Jump to content

Login not working properly. Access denied despite correct usename/password


Recommended Posts

Yep, it's me again. I just seem to be drowning in php problems lately.

 

I have a user registration and login system. I can register just fine and it works well, but when I try to login with my new username and password it gives me an "access denied" saying the info is invalid.

 

I haven't a clue how to go about resolving this. It seems like everything is working fine but apparently it's not.

 

This is the code for the register page. Can anyone spot anything that's wrong? Any suggestions? (I do google as much as possible before coming here, but I can't seem to find an answer for this. Thanks in advance for any help)

 

<?php

include ("".$_SERVER['DOCUMENT_ROOT']."/phprentals/includes/config.php");

$fname = addslashes(strip_tags($_POST['fname']));
$lname = addslashes(strip_tags($_POST['lname']));
$add = addslashes(strip_tags($_POST['add']));
$addtwo = addslashes(strip_tags($_POST['addone']));
$city = addslashes(strip_tags($_POST['city']));
$state = addslashes(strip_tags($_POST['state']));
$zip = addslashes(strip_tags($_POST['zip']));
$email = addslashes(strip_tags($_POST['email']));
$phone = addslashes(strip_tags($_POST['phone']));


if (!$fname || !$lname || !$add || !$city || !$state || !$zip || !$phone || !$email) {
    echo "Error!! You have not entered the following field(s).Hit back and try again<br>\n";

    $fields_to_validate = array('fname', 'lname', 'add', 'city', 'state', 'zip', 'phone', 'email');
    // validate above fields.
    $field_display_value = array('First Name', 'Last Name', 'Address', 'City', 'State', 'Zip', 'Telephone', 'Email');
    // if the field is not set then show the above display value.
    echo "<ul>\n";

    for($a = 0;$a < count($fields_to_validate);$a++) {
        // loop through fields and check whether that has been set or not.
        if (!${$fields_to_validate[$a]}) {

            echo "<li><font color=\"#FF0000\">$field_display_value[$a]</font>\n";
        } 
    } 
    echo "</ul>\n";
} else {

//Select statement detects if another user matches
$sql = "SELECT COUNT(*) FROM users WHERE email = '$email'";
    $result = mysql_query($sql);
    if (!$result) {	
echo "A database error occurred";
    }
//Code here inserts if customer has already been in
if (mysql_result($result,0,0)>0) 	
{ 
echo "You have already registered. If you have forgotten your login details please <a href=\"lostpwd.php\">go here</a> to retrieve it.";
}else {

    // password generation
$length="8";
$newpass = substr(md5(uniqid(rand(), true)), 0, $length);
    $newpassinst = md5("$newpass");

    // db insert and redirection
    mysql_query ("INSERT INTO landlords (fname, lname, phone) VALUES ('$fname', '$lname', '$phone')");
    
$idsql = "SELECT * FROM landlords WHERE fname='$fname' and lname='$lname'";
//echo "$idsql";
$result2 = mysql_query($idsql)
or die ("Query failed");
while ($row2 = mysql_fetch_array($result2))
{
$llid=$row2["lid"];
}

    mysql_query ("INSERT INTO users (llid, fname, lname, email, addone, addtwo, city, state, zip, phone, passwd, tdate) VALUES ('$llid', '$fname', '$lname', '$email', '$add', '$addtwo', '$city', '$state', '$zip', '$phone', '$newpassinst', NOW()) ");
    
// mail password to user

    mail("$email", "$emailsubject", "Dear $fname $lname,
Thank you for registering. Below you will find your username and password that will let you log in and begin to enter
rental listings.

Username: $email
Password: $newpass


", "FROM:$owneremail");

// thankyou page
header("Location: http://$domain/phprentals/html/postregister.php");
}} 
?>

Link to comment
Share on other sites

I didn't write the scipt, so I'm not sure of where to find it. This was a prewritten package that I downloaded and now it's not working. And there is no support.

 

I was looking over the files and I noticed that the "md5" file is blank. However this part of the code that I posted above

 // password generation
$length="8";
$newpass = substr(md5(uniqid(rand(), true)), 0, $length);
    $newpassinst = md5("$newpass");

above has md5 in it. Could that be the problem?

 

 

ETA: I think this might be the login code you asked to see. I could be wrong though.

