Jump to content

login failure on secure website

cello

By cello
in PHP Coding Help

Recommended Posts

cello Newbie

cello

Posted
Posted

Hi

I have a website that has a secure area to view data and any login does not work anymore.

 

I had another problem in that I was not able to upload and then view data that is displayed in this area and attempted to clear out all the data thinking  had reached some sort of limit and after clearing out this data the secure login no longer works. My question is where would the username/password be stored for the logins (emailaddr/password form)?

 

I believe I have managed to get rid of the whole directory structure that the .htpasswd file lived in as I found a link to a location that no longer exists but do remember that the uploads lived in this area too.....DOHHHHH I know but i am a novice and a little bit o knowledge is dangerous. I am still able to SSH in and access email etc so all is not lost but would aprreciate some help in making it semi operational again.

Link to comment
https://forums.phpfreaks.com/topic/79248-login-failure-on-secure-website/
Share on other sites
cello Newbie

cello

Posted
  • Author
Posted

Heres the code from the login page....

 

<?php
include('lib/global.php');
$ref=$_SERVER['HTTP_REFERER'];
$_REQUEST=getReq(array(
        'action|opt|none,login,logout|none',
        'email|other',
        'password|other',
        'referer|other||'.$ref));

switch($_REQUEST['action']) {
        case 'login':
                $count = $sqlProc->queryCount("SELECT count(*) AS count FROM use
r WHERE email = '".
                        addslashes($_REQUEST['email'])."' AND password = PASSWOR
D('".
                        addslashes($_REQUEST['password'])."')",'count');
                if ($count>0) {
                        # Authenticates OK
                        $_SESSION['user'] = $sqlProc->queryRow("SELECT * FROM us
er WHERE email = '".
                                addslashes($_REQUEST['email'])."' AND password =
PASSWORD('".
                                addslashes($_REQUEST['password'])."')");
                        $_SESSION['user']=array_merge($_SESSION['user'],
                                $sqlProc->queryRow("SELECT isadmin,viewprivate F
ROM `group` WHERE groupid = ".$_SESSION['user']['groupid']));
                        $_SESSION['user']['loggedin']='true';
                        redirect('/index.php');
                }
                break;
        case 'logout':
                $_SESSION['user']=array('userid'=>0,'groupid'=>1,'email'=>'','na
me'=>'Unregistered User','loggedin'=>'false');
                $_SESSION['user']=array_merge($_SESSION['user'],
                        $sqlProc->queryRow("SELECT isadmin,viewprivate FROM `gro
up` WHERE groupid = ".$_SESSION['user']['groupid']));
                redirect('/index.php');
                break;
}

?>
<html>

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.