Jump to content

login failure on secure website

cello

By cello
in PHP Coding Help

 Share

Recommended Posts

cello Newbie

cello

Posted
Posted

Hi

I have a website that has a secure area to view data and any login does not work anymore.

 

I had another problem in that I was not able to upload and then view data that is displayed in this area and attempted to clear out all the data thinking  had reached some sort of limit and after clearing out this data the secure login no longer works. My question is where would the username/password be stored for the logins (emailaddr/password form)?

 

I believe I have managed to get rid of the whole directory structure that the .htpasswd file lived in as I found a link to a location that no longer exists but do remember that the uploads lived in this area too.....DOHHHHH I know but i am a novice and a little bit o knowledge is dangerous. I am still able to SSH in and access email etc so all is not lost but would aprreciate some help in making it semi operational again.

Link to comment
Share on other sites
cello Newbie

cello

Posted
  • Author
Posted

Heres the code from the login page....

 

<?php
include('lib/global.php');
$ref=$_SERVER['HTTP_REFERER'];
$_REQUEST=getReq(array(
        'action|opt|none,login,logout|none',
        'email|other',
        'password|other',
        'referer|other||'.$ref));

switch($_REQUEST['action']) {
        case 'login':
                $count = $sqlProc->queryCount("SELECT count(*) AS count FROM use
r WHERE email = '".
                        addslashes($_REQUEST['email'])."' AND password = PASSWOR
D('".
                        addslashes($_REQUEST['password'])."')",'count');
                if ($count>0) {
                        # Authenticates OK
                        $_SESSION['user'] = $sqlProc->queryRow("SELECT * FROM us
er WHERE email = '".
                                addslashes($_REQUEST['email'])."' AND password =
PASSWORD('".
                                addslashes($_REQUEST['password'])."')");
                        $_SESSION['user']=array_merge($_SESSION['user'],
                                $sqlProc->queryRow("SELECT isadmin,viewprivate F
ROM `group` WHERE groupid = ".$_SESSION['user']['groupid']));
                        $_SESSION['user']['loggedin']='true';
                        redirect('/index.php');
                }
                break;
        case 'logout':
                $_SESSION['user']=array('userid'=>0,'groupid'=>1,'email'=>'','na
me'=>'Unregistered User','loggedin'=>'false');
                $_SESSION['user']=array_merge($_SESSION['user'],
                        $sqlProc->queryRow("SELECT isadmin,viewprivate FROM `gro
up` WHERE groupid = ".$_SESSION['user']['groupid']));
                redirect('/index.php');
                break;
}

?>
<html>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.