flim_flamini Posted July 11, 2007 Share Posted July 11, 2007 Hi, I'm working on a website that uses a PHP admin system for the client to alter sql databases, etc. in a simple interface. I've set up a testing server on my local disk (using mamp). However, when I try to log in to the admin page, I just get redirected to index.php, rather than having my login accepted and being sent to admin.php. No errors are reported, I just get a refresh of the login page. I uploaded this particular admin site folder (renamed it) to the remote server and it worked~!! So there is some problem not allowing me to do so on the localhost test server. I'd be really appreciative if someone had some suggestions, as I'd like to view the page on my test server. Thanks!!! Quote Link to comment Share on other sites More sharing options...
flim_flamini Posted July 12, 2007 Author Share Posted July 12, 2007 Sorry to bring this post back to the top of the list, but I'd really appreciate it if anyone had a few ideas. Let me know if I need to clarify the situation. Thanks! flim_flamini Quote Link to comment Share on other sites More sharing options...
trq Posted July 12, 2007 Share Posted July 12, 2007 Did you write this admin system? We need to see the relevent code. Quote Link to comment Share on other sites More sharing options...
flim_flamini Posted July 12, 2007 Author Share Posted July 12, 2007 Hi Thorpe. Thanks for replying. I've just taken over working on the site and did not write the admin system. Should I post the relevant code here or PM it to you? Thanks so much for your help! flim_flamini Quote Link to comment Share on other sites More sharing options...
trq Posted July 12, 2007 Share Posted July 12, 2007 Why would you PM it to me? Post it here, the more eyes the better. Quote Link to comment Share on other sites More sharing options...
per1os Posted July 12, 2007 Share Posted July 12, 2007 Hi Thorpe. Thanks for replying. I've just taken over working on the site and did not write the admin system. Should I post the relevant code here or PM it to you? Thanks so much for your help! flim_flamini Paste it here. Remember to use the [ code ] and [/ code ] tags But as far as why it works on the remote server and not your local, most likely the cookies are not being accepted. Since you are working with localhost I would suggest reading this article on how to properly set cookies for localhost. http://www.aeonity.com/frost/php-setcookie-localhost-apache But remember that you do not want to use that code on production as it will not work properly. Quote Link to comment Share on other sites More sharing options...
flim_flamini Posted July 12, 2007 Author Share Posted July 12, 2007 Ok...thanks for your help. Will be posting shortly. Quote Link to comment Share on other sites More sharing options...
flim_flamini Posted July 12, 2007 Author Share Posted July 12, 2007 Here is the index.php code. Quick question...why is the first line of code "$adminlogin = $_REQUEST......" preceded by "//"? Doesn't that render the code as a comment? <?php //$adminlogin = $_REQUEST['adminlogin'];$password = $_REQUEST['password'];$login = $_REQUEST['login']; if (!$admin) { if (!$login) { $LogError = ($logerror); echo (" <head> <title>Sterling Homes Admin Section</title> </head> <p align=\"center\"> <image src=\"../images/logo.jpg\" border=0><p> <FONT FACE ='Tahoma, Verdana, Arial'> <p align='center'><font color='#990033'><big><big>Admin</big></big><big><big> Login</big></big><br> </font><CENTER>$LogError <form ACTION='index.php' METHOD='post' name='FrontPage_Form1'> <center> <table BORDER='0' width='290'> <tr> <td ALIGN='right' colspan='2' bgcolor='#990033' width='238'> </td> </tr> <tr> <td ALIGN='right' width='84'><font color='#990033'><b>Admin ID</b>:</font></td> <td width='148'><input TYPE='text' size='20' NAME='adminlogin'></td> </tr> <tr> <td ALIGN='right' width='84'><font color='#990033'><b>Password</b>:</font></td> <td width='148'><input TYPE='password' size='20' NAME='password'></td> </tr> <tr> <td ALIGN='right' width='84'></td> <td width='148'><input name='login' TYPE='submit' VALUE='Login'> <input TYPE='reset' VALUE='Reset'> </td> </tr> <tr> <td ALIGN='right' width='238' colspan='2' bgcolor='#990033'> </td> </tr> </table></center> </form> </center> "); } else { // Process Admin Login require ("admin_config.php"); // open connection to database $connection = mysql_connect($hostname, $user, $pass) or die ("Unable to connect!"); mysql_select_db($database) or die ("UNABLE TO SELECT DATABASE"); $result = mysql_query("select * from sterling_website.admins where admin = '$adminlogin' and password='$password'"); if ($row = mysql_fetch_array($result)) { // match setcookie("admin","yes"); setcookie("adminpass",$row["password"]); setcookie("adminid",$row["admin"]); setcookie("Access",$row["access"]); $dte = date("m/d/Y"); $tme = date("H:i:s"); $ip = $_SERVER['REMOTE_ADDR']; $result = mysql_query("INSERT INTO tblLog (fldUserName, fldIP, fldTime, fldDate, fldInOut) VALUES ('$adminlogin','$ip', '$tme','$dte','In')"); header("Location: admin.php"); } else { setcookie("admin",""); setcookie("adminpass",""); setcookie("adminid",""); setcookie("Access",""); header("Location: index.php?logerror=Login Incorrect"); } } } else { header("Location: admin.php"); } ?> Quote Link to comment Share on other sites More sharing options...
