Jump to content

PHP admin system question


flim_flamini

Recommended Posts

Hi,

I'm working on a website that uses a PHP admin system for the client to alter sql databases, etc. in a simple interface.

 

I've set up a testing server on my local disk (using mamp). However, when I try to log in to the admin page, I just get redirected to index.php, rather than having my login accepted and being sent to admin.php. No errors are reported, I just get a refresh of the login page.

 

I uploaded this particular admin site folder (renamed it) to the remote server and it worked~!! So there is some problem not allowing me to do so on the localhost test server. I'd be really appreciative if someone had some suggestions, as I'd like to view the page on my test server.

 

Thanks!!!

Link to comment
Share on other sites

Hi Thorpe.

Thanks for replying. I've just taken over working on the site and did not write the admin system. Should I post the relevant code here or PM it to you?

 

Thanks so much for your help!

 

flim_flamini

 

Paste it here. Remember to use the [ code ] and [/ code ] tags

 

But as far as why it works on the remote server and not your local, most likely the cookies are not being accepted. Since you are working with localhost I would suggest reading this article on how to properly set cookies for localhost.

 

http://www.aeonity.com/frost/php-setcookie-localhost-apache

 

But remember that you do not want to use that code on production as it will not work properly.

Link to comment
Share on other sites

Here is the index.php code. Quick question...why is the first line of code "$adminlogin = $_REQUEST......" preceded by "//"? Doesn't that render the code as a comment?

 

<?php

//$adminlogin = $_REQUEST['adminlogin'];$password = $_REQUEST['password'];$login = $_REQUEST['login'];
if (!$admin) {

if (!$login) {
$LogError = ($logerror);

echo ("

<head>
<title>Sterling Homes Admin Section</title>
</head>
<p align=\"center\">
<image src=\"../images/logo.jpg\" border=0><p>

<FONT FACE ='Tahoma, Verdana, Arial'>
<p align='center'><font color='#990033'><big><big>Admin</big></big><big><big> Login</big></big><br> 
</font><CENTER>$LogError 

<form ACTION='index.php' METHOD='post' name='FrontPage_Form1'> 
                    <center> <table BORDER='0' width='290'> 
                             <tr> 
                                     <td ALIGN='right' colspan='2' bgcolor='#990033' width='238'> </td> 
                             </tr> 
                             <tr> 
                                     <td ALIGN='right' width='84'><font color='#990033'><b>Admin
                                      ID</b>:</font></td> 
                                     <td width='148'><input TYPE='text' size='20' NAME='adminlogin'></td> 
                             </tr> 
                             <tr> 
                                     <td ALIGN='right' width='84'><font color='#990033'><b>Password</b>:</font></td> 
                                     <td width='148'><input TYPE='password' size='20' NAME='password'></td> 
                             </tr> 
                             <tr> 
                                     <td ALIGN='right' width='84'></td> 
                                     <td width='148'><input name='login' TYPE='submit' VALUE='Login'> 
                                             <input TYPE='reset' VALUE='Reset'> 
                                     </td> 
                             </tr> 
                             <tr> 
                                     <td ALIGN='right' width='238' colspan='2' bgcolor='#990033'> </td> 
                             </tr> 
                     </table></center> 
                   </form> 
</center>

");
} else {

// Process Admin Login
require ("admin_config.php");

// open connection to database
$connection = mysql_connect($hostname, $user, $pass) or die ("Unable to connect!");
mysql_select_db($database) or die ("UNABLE TO SELECT DATABASE");


$result = mysql_query("select * from sterling_website.admins where admin = '$adminlogin' and password='$password'");

if ($row = mysql_fetch_array($result)) {
// match

	setcookie("admin","yes");
	setcookie("adminpass",$row["password"]);
	setcookie("adminid",$row["admin"]);
	setcookie("Access",$row["access"]);

	$dte = date("m/d/Y");
	$tme = date("H:i:s");
	$ip = $_SERVER['REMOTE_ADDR'];

