blui Posted April 1, 2007 Share Posted April 1, 2007 Hi, I have a login script that is designed so should someone try and bypass the login screen you are redirected back to it (that parts fine) on entering the correct username and password and submmitted you should be sent back to your originally requested page, but it just refreshes the same page with no content. Any advice would be greatly welcome, Thanks blui so try and go to - http://www.scarboroughwebsitedesign.com/watertonpark/addphoto.php you should be redirected to here - http://www.scarboroughwebsitedesign.com/watertonpark/adminloginstart.php The username is Paul The password is daleragu the code is here - <?php session_start(); ob_start(); session_register('logged'); // add single quotes to avoid the constant stuff. $_SESSION['logged'] = 0; ?> <? $redirect = isset($_POST['redirect'])?$_POST['redirect']:null; // added a check here to avoid the index error. also changed to POST. if (isset($_POST['submit'])) { if ($_POST['username'] == "Paul" && $_POST['password'] == "daleragu")// replace this logic with authorization from mysql if needed {//if it gets to this point, the authorization is correct, the we can redirect with the header 3 lines down $redirect = $_POST['redirect']; $_SESSION['logged'] = 1; header ("Location: $redirect"); } else { ?> <html> <head> <title>Upload Image Page</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- ImageReady Preload Script (paul1.psd) --> <script type="text/javascript"> <!-- function newImage(arg) { if (document.images) { rslt = new Image(); rslt.src = arg; return rslt; } } function changeImages() { if (document.images && (preloadFlag == true)) { for (var i=0; i<changeImages.arguments.length; i+=2) { document[changeImages.arguments].src = changeImages.arguments[i+1]; } } } var preloadFlag = false; function preloadImages() { if (document.images) { accommodation_over = newImage("images/accommodation-over.gif"); conference_over = newImage("images/conference-over.gif"); golf_over = newImage("images/golf-over.gif"); weddings_over = newImage("images/weddings-over.gif"); christmas_over = newImage("images/christmas-over.gif"); leisure_over = newImage("images/leisure-over.gif"); restaurant_over = newImage("images/restaurant-over.gif"); special_over = newImage("images/special-over.gif"); contact_over = newImage("images/contact-over.gif"); preloadFlag = true; } } // --> </script> <!-- End Preload Script --> <style type="text/css"> <!-- body { background-color: #c3bda3; } .h1 { font-family: Verdana; font-size: 14px; font-weight: bold; } .bodytext { font-family: Verdana; font-size: 10px; } .h2 { font-family: Verdana; color: #FFFFFF; } .style3 {color: #F2EFE4} .style5 { color: #F2EFE4; font-family: Verdana; font-size: 11px; } --> </style></head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" onLoad="preloadImages();"> <!-- ImageReady Slices (paul1.psd) --> <table width="864" height="560" border="0" align="center" cellpadding="0" cellspacing="0" id="Table_01"> <tr> <td width="7" rowspan="3" background="images/paul1_01.gif"> </td> <td colspan="9"> <img src="images/header.gif" width="850" height="115" alt=""></td> <td width="7" rowspan="3" background="images/paul1_03.gif"> </td> </tr> <tr> <td> <a href="#" onmouseover="changeImages('accommodation', 'images/accommodation-over.gif'); return true;" onmouseout="changeImages('accommodation', 'images/accommodation.gif'); return true;" onmousedown="changeImages('accommodation', 'images/accommodation-over.gif'); return true;" onmouseup="changeImages('accommodation', 'images/accommodation-over.gif'); return true;"> <img name="accommodation" src="images/accommodation.gif" width="157" height="22" border="0" alt=""></a></td> <td> <a href="#" onmouseover="changeImages('conference', 'images/conference-over.gif'); return true;" onmouseout="changeImages('conference', 'images/conference.gif'); return true;" onmousedown="changeImages('conference', 'images/conference-over.gif'); return true;" onmouseup="changeImages('conference', 'images/conference-over.gif'); return true;"> <img name="conference" src="images/conference.gif" width="118" height="22" border="0" alt=""></a></td> <td> <a href="#" onmouseover="changeImages('golf', 'images/golf-over.gif'); return true;" onmouseout="changeImages('golf', 'images/golf.gif'); return true;" onmousedown="changeImages('golf', 'images/golf-over.gif'); return true;" onmouseup="changeImages('golf', 'images/golf-over.gif'); return