xlxprophetxlx Posted February 11, 2008 Share Posted February 11, 2008 Evening, There is an advanced login script that I am trying to use but is out putting a weird result. The login script is from this page:http://www.ineedtutorials.com/articles/complete-advanced-login-member-system-php-tutorial The wierd thing is that everything works as planned but...I can type in anything in my url header and it continually shows the login page. I am trying to carry a session variable into another folder and the folder will will not have any access unless you are logged in. For example this is what is happening: (For Example) www.mysite.com/ has the login form which you can register or reset a password. There is a folder www.mysite.com/sharing/ which will have information only available to those that are logged in. The problem is I can type in www.mysite.com/lasdkfsdadfsajfksalfjkaskf;lasnf and the login page still shows up I am unsure why. If I try going to www.mysite.com/sharing/ the login page still comes up. Any thoughts of why in the world this would be happening that would be great. Thanks, -Mike P.S. Additional Information PHP Version 4.4.7 MySQL Version 4.1.22 I am also working under a subdomain as for testing. dev.mysite.com Link to comment https://forums.phpfreaks.com/topic/90546-login-script-weird-problem/ Share on other sites More sharing options...
revraz Posted February 11, 2008 Share Posted February 11, 2008 Lets see the code you use for your session checking. Link to comment https://forums.phpfreaks.com/topic/90546-login-script-weird-problem/#findComment-464228 Share on other sites More sharing options...
xlxprophetxlx Posted February 11, 2008 Author Share Posted February 11, 2008 Here it is: <?php // Start a session session_start(); if (session_is_registered('loginid') || session_is_registered('username')) { //user is logged in ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Test Good</title> </head> <body> <?php echo "Logged In"; ?> </body> </html> <?php }else{ ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Test Bad</title> </head> <body> <?php echo "Not Logged In"; ?> </body> </html> <?php } ?> But the problem I still think is in the code because I can type in: www.mysite.com/lasdkfsdadfsajfksalfjkaskf;lasnf and the login page still comes up with no problem with out a 404 page. Link to comment https://forums.phpfreaks.com/topic/90546-login-script-weird-problem/#findComment-464235 Share on other sites More sharing options...
revraz Posted February 11, 2008 Share Posted February 11, 2008 Post a real URL to your site. Link to comment https://forums.phpfreaks.com/topic/90546-login-script-weird-problem/#findComment-464243 Share on other sites More sharing options...
xlxprophetxlx Posted February 11, 2008 Author Share Posted February 11, 2008 http://dev.thoughtdrivers.com/ By the way thanks for looking into this. Link to comment https://forums.phpfreaks.com/topic/90546-login-script-weird-problem/#findComment-464247 Share on other sites More sharing options...
revraz Posted February 11, 2008 Share Posted February 11, 2008 This must be something to do with your subdomain dev. for your .htaccess file. What's the path to the file without using dev. ? Link to comment https://forums.phpfreaks.com/topic/90546-login-script-weird-problem/#findComment-464250 Share on other sites More sharing options...
xlxprophetxlx Posted February 11, 2008 Author Share Posted February 11, 2008 http://www.thoughtdrivers.com/dev/index.php Link to comment https://forums.phpfreaks.com/topic/90546-login-script-weird-problem/#findComment-464257 Share on other sites More sharing options...
revraz Posted February 11, 2008 Share Posted February 11, 2008 Which functions correctly. So it's something with your mod rewrite. Link to comment https://forums.phpfreaks.com/topic/90546-login-script-weird-problem/#findComment-464264 Share on other sites More sharing options...
xlxprophetxlx Posted February 11, 2008 Author Share Posted February 11, 2008 In addition, I thought you should know that the base site www.thoughtdrivers.com is using Joomla 1.013 and everything in the .htaccess files controls SEF URL's . Link to comment https://forums.phpfreaks.com/topic/90546-login-script-weird-problem/#findComment-464269 Share on other sites More sharing options...
xlxprophetxlx Posted February 11, 2008 Author Share Posted February 11, 2008 On this page: http://www.thoughtdrivers.com/dev/sharing/index.php It should be useing this code: <?php // Start a session session_start(); if (session_is_registered('loginid') || session_is_registered('username')) { //user is logged in ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Test Good</title> </head> <body> <?php echo "Logged In"; ?> </body> </html> <?php }else{ ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Test Bad</title> </head> <body> <?php echo "Not Logged In"; ?> </body> </html> <?php } ?> But I am guessing the SEF htaccess is taking over the url and causing the main page to show up. This is what I am guessing which I am to have to search the database for this link and make sure it comes up correctly if this is the problem. Link to comment https://forums.phpfreaks.com/topic/90546-login-script-weird-problem/#findComment-464273 Share on other sites More sharing options...
