Jump to content

admin login redirect help please

blui

By blui
in PHP Coding Help

 Share

Recommended Posts

blui Member

blui

Posted
Posted

Hi, I have a login script that is designed so should someone try and bypass the login screen you are redirected back to it (that parts fine) on entering the correct username and password and submmitted you should be sent back to your originally requested page, but it just refreshes the same page with no content. Any advice would be greatly welcome, Thanks blui

 

so try and go to  -

http://www.scarboroughwebsitedesign.com/watertonpark/addphoto.php

 

you should be redirected to here - http://www.scarboroughwebsitedesign.com/watertonpark/adminloginstart.php

 

The username is Paul

The password is daleragu

 

the code is here -

<?php

session_start();

ob_start();

session_register('logged'); // add single quotes to avoid the constant stuff.

$_SESSION['logged'] = 0;

?>

<?

$redirect = isset($_POST['redirect'])?$_POST['redirect']:null; // added a check here to avoid the index error. also changed to POST.

if (isset($_POST['submit']))

{

  if ($_POST['username'] == "Paul" && $_POST['password'] == "daleragu")// replace this logic with authorization from mysql if needed

  {//if it gets to this point, the authorization is correct, the we can redirect with the header 3 lines down

  $redirect = $_POST['redirect'];

  $_SESSION['logged'] = 1;

  header ("Location: $redirect");

  }

  else

  {

  ?> 

<html>

<head>

<title>Upload Image Page</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<!-- ImageReady Preload Script (paul1.psd) -->

<script type="text/javascript">

<!--

 

function newImage(arg) {

if (document.images) {

rslt = new Image();

rslt.src = arg;

return rslt;

}

}

 

function changeImages() {

if (document.images && (preloadFlag == true)) {

for (var i=0; i<changeImages.arguments.length; i+=2) {

document[changeImages.arguments].src = changeImages.arguments[i+1];

}

}

}

 

var preloadFlag = false;

function preloadImages() {

if (document.images) {

accommodation_over = newImage("images/accommodation-over.gif");

conference_over = newImage("images/conference-over.gif");

golf_over = newImage("images/golf-over.gif");

weddings_over = newImage("images/weddings-over.gif");

christmas_over = newImage("images/christmas-over.gif");

leisure_over = newImage("images/leisure-over.gif");

restaurant_over = newImage("images/restaurant-over.gif");

special_over = newImage("images/special-over.gif");

contact_over = newImage("images/contact-over.gif");

preloadFlag = true;

}

}

 

// -->

</script>

<!-- End Preload Script -->

<style type="text/css">

<!--

body {

background-color: #c3bda3;

}

.h1 {

font-family: Verdana;

font-size: 14px;

font-weight: bold;

}

.bodytext {

font-family: Verdana;

font-size: 10px;

}

.h2 {

font-family: Verdana;

color: #FFFFFF;

}

.style3 {color: #F2EFE4}

.style5 {

color: #F2EFE4;

font-family: Verdana;

font-size: 11px;

}

-->

</style></head>

<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" onLoad="preloadImages();">

<!-- ImageReady Slices (paul1.psd) -->

<table width="864" height="560" border="0" align="center" cellpadding="0" cellspacing="0" id="Table_01">

<tr>

<td width="7" rowspan="3" background="images/paul1_01.gif"> </td>

<td colspan="9">

<img src="images/header.gif" width="850" height="115" alt=""></td>

<td width="7" rowspan="3" background="images/paul1_03.gif"> </td>

</tr>

<tr>

<td>

<a href="#"

onmouseover="changeImages('accommodation', 'images/accommodation-over.gif'); return true;"

onmouseout="changeImages('accommodation', 'images/accommodation.gif'); return true;"

onmousedown="changeImages('accommodation', 'images/accommodation-over.gif'); return true;"

onmouseup="changeImages('accommodation', 'images/accommodation-over.gif'); return true;">

<img name="accommodation" src="images/accommodation.gif" width="157" height="22" border="0" alt=""></a></td>