true;"> <img name="golf" src="images/golf.gif" width="83" height="22" border="0" alt=""></a></td> <td> <a href="#" onmouseover="changeImages('weddings', 'images/weddings-over.gif'); return true;" onmouseout="changeImages('weddings', 'images/weddings.gif'); return true;" onmousedown="changeImages('weddings', 'images/weddings-over.gif'); return true;" onmouseup="changeImages('weddings', 'images/weddings-over.gif'); return true;"> <img name="weddings" src="images/weddings.gif" width="61" height="22" border="0" alt=""></a></td> <td> <a href="#" onmouseover="changeImages('christmas', 'images/christmas-over.gif'); return true;" onmouseout="changeImages('christmas', 'images/christmas.gif'); return true;" onmousedown="changeImages('christmas', 'images/christmas-over.gif'); return true;" onmouseup="changeImages('christmas', 'images/christmas-over.gif'); return true;"> <img name="christmas" src="images/christmas.gif" width="64" height="22" border="0" alt=""></a></td> <td> <a href="#" onmouseover="changeImages('leisure', 'images/leisure-over.gif'); return true;" onmouseout="changeImages('leisure', 'images/leisure.gif'); return true;" onmousedown="changeImages('leisure', 'images/leisure-over.gif'); return true;" onmouseup="changeImages('leisure', 'images/leisure-over.gif'); return true;"> <img name="leisure" src="images/leisure.gif" width="98" height="22" border="0" alt=""></a></td> <td> <a href="#" onmouseover="changeImages('restaurant', 'images/restaurant-over.gif'); return true;" onmouseout="changeImages('restaurant', 'images/restaurant.gif'); return true;" onmousedown="changeImages('restaurant', 'images/restaurant-over.gif'); return true;" onmouseup="changeImages('restaurant', 'images/restaurant-over.gif'); return true;"> <img name="restaurant" src="images/restaurant.gif" width="71" height="22" border="0" alt=""></a></td> <td> <a href="#" onmouseover="changeImages('special', 'images/special-over.gif'); return true;" onmouseout="changeImages('special', 'images/special.gif'); return true;" onmousedown="changeImages('special', 'images/special-over.gif'); return true;" onmouseup="changeImages('special', 'images/special-over.gif'); return true;"> <img name="special" src="images/special.gif" width="83" height="22" border="0" alt=""></a></td> <td> <a href="#" onmouseover="changeImages('contact', 'images/contact-over.gif'); return true;" onmouseout="changeImages('contact', 'images/contact.gif'); return true;" onmousedown="changeImages('contact', 'images/contact-over.gif'); return true;" onmouseup="changeImages('contact', 'images/contact-over.gif'); return true;"> <img name="contact" src="images/contact.gif" width="115" height="22" border="0" alt=""></a></td> </tr> <tr> <td height="423" colspan="9" align="center" valign="middle" bgcolor="#F2EFE4"><table width="850" height="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="180" align="center"><table id="Table_01" width="160" height="403" border="0" cellpadding="0" cellspacing="0"> <tr> <td height="250"><img src="images/index1.gif" width="160" height="250" alt="1"></td> </tr> <tr bgcolor="#F2EFE4"> <td height="5"><img src="images/background.jpg" width="1" height="1" alt="1"></td> </tr> <tr class="h2"> <td height="25" bgcolor="#524535"><span class="style3">Check Availability </span></td> </tr> <tr bgcolor="#F2EFE4"> <td height="5"><img src="images/background.jpg" width="1" height="1" alt="1"></td> </tr> <tr class="h2"> <td height="25" bgcolor="#8C6E50">Virtual Tour </td> </tr> <tr bgcolor="#F2EFE4"> <td height="5"><img src="images/background.jpg" width="1" height="1" alt="1"></td> </tr> <tr class="h2"> <td height="25" bgcolor="#A88D6F">Guy Fawkes York </td> </tr> <tr> <td height="5"><img src="images/background.jpg" width="1" height="1" alt="1"></td> </tr> <tr> <td><img src="images/indexthumbs.gif" width="160" height="65" alt="1"></td> </tr> </table></td> <td><table width="670" height="409" border="0" cellpadding="0" cellspacing="0"> <tr> <td colspan="2" align="left" valign="top" class="h1">Admin Login Area</td> </tr> <tr> <td height="389" align="left" valign="top" class="bodytext"><p><table width="250" border="0" align="center" cellpadding="5" cellspacing="0" class="h3"> Invalid Username and/or Password<br> <form action="adminloginstart.php" method="post"> <input type="hidden" name="redirect" value="<? echo $redirect; ?