wee493 Posted June 24, 2010 Share Posted June 24, 2010 I recently created a login script on my website to log a user in using a form. I coded the script locally using wamp and it works fine there, but when I uploaded it to my server it logs the user in ever time regardless of the password used. I can post a link to my site with it not working if that would help. Any suggestions? <?PHP include('include/session.php'); if(isset($_GET['out']) && $_GET['out'] == 1){ $_SESSION['user'] = 'guest'; header("Location: index.php"); } if($_POST['user'] != '' && $_POST['pass'] != ''){ $user = $_POST['user']; $pass = md5($_POST['pass']); // Dose user exist $check = mysql_query("SELECT password FROM user WHERE username = '$user'"); if(mysql_num_rows($check) == 0){ //error(4); $error = 4; } else { // Check Password if(mysql_result($check, 0) == $pass){ $_SESSION['user'] = $user; header("Location: index.php"); } else { $error = 5; } } if(isset($error) && !is_array($error)){ header("Location: index.php?error=".$error); } } // end if post function error($code){ header("Location: index.php?error=".$code); die(); } ?> Quote Link to comment https://forums.phpfreaks.com/topic/205716-user-being-logged-in-regardless-of-password/ Share on other sites More sharing options...
pengu Posted June 24, 2010 Share Posted June 24, 2010 Could you post up more of your code? The form file, session.php etc.. Quote Link to comment https://forums.phpfreaks.com/topic/205716-user-being-logged-in-regardless-of-password/#findComment-1076459 Share on other sites More sharing options...
PFMaBiSmAd Posted June 24, 2010 Share Posted June 24, 2010 What exact symptom are you getting that makes you think the user is logged in? Also, what is your code that is testing $_SESSION['user'] to determine if someone is logged in? Quote Link to comment https://forums.phpfreaks.com/topic/205716-user-being-logged-in-regardless-of-password/#findComment-1076462 Share on other sites More sharing options...
wee493 Posted June 24, 2010 Author Share Posted June 24, 2010 Login Form <td>Username:</td> <form action="login.php" method="post"> <td><input type="text" name="user" size="15" maxlength="25"></td> </tr> <tr> <td>Password:</td> <td><input type="password" name="pass" size="15" maxlength="25"></td> </tr> <tr> <td colspan="2" align="center"><input type="submit" value="Login" style="width: 50px; height: 30px; "></form></td> session.php <?PHP // Start Session session_start(); // Require database connection script require('db.php'); include('include/errors.php'); // If user dose not have a session variable set for username... if(!isset($_SESSION['user']) or $_SESSION['user'] == ''){ // Keep user logged in from previous cookie? if(isset($_COOKIE['user_hash']) && $_COOKIE['user_hash'] != ''){ $hash = $_COOKIE['user_hash']; $check = mysql_query("SELECT username FROM user WHERE hash = '$hash' LIMIT 1"); if(mysql_num_rows($check) != 0){ $_SESSION['user'] = mysql_result($check, 0); } } else { // No cookie so user is a guest $_SESSION['user'] = 'guest'; } } $user = $_SESSION['user']; ?> Quote Link to comment https://forums.phpfreaks.com/topic/205716-user-being-logged-in-regardless-of-password/#findComment-1076471 Share on other sites More sharing options...
wee493 Posted June 24, 2010 Author Share Posted June 24, 2010 I just tried the script on another we server with the same problem. Why could the code be working fine on a local install of php, but not on my webserver? Quote Link to comment https://forums.phpfreaks.com/topic/205716-user-being-logged-in-regardless-of-password/#findComment-1076794 Share on other sites More sharing options...
pengu Posted June 25, 2010 Share Posted June 25, 2010 I just tried the script on another we server with the same problem. Why could the code be working fine on a local install of php, but not on my webserver? Any number of things. Different PHP/MySQL versions. Different permission for MySQL databases etc.. etc.. Quote Link to comment https://forums.phpfreaks.com/topic/205716-user-being-logged-in-regardless-of-password/#findComment-1076967 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.