	$result = mysql_query("INSERT INTO tblLog (fldUserName, fldIP, fldTime, fldDate, fldInOut) VALUES ('$adminlogin','$ip', '$tme','$dte','In')");
	header("Location: admin.php");

	} else {
	setcookie("admin","");
	setcookie("adminpass","");
	setcookie("adminid","");
	setcookie("Access","");
	header("Location: index.php?logerror=Login Incorrect");
	}

}
} else {
header("Location: admin.php");
}

?>

Link to comment
Share on other sites

Quick question...why is the first line of code "$adminlogin = $_REQUEST......" preceded by "//"? Doesn't that render the code as a comment

 

Yes, it is a comment. Probably put there for some debugging purposes.

 

The problem with this code is that it assumes register globals are on. An easy fix would be to turn register globals on in your local php.ini (They must allready be off on the remote site). however, doing so poses a security issue. hence register globals are off by default now days.

 

The best thing to do would be fix the code. eg;

 

if (!$admin) {

 

becomes...

 

if (!$_POST['admin']) {

Link to comment
Share on other sites

After updating the code and trying to login to the admin page on my localhost I get sent to admin/index.php?logerror=Login%20Incorrect. The login page itself once again refreshes. I know that the username and password I am using are correct because I'm viewing it now in the sql database. hmmmmm

Link to comment
Share on other sites

$connection = mysql_connect($hostname, $user, $pass) or die ("Unable to connect!");
mysql_select_db($database) or die ("UNABLE TO SELECT DATABASE");

 

Just an FYI the $_POST bit only applies to variables that have been posted, it would not apply to "$hostname" etc. Incase you did modify those to that also.

 

Post the updated code.

Link to comment
Share on other sites

I have only changed the 'admin' and 'login' as seen below.

 

<?php

//$adminlogin = $_REQUEST['adminlogin'];$password = $_REQUEST['password'];$login = $_REQUEST['login'];
if (!$_POST['admin']) {

if (!$_POST['login']) {
$LogError = ($logerror);

echo ("

<head>
<title>Sterling Homes Admin Section</title>
</head>
<p align=\"center\">
<image src=\"../images/logo.jpg\" border=0><p>

<FONT FACE ='Tahoma, Verdana, Arial'>
<p align='center'><font color='#990033'><big><big>Admin</big></big><big><big> Login</big></big><br> 
</font><CENTER>$LogError 

<form ACTION='index.php' METHOD='post' name='FrontPage_Form1'> 
                    <center> <table BORDER='0' width='290'> 
                             <tr> 
                                     <td ALIGN='right' colspan='2' bgcolor='#990033' width='238'> </td> 
                             </tr> 
                             <tr> 
                                     <td ALIGN='right' width='84'><font color='#990033'><b>Admin
                                      ID</b>:</font></td> 
                                     <td width='148'><input TYPE='text' size='20' NAME='adminlogin'></td> 
                             </tr> 
                             <tr> 
                                     <td ALIGN='right' width='84'><font color='#990033'><b>Password</b>:</font></td> 
                                     <td width='148'><input TYPE='password' size='20' NAME='password'></td> 
                             </tr> 
                             <tr> 
                                     <td ALIGN='right' width='84'></td> 
                                     <td width='148'><input name='login' TYPE='submit' VALUE='Login'> 
                                             <input TYPE='reset' VALUE='Reset'> 
                                     </td> 
                             </tr> 
                             <tr> 
                                     <td ALIGN='right' width='238' colspan='2' bgcolor='#990033'> </td> 
                             </tr> 
                     </table></center> 
                   </form> 
</center>

");
} else {

// Process Admin Login
require ("admin_config.php");

// open connection to database
$connection = mysql_connect($hostname, $user, $pass) or die ("Unable to connect!");
mysql_select_db($database) or die ("UNABLE TO SELECT DATABASE");


$result = mysql_query("select * from sterling_website.admins where admin = '$adminlogin' and password='$password'");

if ($row = mysql_fetch_array($result)) {
// match

	setcookie("admin","yes");
	setcookie("adminpass",$row["password"]);
	setcookie("adminid",$row["admin"]);
	setcookie("Access",$row["access"]);

