Jump to content

User Can Only Login On Localhost.

Alohaphp

By Alohaphp
in MySQL Help

 Share

Recommended Posts

Alohaphp Newbie

Alohaphp

Posted
Posted

I would like to ask for some help. It is really basic stuff but it seams i can't figure that part out.

 

1) I have a php application, where after login user gets to back-end area.

2) The problem is i can login on my localhost and i will see the back-end area, but after setting up staging server i can't get to that area.... error says "User ID or Password you entered is not correct".

 

What it could be? Any help would be much appreciated.

Link to comment
Share on other sites
Backslider Newbie

Backslider

Posted
Posted

At least the error you are seeing is a good one - I agree with Jessica that its output by the application itself. I cringe at the number of applications that will give a message like: "Your password is incorrect" - this immediately tells a hacker that they have a valid user name.

 

It could be a problem with how the password is salted - may differ between your localhost and staging server, or a case sensitivity issue.

Link to comment
Share on other sites
Jessica Advanced Member

Jessica

Posted
Posted

At least the error you are seeing is a good one - I agree with Jessica that its output by the application itself. I cringe at the number of applications that will give a message like: "Your password is incorrect" - this immediately tells a hacker that they have a valid user name.

 

It could be a problem with how the password is salted - may differ between your localhost and staging server, or a case sensitivity issue.

And I hate it when a site doesn't tell me that the username I'm trying to login as or the email I tried to use to reset my password isn't valid, and I'm just wasting my time when I'm a real user. ::) The line has to be drawn somewhere. 

Link to comment
Share on other sites
Backslider Newbie

Backslider

Posted
Posted

And I hate it when a site doesn't tell me that the username I'm trying to login as or the email I tried to use to reset my password isn't valid, and I'm just wasting my time when I'm a real user. ::) The line has to be drawn somewhere.

 

I think its ok to show that the email is incorrect for password/ username reset/retrieval - I have never seen otherwise. I work almost exclusively on eCommerce systems, so if you cannot remember your username or password you can retrieve them with a valid email address - the login page will NOT tell you and this is as it should be for better security.

Link to comment
Share on other sites
Jessica Advanced Member

Jessica

Posted
Posted

I've seen systems where when I try to retrieve my username, it accepts an email that is not in their system and tells me to check my email. Or plenty of systems that don't even have forgot username, only password. So if you aren't telling me that my email or username is non-existent, I'm checking half a dozen email addresses for a reset email that will never come.

 

And of course these sites never have tech support you can access without logging in,.

Link to comment
Share on other sites
Alohaphp Newbie

Alohaphp

Posted
  • Author
Posted

There is a 100% change that the error you're seeing is generated BY the application. Find the code that spits it out and you'll find the problem.

Did you write this application?

 

Nope i haven't wrote it.

 

It's somebody else's app that got zero comments and none of the documentation. I only see the website where it's implemented and i have db records for

users and administrators and moderators. To make a long story short i can login with email and password on real site, then i can login with the same info on my localhost,

but all of a sudden when i created staging server....i'm getting an error of course generated by that app.

 

So the logical question would be, how i can debug that app? There is no any errors i can see in log files.

 

Thank you for help.

Link to comment
Share on other sites
Alohaphp Newbie

Alohaphp

Posted
  • Author
Posted

At least the error you are seeing is a good one - I agree with Jessica that its output by the application itself. I cringe at the number of applications that will give a message like: "Your password is incorrect" - this immediately tells a hacker that they have a valid user name.

 

It could be a problem with how the password is salted - may differ between your localhost and staging server, or a case sensitivity issue.

 

Thank you for your thought!

Will try to look more deeply.

Link to comment
Share on other sites
DavidAM Member

DavidAM

Posted
Posted

... i can login with email and password on real site,

... i can login with the same info on my localhost,

 

but all of a sudden when i created staging server....i'm getting an error of course generated by that app.

 

 

Obviously, the staging server is not setup "properly" for the app.

 

Did you create a database for it? Did you put the data in the database? Did you adjust the database credentials? Is the database server available to PHP? Does the Database Username in the app have proper permissions?

 

Is the filesystem setup properly? Does PHP and Apache have the appropriate permissions?

Link to comment
Share on other sites
  • 2 weeks later...
Alohaphp Newbie

Alohaphp

Posted
  • Author
Posted

You would start by determining why the code is producing that message. Find out where and then why the entered user id/password don't match wherever and whatever they are being compared with.

Obviously, the staging server is not setup "properly" for the app.

 

Did you create a database for it? Did you put the data in the database? Did you adjust the database credentials? Is the database server available to PHP? Does the Database Username in the app have proper permissions?

 

Is the filesystem setup properly? Does PHP and Apache have the appropriate permissions?

There is no way you're going to get someone to help you debug your server and non-documented buggy app. For free.

 

 

 

Thank you for your help!

 

So here is the next episode :-) The reason why i could't get any response

was because in database table - users is lowecase and in all php files it was - Users (capitalize)

Couple files were fixed, but here is what i don't understand. Same script working fine on some other

linux server. Do i have any smarter way of resolving that issue rather manually change all capitalized

Users to lowercase one? What it could be?

 

 

You opinions are very appreciated!

Thanks.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.