Jump to content

Recommended Posts

I am using PHP 5.3  iis7 and SLQ Server 2005. I know the script gets to the session part and creates a temp file in C:/windows/temp folder (see info below), but when I try to login and redirect to the index.php  it give a 500 error on the login.php page.

 

login.php

index.php

conifg.php

temp file - C:\windows\temp

<?php
//set ini
ini_set('session.gc_maxlifetime', 900);
if(!ini_get('session.auto_start')){
	session_start();
}
// include file
include ('config.php');
include (LIB_PATH.'functions.php');
include(LIB_PATH.'sqlsrv_connect.php');
if($_SESSION['user_id']){
		
			Header("Location: index.php"); 
}



if($_POST['submit']){
	$user1 = trim($_POST['user']);
	$pass1 = trim($_POST['pass']);
$user= "'$user1'";
$pass= "'$pass1'";


	if($user == '' or $pass == ''){
		$error = 'You forgot to enter your user_name and your password!';
	}else{
		$query = "SELECT * FROM users WHERE user_name = $user and pass = $pass";
		$params = array();
		$options =  array( "Scrollable" => SQLSRV_CURSOR_KEYSET );
		$r = sqlsrv_query ($database, $query, $params, $options);

		



$num = sqlsrv_num_rows($r);
		
		if ($num >0) {
		
while ($user_data = sqlsrv_fetch_array($r, SQLSRV_FETCH_ASSOC)) {
		
		
						
		$_SESSION['user_id'] 	= $user_data['user_id'];
		$_SESSION['user_name'] = $user_data['user_name'];
		$_SESSION['user_level'] = $user_data['user_level'];
		$_SESSION['user_rep'] 	= $user_data['rep'];}
 
			Header("Location: index.php"); 

		}else{
			$error = 'Wrong username or password!';

			
		}
	}
}




//template
include(TEMP_PATH.'login_tpl.php');


?>
<?php
//set ini
ini_set('session.gc_maxlifetime', 900);
if(!ini_get('session.auto_start')){
	session_start();
}
// include file
include ('config.php');

//include (LIB_PATH.'functions.php');

include(LIB_PATH.'sqlsrv_connect.php');

if(!$_SESSION['user_id']){
	Header("Location: login.php");
}

$database		

//template
include(TEMP_PATH.'index_tpl.php');
?>
<?php

date_default_timezone_set('America/Los_Angeles');

//config directory
define( 'DS', DIRECTORY_SEPARATOR );
define( 'DS', D );
define('SITE_PATH', dirname(__FILE__) . DS);
define('LIB_PATH', SITE_PATH . 'lib' . DS);
define('TEMP_PATH', SITE_PATH . 'templates' . DS);

define('SO_PER_PAGE',20);

?>
user_id|s:1:"6";user_name|s:2:"EM";user_level|s:1:"1";user_rep|s:0:"";

Unfortunately, there are much worse problems than the 500 error. Instead of trying to debug this, I'd rather throw away the code, learn PHP and start from scratch.

 

Sorry for being so harsh, but you appearently had a very, very bad teacher. Where do I start?

  • If you happily drop any user input into your query strings, then you invite the whole world to change the queries and see what they can find in your database. They'll start with the plaintext passwords of your users.
  • Plaintext passwords? Seriously?
  • Removing spaces from the password is not a good idea. They are actually significant.
  • How could $user or $password ever be empty when you've defined them as "'$user1'" and "'$pass1'"? A string with single quotes isn't empty. Why you would add quotes at this point is beyond me.
  • Why do you have a loop for fetching all users with the provided username? Shouldn't there be at most one user per name?
  • If you don't stop the script after doing a redirect, then it happily keeps running. That's probably not what you want and can lead to major security issues.
  • There's absolutely no session security. However, I do admit that PHP sessions are difficult to handle for beginners.
  • ...
  • Like 1
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.