<td>

<a href="#"

onmouseover="changeImages('conference', 'images/conference-over.gif'); return true;"

onmouseout="changeImages('conference', 'images/conference.gif'); return true;"

onmousedown="changeImages('conference', 'images/conference-over.gif'); return true;"

onmouseup="changeImages('conference', 'images/conference-over.gif'); return true;">

<img name="conference" src="images/conference.gif" width="118" height="22" border="0" alt=""></a></td>

<td>

<a href="#"

onmouseover="changeImages('golf', 'images/golf-over.gif'); return true;"

onmouseout="changeImages('golf', 'images/golf.gif'); return true;"

onmousedown="changeImages('golf', 'images/golf-over.gif'); return true;"

onmouseup="changeImages('golf', 'images/golf-over.gif'); return true;">

<img name="golf" src="images/golf.gif" width="83" height="22" border="0" alt=""></a></td>

<td>

<a href="#"

onmouseover="changeImages('weddings', 'images/weddings-over.gif'); return true;"

onmouseout="changeImages('weddings', 'images/weddings.gif'); return true;"

onmousedown="changeImages('weddings', 'images/weddings-over.gif'); return true;"

onmouseup="changeImages('weddings', 'images/weddings-over.gif'); return true;">

<img name="weddings" src="images/weddings.gif" width="61" height="22" border="0" alt=""></a></td>

<td>

<a href="#"

onmouseover="changeImages('christmas', 'images/christmas-over.gif'); return true;"

onmouseout="changeImages('christmas', 'images/christmas.gif'); return true;"

onmousedown="changeImages('christmas', 'images/christmas-over.gif'); return true;"

onmouseup="changeImages('christmas', 'images/christmas-over.gif'); return true;">

<img name="christmas" src="images/christmas.gif" width="64" height="22" border="0" alt=""></a></td>

<td>

<a href="#"

onmouseover="changeImages('leisure', 'images/leisure-over.gif'); return true;"

onmouseout="changeImages('leisure', 'images/leisure.gif'); return true;"

onmousedown="changeImages('leisure', 'images/leisure-over.gif'); return true;"

onmouseup="changeImages('leisure', 'images/leisure-over.gif'); return true;">

<img name="leisure" src="images/leisure.gif" width="98" height="22" border="0" alt=""></a></td>

<td>

<a href="#"

onmouseover="changeImages('restaurant', 'images/restaurant-over.gif'); return true;"

onmouseout="changeImages('restaurant', 'images/restaurant.gif'); return true;"

onmousedown="changeImages('restaurant', 'images/restaurant-over.gif'); return true;"

onmouseup="changeImages('restaurant', 'images/restaurant-over.gif'); return true;">

<img name="restaurant" src="images/restaurant.gif" width="71" height="22" border="0" alt=""></a></td>

<td>

<a href="#"

onmouseover="changeImages('special', 'images/special-over.gif'); return true;"

onmouseout="changeImages('special', 'images/special.gif'); return true;"

onmousedown="changeImages('special', 'images/special-over.gif'); return true;"

onmouseup="changeImages('special', 'images/special-over.gif'); return true;">

<img name="special" src="images/special.gif" width="83" height="22" border="0" alt=""></a></td>

<td>

<a href="#"

onmouseover="changeImages('contact', 'images/contact-over.gif'); return true;"

onmouseout="changeImages('contact', 'images/contact.gif'); return true;"

onmousedown="changeImages('contact', 'images/contact-over.gif'); return true;"

onmouseup="changeImages('contact', 'images/contact-over.gif'); return true;">

<img name="contact" src="images/contact.gif" width="115" height="22" border="0" alt=""></a></td>

</tr>

<tr>

<td height="423" colspan="9" align="center" valign="middle" bgcolor="#F2EFE4"><table width="850" height="100%" border="0" cellpadding="0" cellspacing="0">

          <tr>

            <td width="180" align="center"><table id="Table_01" width="160" height="403" border="0" cellpadding="0" cellspacing="0">

