Jump to content

Recommended Posts

 

The below is giving an error, saying that the password is incorrect. I know for a fact it's correct.

<?php
if(isset($_SESSION['myusername2']) && isset($_SESSION['mypassword3'])){ 

$content.='
<div class="main">
<div class="main_header">Admin CP</div>

</div>
';
}

else{
$content='
<table class="actors_table">
<tr>
<td align="center">';

if(isset($_GET['e']) && $_GET['e']=="0")
{
$content .= '<span style="color: #FF0000; font-weight: bold;">Incorrect Username or Password</span><br/><br/>';
} 

else{
$content .="";
}

$content .='Re-Type your password to view this information:
<form action="./adminlogin.php" method="post">
    <p>Username: <input type="text" name="username" value="'.$_SESSION['myusername2'].'" disabled="disabled" /></p>
<p>Password: <input type="password" name="password" /></p>
    <p><input type="submit" value="Submit" name="Submit" /></p>
    </form>

</td>
</tr>
</table>
';
}
?>

 

 

<?php
require_once 'db_select.php';
require_once 'func.php';
session_start();
// username and password sent from form 
$myusername=sanitize($_POST['username']); 
$mypassword=sanitize($_POST['password']); 

$check_details="SELECT * FROM $tbl_name WHERE username='$myusername' AND password='$mypassword'";
$details_result=mysql_query($check_details);


// Mysql_num_row is counting table row
$count_details=mysql_num_rows($details_result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count_details==1){
$_SESSION['mypassword3']=$mypassword;
header("location:index.php?usercp");
}
else{ 
header('Location:./index.php?admincp&e=0'); 
} 
?>

Link to comment
https://forums.phpfreaks.com/topic/240435-log-in-form-redirecting-back-with-error/
Share on other sites

I cut it down to this, and it logs in once, but if you click away from the page and come back, the form comes up again, as if the session was never set.

<?php
require_once 'func.php';
session_start();
$_SESSION['mypassword3']=kam3($_POST['password']);
if(isset($_SESSION['myusername2']) && $_SESSION['mypassword3']==$_SESSION['mypassword2']){

$content.='
<div class="main">
<div class="main_header">Admin CP</div>

</div>
';
}

else{
$content='
<table class="actors_table">
<tr>
<td align="center">';

if(isset($_GET['e']) && $_GET['e']=="0")
{
$content .= '<span style="color: #FF0000; font-weight: bold;">Incorrect Username or Password</span><br/><br/>';
} 

else{
$content .="";
}

$content .='Re-Type your password to view this information:
<form action="" method="post">
    <p>Username: <input type="text" name="username" value="'.$_SESSION['myusername2'].'" disabled="disabled" /></p>
<p>Password: <input type="password" name="password" /></p>
    <p><input type="submit" value="Submit" name="Submit" /></p>
    </form>

</td>
</tr>
</table>
';
}

?>

Have you checked what your code, variables, and data are doing? You are the only one here who has access to your code and database on your server and you are the only one here who can troubleshoot what your code, variables, and data are doing.

 

What value is in $count_details? If it is not 1 like you expect, why not echo/var_dump it and see what value it actually is?

 

What is in $details_result, a FALSE because the query failed due to an error or a result resource?

 

Is the query in $check_details what you expect and is the username/password data in your database table the same as what is in the query?

Have you checked what your code, variables, and data are doing? You are the only one here who has access to your code and database on your server and you are the only one here who can troubleshoot what your code, variables, and data are doing.

 

What value is in $count_details? If it is not 1 like you expect, why not echo/var_dump it and see what value it actually is?

 

What is in $details_result, a FALSE because the query failed due to an error or a result resource?

 

Is the query in $check_details what you expect and is the username/password data in your database table the same as what is in the query?

 

Looks like:

 

echo $details_result; = a resource id

echo $count_details; = 0

print_r() your $_POST and $_SESSION arrays and look at the output to see if there's any reason for a conditional not to do what you'd expect it to do.

 

The hashed passwords mypassword2 and mypassword3 have different values. Once I log-in each time they're identical, click to another page, and come back to the form, they're different again.

 

I think it's because the POST is assigning to the mypassword3 session outside the if statement, so therefore when come back to the page after clicking away, it's a hashing a blank entry thus giving a different hashed value.

Alright, now it works briefly. I can log-in, click a few links come back, and it's fine. Click a few more and come back, and it's now the log-in form again. It's like the session last for about 15 seconds.

 

 

EDIT: Got it. Thanks for the help.

 

 

<?php
require_once 'func.php';
session_start();

print_r($_SESSION);

if(isset($_SESSION['myusername2']) && kam3($_POST['password'])==$_SESSION['mypassword2'] || isset($_SESSION['myusername2']) && $_SESSION['mypassword3']==$_SESSION['mypassword2']){
if(!empty($_POST['password'])){
$_SESSION['mypassword3']=kam3($_POST['password']);
}

$content.='
<div class="main">
<div class="main_header">Admin CP</div>

</div>
';
}

else{
$content='
<table class="actors_table">
<tr>
<td align="center">';

if(isset($_GET['e']) && $_GET['e']=="0")
{
$content .= '<span style="color: #FF0000; font-weight: bold;">Incorrect Username or Password</span><br/><br/>';
} 

else{
$content .="";
}

$content .='Re-Type your password to view this information:
<form action="" method="post">
    <p>Username: <input type="text" name="username" value="'.$_SESSION['myusername2'].'" disabled="disabled" /></p>
<p>Password: <input type="password" name="password" /></p>
    <p><input type="submit" value="Submit" name="Submit" /></p>
    </form>

</td>
</tr>
</table>
';
}
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.