revraz Posted February 11, 2008 Share Posted February 11, 2008 Post your .htaccess for the part that deals with the dev. subdomain, maybe someone can spot the problem. I'm assuming that everything gets routed to the index.php Link to comment https://forums.phpfreaks.com/topic/90546-login-script-weird-problem/#findComment-464279 Share on other sites More sharing options...
xlxprophetxlx Posted February 11, 2008 Author Share Posted February 11, 2008 I currently don't have anything setup for the dev subdomain because it is a testing area for the moment but I am assuming I will need to add something to this to get it to work. Here is the htaccess ## # @version $Id: htaccess.txt 4756 2006-08-25 16:07:11Z stingrey $ # @package Joomla # @copyright Copyright (C) 2005 Open Source Matters. All rights reserved. # @license http://www.gnu.org/copyleft/gpl.html GNU/GPL # Joomla! is Free Software ## ##################################################### # READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE # # The line just below this section: 'Options FollowSymLinks' may cause problems # with some server configurations. It is required for use of mod_rewrite, but may already # be set by your server administrator in a way that dissallows changing it in # your .htaccess file. If using it causes your server to error out, comment it out (add # to # beginning of line), reload your site in your browser and test your sef url's. If they work, # it has been set by your server administrator and you do not need it set here. # # Only use one of the two SEF sections that follow. Lines that can be uncommented # (and thus used) have only one #. Lines with two #'s should not be uncommented # In the section that you don't use, all lines should start with # # # For Standard SEF, use the standard SEF section. You can comment out # all of the RewriteCond lines and reduce your server's load if you # don't have directories in your root named 'component' or 'content' # # If you are using a 3rd Party SEF or the Core SEF solution # uncomment all of the lines in the '3rd Party or Core SEF' section # ##################################################### ##### SOLVING PROBLEMS WITH COMPONENT URL's that don't work ##### # SPECIAL NOTE FOR SMF USERS WHEN SMF IS INTEGRATED AND BRIDGED # OR ANY SITUATION WHERE A COMPONENT's URL's AREN't WORKING # # In both the 'Standard SEF', and '3rd Party or Core SEF' sections the line: # RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] ##optional - see notes## # May need to be uncommented. If you are running your Joomla/Mambo from # a subdirectory the name of the subdirectory will need to be inserted into this # line. For example, if your Joomla/Mambo is in a subdirectory called '/test/', # change this: # RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] ##optional - see notes## # to this: # RewriteCond %{REQUEST_URI} ^(/test/component/option,com) [NC,OR] ##optional - see notes## # ##################################################### ## Can be commented out if causes errors, see notes above. Options +FollowSymLinks # # mod_rewrite in use RewriteEngine On # Uncomment following line if your webserver's URL # is not directly related to physical file paths. # Update Your Joomla/MamboDirectory (just / for root) RewriteBase / ########## Begin - Joomla! core SEF Section ############# Use this section if using ONLY Joomla! core SEF ## ALL (RewriteCond) lines in this section are only required if you actually ## have directories named 'content' or 'component' on your server ## If you do not have directories with these names, comment them out. # #RewriteCond %{REQUEST_FILENAME} !-f #RewriteCond %{REQUEST_FILENAME} !-d #RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] ##optional - see notes## #RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|/[^.]*)$ [NC] #RewriteRule ^(content/|component/) index.php # ########## End - Joomla! core SEF Section ########## Begin - 3rd Party SEF Section ############# Use this section if you are using a 3rd party (Non Joomla! core) SEF extension - e.g. OpenSEF, 404_SEF, 404SEFx, SEF Advance, etc # RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] ##optional - see notes## RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|/[^.]*)$ [NC] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule (.*) index.php # ########## End - 3rd Party SEF Section ########## Begin - Rewrite rules to block out some common exploits ## If you experience problems on your site block out the operations listed below ## This attempts to block the most common type of exploit `attempts` to Joomla! # # Block out any script trying to set a mosConfig value through the URL RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] # Block out any script trying to base64_encode crap to send via URL RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] # Block out any script that includes a <script> tag in URL RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] # Block out any script trying to set a PHP GLOBALS variable via URL RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] # Block out any script trying to modify a _REQUEST variable via URL RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) # Send all blocked request to homepage with 403 Forbidden error! RewriteRule ^(.*)$ index.php [F,L] # ########## End - Rewrite rules to block out some common exploits Anyone see anything that I could change or add? When this is all said and done the joomla site is going to be in the www.thoughtdrivers.com/sharing/ folder and a new site will be replacing www.thoughtdrivers.com. So the lines were it rewritecond takes place it will be /sharing/. This may stop the problems since it the htaccess will be in the /sharing/ folder and not the root directory, but I need something for the time being to do testing. Thanks for all the help any input would be great. -Mike Link to comment https://forums.phpfreaks.com/topic/90546-login-script-weird-problem/#findComment-464287 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.