 

?php include ("".$_SERVER['DOCUMENT_ROOT']."/phprentals/includes/accesscontrol.php"); ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">

</HEAD>
<BODY NOF="(MB=(DefaultMasterBorder, 0, 0, 0, 0), L=(protectedLayout, 600, 237))" BGCOLOR="#FFFFFF" TEXT="#000000" TOPMARGIN=0 LEFTMARGIN=0 MARGINWIDTH=0 MARGINHEIGHT=0>

<?
include ("".$_SERVER['DOCUMENT_ROOT']."/phprentals/includes/header.php");
?>
<CENTER>

    <TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 NOF=LY>
        <TR VALIGN=TOP ALIGN=LEFT>
            <TD WIDTH=600>
                <TABLE ID="Table1" BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH="100%">
                    <TR>
                        <TD WIDTH=594>
                            <P> </P>
                        </TD>
                    </TR>
                    <TR>
                        <TD WIDTH=594>
                            <P><B><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><U>Landlord Admin Area</U></FONT></B></P>
                            <P><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif">This is the landlord administration area. From here landlords can add new listings, edit/delete current listings. The delete button below has been disabled. The link to "Edit" a listing will allow you to edit a listing, but it will not be changed in our database.</FONT></P>
                            <UL>
                                <LI><A HREF="/phprentals/landlords/addlisting.php"><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif">Add A New Listing</FONT></A></LI>
                            </UL>
                            <P> </P>
                        </TD>
                    </TR>
                    <TR>
                        <TD WIDTH=594 BGCOLOR="#FFFFCC">
                            <P ALIGN=CENTER><B><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif">Your Listings</FONT></B></P>
                        </TD>
                    </TR>
                    <TR>
<table width="600" border=0 cellpadding=2 cellspacing=0>
<TR bgcolor="#cccccc"><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>Rental Type</TD><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>Address</TD><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>List Date</TD><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>City</TD><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>Edit</TD><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>Delete</TD></TR>
<?php

include ("".$_SERVER['DOCUMENT_ROOT']."/phprentals/includes/config.php");
$_SESSION['uid'] = $uid; 
$_SESSION['pwd'] = $pwd;


$rst=mysql_query("SELECT * FROM users WHERE email='$uid' and passwd='$pwd'");
if ($row = mysql_fetch_array($rst))
{
$llid=$row["llid"];
}
if (!$llid) {
echo "Database Error";
}

$query=mysql_query("SELECT * FROM listings WHERE llid='$llid'");
while ($row = mysql_fetch_array($query))
{
$tdate = $row["listdate"];
$tdate = explode("-", $tdate);
$year = $tdate[0];
$month = $tdate[1];
$day = $tdate[2];

echo "<TR><TD><FONT SIZE=\"-1\" FACE=\"Arial,Helvetica,Geneva,Sans-serif,sans-serif\">";
echo $row["rtype"];
echo "</TD><TD><FONT SIZE=\"-1\" FACE=\"Arial,Helvetica,Geneva,Sans-serif,sans-serif\">";
echo $row["addone"];
echo "</TD><TD><FONT SIZE=\"-1\" FACE=\"Arial,Helvetica,Geneva,Sans-serif,sans-serif\">";
echo "$month-$day-$year";
echo "</TD><TD><FONT SIZE=\"-1\" FACE=\"Arial,Helvetica,Geneva,Sans-serif,sans-serif\">";
echo $row["city"];
echo "</TD><TD><FONT SIZE=\"-1\" FACE=\"Arial,Helvetica,Geneva,Sans-serif,sans-serif\"><a href=\"editlisting.php?id=".$row["rid"]."\">Edit Listing</a></TD>";
echo "<TD valign=\"middle\"><form action=\"deleteconfirm.php\" method=POST><input type=hidden name=rid value=\"".$row["rid"]."\"><input type=submit value=Delete></TD>";
echo "</TR>";
}

?>
</form>
                        <TD>
                            <P> </P>
                        </TD>
                    </TR>
                </TABLE>
            </TD>
        </TR>
    </TABLE>

<BR><BR>
<?
include ("".$_SERVER['DOCUMENT_ROOT']."/phprentals/includes/footer.php");
?>

</BODY>
</HTML>

 

Link to comment
Share on other sites

i don't see any login section on this page.  Please see and drill down your entire package to find out login.

