[SOLVED] login page not working

[roldahayes]

HI please can you look at the code below.

The password login form returns that the details are wrong but I cant see whats causing it.

The script was wriiten for PHP4 and Ive changed it to work with PHP5 so changed $_HTTP_GET etc. to relivant versions.

 

db_config.php

<?php

/* 	

	Wykes Online Products Database and Querying System



	filename: 		db_conf.php

 	version: 		1.0

	last revision:	13/10/02

	description:	database configuration page - configure settings to your database server



*/ 



$dbhost = "localhost";				// MySQL database host address

$db = "thulevan";						// database name

$wykesUser = "thule1961";				// db username for wykes user

$userPass = "thule1961";				// db password for wykes user

$wykesAdmin = "thule";		// db username for wykes admin

$adminPass = "thule";				// db password for wykes password

?>

 

login.php

<?php
/* 	
	Wykes Online Products Database and Querying System

	filename: 		login.php
 	version: 		1.1
	last revision:	23/11/02
	description:	admin logon authentication - password check and session creation	

*/ 




if (!$_POST['submit'])
{
?>
	<script language="JavaScript">
	<!--
	function validateForm(form)
	{ 
		if (form.username.value == "")
		{ 
		   alert("Please Enter a Username."); 
		   form.username.focus( ); 
		   return false; 
		}
		else if (form.password.value == "")
		{ 
		   alert("Please Enter a Password."); 
		   form.password.focus( ); 
		   return false; 
		}	
	}
	-->
	</script>
	<style type="text/css">
<!--
BODY
{
}
A
{
    COLOR: #003366;
    TEXT-DECORATION: none;
}
A:hover
{
    TEXT-DECORATION: underline;
}
.small
{
    FONT-SIZE: 8pt;
    FONT-FAMILY: Verdana;
}
.std
{
    FONT-SIZE: 8pt;
    FONT-FAMILY: Verdana;
COLOR: #000000;
}
.header
{
    FONT-SIZE: 8pt;
    FONT-FAMILY: Verdana;
    FONT-WEIGHT: BOLD;
COLOR:#000000;
}
.bigheader
{
    FONT-SIZE: 8pt;
    FONT-FAMILY: Verdana;
FONT-WEIGHT: BOLD;
    COLOR:#FFFFFF;
}
.error
{
    FONT-SIZE: 8pt;
    FONT-FAMILY: Verdana;
COLOR:#FF0000
}
.headertable
{
FONT-SIZE: 8pt;
    FONT-FAMILY: Verdana;
FONT-WEIGHT: regular;
    COLOR:#FFFFFF;
    BACKGROUND-COLOR:#000066;
}
.stdtable
{
FONT-SIZE: 8pt;
    FONT-FAMILY: Verdana;
FONT-WEIGHT: regular;
    COLOR:#000066;
}
-->
</style>
<table width="60" border="0" cellspacing="0" cellpadding="0" align="center">
  <tr> 
    <td> </td>
    <td> </td>
  </tr>
</table>
<table width="630" align="center" cellspacing="0">
  <tr align="center"> 

          <td valign="top"> 

                        
        <table border="0" cellspacing="0" cellpadding="0">
          <tr> 
            <td width="3"></td>
            
          <td width="593" colspan="3"> </td>
            <td width="3"></td>
          </tr>
          <tr> 
            
          <td> </td>
            <td align="center" valign="middle" colspan="3">
              <table border="0" cellspacing="0" cellpadding="4" width="98%">
                <tr align="center"> 
                  <td class="small" colspan="8">  
			  <form name="Login" action="login.php" method="post">
	Username: <input type="text" name="username"/>
	Password: <input type="password" name="password"/>
	<input type="submit" name="submit" value="submit" onClick="return validateForm(form)">
	</form>
			  </td>
                </tr>
              </table>
            </td>
            <td></td>
          </tr>
          <tr> 
            
          <td rowspan="2"> </td>
          <td rowspan="2"> </td>
            <td class=small align="center"> 
              <table width="98%" border="0" cellspacing="0" cellpadding="0">
                <tr> 
                  <td class=small> </td>
                  <td align="right"> </td>
                </tr>
              </table>
            </td>
            
          <td rowspan="2" align="right"> </td>
            
          <td rowspan="2"> </td>
          </tr>
          <tr> 
            
          <td valign="bottom"> </td>
          </tr>
        </table>

            <p> </p>

          </td>

        </tr>

      </table>


<?php
}
else
{
	// include session authentication file
	include_once("session.php");