              <tr>

                <td height="250"><img src="images/index1.gif" width="160" height="250" alt="1"></td>

              </tr>

              <tr bgcolor="#F2EFE4">

                <td height="5"><img src="images/background.jpg" width="1" height="1" alt="1"></td>

              </tr>

              <tr class="h2">

                <td height="25" bgcolor="#524535"><span class="style3">Check Availability </span></td>

              </tr>

              <tr bgcolor="#F2EFE4">

                <td height="5"><img src="images/background.jpg" width="1" height="1" alt="1"></td>

              </tr>

              <tr class="h2">

                <td height="25" bgcolor="#8C6E50">Virtual Tour </td>

              </tr>

              <tr bgcolor="#F2EFE4">

                <td height="5"><img src="images/background.jpg" width="1" height="1" alt="1"></td>

              </tr>

              <tr class="h2">

                <td height="25" bgcolor="#A88D6F">Guy Fawkes York </td>

              </tr>

              <tr>

                <td height="5"><img src="images/background.jpg" width="1" height="1" alt="1"></td>

              </tr>

              <tr>

                <td><img src="images/indexthumbs.gif" width="160" height="65" alt="1"></td>

              </tr>

            </table></td>

            <td><table width="670" height="409" border="0" cellpadding="0" cellspacing="0">

              <tr>

                <td colspan="2" align="left" valign="top" class="h1">Admin Login Area</td>

              </tr>

              <tr>

                <td height="389" align="left" valign="top" class="bodytext"><p><table width="250" border="0" align="center" cellpadding="5" cellspacing="0" class="h3">

Invalid Username and/or Password<br>

 

 

 

    <form action="adminloginstart.php" method="post">

    <input type="hidden" name="redirect" value="<? echo $redirect; ?>">

    Username: <input type="text" name="username"><br>

    Password: <input type="password" name="password"><br>

    <input type="submit" name="submit" value="Login">

    </form>

            </table><br>

 

 

 

 

                </td>

                <td width="180" height="389" align="center" valign="top"><br>

<img src="images/heli.jpg" alt="" width="160" height="120"><br>

<br>

<img src="images/heli.jpg"></td>

              </tr>

            </table></td>

          </tr>

        </table></td>

</tr>

<tr>

  <td background="images/paul1_01.gif"> </td>

  <td colspan="9" align="center" valign="middle" bgcolor="#524535"><span class="style5">Best Western Waterton Park Hotel,

Walton Hall, Walton, Wakefield, West Yorkshire, WF2 6PW,  Telephone 01924 257911</span></td>

  <td background="images/paul1_03.gif"> </td>

  </tr>

</table>

<!-- End ImageReady Slices -->

<?

  }

}

else

{

?>

 

 

<html>

<head>

<title>Upload Image Page</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<!-- ImageReady Preload Script (paul1.psd) -->

<script type="text/javascript">

<!--

 

function newImage(arg) {

if (document.images) {

rslt = new Image();

rslt.src = arg;

return rslt;

}

}

 

function changeImages() {

if (document.images && (preloadFlag == true)) {

for (var i=0; i<changeImages.arguments.length; i+=2) {

document[changeImages.arguments].src = changeImages.arguments[i+1];

}

}

}

 

var preloadFlag = false;

function preloadImages() {

if (document.images) {

accommodation_over = newImage("images/accommodation-over.gif");

conference_over = newImage("images/conference-over.gif");

golf_over = newImage("images/golf-over.gif");

weddings_over = newImage("images/weddings-over.gif");

christmas_over = newImage("images/christmas-over.gif");

leisure_over = newImage("images/leisure-over.gif");

restaurant_over = newImage("images/restaurant-over.gif");

special_over = newImage("images/special-over.gif");

contact_over = newImage("images/contact-over.gif");

preloadFlag = true;

}

}

 

// -->

</script>

<!-- End Preload Script -->

<style type="text/css">

<!--

body {

background-color: #c3bda3;

}

.h1 {

font-family: Verdana;

font-size: 14px;

font-weight: bold;

