <?php //Process this if statement only if form was submitted if($_POST['submit']){ $username=$_POST['username']; $password=$_POST['password']; $ip=$_SERVER['REMOTE_ADDR']; //$date = putenv('TZ=America/Chicago Central Time'); $date = putenv('TZ=US/Central'); mktime(0,0,0,1,1,1970) ; $tm = date("Y-m-d H:i:s"); include ("include/session.php"); $dbtype = $_POST['dbtype']; //Define unique section vars, etc. if ($dbtype == 'Foo') { include "foo.php"; // contains dbname, pw and other info $section = 'Foo'; } if ($dbtype == 'Admin') { include "admin.php"; // contains dbname, pw and other info $section = 'Admin'; } if ($dbtype == 'Pow') { include "pow.php"; // contains dbname, pw and other info $section = 'Pow'; } //Test for login success $sql = "SELECT * FROM Users WHERE Username='$username' AND Password = '$password'"; $result = mysql_query($sql); if ($myrow = mysql_fetch_array($result)){ $userid = $myrow["Userid"]; $type = $myrow["Type"]; if ($type == '1') { $userFile = 'account.php'; } include ("include/newsession.php") ; if ($type == '2') { $userFile = 'adminhead.php'; } include ("include/newsession.php") ; if ($type == '3') { $userFile = 'sales.php'; } include ("include/newsession.php") ; $result2=mysql_query("insert into Log (Sessionid,Userid,IP,Date) values('$_SESSION[id]','$userid','$ip','$tm')"); echo mysql_error(); } $login_success = 'Yes'; require "include/bottom.php"; // this has the code to update status of the session and the link to logout } ?> <!doctype html public "-//w3c//dtd html 3.2//en"> <html> <head> <title>:Login:</title> <meta name="GENERATOR" content="Arachnophilia 4.0"> <meta name="FORMATTER" content="Arachnophilia 4.0"> </head> <body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#800080" alink="#ff0000"> <?php $userid = $_SESSION['userid']; if($_POST['submit'] && ($login_success == 'Yes')){ $successMessage = '<p class="data"><center><font face="Calibri" size=2>Thank you for logging in '.$username.' !<br /><br />'; $successMessage .= '<a href="'.$section.'/'.$userFile.'?Userid='.$userid.'">Click here to proceed to your options</a></font></center></p>'; print $successMessage; } elseif ($_POST['submit'] && ($login_success != 'Yes')) { session_unset(); $failureMessage = '<p class="data"><center><font face="Verdana" size="2" color="red">Login Failure. Please fill in all fields with the correct information.<br /></font></center></p>'; print $failureMessage; ?> <form action="<?php print $PHP_SELF ?>" method="post"> <table border='0' cellspacing='0' cellpadding='0' align=center> <tr id='cat'> <tr> <td bgcolor='#f1f1f1' ><font face='verdana, arial, helvetica' size='2' align='center'> Username </font></td> <td bgcolor='#f1f1f1' align='center'><font face='verdana, arial, helvetica' size='2' > <input type ='text' class='bginput' name='username' value="<?php print ((strlen($username))? $username : '' );?>" /></font></td></tr> <tr> <td bgcolor='#ffffff' ><font face='verdana, arial, helvetica' size='2' align='center'> Password </font></td> <td bgcolor='#ffffff' align='center'><font face='verdana, arial, helvetica' size='2' > <input type ='password' class='bginput' name='password' ></font></td></tr> <tr> <td bgcolor='#f1f1f1' align='center'><font face='verdana, arial, helvetica' size='2' > Select database: </font></td> <td bgcolor='#f1f1f1' align='center'><font face='verdana, arial, helvetica' size='2' > <select name="dbtype"> <?php $typesArray = array (""=>"[select One]", "Pow"=>"Pow","Foo"=>"Foo","Admin"=>"Admin"); foreach ($typesArray AS $key=>$value) { print '<option value="'.$key.'" '.(($dbtype == $key)? "selected" :"").'>'.$value.'</option>'; } ?> </select> </font></td></tr> <tr> <td bgcolor='#ffffff' ><font face='verdana, arial, helvetica' size='2' align='center'> <input name='submit' type='submit' value='Submit'> <input type='reset' value='Reset'> </font></td> </tr> </table></center></form> <?php } else { ?> <form action="<?php print $PHP_SELF ?>" method="post"> <table border='0' cellspacing='0' cellpadding='0' align=center> <tr id='cat'> <tr> <td bgcolor='#f1f1f1' ><font face='verdana, arial, helvetica' size='2' align='center'> Username </font></td> <td bgcolor='#f1f1f1' align='center'><font face='verdana, arial, helvetica' size='2' > <input type ='text' class='bginput' name='username' value="<?php print ((strlen($username))? $username : '' );?