Login Script | Weird Problem

[xlxprophetxlx]

Evening,

 

There is an advanced login script that I am trying to use but is out putting a weird result.

 

The login script is from this page:http://www.ineedtutorials.com/articles/complete-advanced-login-member-system-php-tutorial

 

The wierd thing is that everything works as planned but...I can type in anything in my url header and it continually shows the login page. I am trying to carry a session variable into another folder and the folder will will not have any access unless you are logged in.

 

For example this is what is happening:

 

(For Example)

www.mysite.com/ has the login form which you can register or reset a password.

There is a folder www.mysite.com/sharing/ which will have information only available to those that are logged in.

The problem is I can type in www.mysite.com/lasdkfsdadfsajfksalfjkaskf;lasnf and the login page still shows up I am unsure why.

If I try going to www.mysite.com/sharing/ the login page still comes up.

 

Any thoughts of why in the world this would be happening that would be great.

 

Thanks,

 

-Mike

 

P.S.

Additional Information

PHP Version 4.4.7

MySQL Version 4.1.22

I am also working under a subdomain as for testing. dev.mysite.com

[revraz]

Lets see the code you use for your session checking.

[xlxprophetxlx]

Here it is:

 

<?php
// Start a session
session_start();

if (session_is_registered('loginid') || session_is_registered('username'))
{
//user is logged in
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Test Good</title>
</head>

<body>
<?php
	echo "Logged In";
?>
</body>
</html>
<?php
	}else{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Test Bad</title>
</head>

<body>
<?php
	echo "Not Logged In";
?>
</body>
</html>
<?php
	}
?>

 

But the problem I still think is in the code because I can type in: www.mysite.com/lasdkfsdadfsajfksalfjkaskf;lasnf and the login page still comes up with no problem with out a 404 page.

[revraz]

Post a real URL to your site.

[xlxprophetxlx]

http://dev.thoughtdrivers.com/

 

By the way thanks for looking into this.

[revraz]

This must be something to do with your subdomain dev. for your .htaccess file.

 

What's the path to the file without using dev. ?

[xlxprophetxlx]

http://www.thoughtdrivers.com/dev/index.php

[revraz]

Which functions correctly.  So it's something with your mod rewrite.

[xlxprophetxlx]

In addition, I thought you should know that the base site www.thoughtdrivers.com is using Joomla 1.013 and everything in the .htaccess files controls SEF URL's .

[xlxprophetxlx]

On this page:

http://www.thoughtdrivers.com/dev/sharing/index.php

 

It should be useing this code:

 

<?php
// Start a session
session_start();

if (session_is_registered('loginid') || session_is_registered('username'))
{
//user is logged in
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Test Good</title>
</head>

<body>
<?php
	echo "Logged In";
?>
</body>
</html>
<?php
	}else{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Test Bad</title>
</head>

<body>
<?php
	echo "Not Logged In";
?>
</body>
</html>
<?php
	}
?>

 

But I am guessing the SEF htaccess is taking over the url and causing the main page to show up.  This is what I am guessing which I am to have to search the database for this link and make sure it comes up correctly if this is the problem.

[revraz]

Post your .htaccess for the part that deals with the dev. subdomain, maybe someone can spot the problem.

 

I'm assuming that everything gets routed to the index.php

[xlxprophetxlx]

I currently don't have anything setup for the dev subdomain because it is a testing area for the moment but I am assuming I will need to add something to this to get it to work.

 

Here is the htaccess

 

##
# @version $Id: htaccess.txt 4756 2006-08-25 16:07:11Z stingrey $
# @package Joomla
# @copyright Copyright (C) 2005 Open Source Matters. All rights reserved.
# @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
# Joomla! is Free Software
##


#####################################################
#  READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: 'Options FollowSymLinks' may cause problems
# with some server configurations.  It is required for use of mod_rewrite, but 

may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file.  If using it causes your server to error out, comment it 

out (add # to 
# beginning of line), reload your site in your browser and test your sef url's.  

If they work,
# it has been set by your server administrator and you do not need it set here. 
#
# Only use one of the two SEF sections that follow.  Lines that can be 

uncommented
# (and thus used) have only one #.  Lines with two #'s should not be uncommented
# In the section that you don't use, all lines should start with #
#
# For Standard SEF, use the standard SEF section.  You can comment out
# all of the RewriteCond lines and reduce your server's load if you
# don't have directories in your root named 'component' or 'content'
#
# If you are using a 3rd Party SEF or the Core SEF solution
# uncomment all of the lines in the '3rd Party or Core SEF' section
#
#####################################################

#####  SOLVING PROBLEMS WITH COMPONENT URL's that don't work #####
# SPECIAL NOTE FOR SMF USERS WHEN SMF IS INTEGRATED AND BRIDGED
# OR ANY SITUATION WHERE A COMPONENT's URL's AREN't WORKING
#
# In both the 'Standard SEF', and '3rd Party or Core SEF' sections the line:
# RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] ##optional - see 

notes##
# May need to be uncommented.  If you are running your Joomla/Mambo from
# a subdirectory the name of the subdirectory will need to be inserted into this
# line.  For example, if your Joomla/Mambo is in a subdirectory called '/test/',
# change this:
# RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] ##optional - see 

notes##
# to this:
# RewriteCond %{REQUEST_URI} ^(/test/component/option,com) [NC,OR] ##optional - 

see notes##
#
#####################################################


##  Can be commented out if causes errors, see notes above.
Options +FollowSymLinks

#
#  mod_rewrite in use

RewriteEngine On


#  Uncomment following line if your webserver's URL
#  is not directly related to physical file paths.
#  Update Your Joomla/MamboDirectory (just / for root)

RewriteBase /


########## Begin - Joomla! core SEF Section
############# Use this section if using ONLY Joomla! core SEF
## ALL (RewriteCond) lines in this section are only required if you actually
## have directories named 'content' or 'component' on your server
## If you do not have directories with these names, comment them out.
#
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteCond %{REQUEST_FILENAME} !-d
#RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] 		

##optional - see notes##
#RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|/[^.]*)$  [NC]
#RewriteRule ^(content/|component/) index.php
#
########## End - Joomla! core SEF Section



########## Begin - 3rd Party SEF Section
############# Use this section if you are using a 3rd party (Non Joomla! core) 

SEF extension - e.g. OpenSEF, 404_SEF, 404SEFx, SEF Advance, etc
#
RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] 		

##optional - see notes##
RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|/[^.]*)$  [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) index.php
#
########## End - 3rd Party SEF Section



########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla! 
#                              
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
# 
########## End - Rewrite rules to block out some common exploits

 

Anyone see anything that I could change or add?  When this is all said and done the joomla site is going to be in the www.thoughtdrivers.com/sharing/ folder and a new site will be replacing www.thoughtdrivers.com.  So the lines were it rewritecond takes place it will be /sharing/.  This may stop the problems since it the htaccess will be in the /sharing/ folder and not the root directory, but I need something for the time being to do testing.

 

Thanks for all the help any input would be great.

 

-Mike