}

.bodytext {

font-family: Verdana;

font-size: 10px;

}

.h2 {

font-family: Verdana;

color: #FFFFFF;

}

.style3 {color: #F2EFE4}

.style5 {

color: #F2EFE4;

font-family: Verdana;

font-size: 11px;

}

-->

</style></head>

<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" onLoad="preloadImages();">

<!-- ImageReady Slices (paul1.psd) -->

<table width="864" height="560" border="0" align="center" cellpadding="0" cellspacing="0" id="Table_01">

<tr>

<td width="7" rowspan="3" background="images/paul1_01.gif"> </td>

<td colspan="9">

<img src="images/header.gif" width="850" height="115" alt=""></td>

<td width="7" rowspan="3" background="images/paul1_03.gif"> </td>

</tr>

<tr>

<td>

<a href="#"

onmouseover="changeImages('accommodation', 'images/accommodation-over.gif'); return true;"

onmouseout="changeImages('accommodation', 'images/accommodation.gif'); return true;"

onmousedown="changeImages('accommodation', 'images/accommodation-over.gif'); return true;"

onmouseup="changeImages('accommodation', 'images/accommodation-over.gif'); return true;">

<img name="accommodation" src="images/accommodation.gif" width="157" height="22" border="0" alt=""></a></td>

<td>

<a href="#"

onmouseover="changeImages('conference', 'images/conference-over.gif'); return true;"

onmouseout="changeImages('conference', 'images/conference.gif'); return true;"

onmousedown="changeImages('conference', 'images/conference-over.gif'); return true;"

onmouseup="changeImages('conference', 'images/conference-over.gif'); return true;">

<img name="conference" src="images/conference.gif" width="118" height="22" border="0" alt=""></a></td>

<td>

<a href="#"

onmouseover="changeImages('golf', 'images/golf-over.gif'); return true;"

onmouseout="changeImages('golf', 'images/golf.gif'); return true;"

onmousedown="changeImages('golf', 'images/golf-over.gif'); return true;"

onmouseup="changeImages('golf', 'images/golf-over.gif'); return true;">

<img name="golf" src="images/golf.gif" width="83" height="22" border="0" alt=""></a></td>

<td>

<a href="#"

onmouseover="changeImages('weddings', 'images/weddings-over.gif'); return true;"

onmouseout="changeImages('weddings', 'images/weddings.gif'); return true;"

onmousedown="changeImages('weddings', 'images/weddings-over.gif'); return true;"

onmouseup="changeImages('weddings', 'images/weddings-over.gif'); return true;">

<img name="weddings" src="images/weddings.gif" width="61" height="22" border="0" alt=""></a></td>

<td>

<a href="#"

onmouseover="changeImages('christmas', 'images/christmas-over.gif'); return true;"

onmouseout="changeImages('christmas', 'images/christmas.gif'); return true;"

onmousedown="changeImages('christmas', 'images/christmas-over.gif'); return true;"

onmouseup="changeImages('christmas', 'images/christmas-over.gif'); return true;">

<img name="christmas" src="images/christmas.gif" width="64" height="22" border="0" alt=""></a></td>

<td>

<a href="#"

onmouseover="changeImages('leisure', 'images/leisure-over.gif'); return true;"

onmouseout="changeImages('leisure', 'images/leisure.gif'); return true;"

onmousedown="changeImages('leisure', 'images/leisure-over.gif'); return true;"

onmouseup="changeImages('leisure', 'images/leisure-over.gif'); return true;">

<img name="leisure" src="images/leisure.gif" width="98" height="22" border="0" alt=""></a></td>

<td>

<a href="#"

onmouseover="changeImages('restaurant', 'images/restaurant-over.gif'); return true;"

onmouseout="changeImages('restaurant', 'images/restaurant.gif'); return true;"

onmousedown="changeImages('restaurant', 'images/restaurant-over.gif'); return true;"

onmouseup="changeImages('restaurant', 'images/restaurant-over.gif'); return true;">

