havox Posted November 13, 2010 Share Posted November 13, 2010 Hello everyone, this is my first post. This isn't just a simple post and leave, I'm looking to expand into this community and learn as much as I can. Well on to the problem at hand! I decided to start with something simple as a login page and now want to expand it to make it fully functional. <html> <head> <title>Deadnode.com</title> <LINK href="style.css" rel="stylesheet" type="text/css"> </head> <body> <div style=width:150px;height:80px;position:absolute;left:40%;top:35%; margin-left:-135px;margin-top:-50px;"> <div class="sidebox"> <div class="boxhead"><h2>Login Required</h2></div> <div class="boxbody"> <form method="post" action="check.php"> <center><table> <tr><td><font face="verdana,arial" size=-1>User:</td><td><input type="text" name="user"></td></tr> <tr><td><font face="verdana,arial" size=-1>Pass:</td><td><input type="text" name="pwd"></td></tr> <tr><td><font face="verdana,arial" size=-1> </td><td><font face="verdana,arial" size=-1><input type="submit" value="Login"></td></tr> </table></center> </form> </div> </div> </body> </html> <?php function check() { $admin="test"; $pass="test"; if ( $_POST["user"] == $admin & $_POST["pwd"] == $pass) { header('Location: output.php'); } else { header('Location: index.html'); } } ?> <?php require('function.php'); check(); ?> This is just the code in it originally form; completely functional. I tried to use start_session() in my check() function. I know I should be using cookies, but I haven't gotten that far yet. Is it possible to use my check function as a way to block pages? I tried inserting the same code that is in check.php onto a html page, but I've had no luck with it redirecting back to my index.html page. Link to comment https://forums.phpfreaks.com/topic/218597-securing-pages/ Share on other sites More sharing options...
Pikachu2000 Posted November 13, 2010 Share Posted November 13, 2010 Are you getting any errors? Is error reporting even turned on? Link to comment https://forums.phpfreaks.com/topic/218597-securing-pages/#findComment-1133903 Share on other sites More sharing options...
havox Posted November 13, 2010 Author Share Posted November 13, 2010 I'm not really sure how to do that and where it would report the error. My webserver is running off of a Debian 5.5 box. The code you see now works fine. just when I try to insert my check function onto a page I want to secure; it won't do anything. Link to comment https://forums.phpfreaks.com/topic/218597-securing-pages/#findComment-1133909 Share on other sites More sharing options...
Pikachu2000 Posted November 13, 2010 Share Posted November 13, 2010 That's making me think you should probably be getting a 'headers already sent' error. As the very first thing in the script that you're having problems with, put this and see if there are any errors reported. error_reporting(-1); ini_set('display_errors', 1); Unrelated to the current problem, but any time you use a header() redirect, you should call exit() immediately after it to prevent any further execution of code in the script. Link to comment https://forums.phpfreaks.com/topic/218597-securing-pages/#findComment-1133913 Share on other sites More sharing options...
havox Posted November 13, 2010 Author Share Posted November 13, 2010 It still just shows the page and there is no error reporting of any kind. <?php require(function.php); check(); error_reporting(-1); ini_set('display_errors', 1); ?> <html> <body> <p>Congrats!</p> </body> </html> Link to comment https://forums.phpfreaks.com/topic/218597-securing-pages/#findComment-1133918 Share on other sites More sharing options...
Pikachu2000 Posted November 13, 2010 Share Posted November 13, 2010 The require() should be after the error reporting code. Are you certain that .html files on your server are being parsed by the php interpreter? Link to comment https://forums.phpfreaks.com/topic/218597-securing-pages/#findComment-1133921 Share on other sites More sharing options...
havox Posted November 14, 2010 Author Share Posted November 14, 2010 Ok, I moved the error reporting before require and still nothing. Also, I've copied the contents of output.html into output.php and I nothing happens at all; well besides the .php version not outputing "congrats" on the page. Link to comment https://forums.phpfreaks.com/topic/218597-securing-pages/#findComment-1133924 Share on other sites More sharing options...
Pikachu2000 Posted November 14, 2010 Share Posted November 14, 2010 Add quotes to the filename in the require(). require('function.php'); Link to comment https://forums.phpfreaks.com/topic/218597-securing-pages/#findComment-1133956 Share on other sites More sharing options...
havox Posted November 14, 2010 Author Share Posted November 14, 2010 Here is one comes up now Notice: Undefined index: user in /srv/www/deadnode.com/public_html/function.php on line 7 Notice: Undefined index: pwd in /srv/www/deadnode.com/public_html/function.php on line 7 Warning: Cannot modify header information - headers already sent by (output started at /srv/www/deadnode.com/public_html/function.php:7) in /srv/www/deadnode.com/public_html/function.php on line 10 Link to comment https://forums.phpfreaks.com/topic/218597-securing-pages/#findComment-1133976 Share on other sites More sharing options...
havox Posted November 14, 2010 Author Share Posted November 14, 2010 Updated function.php <?php function check() { $admin="test"; $pass="test"; if (isset( $_POST["user"] == $admin & $_POST["pwd"] == $pass)) { header('Location: output.php'); } else { header('Location: index.html'); } } ?> I tried using isset(). Good thing is It doesn't print the contents of the page out, but I do get this error. Parse error: syntax error, unexpected T_IS_EQUAL, expecting ',' or ')' in /srv/www/deadnode.com/public_html/function.php on line 7 Link to comment https://forums.phpfreaks.com/topic/218597-securing-pages/#findComment-1134104 Share on other sites More sharing options...
BlueSkyIS Posted November 14, 2010 Share Posted November 14, 2010 & should be && Link to comment https://forums.phpfreaks.com/topic/218597-securing-pages/#findComment-1134124 Share on other sites More sharing options...
havox Posted November 14, 2010 Author Share Posted November 14, 2010 Thanks BlueSkyIS. I actually just realized that when I was looking over it, but I still get the same error. Link to comment https://forums.phpfreaks.com/topic/218597-securing-pages/#findComment-1134131 Share on other sites More sharing options...
BlueSkyIS Posted November 14, 2010 Share Posted November 14, 2010 function check() { $admin="test"; $pass="test"; if (isset($_POST["user"]) && $_POST["user"] == $admin && isset($_POST["pwd"]) && $_POST["pwd"] == $pass) { header('Location: output.php'); exit; } else { header('Location: index.html'); exit; } } Link to comment https://forums.phpfreaks.com/topic/218597-securing-pages/#findComment-1134133 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.