 

definately there is something login, Otherwise right click on the file in your browser and view source code and atleast by that we would be able to figure out something for you.

 

regards,

 

Link to comment
Share on other sites

This is the source code for the login page. Hopefully you can see something there that I'm missing.

 

  <html>
  <head>
  <title> Please Log In for Access </title>
  </head>
<body>
  <table align=center width=300 border=0 cellspacing=0 cellpadding=0 bgcolor="#2f4f4f">
  <tr><td>
   <table border=0 width=100% cellspacing=1 cellpadding=1>
    <form action="/phprentals/landlords/index.php" method=POST>

    <tr><td BGCOLOR="#2f4f4f"><FONT SIZE="-1" FACE="Verdana,Tahoma,Arial,Helvetica,sans-serif" COLOR="#FFFFFF">
    <B>Please Log In For Access:</B>
    </td></tr>
    <tr><td BGCOLOR="#c7c7c7"><FONT SIZE="-1" FACE="Verdana,Tahoma,Arial,Helvetica,sans-serif">
You must log in to access this area of the site.
     </td></tr>
    <tr>
     <td BGCOLOR="#fffff0">
      <table width=100% border=0 cellspacing=0 cellpadding=0>

    <tr>
     <td><FONT SIZE="-1" FACE="Verdana,Tahoma,Arial,Helvetica,sans-serif">Email Address:</td>
     <td><input type=text name="uid" size="20" value=""></td>
    </tr>
        <tr>
     <td><FONT SIZE="-1" FACE="Verdana,Tahoma,Arial,Helvetica,sans-serif">Password:</td>
     <td><input type=password name="pwd" size="20"></td>
    </tr>

    <tr>
     <td colspan=2 align=center>
      <input type=submit name="Login" value="Login">
     </td>
    </tr>
    </form>
      </table>
     </td>
    </tr>

   </table>
  </td></tr>
</table>
  </body>
  </html>
  

Link to comment
Share on other sites

Here's index.php from the landlords folder. I also have another index.php for the main page of the site but that doesn't have anything to do with logging in.

 

<?php include ("".$_SERVER['DOCUMENT_ROOT']."/phprentals/includes/accesscontrol.php"); ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">

</HEAD>
<BODY NOF="(MB=(DefaultMasterBorder, 0, 0, 0, 0), L=(protectedLayout, 600, 237))" BGCOLOR="#FFFFFF" TEXT="#000000" TOPMARGIN=0 LEFTMARGIN=0 MARGINWIDTH=0 MARGINHEIGHT=0>

<?
include ("".$_SERVER['DOCUMENT_ROOT']."/phprentals/includes/header.php");
?>
<CENTER>

    <TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 NOF=LY>
        <TR VALIGN=TOP ALIGN=LEFT>
            <TD WIDTH=600>
                <TABLE ID="Table1" BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH="100%">
                    <TR>
                        <TD WIDTH=594>
                            <P> </P>
                        </TD>
                    </TR>
                    <TR>
                        <TD WIDTH=594>
                            <P><B><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><U>Landlord Admin Area</U></FONT></B></P>
                            <P><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif">This is the landlord administration area. From here landlords can add new listings, edit/delete current listings. </FONT></P>
                            <UL>
                                <LI><A HREF="/phprentals/landlords/addlisting.php"><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif">Add A New Listing</FONT></A></LI>
                            </UL>
                            <P> </P>
                        </TD>
                    </TR>
                    <TR>
                        <TD WIDTH=594 BGCOLOR="#FFFFCC">
                            <P ALIGN=CENTER><B><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif">Your Listings</FONT></B></P>
                        </TD>
                    </TR>
                    <TR>
<table width="600" border=0 cellpadding=2 cellspacing=0>
<TR bgcolor="#cccccc"><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>Rental Type</TD><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>Address</TD><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>List Date</TD><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>City</TD><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>Edit</TD><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>Delete</TD></TR>
<?php

include ("".$_SERVER['DOCUMENT_ROOT']."/phprentals/includes/config.php");
$_SESSION['uid'] = $uid; 
$_SESSION['pwd'] = $pwd;