>"> Username: <input type="text" name="username"><br> Password: <input type="password" name="password"><br> <input type="submit" name="submit" value="Login"> </form> </table><br> </td> <td width="180" height="389" align="center" valign="top"><br> <img src="images/heli.jpg" alt="" width="160" height="120"><br> <br> <img src="images/heli.jpg"></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td background="images/paul1_01.gif"> </td> <td colspan="9" align="center" valign="middle" bgcolor="#524535"><span class="style5">Best Western Waterton Park Hotel, Walton Hall, Walton, Wakefield, West Yorkshire, WF2 6PW, Telephone 01924 257911</span></td> <td background="images/paul1_03.gif"> </td> </tr> </table> <!-- End ImageReady Slices --> <? } } else { ?> <html> <head> <title>Upload Image Page</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- ImageReady Preload Script (paul1.psd) --> <script type="text/javascript"> <!-- function newImage(arg) { if (document.images) { rslt = new Image(); rslt.src = arg; return rslt; } } function changeImages() { if (document.images && (preloadFlag == true)) { for (var i=0; i<changeImages.arguments.length; i+=2) { document[changeImages.arguments].src = changeImages.arguments[i+1]; } } } var preloadFlag = false; function preloadImages() { if (document.images) { accommodation_over = newImage("images/accommodation-over.gif"); conference_over = newImage("images/conference-over.gif"); golf_over = newImage("images/golf-over.gif"); weddings_over = newImage("images/weddings-over.gif"); christmas_over = newImage("images/christmas-over.gif"); leisure_over = newImage("images/leisure-over.gif"); restaurant_over = newImage("images/restaurant-over.gif"); special_over = newImage("images/special-over.gif"); contact_over = newImage("images/contact-over.gif"); preloadFlag = true; } } // --> </script> <!-- End Preload Script --> <style type="text/css"> <!-- body { background-color: #c3bda3; } .h1 { font-family: Verdana; font-size: 14px; font-weight: bold; } .bodytext { font-family: Verdana; font-size: 10px; } .h2 { font-family: Verdana; color: #FFFFFF; } .style3 {color: #F2EFE4} .style5 { color: #F2EFE4; font-family: Verdana; font-size: 11px; } --> </style></head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" onLoad="preloadImages();"> <!-- ImageReady Slices (paul1.psd) --> <table width="864" height="560" border="0" align="center" cellpadding="0" cellspacing="0" id="Table_01"> <tr> <td width="7" rowspan="3" background="images/paul1_01.gif"> </td> <td colspan="9"> <img src="images/header.gif" width="850" height="115" alt=""></td> <td width="7" rowspan="3" background="images/paul1_03.gif"> </td> </tr> <tr> <td> <a href="#" onmouseover="changeImages('accommodation', 'images/accommodation-over.gif'); return true;" onmouseout="changeImages('accommodation', 'images/accommodation.gif'); return true;" onmousedown="changeImages('accommodation', 'images/accommodation-over.gif'); return true;" onmouseup="changeImages('accommodation', 'images/accommodation-over.gif'); return true;"> <img name="accommodation" src="images/accommodation.gif" width="157" height="22" border="0" alt=""></a></td> <td> <a href="#" onmouseover="changeImages('conference', 'images/conference-over.gif'); return true;" onmouseout="changeImages('conference', 'images/conference.gif'); return true;" onmousedown="changeImages('conference', 'images/conference-over.gif'); return true;" onmouseup="changeImages('conference', 'images/conference-over.gif'); return true;"> <img name="conference" src="images/conference.gif" width="118" height="22" border="0" alt=""></a></td> <td> <a href="#" onmouseover="changeImages('golf', 'images/golf-over.gif'); return true;" onmouseout="changeImages('golf', 'images/golf.gif'); return true;" onmousedown="changeImages('golf', 'images/golf-over.gif'); return true;" onmouseup="changeImages('golf', 'images/golf-over.gif'); return true;"> <img name="golf" src="images/golf.gif" width="83" height="22" border="0" alt=""></a></td> <td> <a href="#" onmouseover="changeImages('weddings', 'images/weddings-over.gif'); return true;" onmouseout="changeImages('weddings', 'images/weddings.gif'); return true;" onmousedown="changeImages('weddings', 'images/weddings-over.gif'); return true;" onmouseup="changeImages('weddings', 'images/weddings-over.gif'); return true;"> <img name="weddings" src="images/weddings.gif" width="61" height="22" border="0" alt=""></a></td> <td> <a href="#" onmouseover="changeImages('christmas', 'images/christmas-over.gif'); return true;" onmouseout="changeImages('christmas', 'images/christmas.gif'); return