Jump to content

Posting from 2 pages


andyd34

Recommended Posts

I have 2 pages

 

http://domain.domain.com

<?php
if(isset($_POST['Submit']) && $_POST['Submit'] == "Secure_Login")
{
$username = $_POST['username '];
$password = $_POST['password'];
$ip = $_POST['ip'];
$Submit = $_POST['Submit'];
$subDoamin = $_POST['subDomain '];

header("location:http://".$subDoamin.".domain.com/Login?username=$username&password=$password&ip=$ip&Submit=$Submit");
}
?>
<html>
<body>
<form>
 <input type="hidden" name="ip" value="<?=$_SERVER['REMOTE_ADDR']?>" />
 <input type="text" name="subDomain" />
 <input type="text" name="username" />
 <input type="password" name="password" />
 <button type="submit" name="Submit" value="Secure_Login">Login</button>
</form>
</body>
</html>

then i have

http://www.subdomain.domain.com

<?php
if(isset($_REQUEST['Submit']) && $_REQUEST['Submit'] == "Secure_Login")
{
$username = $_REQUEST['username '];
$password = $_REQUEST['password'];
$ip = $_REQUEST['ip'];
$Submit = $_REQUEST['Submit'];

// do login
}
?>
<html>
<body>
<form>
 <input type="hidden" name="ip" value="<?=$_SERVER['REMOTE_ADDR']?>" />
 <input type="text" name="username" />
 <input type="password" name="password" />
 <button type="submit" name="Submit" value="Secure_Login">Login</button>
</form>
</body>
</html>

Now the problem i am having is when trying to login from http://domain.domain.com i am getting the login screen of http://subdomain.domain.com instead of being logged in automatically

 

The reason for this is i have several subdimains and 1 mobile app and the mobile app directs to http://domain.domain.com so i dont have to get an app for each sun domain

 

Does anyone have any idea whats going wrong

Link to comment
Share on other sites

On the subdomain.domain.com page you've posted above, the code within the if condition ends with the comment

// do login

I'm assuming there is more code there that you left out for posting purposes. But, what exactly does that code do? Is there an exit or redirect at the end? If not, then the code will proceed on after the code block and display the login form.

 

But, assuming that the rest of that code is perfectly fine, then your problem is likely that the condition check to see if there was a submission is not returning true. Try putting this at the beginning of that page and see what is displayed to verify what data is passed/ received. 

var_dump($_REQUEST);
exit();

Of course, after I just typed all of that, I think I see your problem:

$username = $_REQUEST['username '];

There is a space at the end of the array index name - so there is no username for the code to access. This tells me that the logic to perform the login is faulty and is not reporting an error when no username is supplied (either unset or empty).

 

And here's another possible problem:

if(isset($_POST['Submit']) && $_POST['Submit'] == "Secure_Login")

The code is looking for a variable with the name Submit. However, your form uses a submit button not an input field with a type of submit. I didn't think buttons passed values. But, you shouldn't use the submit button to check if a form was posted anyway. You can check the $_SESSION['REQUEST_METHOD'] to see if a form was POSTed

Edited by Psycho
Link to comment
Share on other sites

Besides all that: Do not ever include passwords in a URL.

 

Not only will the plaintext passwords appear in all kinds of logs and be sent to any external link via the referrer header. The mechanism can also be used for a log-in CSRF attack where the attacker creates a dummy account on your site and then makes the victim use that account rather than their own:

https://www.yoursite.com/login?username=account_of_the_attacker&password=...

If the victim clicks on this URL (which may be hidden behind a short URL), the victim will unknowingly be logged in under the attacker's account and leave all kind of sensitive data while browsing your site.

 

So the URL is definitely the last place for a password. Instead, simply make the log-in form of your main domain post to the subdomain (via the action attribute).

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.