Jump to content

HELP - Login Script Keeps Logging Me Out When I Click a Link


Stebner55

Recommended Posts

I've used a really simple login script that I found from doing a quick google search.

It worked fine for a month,

then started logging me out everytime I clicked on a link to another secured page.

I never changed anything and just checked my script with the one online and don't see anything different.

I'll post my script here and then maybe you guys can help...i contacted the host and they said nothing changed on the server end but I question that...

 

here's my login.php

 

<?php

 

$con = mysql_connect("db****.****.net","db******","pass***");

if (!$con)

  {

  die('Could not connect: ' . mysql_error());

  }

 

mysql_select_db("db********", $con);

 

$result = mysql_query("SELECT * FROM users");

while($row = mysql_fetch_array($result))

  {

$adminuser = $row['username'];

$adminpass = $row['password'];

}

mysql_close($con);

 

 

function loginpage($error) {

echo "<html>\n<head>\n<title>Admin panel - Please login</title>\n";

echo "</head>\n<body>\n";

echo "<table style='width:100%;height:100%;'>\n<tr>\n<td align='center'>\n";

echo "<form action='" . $_SERVER['REQUEST_URI'] . "' method='post'>\n";

echo "<table border='1' width='300' cellspacing='0' cellpadding='4'><tr>\n";

$formtitle = "Admin panel - Please login";

if($error) $formtitle = "Wrong credentials!";

echo "<th colspan='2'>" . $formtitle . "</th>\n";

echo "</tr><tr>\n";

echo "<td><p><b><label for='username'>Username:</label></b></p></td>\n";

echo "<td><input type='text' name='username' id='username' size='30'></td>\n";

echo "</tr><tr>\n";

echo "<td><p><b><label for='password'>Password:</label></b></p></td>\n";

echo "<td><input type='password' name='password' id='password' size='30'></td>\n";

echo "</tr><tr>\n";

echo "<td><b>Login:</b></td>\n";

echo "<td><input type='submit' value=' Login » ' name='login'></td></tr></table></form>\n";

echo "</td>\n</tr>\n</table>\n</body>\n</html>";

exit;

}

 

$username = $_POST['username'];

$password = $_POST['password'];

$login    = $_POST['login'];

 

session_start();

if($_SERVER['QUERY_STRING'] == "logout") {

unset($_SESSION['authuser']);

header('Location: index.php');

exit;

}

if($_SESSION['authuser'] != $adminuser) {

if(!$login) {

loginpage(false);

}

elseif(($username != $adminuser) || ($password != $adminpass)) {

loginpage(true);

}

else {

$_SESSION['authuser'] = $adminuser;

header("Location: " . $_SERVER['REQUEST_URI']);

}

}

// else we enter the restricted area

session_write_close();

?>

 

 

then on each page that needs authentification I put this code...

 

<?php require_once("login.php");

 

$authuser = $_SESSION['authuser'];

 

?>

 

 

so as you can see there is no time limit that automatically logs you out...i have no idea why this keeps occurring.

Any help?

Link to comment
Share on other sites

I don't think anything changed since the time that it worked before but let me take a look...

ok so i looked and i don't think so...i'm gonna set up a temporary password and let you login and take a look at what happens...k?

www.plusultraradio.com/admin

username : admin

password: admin

Link to comment
Share on other sites

I believe there's something not right about this block:

$result = mysql_query("SELECT * FROM users");
while($row = mysql_fetch_array($result)) {
$adminuser = $row['username'];
$adminpass = $row['password'];
}

 

All that does is store the username and password of the last record retrieved from the users table, then compare it to what's entered in the form. I almost want to say there is supposed to be another DB table that holds nothing but the admin username and password, and that would be what is queried above. Another possibility is that you're supposed to edit the query string, adding a WHERE clause to indicate the user id that belongs to the admin user. I can't be certain of either of those, but that's how it looks right now.

Link to comment
Share on other sites

don't get to caught up on that part of the script. originally i just had it define the username and password right then and there and i had the problem at that time. for the sake of security i put the username and password in the database and there is only one record so it's ok to query the database for all records there...cuz like i said...there's only 1

the problem lies elsewhere..

Link to comment
Share on other sites

1) Move session_start() to the first line after the opening <?php tag

2) turn on error reporting, either in your php.ini file, or if you can't do it that way, put this:

ini_set('display_errors' 1);
error_reporting(-1);

between the <?php tag and session_start() in this script, and at the head of the other scripts you need to test.

 

Then see what happens.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.