$rst=mysql_query("SELECT * FROM users WHERE email='$uid' and passwd='$pwd'");
if ($row = mysql_fetch_array($rst))
{
$llid=$row["llid"];
}
if (!$llid) {
echo "Database Error";
}

$query=mysql_query("SELECT * FROM listings WHERE llid='$llid'");
while ($row = mysql_fetch_array($query))
{
$tdate = $row["listdate"];
$tdate = explode("-", $tdate);
$year = $tdate[0];
$month = $tdate[1];
$day = $tdate[2];

echo "<TR><TD><FONT SIZE=\"-1\" FACE=\"Arial,Helvetica,Geneva,Sans-serif,sans-serif\">";
echo $row["rtype"];
echo "</TD><TD><FONT SIZE=\"-1\" FACE=\"Arial,Helvetica,Geneva,Sans-serif,sans-serif\">";
echo $row["addone"];
echo "</TD><TD><FONT SIZE=\"-1\" FACE=\"Arial,Helvetica,Geneva,Sans-serif,sans-serif\">";
echo "$month-$day-$year";
echo "</TD><TD><FONT SIZE=\"-1\" FACE=\"Arial,Helvetica,Geneva,Sans-serif,sans-serif\">";
echo $row["city"];
echo "</TD><TD><FONT SIZE=\"-1\" FACE=\"Arial,Helvetica,Geneva,Sans-serif,sans-serif\"><a href=\"editlisting.php?id=".$row["rid"]."\">Edit Listing</a></TD>";
echo "<TD valign=\"middle\"><form action=\"deleteconfirm.php\" method=POST><input type=hidden name=rid value=\"".$row["rid"]."\"><input type=submit value=Delete></TD>";
echo "</TR>";
}

?>
</form>
                        <TD>
                            <P> </P>
                        </TD>
                    </TR>
                </TABLE>
            </TD>
        </TR>
    </TABLE>

<BR><BR>
<?
include ("".$_SERVER['DOCUMENT_ROOT']."/phprentals/includes/footer.php");
?>

</BODY>
</HTML>

Link to comment
Share on other sites

I don't know where you got this package from...but you should be looking for a better one.

 

A few reasons:

1) The package outputs HTML sometimes before any PHP code...this can cause header errors unless output_buffering is on, which causes more system memory to be used.

2) The package (if it's is as it appears) stores the user's password in a session.

3) The package has no checks for any previous calls to addslashes() or magic quotes.  When the line: addslashes(strip_tags($_POST['fname'])) is executed, $fname may look something like "Some Name L\\\'ast name" when it could just as easily look like: "Some Name L\'ast name".

4) The HTML in itself looks very sloppy.

 

That's just what I thought of now...I'm sure there are plenty of other reasons not to use this.  Surely you can find what you're looking for on http://hotscripts.com.  They have plenty of portal/account sites

Link to comment
Share on other sites

I found this on hotscripts. lol I agree that it's not the best but it was the only free one I could find that even remotly did what I wanted. I need something were people can list their own house rentals and others can browse them.

 

All others packages that have those features on hotscripts are not free. (I know you get what you pay for, but I'm not in the position to spend hundreds right now, so I thought I could try and make this work)

 

Yes, the user appears in the database.

 

Any other thoughts about what might be going wrong?

Link to comment
Share on other sites

its better to just write your own that way if there are any errors you will know how to fix it. :) all you have to do is create a form then create some php code that checks what was input into the form to what is in the database. it if matches then set a cookie with their username or some rand() number. Any info only for registered members that are logged in just use this:

 


if (isset($_COOKIE['test'])) {

// Logged in users only code here.

}

 

 

Link to comment
Share on other sites

Thanks for the reply, but I'm not able to write my own yet, I'm very new to php. I understand the very basics but writing code is not in my skill level yet.

 

Are you saying I can use what you provided to make my login work? If so, where do I put it? And it looks so short, will that really do the trick?