<img name="restaurant" src="images/restaurant.gif" width="71" height="22" border="0" alt=""></a></td>

<td>

<a href="#"

onmouseover="changeImages('special', 'images/special-over.gif'); return true;"

onmouseout="changeImages('special', 'images/special.gif'); return true;"

onmousedown="changeImages('special', 'images/special-over.gif'); return true;"

onmouseup="changeImages('special', 'images/special-over.gif'); return true;">

<img name="special" src="images/special.gif" width="83" height="22" border="0" alt=""></a></td>

<td>

<a href="#"

onmouseover="changeImages('contact', 'images/contact-over.gif'); return true;"

onmouseout="changeImages('contact', 'images/contact.gif'); return true;"

onmousedown="changeImages('contact', 'images/contact-over.gif'); return true;"

onmouseup="changeImages('contact', 'images/contact-over.gif'); return true;">

<img name="contact" src="images/contact.gif" width="115" height="22" border="0" alt=""></a></td>

</tr>

<tr>

<td height="423" colspan="9" align="center" valign="middle" bgcolor="#F2EFE4"><table width="850" height="100%" border="0" cellpadding="0" cellspacing="0">

          <tr>

            <td width="180" align="center"><table id="Table_01" width="160" height="403" border="0" cellpadding="0" cellspacing="0">

              <tr>

                <td height="250"><img src="images/index1.gif" width="160" height="250" alt="1"></td>

              </tr>

              <tr bgcolor="#F2EFE4">

                <td height="5"><img src="images/background.jpg" width="1" height="1" alt="1"></td>

              </tr>

              <tr class="h2">

                <td height="25" bgcolor="#524535"><span class="style3">Check Availability </span></td>

              </tr>

              <tr bgcolor="#F2EFE4">

                <td height="5"><img src="images/background.jpg" width="1" height="1" alt="1"></td>

              </tr>

              <tr class="h2">

                <td height="25" bgcolor="#8C6E50">Virtual Tour </td>

              </tr>

              <tr bgcolor="#F2EFE4">

                <td height="5"><img src="images/background.jpg" width="1" height="1" alt="1"></td>

              </tr>

              <tr class="h2">

                <td height="25" bgcolor="#A88D6F">Guy Fawkes York </td>

              </tr>

              <tr>

                <td height="5"><img src="images/background.jpg" width="1" height="1" alt="1"></td>

              </tr>

              <tr>

                <td><img src="images/indexthumbs.gif" width="160" height="65" alt="1"></td>

              </tr>

            </table></td>

            <td><table width="670" height="409" border="0" cellpadding="0" cellspacing="0">

              <tr>

                <td colspan="2" align="left" valign="top" class="h1">Admin Login Area</td>

              </tr>

              <tr>

                <td height="389" align="left" valign="top" class="bodytext"><p><table width="250" border="0" align="center" cellpadding="5" cellspacing="0" class="h3">

Invalid Username and/or Password<br>

 

 

 

    <form action="adminloginstart.php" method="post">

    <input type="hidden" name="redirect" value="<? echo $redirect; ?>">

    Username: <input type="text" name="username"><br>

    Password: <input type="password" name="password"><br>

    <input type="submit" name="submit" value="Login">

    </form>

            </table><br>

 

 

 

 

                </td>

                <td width="180" height="389" align="center" valign="top"><br>

<img src="images/heli.jpg" alt="" width="160" height="120"><br>

<br>

<img src="images/heli.jpg"></td>

              </tr>

            </table></td>

          </tr>

        </table></td>

</tr>

<tr>

  <td background="images/paul1_01.gif"> </td>

  <td colspan="9" align="center" valign="middle" bgcolor="#524535"><span class="style5">Best Western Waterton Park Hotel,

Walton Hall, Walton, Wakefield, West Yorkshire, WF2 6PW,  Telephone 01924 257911</span></td>

  <td background="images/paul1_03.gif"> </td>

  </tr>

</table>

<!-- End ImageReady Slices -->

<?

