Jump to content

Can't login

hughesa1

By hughesa1
in PHP Coding Help

 Share
Go to solution Solved by QuickOldCar,

Recommended Posts

hughesa1 Newbie

hughesa1

Posted
Posted 
<html>
<head>
<title>Admin Panel</title>

<style>
	body {font-family:verdana; font-size:12; font-weight:bold; color:black; background-color:white}
	td  {font-family:verdana; font-size:12; font-weight:bold; color:black}
.style1 {
	font-size: 12px;
	font-weight: bold;
}
</style>

</head>

<body onLoad="document.f1.username1.focus();">
<!-- main table start here -->
<table width=761 height=500 align=center  border=0 bordercolor=black cellspacing=0 cellpadding=0>
<tr>
	<td align=center>

			<!-- second table start here -->
			<table width="757" border="0" cellspacing="0" cellpadding="0" height="100%" bgcolor=white>	 
			<tr>
				<td align=center>
					<form method="post" action="login.php" name="f1">
					<table align=center width=400 border=0 bordercolor=black cellspacing=0 cellpadding=5>
					<caption align=center><?=$MyError?></center>
					<tr bgcolor=#333333>
						
                  <td colspan=2 align=center bgcolor="#333333"><span class="style1"><font color="#FFFFFF">Site Admin Login </font></span></td>
					</tr>
					<tr bgcolor=#77D2FF>
						<td bgcolor="#FFFFFF">Username: <font size="1"> </font></td>
						<td bgcolor="#FFFFFF"><input type="text" name="username1" maxlength="20"></td>
					</tr>

					<tr bgcolor=#77D2FF>
						<td bgcolor="#FFFFFF">Password: <font size="1"> </font></td>
						<td bgcolor="#FFFFFF"><input type="password" name="password1" maxlength="20"></td>
					</tr>
					</table>
			
					<br>

						<center>
							<input type="submit" name="s2" value="Login" style="background-color:#6598CD; font-size:11; color:black; font-family:verdana, arial; font-weight:bold; border-width:1; border-color:#333333">
						</center>

					</form>
		
			</table>
			<!-- second table end here -->
	</td>
</tr>
</table>

<!-- main table end here -->

<?
require_once("../conn.php");

if(isset($_POST[s2]))
{
	$MyUsername1 = strip_tags($_POST[username1]);
	$MyPassword1 = strip_tags($_POST[password1]);
	
	if(empty($MyUsername1) || empty($MyPassword1))
	{
		$MyError = "<center><font color=red size=2 face=verdana><b>All fields are required!</b></font></center>";
	}
	else
	{
		//check the login info if exists
		$q1 = "select * from re2_admin where AdminID = '$MyUsername1' and AdminPass = '$MyPassword1' ";
		$r1 = mysql_query($q1);

		if(!$r1)
		{
			echo mysql_error();
			header("Location:error1.php");
			exit();
		}
		else
		{
			if(mysql_num_rows($r1) == '1')
			{
			$a1 = mysql_fetch_array($r1);
			$_SESSION[AdminID] = $MyUsername1;
			$_SESSION[AdminEmail] = $a1[AdminEmail];
			$_SESSION[AdminName] = $a1[AdminName];
		
			header("location:index.php");
			exit();
			}
		}
	}
}

?>

I have listed the HTML then the PHP. In the actual file, the PHP comes before the HTML.

 

I have a script I sell over again. I have installed it many times. The script has a 'site admin' backend to manage the site from. The default user and password to login to the script is 'admin.' It works everytime. But I installed it last night for a customer on their host and 'admin' does not work. I checked PHPMyAdmin to see if that was the username/password in there and it is.

 

I would much appreciate your help in solving this. I am guessing the fact that my script is very old has something to do with it.

 

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/294267-cant-login/
Share on other sites
cyberRobot Prolific Member

cyberRobot

Posted
Posted

If QuickOldCar's suggestion doesn't work...are you getting any errors? Are PHP errors and warning being displayed? Note that you can add the following to the top of your script to show them:

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>
Of course, you'll want to remove the above code once you are done debugging.

 

 

Also, if you're not doing so already, you'll want to look into preventing SQL injection attacks. One way is to use mysql_real_escape_string():

http://php.net/manual/en/function.mysql-real-escape-string.php

Link to comment
https://forums.phpfreaks.com/topic/294267-cant-login/#findComment-1504352
Share on other sites
Tom8001 Member

Tom8001

Posted
Posted

password hashing is encrypting your database passwords so if a hacker uses SQL Injection to display confidential information the web page from your database the passwords will not display as the normal password for example $2y$12$QjSH496pcT5CEbzjD/vtVeH03tfHKFy36d4J0Ltp3lRtee9HDxY3K That's what the password would look like but it depends on the algorithms you use. 

 

Example:

<?php

//Get values
$username = $_POST['username'];
$password = $_POST['password'];

//Hash the password
$password = hash('md5', $password);

?>

Now obviously you would have to use escape string and strip tags on the two variables, but that is just an example do not use md5 it's too common and it's the easiest to decrypt

 

You can display a list of algorithms on a webpage and pick one.

<?php

print_r(hash_algos());

?>
Link to comment
https://forums.phpfreaks.com/topic/294267-cant-login/#findComment-1504377
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.