Link to comment
Share on other sites

here you can use my code: (both are in the same script)

 

Your login form:

 


echo "<table align=\"center\" valign=\"top\" cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"100%\" height=\"35\">";
	echo "<form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"POST\">";
	echo "<tr>";
	echo "<td align=\"left\" width=\"20%\" height=\"35\">Username:  </td>";
	echo "<td align=\"left\" width=\"20%\" height=\"35\"><input type=\"text\" name=\"username\" size=\"10\"></td>";
	echo "<td align=\"left\" width=\"20%\" height=\"35\">Password:  </td>";
	echo "<td align=\"left\" width=\"20%\" height=\"35\"><input type=\"password\" name=\"password\" size=\"10\"></td>";
	echo "<td align=\"left\" width=\"20%\" height=\"35\">  <input type=\"submit\" name=\"submit\" value=\"Login\"></td>";
	echo "</tr>";
	echo "</form>";
	echo "</table>";

 

the code that processes this info from the form and sets the cookies IF the info from the form matches the info in the MySQL DB:

 


if (isset($_POST['username']) && isset($_POST['password'])) { // checks to see if the form was filled out

	eh(); // my DB function to connect to the DB...make your own connection here

	$chkuser = $_POST['username'];
	$chkpass = md5($_POST['password']);

	$check = mysql_query("SELECT uname, pass, adcheck, adstatus FROM users WHERE uname = '$chkuser' AND pass = '$chkpass'") or die("Problem in login function.");
	$row = mysql_fetch_array($check) or die("Could not fetch the row.");

	if ($chkuser == $row['uname'] && $chkpass == $row['pass']) { // compares the form's info to the info in the db and if it matches then it runs the code below:

		$chkuser = $_POST['username'];
		$sess = rand();
		$num = md5($sess);

		mysql_query("UPDATE users SET session = '$num' WHERE uname = '$chkuser' AND pass = '$chkpass'") or die("Could not update the login table.");

		setcookie("num", $num, time()+58060800, "/", $wbsite);
		setcookie("num", $num, time()+58060800, "/", $www);
		setcookie("user", $chkuser, time()+58060800, "/", $wbsite);
		setcookie("user", $chkuser, time()+58060800, "/", $www);




	}

Link to comment
Share on other sites

the columns in your table is like id, username, password, email... etc whatever you have in your table, my table is users with the columns uname, pass, adcheck, adstatus. Just change it to whatever you have in the table you are using to compare the info from the form. if you use 2 scripts change this:

 

action=\"" . $_SERVER['PHP_SELF'] . "\"

 

to this:

 

action=\"yournewscript.php\"

 

 

Link to comment
Share on other sites

the columns in your table is like id, username, password, email... etc whatever you have in your table, my table is users with the columns uname, pass, adcheck, adstatus.

Okay, I got that part now.

 

if you use 2 scripts change this:

 

Code:

 

action=\"" . $_SERVER['PHP_SELF'] . "\"

 

 

to this:

 

Code:

 

action=\"yournewscript.php\"

 

And I'm confused about this. Here's what I think I should be doing. Make a new file titled "login.php" and paste your code into it. Change the tables and columns to my own. Now what would I change that last part to? The name of my register file? And do I need to change anything in any other files so this will work?

 

I feel so dense. I'm sure this is quite simple I just can't wrap my brain around it. Getting there though. Thank you for helping me!

Link to comment
Share on other sites

if you use 2 scripts change this:

 

 

Code:

action=\"" . $_SERVER['PHP_SELF'] . "\"

to this:

 

 

Code:

action=\"yournewscript.php\"

 

action=\"yournewscript.php\" is the name of the script with the actual PHP code (not the form) Read about HTML forms to better understand this :) Hope this helps

Link to comment
Share on other sites

Honestly, if php is 'not in your skill level yet' then your on the wrong board. This is for people with problems creating scripts, not people that can't get other peoples code to work.

 

If you want to learn php do so.

Link to comment
Share on other sites

Honsestly, if php is 'not in your skill level yet' then your on the wrong board. This is for people with problems creating scripts, not people that can't get other peoples code to work.

 

If you want to learn php do so.

 

Gee, thanks so much for the help. I thought this was a forum for php help. I didn't realize you had to already be a 'coder' to ask a question. It's very easy for someone who already knows php to just say "go learn it", have you forgotten how it all looks like greek when you first begin? I AM trying to learn but it won't happen overnight.

 

So sorry for bothering you and thanks for being so nice in your reply to me. You won't have to worry about me clogging up your board with more questions.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.