per1os Posted July 12, 2007 Share Posted July 12, 2007 Remove the spaces from [ code] tags, I forgot to specify that. Quote Link to comment Share on other sites More sharing options...
trq Posted July 12, 2007 Share Posted July 12, 2007 Quick question...why is the first line of code "$adminlogin = $_REQUEST......" preceded by "//"? Doesn't that render the code as a comment Yes, it is a comment. Probably put there for some debugging purposes. The problem with this code is that it assumes register globals are on. An easy fix would be to turn register globals on in your local php.ini (They must allready be off on the remote site). however, doing so poses a security issue. hence register globals are off by default now days. The best thing to do would be fix the code. eg; if (!$admin) { becomes... if (!$_POST['admin']) { Quote Link to comment Share on other sites More sharing options...
flim_flamini Posted July 12, 2007 Author Share Posted July 12, 2007 Thanks Thorpe. I'm going to give that a try right now. Just wanted to thank everyone again. You're really helping this noobie out. Quote Link to comment Share on other sites More sharing options...
flim_flamini Posted July 12, 2007 Author Share Posted July 12, 2007 After updating the code and trying to login to the admin page on my localhost I get sent to admin/index.php?logerror=Login%20Incorrect. The login page itself once again refreshes. I know that the username and password I am using are correct because I'm viewing it now in the sql database. hmmmmm Quote Link to comment Share on other sites More sharing options...
trq Posted July 12, 2007 Share Posted July 12, 2007 Did you change all occurences of these assumed variables? eg; $login needs to be $_POST['login'] aswell and there may be other occurences. Quote Link to comment Share on other sites More sharing options...
per1os Posted July 12, 2007 Share Posted July 12, 2007 $connection = mysql_connect($hostname, $user, $pass) or die ("Unable to connect!"); mysql_select_db($database) or die ("UNABLE TO SELECT DATABASE"); Just an FYI the $_POST bit only applies to variables that have been posted, it would not apply to "$hostname" etc. Incase you did modify those to that also. Post the updated code. Quote Link to comment Share on other sites More sharing options...
flim_flamini Posted July 12, 2007 Author Share Posted July 12, 2007 I have only changed the 'admin' and 'login' as seen below. <?php //$adminlogin = $_REQUEST['adminlogin'];$password = $_REQUEST['password'];$login = $_REQUEST['login']; if (!$_POST['admin']) { if (!$_POST['login']) { $LogError = ($logerror); echo (" <head> <title>Sterling Homes Admin Section</title> </head> <p align=\"center\"> <image src=\"../images/logo.jpg\" border=0><p> <FONT FACE ='Tahoma, Verdana, Arial'> <p align='center'><font color='#990033'><big><big>Admin</big></big><big><big> Login</big></big><br> </font><CENTER>$LogError <form ACTION='index.php' METHOD='post' name='FrontPage_Form1'> <center> <table BORDER='0' width='290'> <tr> <td ALIGN='right' colspan='2' bgcolor='#990033' width='238'> </td> </tr> <tr> <td ALIGN='right' width='84'><font color='#990033'><b>Admin ID</b>:</font></td> <td width='148'><input TYPE='text' size='20' NAME='adminlogin'></td> </tr> <tr> <td ALIGN='right' width='84'><font color='#990033'><b>Password</b>:</font></td> <td width='148'><input TYPE='password' size='20' NAME='password'></td> </tr> <tr> <td ALIGN='right' width='84'></td> <td width='148'><input name='login' TYPE='submit' VALUE='Login'> <input TYPE='reset' VALUE='Reset'> </td> </tr> <tr> <td ALIGN='right' width='238' colspan='2' bgcolor='#990033'> </td> </tr> </table></center> </form> </center> "); } else { // Process Admin Login require ("admin_config.php"); // open connection to database $connection = mysql_connect($hostname, $user, $pass) or die ("Unable to connect!"); mysql_select_db($database) or die ("UNABLE TO SELECT DATABASE"); $result = mysql_query("select * from