	$dte = date("m/d/Y");
	$tme = date("H:i:s");
	$ip = $_SERVER['REMOTE_ADDR'];

	$result = mysql_query("INSERT INTO tblLog (fldUserName, fldIP, fldTime, fldDate, fldInOut) VALUES ('$adminlogin','$ip', '$tme','$dte','In')");
	header("Location: admin.php");

	} else {
	setcookie("admin","");
	setcookie("adminpass","");
	setcookie("adminid","");
	setcookie("Access","");
	header("Location: index.php?logerror=Login Incorrect");
	}

}
} else {
header("Location: admin.php");
}

?>

Link to comment
Share on other sites

When I turned the "$adminlogin = $_REQUEST['adminlogin'];$password = $_REQUEST['password'];$login = $_REQUEST['login'];" back on only one thing changed. When I tried logging in I was sent back to

 

admin/index.php

 

whereas with the commenting on...here is what appears in the address bar:

 

admin/index.php?logerror=Login%20Incorrect

Link to comment
Share on other sites

Sorry... that whole top section actually looks a little ilogical. $admin doesn't exist within the script so... I think the top actually needs to be...

 

$adminlogin = $_REQUEST['adminlogin'];$password = $_REQUEST['password'];$login = $_REQUEST['login'];
//if (!$admin) {

 

However, it makes little sense that it would be working on your remote server the way it is.

Link to comment
Share on other sites

Then after I attempt to login, the page goes blank. Just wondering, do you think there is any code in the admin.php page that I am trying to reach through the login that needs to be altered?

 

<?php
if (!$_POST['admin']) {
header("Location: index.php");
}

require ("admin_config.php");
include ("header.txt");

?>
<title>Sterling Homes Admin</title>
<script type="text/javascript">
function tog1()
{    var expanded = document.getElementById("div1");var image1 =  document.getElementById("img1");
if(expanded.style.display == "none" || !expanded.style.display)
    {   expanded.style.display = "block";image1.src = "collapse_msdn.gif"; }
else if(expanded.style.display == "block")
    {   expanded.style.display = "none";image1.src = "expand_msdn.gif"; }
return false;
}
function tog2()
{    var expanded = document.getElementById("div2");var image2 =  document.getElementById("img2");
if(expanded.style.display == "none" || !expanded.style.display)
    {   expanded.style.display = "block";image2.src = "collapse_msdn.gif"; }
else if(expanded.style.display == "block")
    {   expanded.style.display = "none";image2.src = "expand_msdn.gif"; }
return false;
}
function tog3()
{    var expanded = document.getElementById("div3");var image3 =  document.getElementById("img3");
if(expanded.style.display == "none" || !expanded.style.display)
    {   expanded.style.display = "block";image3.src = "collapse_msdn.gif"; }
else if(expanded.style.display == "block")
    {   expanded.style.display = "none";image3.src = "expand_msdn.gif"; }
return false;
}
function tog4()
{    var expanded = document.getElementById("div4");var image4 =  document.getElementById("img4");
if(expanded.style.display == "none" || !expanded.style.display)
    {   expanded.style.display = "block";image4.src = "collapse_msdn.gif"; }
else if(expanded.style.display == "block")
    {   expanded.style.display = "none";image4.src = "expand_msdn.gif"; }
return false;
}
function tog5()
{    var expanded = document.getElementById("div5");var image5 =  document.getElementById("img5");
if(expanded.style.display == "none" || !expanded.style.display)
    {   expanded.style.display = "block";image5.src = "collapse_msdn.gif"; }
else if(expanded.style.display == "block")
    {   expanded.style.display = "none";image5.src = "expand_msdn.gif"; }
return false;
}
function tog6()
{    var expanded = document.getElementById("div6");var image6 =  document.getElementById("img6");
if(expanded.style.display == "none" || !expanded.style.display)
    {   expanded.style.display = "block";image6.src = "collapse_msdn.gif"; }
else if(expanded.style.display == "block")
    {   expanded.style.display = "none";image6.src = "expand_msdn.gif"; }
return false;
}
function tog7()
{    var expanded = document.getElementById("div7");var image7 =  document.getElementById("img7");
if(expanded.style.display == "none" || !expanded.style.display)
    {   expanded.style.display = "block";image7.src = "collapse_msdn.gif"; }
else if(expanded.style.display == "block")
    {   expanded.style.display = "none";image7.src = "expand_msdn.gif"; }
return false;
}
function tog8()
{    var expanded = document.getElementById("div8");var image8 =  document.getElementById("img8");
if(expanded.style.display == "none" || !expanded.style.display)
    {   expanded.style.display = "block";image8.src = "collapse_msdn.gif"; }
else if(expanded.style.display == "block")
    {   expanded.style.display = "none";image8.src = "expand_msdn.gif"; }
return false;
}
function tog9()
{    var expanded = document.getElementById("div9");var image9 =  document.getElementById("img9");
if(expanded.style.display == "none" || !expanded.style.display)
    {   expanded.style.display = "block";image9.src = "collapse_msdn.gif"; }
else if(expanded.style.display == "block")
    {   expanded.style.display = "none";image9.src = "expand_msdn.gif"; }
return false;
}
</script>

