Jump to content

Scripts Breaking Over Night


jon4433

Recommended Posts

As the title says... 2 of my login scripts seem to have broken over night. My login script to access the website, and my login script for the admin area.

 

Now I kow that this script isn't the best, not secure at all! But it's just a simple and fast way that I did it.

But this code doesn't direct me to the index.php in the admin folder, it reloads the same page, login.php. But when I type in admin.php in the URL bar, it says that i'm logged in with my username.

 

Edit: So I got a few friends to test login in, and this is what happened.

 

They managed to login. They then logged out, and then tried to log back in.

 

Once they pressed the 'submit' button, it reloaded the login page and then didn't display anything on the page. And then they pressed the 'home' lnk and it took them back to the index with them logged in.

 

Here is the login.php and index.php code.

 

Login.php

<?php

session_start();
$_SESSION['username'];

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="css/style.css" rel="stylesheet" type="text/css" />
<title>JokeStomp Admin Login</title>
<style type="text/css">
body,td,th {
color: #FFF;
font-family: Georgia, "Times New Roman", Times, serif;
}
body {
background-color: #E0E0E0;
}
</style>
</head>

<body>

<div id="admin_login">
<div style="background-color:#353535; height:40px;" align="center">Please Login To Continue</div>
    
    <div id="error">
    <?php

$username = trim($_POST['username']);
$password = trim($_POST['password']);

if ($username == "dtoyee" && $password == "testing123"){ 
	header("location: index.php");
	$_SESSION['username'] = $username;
}else{
	header("location: login.php");
}
?>
    </div>
    
    <div id="login" align="left">
    	<p><font color="#000000">Please enter your username and password to continue.</font></p>
        <form action='login.php' method='post'>
        Username:  <input type='text' name='username' size="30"><br />
        <br />
        Password:   <input type='password' name='password' size="30"><br />
        <br />
        <input type='submit' value='Login'>
        <br />
        <br />
        </form>
    </div>
</div>
</body>
</html>

 

Index.php

 

<?php

session_start();
$_SESSION['username'];
$user = $_SESSION['username'];

include '../connect_to_mysql.php';

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="css/style.css" rel="stylesheet" type="text/css" />
<title>JokeStomp Beta | Admin</title>
<style type="text/css">
body {
background-color: #CCC;
}
</style>
</head>

<body>

<?php
    
    if (!isset($_SESSION['username']) || empty($_SESSION['username'])) {
        header('location: login.php');
    }else{
        echo' <div><img src="images/jokestomppic.png" width="400" height="190" /></div>
            
            <div id="menu">
                <ul>
                    <li><a href="index.php" class="active">Home</a></li>
                    <li><a href="includes/users.php">Users</a></li>
				<li><a href="includes/jokes.php">Jokes</a></li>
				<li><a href="news.php">News</a></li>
				<li><a href="../index.php">Website</a></li>
                </ul>
            </div>


		<div id="left_menu">
			<div class="left_menu_box">
				<div class="title">Home</div>
			<ul class="menu">
				<li class="active"><a href="includes/users.php">Users</a></li>
				<li class="active"><a href="includes/jokes.php">Jokes</a></li>
				<li class="active"><a href="news.php">News</a></li>
                    <li class="active"><a href="../index.php">Website</a></li>
                    <li class="active"><a href="logout.php">Log Out</a></li>
			</ul>
			</div>
		</div>
            
            <div id="admin_content">

		<table width="100%" border="1" class="table1">
		  <tr>
			<td>
                <?php
			$user_count = mysql_query("SELECT COUNT(id) FROM login");
			$count = mysql_result($user_count, 0);
			echo $count, " users registered."; 
			?>
			</td>
			<td>
                <?php
			$joke_count = mysql_query("SELECT COUNT(id) FROM jokes");
			$count = mysql_result($joke_count, 0);
			echo $count, " jokes posted."; 
			?>
                </td>
		  </tr>
		  <tr>
			<td>Hello <?php echo $user; //Seeing if the session works. ?></td>
			<td> </td>
		  </tr>
		</table>
            </div>';
		}
?>	
            
</body>
</html>

 

They are for the admin area. The code below is my main login script.