true;" onmousedown="changeImages('christmas', 'images/christmas-over.gif'); return true;" onmouseup="changeImages('christmas', 'images/christmas-over.gif'); return true;"> <img name="christmas" src="images/christmas.gif" width="64" height="22" border="0" alt=""></a></td> <td> <a href="#" onmouseover="changeImages('leisure', 'images/leisure-over.gif'); return true;" onmouseout="changeImages('leisure', 'images/leisure.gif'); return true;" onmousedown="changeImages('leisure', 'images/leisure-over.gif'); return true;" onmouseup="changeImages('leisure', 'images/leisure-over.gif'); return true;"> <img name="leisure" src="images/leisure.gif" width="98" height="22" border="0" alt=""></a></td> <td> <a href="#" onmouseover="changeImages('restaurant', 'images/restaurant-over.gif'); return true;" onmouseout="changeImages('restaurant', 'images/restaurant.gif'); return true;" onmousedown="changeImages('restaurant', 'images/restaurant-over.gif'); return true;" onmouseup="changeImages('restaurant', 'images/restaurant-over.gif'); return true;"> <img name="restaurant" src="images/restaurant.gif" width="71" height="22" border="0" alt=""></a></td> <td> <a href="#" onmouseover="changeImages('special', 'images/special-over.gif'); return true;" onmouseout="changeImages('special', 'images/special.gif'); return true;" onmousedown="changeImages('special', 'images/special-over.gif'); return true;" onmouseup="changeImages('special', 'images/special-over.gif'); return true;"> <img name="special" src="images/special.gif" width="83" height="22" border="0" alt=""></a></td> <td> <a href="#" onmouseover="changeImages('contact', 'images/contact-over.gif'); return true;" onmouseout="changeImages('contact', 'images/contact.gif'); return true;" onmousedown="changeImages('contact', 'images/contact-over.gif'); return true;" onmouseup="changeImages('contact', 'images/contact-over.gif'); return true;"> <img name="contact" src="images/contact.gif" width="115" height="22" border="0" alt=""></a></td> </tr> <tr> <td height="423" colspan="9" align="center" valign="middle" bgcolor="#F2EFE4"><table width="850" height="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="180" align="center"><table id="Table_01" width="160" height="403" border="0" cellpadding="0" cellspacing="0"> <tr> <td height="250"><img src="images/index1.gif" width="160" height="250" alt="1"></td> </tr> <tr bgcolor="#F2EFE4"> <td height="5"><img src="images/background.jpg" width="1" height="1" alt="1"></td> </tr> <tr class="h2"> <td height="25" bgcolor="#524535"><span class="style3">Check Availability </span></td> </tr> <tr bgcolor="#F2EFE4"> <td height="5"><img src="images/background.jpg" width="1" height="1" alt="1"></td> </tr> <tr class="h2"> <td height="25" bgcolor="#8C6E50">Virtual Tour </td> </tr> <tr bgcolor="#F2EFE4"> <td height="5"><img src="images/background.jpg" width="1" height="1" alt="1"></td> </tr> <tr class="h2"> <td height="25" bgcolor="#A88D6F">Guy Fawkes York </td> </tr> <tr> <td height="5"><img src="images/background.jpg" width="1" height="1" alt="1"></td> </tr> <tr> <td><img src="images/indexthumbs.gif" width="160" height="65" alt="1"></td> </tr> </table></td> <td><table width="670" height="409" border="0" cellpadding="0" cellspacing="0"> <tr> <td colspan="2" align="left" valign="top" class="h1">Admin Login Area</td> </tr> <tr> <td height="389" align="left" valign="top" class="bodytext"><p><table width="250" border="0" align="center" cellpadding="5" cellspacing="0" class="h3"> Invalid Username and/or Password<br> <form action="adminloginstart.php" method="post"> <input type="hidden" name="redirect" value="<? echo $redirect; ?>"> Username: <input type="text" name="username"><br> Password: <input type="password" name="password"><br> <input type="submit" name="submit" value="Login"> </form> </table><br> </td> <td width="180" height="389" align="center" valign="top"><br> <img src="images/heli.jpg" alt="" width="160" height="120"><br> <br> <img src="images/heli.jpg"></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td background="images/paul1_01.gif"> </td> <td colspan="9" align="center" valign="middle" bgcolor="#524535"><span class="style5">Best Western Waterton Park Hotel, Walton Hall, Walton, Wakefield, West Yorkshire, WF2 6PW, Telephone 01924 257911</span></td> <td background="images/paul1_03.gif"> </td> </tr> </table> <!-- End ImageReady Slices --> <? } ?> Quote Link to comment Share on other sites More sharing options...
