Jump to content

url redirect, messes up login system

chandler

By chandler
in PHP Coding Help

 Share

Recommended Posts

chandler Member

chandler

Posted
  • Author
Posted

yes sorry, I think this is all of the login system.

 

<?php
session_start();
ob_start();
if (!isset($_SESSION["valid_user"]))
{
header('Location:/index.php?action=login');
}
$theuser=$_SESSION["valid_user"];
///////////////////////////////// Language Changer - start
if (!$_SESSION['lang_ice'])
{
$_SESSION['lang_en'] = true;
$_SESSION['lang_ice'] = false;
}
if (isset($_GET['lang']))
{
if ($_GET['lang'] == "en")
{
$_SESSION['lang_en'] = true;
$_SESSION['lang_ice'] = false;
}
if ($_GET['lang'] == "ice")
{
$_SESSION['lang_en'] = false;
$_SESSION['lang_ice'] = true;
}
}	
if($_SESSION['lang_ice'] == true)
{
require_once '../langs/ice.php';
}
if($_SESSION['lang_en'] == true)
{
require_once '../langs/en.php';
}
/////////////////////////// Language Changer - end
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
</head>
<body>
      <?
 if (!$_SESSION["valid_user"])
  {
  	echo "<li><a href=\"/main/?action=login\">$login</a></li><li><a href=\"/main/?action=register\">$register</a></li>";
  } else {
	echo "<li><a href=\"/Users/profile.php?action=viewprofile\">$theuser</a></li><li><a href=\"/main/?logout\">$logout</a></li>";
  }
  if ( $theuser == "admin" ) {
   echo "<li><a href='/admin/'>Admin Area</a>";
  }
?>

<?php
//require("../requires/head.php");
require("../requires/config.php");
if(isset($_GET['action']))
{
$action=addslashes($_GET['action']);
}
if(!isset($_GET['action']))
{
header("Location:main.php");
}
if(isset($_GET['logout']))
{
session_unset();
session_destroy();
echo "Goodbye";
?>
<meta http-equiv="refresh" content="2;url=main.php" />
<?php
}
if(isset($_SESSION["valid_user"]))
{
echo "Welcome";
}
if(isset($_POST['submit']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$password = md5($password);
$query = mysql_query("SELECT * FROM guest_users WHERE us_nm = '$username' AND us_pw = '$password'") or die(mysql_error());
if(mysql_num_rows($query) == 0)
{
	echo "Username and Password combination not recognised.<br>";
}
else
{
	$_SESSION["valid_user"] = $username;
	header("Location:main.php");
}
}

