ktm250 Posted April 29, 2007 Share Posted April 29, 2007 I bought a website written in PHP which uses mySQL. The site works fine, but the problem I am having is that I cannot access the admin area because the username and password do not work. The company I bought the site from has been trying to fix the problem for 3 days, but to no avail. I was wondering if any of you have an idea as to what the problem might be. They have tried to reset it, make a new one etc etc etc, but nothing works. Here's the code for the admin login.php file //require "../cron.php"; ?> <BR> <center><form method='post' action='loginck.php'> <table border='0' width='50%' cellspacing='0' cellpadding='0' > <tr id='cat'> <td bgcolor='#606096' align='center' colspan='2'><font face='verdana, arial, helvetica' size='4' color='#FFF788'> <b>ADMIN LOG IN HERE</b> </font></td></tr> <tr> <td bgcolor='#DFDFDF' ><font face='verdana, arial, helvetica' size='2' align='center'> Login ID </font></td> <td bgcolor='#DFDFDF' align='center'><font face='verdana, arial, helvetica' size='2' > <input type ='text' class='bginput' name='id'></font></td></tr> <tr> <td bgcolor='#F1F1F1' ><font face='verdana, arial, helvetica' size='2' align='center'> Password </font></td> <td bgcolor='#F1F1F1' align='center'><font face='verdana, arial, helvetica' size='2' > <input type ='text' class='bginput' name='pw'></font></td></tr> <tr> <td bgcolor='#DFDFDF' colspan='2' align='center'><font face='verdana, arial, helvetica' size='2' align='center'> <input type='submit' value='Submit'> <input type='reset' value='Reset'> </font></td> </tr> Thanks, Dean Link to comment https://forums.phpfreaks.com/topic/49136-cannot-use-or-change-username-or-password/ Share on other sites More sharing options...
trq Posted April 29, 2007 Share Posted April 29, 2007 Nothing in that code but html. Can we see the contents of loginck.php? In normal circumstance Ide say just stick with the people who made the app, but by the sounds of it, they don't know what they are doing. How much did you pay for said application? Link to comment https://forums.phpfreaks.com/topic/49136-cannot-use-or-change-username-or-password/#findComment-240744 Share on other sites More sharing options...
ktm250 Posted April 29, 2007 Author Share Posted April 29, 2007 Hi and thanks for the reply. I didn't pay too much, but the site works fine and the guy I bought it from seems to be stringing me along. The file you wanted to see, the loginck.php is as follows <? require "session.php"; ?> <!doctype html public "-//w3c//dtd html 3.2//en"> <html><head><title>Login display</title> <meta name="GENERATOR" content="Arachnophilia 4.0"> <meta name="FORMATTER" content="Arachnophilia 4.0"> </head> <body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#800080" alink="#ff0000"> <? require "../include/z_db.php"; require "../include/vars.php"; //require "../$templates/top.php"; include "../$templates/disp_functions.php"; require "admin_menu.php"; //echo "SELECT * FROM real_admin WHERE real_admin.adminid='$id' AND real_admin.adminpw = '$pw'"; if($rec=mysql_fetch_array(mysql_query("SELECT * FROM real_admin WHERE real_admin.adminid='$id' AND real_admin.adminpw = '$pw'"))){ if(($rec['adminid']==$id)&&($rec['adminpw']==$pw)){ include "newsession.php"; echo "<BR><BR><BR>"; display_msg("WELCOME"," <center>Successfully,Logged in $session[userid]</center>","<a href='logout.php'> Log OUT </a>"); if(isset($rd) AND strlen($rd)>5 AND ((stristr($rd,"create_subcat.php") ) OR (stristr($rd,"viewads.php")) OR (stristr($rd,"gen.php"))) ){ print "<script>"; //print " self.location='$rd';"; print "</script>"; } } } else { session_unset(); display_err("Wrong Login. Use your correct Userid and Password and Try","<input type='button' value='Retry' onClick='history.go(-1)'>"); exit; } ?> </body></html> I also forgot to mention that I had his programmer move the site from one host to another. I moved it to lunarpages.com from his site Dean Link to comment https://forums.phpfreaks.com/topic/49136-cannot-use-or-change-username-or-password/#findComment-240763 Share on other sites More sharing options...
trq Posted April 29, 2007 Share Posted April 29, 2007 Apart from the fact that its not coded particularly well or in a very secure manor, there doesn't seem to be anything wrong with it (it is VERY poorly coded however). The passwords are stored in plain text so, if you have phpmyadmin, you should be able to log in and change the passwords yourself. However, I doubt that is the actual problem. My guess. You no longer have register globals turned on on your server. Try adding this to the top of loginck.php. <?php $id = isset($_POST['id']) ? $_POST['id'] : ''; $pw = isset($_POST['pw']) ? $_POST['pw'] : ''; ?> Honestly though, I wouldn't give you a dollar for this app if that code is any indication of its quality. Link to comment https://forums.phpfreaks.com/topic/49136-cannot-use-or-change-username-or-password/#findComment-240778 Share on other sites More sharing options...
ktm250 Posted April 29, 2007 Author Share Posted April 29, 2007 Ok, I will try this! Since it's written so poorly and the site will take Paypal and CCards, then what would you suggest for more protection? Again, thanks Dean Link to comment https://forums.phpfreaks.com/topic/49136-cannot-use-or-change-username-or-password/#findComment-240784 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.