}

?>

Link to comment
Share on other sites
blui Member

blui

Posted
  • Author
Posted 

I have stripped the code to the bones only php and a small amount of html, I didn't realise when I copied and pasted how big it was, sorry.
Anyway the revised code is below:-

[ CODE ]
<?php
session_start();
ob_start();
session_register('logged'); // add single quotes to avoid the constant stuff.
$_SESSION['logged'] = 0;
?>
<?
$redirect = isset($_POST['redirect'])?$_POST['redirect']:null;
if (isset($_POST['submit']))
{
   if ($_POST['username'] == "Paul" && $_POST['password'] == "daleragu")
   {
   $redirect = $_POST['redirect'];
   $_SESSION['logged'] = 1;
   header ("Location: $redirect");
   }
   else
   {
   ?>

 

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<title>Untitled Document</title>

</head>

<body>

<table width="502" border="0" align="center" cellpadding="5" cellspacing="0" class="h3">

Invalid Username and/or Password<br>

    <form action="adminloginstart.php" method="post">

    <input type="hidden" name="redirect" value="<? echo $redirect; ?>">

    Username: <input type="text" name="username"><br>

    Password: <input type="password" name="password"><br>

    <input type="submit" name="submit" value="Login">

    </form>

    </table>

 

    <?
   }
}
else
{
?>

 

<table width="502" border="0" align="center" cellpadding="5" cellspacing="0" class="h3">

Invalid Username and/or Password<br>

    <form action="adminloginstart.php" method="post">

    <input type="hidden" name="redirect" value="<? echo $redirect; ?>">

    Username: <input type="text" name="username"><br>

    Password: <input type="password" name="password"><br>

    <input type="submit" name="submit" value="Login">

    </form>

    </table>

 

<?
}
?>

Link to comment
Share on other sites
Lumio Member

Lumio

Posted
Posted

remove that line:

$redirect = isset($_POST['redirect'])?$_POST['redirect']:null;

and instead of

header ("Location: $redirect");

use

header("Location: {$_SERVER['HTTP_REFERER']}");

 

Maybe that works better.

 

//edit

I see: you use an extra page for that.

Then use 

<? echo htmlspecialchars($_SERVER['HTTP_REFERER']); ?>

instead of 

<? echo $redirect; ?>

Link to comment
Share on other sites
blui Member

blui

Posted
  • Author
Posted

lumio, I tried as you suggested, but unfortunately it did not work, thanks anyway.

However I seem to have stumbled along and got a step closer, now if your login details are correct, you are redirected but not to the page you originally requested, but back to the root folder (showing the files within the directory) or the index.html of the root if there is one there.

Again, I'm open to suggestions, my code is belwo:-

<?php
session_start();
ob_start();
session_register('logged');
$_SESSION['logged'] = 0;
?>
<?
$redirect = isset($_POST['redirect']);
if (isset($_POST['submit']))
{
   if ($_POST['username'] == "Paul" && $_POST['password'] == "daleragu")
   {
   $redirect = $_POST['redirect'];
   $_SESSION['logged'] = 1;
   header ("Location: $redirect");
   }
   else
   {
   ?>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
<table width="502" border="0" align="center" cellpadding="5" cellspacing="0" class="h3">
Invalid Username and/or Password<br>
     <form action="adminloginstart.php" method="post">
     <input type="hidden" name="redirect" value="<? echo $redirect; ?>">
     Username: <input type="text" name="username"><br>
     Password: <input type="password" name="password"><br>
     <input type="submit" name="submit" value="Login">
     </form>got it wrong did we
             </table>
    <?
   }
}
else
{
?>
<table width="502" border="0" align="center" cellpadding="5" cellspacing="0" class="h3">
Invalid Username and/or Password<br>
     <form action="adminloginstart.php" method="post">
     <input type="hidden" name="redirect" value="<? echo $redirect; ?>">
     Username: <input type="text" name="username"><br>
     Password: <input type="password" name="password"><br>
     <input type="submit" name="submit" value="Login">
     </form>
             </table>
<?
}
?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.