>" /></font></td></tr> <tr> <td bgcolor='#ffffff' ><font face='verdana, arial, helvetica' size='2' align='center'> Password </font></td> <td bgcolor='#ffffff' align='center'><font face='verdana, arial, helvetica' size='2' > <input type ='password' class='bginput' name='password' ></font></td></tr> <tr> <td bgcolor='#ffffff' ><font face='verdana, arial, helvetica' size='2' align='center'> Select database: </font></td> <td bgcolor='#ffffff' align='center'><font face='verdana, arial, helvetica' size='2' > <select name="dbtype"> <?php $typesArray = array (""=>"[select One]", "Pow"=>"Pow","Foo"=>"Foo","Admin"=>"Admin"); foreach ($typesArray AS $key=>$value) { print '<option value="'.$key.'" '.(($dbtype == $key)? "selected" :"").'>'.$value.'</option>'; } ?> </select> </font></td></tr> <tr> <td bgcolor='#f1f1f1' colspan='2' align='center'><font face='verdana, arial, helvetica' size='2' align='center'> <input name='submit' type='submit' value='Submit'> <input type='reset' value='Reset'> </font></td> </tr> </table></center> <input type="hidden" name="userid" value="<? echo $userid ?>" > </form> <?php } ?> </body> </html> FOO.PHP <? error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR); $dbservertype='mysql'; $servername='localhost'; $dbusername='abc'; $dbpassword='def'; $dbname='hij'; //////////////////////////////////////// ////// DONOT EDIT BELOW ///////// /////////////////////////////////////// connecttodb($servername,$dbname,$dbusername,$dbpassword); function connecttodb($servername,$dbname,$dbusername,$dbpassword) { global $link; $link=mysql_connect ("$servername","$dbusername","$dbpassword"); if(!$link){die("Could not connect to MySQL");} mysql_select_db("$dbname",$link) or die ("could not open db".mysql_error()); } ?> Quote Link to comment Share on other sites More sharing options...
andrewgauger Posted April 12, 2010 Share Posted April 12, 2010 I noticed this: if ($myrow = mysql_fetch_array($result)){ $userid = $myrow["Userid"]; should be mysql_fetch_assoc Quote Link to comment Share on other sites More sharing options...
swatisonee Posted April 20, 2010 Author Share Posted April 20, 2010 thanks for that but it doesnt help. anyone can still login with any random username and pw and access all the php files in the directory. i just cannot seem to "see" what critical code is missing Quote Link to comment Share on other sites More sharing options...
ChemicalBliss Posted April 20, 2010 Share Posted April 20, 2010 if ($myrow = mysql_fetch_array($result)){ Thats not the preferred way to check if the query returned a successfull result (a row), use mysql_num_rows($result): if (mysql_num_rows($result) >= 1){ $myrow = mysql_fetch_array($result); -cb- Quote Link to comment Share on other sites More sharing options...
swatisonee Posted April 20, 2010 Author Share Posted April 20, 2010 thanks cb but it makes no difference. For some reason the query itself is not running - that is $sql = "SELECT * FROM Users WHERE Username='$username' AND Password = '$password'"; $result = mysql_query($sql); doesnt seem to be checking whether the un and pw tally - it accepts anything thats typed into the textbox. either the error is in the query or in the way the form is getting processed - ie php self is going wrong. Atleast thats what i have surmised till now. Would appreciate a look in ! Quote Link to comment Share on other sites More sharing options...
ignace Posted April 20, 2010 Share Posted April 20, 2010 I really laughed going through your code a good case example as to why you should 1) properly indent your code 2) adhere to a coding convention. $login_succes = 'Yes'; always executes whether the login was successful or not. Quote Link to comment Share on other sites More sharing options...
swatisonee Posted April 21, 2010 Author Share Posted April 21, 2010 That was the problem but not because of the code but its location ! It should have come immediately after the $sql . Now that i moved it, it works fine ! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.