	// include the wykes website configuration file
	include_once("web_conf.php");

	// set login variables
	$strInvalid = "Doh! The username or password you have entered is invalid. Please try again: <p><a href=\"login.php\">Login</a><p>";
	$username = $_POST ["username"];
	$password = $_POST ["password"];

	// test for blank entries
	if (($username == "") || ($password == ""))
	{

		echo($strInvalid);
		return;
	}

	// test the password
	if(($password == $WYKESPASSWORD)&&($username == $WYKESUSERNAME))
	{
		// Create session and set authenticated flag	
		if (!session_start())
			echo("Not able to create Session");
		if (!session_register("isAuthenticated"))
		{
			echo("Could not add isAuthenticated variable to session.");
			return;
		}
		$_SESSION ['isAuthenticated'] = "loggedIn";	
		$_SESSION ['SessionExpired'] = "<p>User session has expired. Please login again: <a href=\"login.php\">Login</a><p>";	
		include_once("upload.php");
	}		
	else
	{

		echo($strInvalid);
		return;
	}
}
?>

 

session.php

<?php
/* 	
	Wykes Online Products Database and Querying System

	filename: 		session.php
 	version: 		1.0
	last revision:	13/10/02
	description:	session authentication check function
*/ 

// session handler for authentication
function isSessionAuthenticated()
{
	global $isAuthenticated;
	global $SessionExpired;

	session_start();

	$_SESSION ['SessionExpired'] = "<p>User session has expired. Please login again: <a href=\"login.php\">Login</a><p>";	

	if (session_is_registered("isAuthenticated") && ($_SESSION['isAuthenticated'] = "loggedIn"))
		return true;
	else
		return false;
}
?>

 

web_conf.php

<?php
/* 	
	Wykes Online Products Database and Querying System

	filename: 		web_conf.php
 	version: 		1.0
	last revision:	01/11/02
	description:	website configuration page - configure settings to your web server

*/ 

$MAXFILESIZE = 5 * 1024 * 1024; 					// Maximum file size for uploaded file (5MB)
$UPLOADDIR = "./upload/";							// Directory with write access for web user to upload files
$AUTORACKUSERNAME = "thule";
$AUTORACKPASSWORD = "thule";							// Password for admin section
$MAILTO = "dwill@nildram.co.uk";
$IMAGEDIR = "./new/"							// Directory of image files
//$MAILTO = "tbatey@eclipsenetsolutions.co.uk";		// Mail Address to send Enquirys too
?>

 

test url is http://www.thule-professional.co.uk/add/login.php

[AdRock]

If you are looking for login scripts etc you can give these a try and tailor them to your own needs

 

http://www.olate.co.uk/articles/185 secure login and registration

http://www.devarticles.com/c/a/PHP/Creating-a-Membership-System/1/ email verifation etc

[mgs019]

Where do $WYKESPASSWORD and $WYKESPASSWORD come from because you compare to them but I do not see how they become defined.

 

Maybe this is the problem.

 

Martin

[roldahayes]

they were place in there when the script was written for us (on a different server than the one im having probs with)

 

all the pages work fine on the old one.

 

Im guessing it might be the server setup?

[BlueSkyIS]

$WYKESPASSWORD and $WYKESPASSWORD have to be set somewhere. Perhaps they are defined as variables on the old server. It's not server configuration per se, but lack of the values for $WYKESPASSWORD and $WYKESPASSWORD: Where were they stored on the old server?

[roldahayes]

do you mean wkyesuser and wykespass? are they not in db_config.php  ??

 

ive copied the files to other servers and they work fine with no mods...

[BlueSkyIS]

no, we're referring to this line:

 

if(($password == $WYKESPASSWORD)&&($username == $WYKESUSERNAME))

 

Where are $WYKESPASSWORD and $WYKESUSERNAME set in the code? If it worked unchanged on the previous server, without having these set in code, then these values may have been set as environment variables on the server.

[roldahayes]

right I see,

 

well it has been ok on 2 different servers, the one originally set up and another one that i tried.

 

Could it be set in the sql somewhere?

[roldahayes]

Cracked it!

 

if(($password == $WYKESPASSWORD)&&($username == $WYKESUSERNAME))

 

should have been

 

if(($password == $AUTORACKPASSWORD)&&($username == $AUTORACKUSERNAME))

 

to match wb_config.php

 

wykes was the original config and autorack was the newer site.

 

Thanks for your help guys!