sterling_website.admins where admin = '$adminlogin' and password='$password'"); if ($row = mysql_fetch_array($result)) { // match setcookie("admin","yes"); setcookie("adminpass",$row["password"]); setcookie("adminid",$row["admin"]); setcookie("Access",$row["access"]); $dte = date("m/d/Y"); $tme = date("H:i:s"); $ip = $_SERVER['REMOTE_ADDR']; $result = mysql_query("INSERT INTO tblLog (fldUserName, fldIP, fldTime, fldDate, fldInOut) VALUES ('$adminlogin','$ip', '$tme','$dte','In')"); header("Location: admin.php"); } else { setcookie("admin",""); setcookie("adminpass",""); setcookie("adminid",""); setcookie("Access",""); header("Location: index.php?logerror=Login Incorrect"); } } } else { header("Location: admin.php"); } ?> Quote Link to comment Share on other sites More sharing options...
trq Posted July 12, 2007 Share Posted July 12, 2007 Actually... looking further into your code it appears that first line should not be commented. Quote Link to comment Share on other sites More sharing options...
flim_flamini Posted July 12, 2007 Author Share Posted July 12, 2007 I just tried turning register globals on in my php.ini file and it had no effect. Quote Link to comment Share on other sites More sharing options...
flim_flamini Posted July 12, 2007 Author Share Posted July 12, 2007 Ok... I'll turn the comment off on the first line. But why does it work on the remote host with the first line as comment. Very confusing. Quote Link to comment Share on other sites More sharing options...
flim_flamini Posted July 12, 2007 Author Share Posted July 12, 2007 When I turned the "$adminlogin = $_REQUEST['adminlogin'];$password = $_REQUEST['password'];$login = $_REQUEST['login'];" back on only one thing changed. When I tried logging in I was sent back to admin/index.php whereas with the commenting on...here is what appears in the address bar: admin/index.php?logerror=Login%20Incorrect Quote Link to comment Share on other sites More sharing options...
trq Posted July 12, 2007 Share Posted July 12, 2007 Sorry... that whole top section actually looks a little ilogical. $admin doesn't exist within the script so... I think the top actually needs to be... $adminlogin = $_REQUEST['adminlogin'];$password = $_REQUEST['password'];$login = $_REQUEST['login']; //if (!$admin) { However, it makes little sense that it would be working on your remote server the way it is. Quote Link to comment Share on other sites More sharing options...
flim_flamini Posted July 12, 2007 Author Share Posted July 12, 2007 Then after I attempt to login, the page goes blank. Just wondering, do you think there is any code in the admin.php page that I am trying to reach through the login that needs to be altered? <?php if (!$_POST['admin']) { header("Location: index.php"); } require ("admin_config.php"); include ("header.txt"); ?> <title>Sterling Homes Admin</title> <script type="text/javascript"> function tog1() { var expanded = document.getElementById("div1");var image1 = document.getElementById("img1"); if(expanded.style.display == "none" || !expanded.style.display) { expanded.style.display = "block";image1.src = "collapse_msdn.gif"; } else if(expanded.style.display == "block") { expanded.style.display = "none";image1.src = "expand_msdn.gif"; } return false; } function tog2() { var expanded = document.getElementById("div2");var image2 = document.getElementById("img2"); if(expanded.style.display == "none" || !expanded.style.display) { expanded.style.display = "block";image2.src = "collapse_msdn.gif"; } else if(expanded.style.display == "block") { expanded.style.display = "none";image2.src = "expand_msdn.gif"; } return false; } function tog3() { var expanded = document.getElementById("div3");var image3 = document.getElementById("img3"); if(expanded.style.display == "none" || !expanded.style.display) { expanded.style.display = "block";image3.src = "collapse_msdn.gif"; } else if(expanded.style.display == "block") { expanded.style.display = "none";image3.src = "expand_msdn.gif"; } return false; } function tog4() { var expanded = document.getElementById("div4");var image4 = document.getElementById("img4"); if(expanded.style.display == "none" || !expanded.style.display) { expanded.style.display = "block";image4.src = "collapse_msdn.gif"; } else if(expanded.style.display == "block") { expanded.style.display = "none";image4.src = "expand_msdn.gif"; } return false; } function tog5() { var expanded = document.getElementById("div5");var image5 = document.getElementById("img5"); if(expanded.style.display == "none" || !expanded.style.display) { expanded.style.display = "block";image5.src = "collapse_msdn.gif"; } else if(expanded.style.display == "block") { expanded.style.display = "none";image5.src = "expand_msdn.gif"; } return false; } function tog6() { var expanded = document.getElementById("div6");var image6 = document.getElementById("img6"); if(expanded.style.display == "none" || !expanded.style.display) { expanded.style.display = "block";image6.src = "collapse_msdn.gif"; } else if(expanded.style.display == "block") { expanded.style.display = "none";image6.src = "expand_msdn.gif"; } return false; } function tog7() { var expanded = document.getElementById("div7");var image7 = document.getElementById("img7"); if(expanded.style.display == "none" || !expanded.style.display) { expanded.style.display = "block";image7.src = "collapse_msdn.gif"; } else if(expanded.style.display == "block") { expanded.style.display = "none";image7.src = "expand_msdn.gif"; } return false; } function tog8() { var expanded = document.getElementById("div8");var image8 = document.getElementById("img8"); if(expanded.style.display == "none" || !expanded.style.display) { expanded.style.display = "block";image8.src = "collapse_msdn.gif"; } else if(expanded.style.display == "block") { expanded.style.display = "none";image8.src = "expand_msdn.gif"; } return false; } function tog9() { var expanded = document.getElementById("div9");var image9 = document.getElementById("img9"); if(expanded.style.display == "none" || !expanded.style.display) { expanded.style.display = "block";image9.src = "collapse_msdn.gif"; } else if(expanded.style.display == "block") { expanded.style.display = "none";image9.src = "expand_msdn.gif"; } return false; } </script> <p align="center"><font size="4">Click On Title To Expand/Collpse Options</font></p> <table border="0" align="center" width="800"> <tr><td width="395" valign="top"> <table border="0" > <tr><td><h3>STERLING ADMIN</h3></td></tr> <tr><td onclick="tog1()"; style="cursor:pointer;"><img src="collapse_msdn.gif" id="img1"> ADMIN</td></tr> <tr><td > <div id="div1" style="display:block;margin-left:10px;"> <table style="border:0px solid silver;padding:5px;"><tr><td> <ul> <li><a href="menu_control.php">Menu Control</a></li> <li><a href="user_control.php">Admin Control</a></li> <li><a href="chgpass.php">Change Password</a></li> <li><a href="loghist.php">Log History</a></li> <li><a href="logout.php">Logout of Admin Page</a></li> </ul> </table> </div> </td> </tr> <tr><td> </td></tr> <tr><td><h3>SITE CONTENT MANAGEMENT</h3></td></tr> <tr><td onclick="tog2()"; style="cursor:pointer;"><img src="collapse_msdn.gif" id="img2"> HOME</td></tr> <tr><td > <div id="div2" style="display:block;margin-left:10px;"> <table style="border:0px solid silver;padding:5px;"> <tr><td> <ul> <li><a href="homeimages.php">Home Page Slideshow Image Manager</a></li> <li><a href="../mng_newsletter.php">Sterling News Content Manager</a></li> </ul> </td></tr> </table> </div> </td> </tr> <tr><td onclick="tog3()"; style="cursor:pointer;padding-top:10px;"><img src="collapse_msdn.gif" id="img3"> STERLING RESUME</td></tr> <tr><td > <div id="div3" style="display:block;margin-left:10px;"> <table style="border:0px solid silver;padding:5px;"><tr><td> <ul> <li><a href="page_category.php">Welcome To Sterling Page Manager</a></li> <li><a href="../mng_staff.php">Staff Members Content Manager</a></li> <li><a