 

Login.php

 

<?php

session_start();
$_SESSION['username'];
include 'connect_to_mysql.php';

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="css/style.css" rel="stylesheet" type="text/css" />
<title>JokeStomp Login</title>
<style type="text/css">
body {
background-size:100% 100%;
background-attachment: fixed;
background-repeat: repeat-x;
background-position: left top;
background-color: #999999;
background-image: url(images/bg1_01.jpg);
}
</style>
</head>

<body>

<div class="holder">

<div id="header">
  <img src="images/jokestomppic.png" width="400" height="190" />
</div>

<?php include 'includes/warning_template.php';?>

    <div class="menu">
    <table width="50%" border="0" cellpadding="0px" cellspacing="4px" align="center">
      <tr>
        <td><a href="index.php">Home</a></td>
        <td><a href="news.php">News</a></td>
        <td>Contact</td>
      </tr>
    </table>
    </div>
    <div class="content">
        <div class="account" align="center">
                <?php
			if (!isset($_SESSION['username']) || empty($_SESSION['username'])) {

			echo'<p><a href="register.php">Register</a></p>';
        		echo '<p><a href="login.php">Login</></a></p>';
			}else{

			echo "<p><a href='post_joke.php'>Post Joke</a></p>";
			echo "<p><a href='account.php'>Account</a></p>";
                echo "<p><a href='includes/logout.php'>Logout</a></p>";
			}
			?> 
                
                <hr />
                
                <?php

			$user_count = mysql_query("SELECT COUNT(id) FROM login");
			$count = mysql_result($user_count, 0);
			echo $count, ' users registered.'; 

			echo '<hr>';

			$joke_count = mysql_query("SELECT COUNT(id) FROM jokes");
			$joke = mysql_result($joke_count, 0);
			echo $joke, ' jokes in our database.';

			?>
            </div>
        
            <div class="joke">
            
            <?php

		if (!isset($_SESSION['username']) || empty($_SESSION['username'])) {

			echo '<form action="login.php" method="post">
            	<table width="50%" border="0" align="center">
                  <tr>
                    <td width="18%">Username</td>
                    <td width="82%"><input type="text" name="username" size="40"/></td>
                  </tr>
                  <tr>
                    <td>Password</td>
                    <td><input type="password" name="password" size="40"/></td>
                  </tr>
                  <tr>
                    <td> </td>
                    <td align="center"><input type="submit" name="submit" value="Login"/></td>
                  </tr>
                </table>
            </form>
            <br />';
		}else{
            
			header('location: index.php');
		}
		?>
            	<div align="center">
				<?php

				$username = mysql_real_escape_string($_POST['username']);
				$password = mysql_real_escape_string($_POST['password']);

				if (empty($username) && (empty($password))){
					echo "<font color=\"blue\">All fields are required!</font>";	
				}else{

					if($username && $password)
					{

						$query = mysql_query("SELECT username,password FROM login WHERE username='$username' AND password='" . md5($password) . "'");

						$numrows = mysql_num_rows($query);

						if($numrows == 1)
						{	
							header("location: index.php");
							$_SESSION['username'] = $username;
						}else{
							echo "Details are invalid.";	
						}
					}
				}
				?>
                </div>                  
      </div>
    </div>
</div>
<?php include("includes/footer_template.php"); ?>
</body>
</html>

 

They were both working fine yesterday. I haven't touched them since.

 

Is there something wrong with it?

Link to comment
Share on other sites

Far from being an expert on this, if it happened to me, my first three checks would be.....

1) Has anything been changed by the host? I once had a site where the host upgraded the version of php and virtually everything stopped working.

2) Have you changed anything to do with those scripts in the last few days were the old information was still held in a cookie or the cache up until last night?

and because it is me and I know what I am like

3) Have I played around with these or any related files and forgotten to undo the changes or accidently uploaded a dev version to the server?

 

Code wise is the username definitely being unset via the log-in page?

 

Steve

Link to comment
Share on other sites

Maybe I overlooked it in your scripts but where - for the 'logout' process are you actually DESTROYING the $_SESSION for the username so it return (!isset) and/or empty on the next 'login' attempt?

 

It appears that the 'username' session remains which reason you're getting the incorrect results on 2nd login attempt.

Advise on how you handling the 'logout' function.

 

brgds,

Craig

Link to comment
Share on other sites

I'm sorry but I don't see the line of code where you're killing the sesion  - unset($_SESSION['username']; - but if that's the case, then you definitely shouldn't be getting an incorrect response based on code I see in the login & index pages. Confirm you are, indeed, unsetting or destroying the entire sessions then redirecting back to the index page.

 

Destorying the entire session would surely kill any lingering id's screwing up your logic / scripts.

Link to comment
Share on other sites

Can you post the logout.php script?  I agree with the earlier posters that 1) you need to shuffle everything so that header() comes before all output (you can store all the output in a variable like $output and just echo it at the end.  That way it won't interfere with any header() calls

2)  ensure that either session_destroy() is used in logout or that the appropriate $SESSION variables are unset. 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.