<p align="center"><font size="4">Click On Title To Expand/Collpse Options</font></p>

	<table border="0" align="center" width="800">
	<tr><td width="395" valign="top">

<table border="0" >

<tr><td><h3>STERLING ADMIN</h3></td></tr>
<tr><td onclick="tog1()"; style="cursor:pointer;"><img src="collapse_msdn.gif" id="img1"> ADMIN</td></tr>
<tr><td >
<div id="div1" style="display:block;margin-left:10px;">
<table style="border:0px solid silver;padding:5px;"><tr><td>
<ul>
<li><a href="menu_control.php">Menu Control</a></li>
<li><a href="user_control.php">Admin Control</a></li>
<li><a href="chgpass.php">Change Password</a></li>
<li><a href="loghist.php">Log History</a></li>
<li><a href="logout.php">Logout of Admin Page</a></li>
</ul>
</table>
</div>
</td>
</tr>
<tr><td> </td></tr>
<tr><td><h3>SITE CONTENT MANAGEMENT</h3></td></tr>
<tr><td onclick="tog2()"; style="cursor:pointer;"><img src="collapse_msdn.gif" id="img2"> HOME</td></tr>
<tr><td >
<div id="div2" style="display:block;margin-left:10px;">
<table style="border:0px solid silver;padding:5px;">
<tr><td>
<ul>
<li><a href="homeimages.php">Home Page Slideshow Image Manager</a></li>
<li><a href="../mng_newsletter.php">Sterling News Content Manager</a></li>
</ul>
</td></tr>
</table>
</div>
</td>
</tr>

<tr><td onclick="tog3()"; style="cursor:pointer;padding-top:10px;"><img src="collapse_msdn.gif" id="img3"> STERLING RESUME</td></tr>
<tr><td >
<div id="div3" style="display:block;margin-left:10px;">
<table style="border:0px solid silver;padding:5px;"><tr><td>
<ul>
<li><a href="page_category.php">Welcome To Sterling Page Manager</a></li>
<li><a href="../mng_staff.php">Staff Members Content Manager</a></li>
<li><a href="steps.php">Our Building Process Content Manager</a></li>
<li><a href="../mng_awards.php">Award & Affiliations Content Manager</a></li>
<li><a href="../mng_testimonials.php">Testimonials Content Manager</a></li>
<li><a href="../mng_newsletter.php">Newsletters Content Manager</a></li>
</ul>
</table>
</div>
</td>
</tr>