if ( $action == "login" )
{
 echo "$index2[0]";
?>
 <br><br>
    <center>
    <form action="" method="post">
    <table border="0" cellspacing="0" cellpadding="0" width="150">
     <tr>
	      <td width="60"><?php echo $index2[1];?>:</font></td>
      <td width="90"><center><input type="text" name="username"></center></td>
     </tr>
     <tr>
      <td colspan="2" height="6"> </td>
	     </tr>
     <tr>
	      <td width="60"><?php echo $index2[2];?>:</font></td>
      <td width="90"><center><input type="password" name="password"></center></td>
     </tr>
     <tr>
      <td colspan="2" height=\"6"><br><input type="Submit" name="submit" value="<?php echo $index2[3];?>"></td>
	     </tr>
   </table>
   </form>
   </center>
<?php
}
if ( $action == "register" )
{
  $username=mysql_real_escape_string($_POST['username']);
  $email=mysql_real_escape_string($_POST['email']);
  $myname=mysql_real_escape_string($_POST['myname']);
  $myweb=mysql_real_escape_string($_POST['myweb']);
  $location=mysql_real_escape_string($_POST['location']);
echo "
     <form action='' method=\"post\" enctype=\"multipart/form-data\">
     <table border=\"0\" cellspacing=\"0\" cellpadding=\"0\" width=\"570\">
      <tr>
       <td width=\"120\">$index2[1]:</td>
       <td width=\"*\"><input type=\"text\" name=\"username\" value=\"$username\" class=\"itxt\"></td>
      </tr>
      <tr>
       <td colspan=\"2\" height=\"4\"> </td>
      </tr>
      <tr>
       <td width=\"120\">$index2[2]:</td>
       <td width=\"*\"><input type=\"password\" name=\"password\" class=\"itxt\"></td>
      </tr>
      <tr>
       <td colspan=\"2\" height=\"4\"> </td>
      </tr>
      <tr>
       <td width=\"120\">$email_ent:</td>
       <td width=\"*\"><input type=\"text\" name=\"email\" value=\"$email\" class=\"itxt\"></td>
      </tr>
      <tr>
       <td colspan=\"2\" height=\"10\"> </td>
      </tr>
      <tr>
       <td width=\"120\">$index2[10]:</td>
       <td width=\"*\"><input type=\"text\" name=\"myname\" value=\"$myname\" class=\"itxt\"></td>
      </tr>
      <tr>
       <td colspan=\"2\" height=\"4\"> </td>
      </tr>
      <tr>
       <td width=\"120\">$index2[7]:</td>
       <td width=\"*\"><input type=\"text\" name=\"myweb\" value=\"$myweb\" class=\"itxt\"></td>
      </tr>
      <tr>
       <td colspan=\"2\" height=\"4\"> </td>
      </tr>
      <tr>
       <td width=\"120\">$index2[8]:</td>
       <td width=\"*\"><input type=\"text\" name=\"location\" value=\"$location\" class=\"itxt\"></td>
      </tr>
      <tr>
       <td colspan=\"2\" height=\"4\"> </td>
      </tr>
      <tr>
       <td width=\"120\">$index2[9]:</td>
       <td width=\"*\" valign=\"top\"><input type=\"file\" size=\"15\" name=\"uploadfile\"></td>
      </tr>
      <tr>
       <td colspan=\"2\" height=\"8\"> </td>
      </tr>
      <tr>
       <td colspan=\"2\" height=\"4\">
       <input type=\"Submit\" value=\"Submit\" name='submit_reg'>
       </td>
      </tr>
     </table>
    </form>";
}
if (isset($_POST['submit_reg']))
{
  $upload=$_FILES['uploadfile'];
  $username=mysql_real_escape_string($_POST['username']);
  $pass_word=mysql_real_escape_string($_POST['password']);
  $password=mysql_real_escape_string(md5($_POST['password']));
  $email=mysql_real_escape_string($_POST['email']);
  $myname=mysql_real_escape_string($_POST['myname']);
  $myweb=mysql_real_escape_string($_POST['myweb']);
  $location=mysql_real_escape_string($_POST['location']);
  $tava=basename($_FILES['uploadfile']['name']);
$target_path = "../images/uploads/";
$target_path = $target_path . basename( $_FILES['uploadfile']['name']);
move_uploaded_file($_FILES['uploadfile']['tmp_name'], $target_path);
  	if(strlen($username) >= 7)
  	{
  		echo "Username Too long. 7 or less characters.<br>";
  	}
else
  	{
    	$query=mysql_query("SELECT * FROM guest_users WHERE us_ml='$email' AND us_nm = '$username'");
    	$result=mysql_num_rows($query);
	if ($result == 0)
	{
        	$one = "INSERT INTO guest_users VALUES('','$username','$password','$email','$myname','$tava','$myweb','$location')";
      		$two = mysql_query($one) or die("Error: Information has not been added to the users database");
$subject = "Registration";
$message = "Congratulations on registering with us. These are the details you have registered with:\n Name:".$myname."\n Username:".		$username."\n Password:".$pass_word."\n Website:".$myweb."\n Location:".$location;
$from = "@gmail.com";
$headers = "From: $from";
mail($email,$subject,$message,$headers);
echo "<center>Now You are registered!</center>";
require_once "../requires/feet.php";
exit();
    	}
   else
   {
		echo "Username and email already in use.<br>";	
   }
}
}
require("../requires/feet.php");
?>

Link to comment
Share on other sites
rwwd Member

rwwd

Posted
Posted

Hi there, not sure what your issue is, but having a quick read of your code, you can eliminate a little bit just by doing this before you assign all the $_POST data:-

$_POST = array_map('mysql_real_escape_string', $_POST);
$_POST = array_map('strip_tags', $_POST);

 

This will then use the function (using the callback feature) and apply it directly to all of the elements within the $_POST array, and as you are 'overwriting' it, after this call you can then refer to $_POST directly or assign to a var, but this time safe in the knowledge that you have already sanitised the user submitted detail.

 

Also, you might want to place exit's after all of the header() calls, this will make your script stop operating after the header call, this is always a handy thing to do..

 

Hope this makes sense anyway..

 

Cheers,

Rw

Link to comment
Share on other sites
chandler Member

chandler

Posted
  • Author
Posted

Thanks,

 

the problem is I have a domain like www.111exampleurl111.net.16.net, so I have a  url redirect set up on this like www.myname.com but when this is used it is not possible to login to the site only when I use www.111exampleurl111.net.16.net,  I am able to login.

Link to comment
Share on other sites
rwwd Member

rwwd

Posted
Posted

Cool! It's a good idea to place the exit; there after the header() as this stops the script from executing code further down the chain, as php will parse the entire document unless told to stop by using exit;

 

Did/have you tried the array_map() at all? Just suggesting a way to condense your code a little, always nice to streamline and make more efficient.

 

Rw

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.