href="steps.php">Our Building Process Content Manager</a></li> <li><a href="../mng_awards.php">Award & Affiliations Content Manager</a></li> <li><a href="../mng_testimonials.php">Testimonials Content Manager</a></li> <li><a href="../mng_newsletter.php">Newsletters Content Manager</a></li> </ul> </table> </div> </td> </tr> <tr><td onclick="tog4()"; style="cursor:pointer;padding-top:10px;"><img src="collapse_msdn.gif" id="img4"> HOME DESIGN</td></tr> <tr><td > <div id="div4" style="display:block;margin-left:10px;"> <table style="border:0px solid silver;padding:5px;"><tr><td> <ul> <li><a href="plans.php">Custom Design Content Manager</a></li> <li><a href="semicustom.php">Portfolio Design Content Manager</a></li> <li><a href="const.php">Homes Under Construction Content Manager</a></li> <li><a href="homesale.php">Available Homes Content Manager</a></li> <li><a href="steps.php">Our Building Process Content Manager</a></li> </ul> </table> </div> </td> </tr> </table> </td> <td ></td> <td width="395" valign="top"> <table > <tr><td><h3>SITE CONTENT MANAGEMENT</h3></td></tr> <tr><td onclick="tog5()"; style="cursor:pointer;padding-top:10px;"><img src="collapse_msdn.gif" id="img5"> BUILDING SITES</td></tr> <tr><td > <div id="div5" style="display:block;margin-left:10px;"> <table style="border:0px solid silver;padding:5px;"><tr><td> <ul> <li><a href="../edit.php?p=10&c=4">Building Area Map Page Manager</a></li> <li><a href="mng_comm.php">Points of Interest Page Manager</a></li> <li><a href="lots.php">Available Lots Content Manager</a></li> </ul> </table> </div> </td> </tr> <tr><td onclick="tog6()"; style="cursor:pointer;padding-top:10px;"><img src="collapse_msdn.gif" id="img6"> PHOTO GALLERY</td></tr> <tr><td > <div id="div6" style="display:block;margin-left:10px;"> <table style="border:0px solid silver;padding:5px;"><tr><td> <ul> <li><a href="photo_category.php">Gallery Categories Manager</a></li> <li><a href="photos.php">Gallery Photo Manager</a></li> </ul> </table> </div> </td> </tr> <tr><td onclick="tog7()"; style="cursor:pointer;padding-top:10px;"><img src="collapse_msdn.gif" id="img7"> EXTENDED HOME CARE</td></tr> <tr><td > <div id="div7" style="display:block;margin-left:10px;"> <table style="border:0px solid silver;padding:5px;"><tr><td> <ul> <li><a href="../edit.php?p=12&c=6">Extended Home Care Page Manager</a></li> <li><a href="../edit.php?p=13&c=6">Remodeling Services Page Manager</a></li> <li><a href="../mng_testimonials.php">Testimonials Content Manager</a></li> </ul> </table> </div> </td> </tr> <tr><td onclick="tog8()"; style="cursor:pointer;padding-top:10px;"><img src="collapse_msdn.gif" id="img8"> INQUIRIES</td></tr> <tr><td > <div id="div8" style="display:block;margin-left:10px;"> <table style="border:0px solid silver;padding:5px;"><tr><td> <ul> <li><a href="../edit.php?p=15&c=7">Contact Us Page Manager</a></li> <li><a href="../edit.php?p=14&c=7">Office Location Page Manager</a></li> <li><a href="rel_resource.php">Related Resources Content Manager</a></li> <li><a href="../edit.php?p=17&c=7">FAQ Page Manager</a></li> </ul> </table> </div> </td> </tr> <tr><td onclick="tog9()"; style="cursor:pointer;padding-top:10px;"><img src="collapse_msdn.gif" id="img9"> HOME OWNERS ADMIN</td></tr> <tr><td > <div id="div9" style="display:block;margin-left:10px;"> <table style="border:0px solid silver;padding:5px;"><tr><td> <ul> <li><a href="customers.php">User Account Set Up</a></li> <li><a href="../cservice/logon.php">Go to Admin Pages</a></li> </ul> </table> </div> </td> </tr> </td></tr></table> </td> </tr></table> <img src="all.gif" style="display:none;"> <img src="expand_msdn.gif" style="display:none;"> <img src="collapse_msdn.gif" style="display:none;"> <br><br><br><br><br> Quote Link to comment Share on other sites More sharing options...
flim_flamini Posted July 12, 2007 Author Share Posted July 12, 2007 Don't mean to pester, but any new thoughts? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.