<tr><td onclick="tog4()"; style="cursor:pointer;padding-top:10px;"><img src="collapse_msdn.gif" id="img4"> HOME DESIGN</td></tr>
<tr><td >
<div id="div4" style="display:block;margin-left:10px;">
<table style="border:0px solid silver;padding:5px;"><tr><td>
<ul>
<li><a href="plans.php">Custom Design Content Manager</a></li>
<li><a href="semicustom.php">Portfolio Design Content Manager</a></li>
<li><a href="const.php">Homes Under Construction Content Manager</a></li>
<li><a href="homesale.php">Available Homes Content Manager</a></li>
<li><a href="steps.php">Our Building Process Content Manager</a></li>
</ul>
</table>
</div>
</td>
</tr>




</table>

	</td>
	<td ></td>
	<td width="395" valign="top">
	<table >
<tr><td><h3>SITE CONTENT MANAGEMENT</h3></td></tr>
<tr><td onclick="tog5()"; style="cursor:pointer;padding-top:10px;"><img src="collapse_msdn.gif" id="img5"> BUILDING SITES</td></tr>
<tr><td >
<div id="div5" style="display:block;margin-left:10px;">
<table style="border:0px solid silver;padding:5px;"><tr><td>
<ul>
<li><a href="../edit.php?p=10&c=4">Building Area Map Page Manager</a></li>
<li><a href="mng_comm.php">Points of Interest Page Manager</a></li>
<li><a href="lots.php">Available Lots Content Manager</a></li>
</ul>
</table>
</div>
</td>
</tr>


<tr><td onclick="tog6()"; style="cursor:pointer;padding-top:10px;"><img src="collapse_msdn.gif" id="img6"> PHOTO GALLERY</td></tr>
<tr><td >
<div id="div6" style="display:block;margin-left:10px;">
<table style="border:0px solid silver;padding:5px;"><tr><td>
<ul>
<li><a href="photo_category.php">Gallery Categories Manager</a></li>
<li><a href="photos.php">Gallery Photo Manager</a></li>
</ul>
</table>
</div>
</td>
</tr>


<tr><td onclick="tog7()"; style="cursor:pointer;padding-top:10px;"><img src="collapse_msdn.gif" id="img7"> EXTENDED HOME CARE</td></tr>
<tr><td >
<div id="div7" style="display:block;margin-left:10px;">
<table style="border:0px solid silver;padding:5px;"><tr><td>
<ul>
<li><a href="../edit.php?p=12&c=6">Extended Home Care Page Manager</a></li>
<li><a href="../edit.php?p=13&c=6">Remodeling Services Page Manager</a></li>
<li><a href="../mng_testimonials.php">Testimonials Content Manager</a></li>
</ul>
</table>
</div>
</td>
</tr>


<tr><td onclick="tog8()"; style="cursor:pointer;padding-top:10px;"><img src="collapse_msdn.gif" id="img8"> INQUIRIES</td></tr>
<tr><td >
<div id="div8" style="display:block;margin-left:10px;">
<table style="border:0px solid silver;padding:5px;"><tr><td>
<ul>
<li><a href="../edit.php?p=15&c=7">Contact Us Page Manager</a></li>
<li><a href="../edit.php?p=14&c=7">Office Location Page Manager</a></li>
<li><a href="rel_resource.php">Related Resources Content Manager</a></li>
<li><a href="../edit.php?p=17&c=7">FAQ Page Manager</a></li>
</ul>
</table>
</div>
</td>
</tr>


<tr><td onclick="tog9()"; style="cursor:pointer;padding-top:10px;"><img src="collapse_msdn.gif" id="img9"> HOME OWNERS ADMIN</td></tr>
<tr><td >
<div id="div9" style="display:block;margin-left:10px;">
<table style="border:0px solid silver;padding:5px;"><tr><td>
<ul>
<li><a href="customers.php">User Account Set Up</a></li>
<li><a href="../cservice/logon.php">Go to Admin Pages</a></li>
</ul>
</table>
</div>
</td>
</tr>
	</td></tr></table>
	</td>
	</tr></table>
<img src="all.gif" style="display:none;">
<img src="expand_msdn.gif" style="display:none;">
<img src="collapse_msdn.gif" style="display:none;">

<br><br><br><br><br>

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.