Lumio Posted April 1, 2007 Share Posted April 1, 2007 Please only post PHP-Code between [ code ] and [ /code ] (without spaces) And also: please make you HTML-Text a little shorten. Quote Link to comment Share on other sites More sharing options...
DeathStar Posted April 1, 2007 Share Posted April 1, 2007 [ CODE ][ /CODE ] I'm not reading it without it! Quote Link to comment Share on other sites More sharing options...
blui Posted April 1, 2007 Author Share Posted April 1, 2007 I have stripped the code to the bones only php and a small amount of html, I didn't realise when I copied and pasted how big it was, sorry. Anyway the revised code is below:- [ CODE ] <?php session_start(); ob_start(); session_register('logged'); // add single quotes to avoid the constant stuff. $_SESSION['logged'] = 0; ?> <? $redirect = isset($_POST['redirect'])?$_POST['redirect']:null; if (isset($_POST['submit'])) { if ($_POST['username'] == "Paul" && $_POST['password'] == "daleragu") { $redirect = $_POST['redirect']; $_SESSION['logged'] = 1; header ("Location: $redirect"); } else { ?> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> </head> <body> <table width="502" border="0" align="center" cellpadding="5" cellspacing="0" class="h3"> Invalid Username and/or Password<br> <form action="adminloginstart.php" method="post"> <input type="hidden" name="redirect" value="<? echo $redirect; ?>"> Username: <input type="text" name="username"><br> Password: <input type="password" name="password"><br> <input type="submit" name="submit" value="Login"> </form> </table> <? } } else { ?> <table width="502" border="0" align="center" cellpadding="5" cellspacing="0" class="h3"> Invalid Username and/or Password<br> <form action="adminloginstart.php" method="post"> <input type="hidden" name="redirect" value="<? echo $redirect; ?>"> Username: <input type="text" name="username"><br> Password: <input type="password" name="password"><br> <input type="submit" name="submit" value="Login"> </form> </table> <? } ?> Quote Link to comment Share on other sites More sharing options...
Lumio Posted April 2, 2007 Share Posted April 2, 2007 remove that line: $redirect = isset($_POST['redirect'])?$_POST['redirect']:null; and instead of header ("Location: $redirect"); use header("Location: {$_SERVER['HTTP_REFERER']}"); Maybe that works better. //edit I see: you use an extra page for that. Then use <? echo htmlspecialchars($_SERVER['HTTP_REFERER']); ?> instead of <? echo $redirect; ?> Quote Link to comment Share on other sites More sharing options...
DeathStar Posted April 2, 2007 Share Posted April 2, 2007 lumio... doing this isnt that hard! Quote Link to comment Share on other sites More sharing options...
Lumio Posted April 2, 2007 Share Posted April 2, 2007 I use [ code ] only for more than only one line Quote Link to comment Share on other sites More sharing options...
blui Posted April 2, 2007 Author Share Posted April 2, 2007 lumio, I tried as you suggested, but unfortunately it did not work, thanks anyway. However I seem to have stumbled along and got a step closer, now if your login details are correct, you are redirected but not to the page you originally requested, but back to the root folder (showing the files within the directory) or the index.html of the root if there is one there. Again, I'm open to suggestions, my code is belwo:- <?php session_start(); ob_start(); session_register('logged'); $_SESSION['logged'] = 0; ?> <? $redirect = isset($_POST['redirect']); if (isset($_POST['submit'])) { if ($_POST['username'] == "Paul" && $_POST['password'] == "daleragu") { $redirect = $_POST['redirect']; $_SESSION['logged'] = 1; header ("Location: $redirect"); } else { ?> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> </head> <body> <table width="502" border="0" align="center" cellpadding="5" cellspacing="0" class="h3"> Invalid Username and/or Password<br> <form action="adminloginstart.php" method="post"> <input type="hidden" name="redirect" value="<? echo $redirect; ?>"> Username: <input type="text" name="username"><br> Password: <input type="password" name="password"><br> <input type="submit" name="submit" value="Login"> </form>got it wrong did we </table> <? } } else { ?> <table width="502" border="0" align="center" cellpadding="5" cellspacing="0" class="h3"> Invalid Username and/or Password<br> <form action="adminloginstart.php" method="post"> <input type="hidden" name="redirect" value="<? echo $redirect; ?>"> Username: <input type="text" name="username"><br> Password: <input type="password" name="password"><br> <input type="submit" name="submit" value="Login"> </form> </table> <? } ?> Quote Link to comment Share on other sites More sharing options...
Lumio Posted April 2, 2007 Share Posted April 2, 2007 I don't see any difference between this and your last code. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.