Jump to content

strange login error


rofl90

Recommended Posts

It works fine if the referrer is www.codeetech.com, if not it doesn't work, it just gives me the page with the text at the top on it.. heres my code:

 

Validating your credentials... Please wait a moment... 
<?php
/* get the incoming ID and password hash */


/* establish a connection with the database */
$server = mysql_connect("x", "x",
          "hx");
if (!$server) die(mysql_error());
mysql_select_db("x");
  
$user = mysql_real_escape_string(strip_tags(htmlentities(ucwords(strtolower($_POST["userid"])))));
$pass = md5(mysql_real_escape_string(strip_tags(htmlentities($_POST["password"]))));
$websitereferrer = $_POST['referrer'];
$url = $_POST['referrerfull'];

$queray = "SELECT * FROM users WHERE User = '$user'
         AND Password = '$pass' AND banned= '0'";

	 $resulto = mysql_query($queray);


if (mysql_num_rows($resulto) == '1') {
  /* access granted */
  
  $sql = "update users set online='1' WHERE User = '$user'";
  mysql_query($sql) or die(mysql_error());
  $sqlid = "SELECT id from users WHERE User= '$user'";
  $resultar = mysql_query($sqlid) or die(mysql_error());
  $finalised = mysql_fetch_array($resultar);
  
  session_start();
  header("Cache-control: private");
  $_SESSION["access"] = "granted";
  $_SESSION["user"] = $user;
  $_SESSION["id"] = $finalised['id'];
  if($websitereferrer != 'www.codeetech.com') {
  header("Location: index2.php");
  }
  if($url == 'http://www.codeetech.com/backend/logout.php'){
  header("Location: index2.php");
  }
  header("Location: $url");
  
  
} else {
  /* access denied &#8211; redirect back to login */
  header("Location: index.php?a=Login has failed, you have either been banned or you entered the wrong password, if you wish to try again please do, if the problem persists, please contact a member of staff.");
  }


?>

 

and my form:

 

$url = $_SERVER['HTTP_REFERER'];
$websitereferrer = parse_url($url, PHP_URL_HOST);
?>
<form action="validate.php" method="post"> <fieldset>
<label>Your IP is <?php echo $_SERVER['REMOTE_ADDR']; ?>, and has been logged, unauthorised attempts to access will be logged, and steps will be taken. <br /></label>
<br />
<fieldset>
<legend>Name - <?php echo $message; ?></legend><input type="hidden" name="referrer" id="No CSS Style" value="<?php echo $websitereferrer; ?>" /><input type="hidden" name="referrerfull" id="No CSS Style" value="<?php echo $url; ?>" />
<input type="text" name="userid" id="user" />
</fieldset>
(not case sensitive eg cHaRLiE becomes 'Charlie') <br />
<br />
<fieldset><legend> Password</legend>
<input type="password" name="password" id="password" />
</fieldset>
(cAsE sEnSiTiVe) <br />
<br />
<input type="submit" id="submit" value="Login" />
<input name="ip" type="hidden" id="hidden" value="<?php $ip = $_SERVER['REMOTE_ADDR']; echo $ip; ?>" />
<br />
<br />
Backend time out currently set at: <?php $result = mysql_query("SELECT * FROM settings") or die(mysql_error()); 
$row = mysql_fetch_array($result);
$timing = $row['timeout']; echo $timing / 60; ?> minutes.<br />
</fieldset></form>

Link to comment
https://forums.phpfreaks.com/topic/95034-strange-login-error/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.