shash98 Posted March 24, 2008 Share Posted March 24, 2008 Hi, this script is an admin login page and the username is "root" and i assigned the password as "qwerty". so wen i am trying to login, it is logging me in with watever password i assign to the username "root",instead it should only log me in wen i type "qwerty" as password but watever password i type to the username "root" i am logging in. If i change the username from "root" to an other, i am unable to log in which is appropriate <?php session_start(); header("Cache-control: private"); if (isset($_POST['uname']) && isset($_POST['passwd']) ) { $_SESSION['uname']=$_POST['uname']; $_SESSION['passwd']=$_POST['passwd']; $_SESSION['stat']="ok"; } @include("function.php"); if (!check() || $_POST['uname']!='root') { header("Location: admin.htm"); session_destroy(); exit; } else { print "<html><title>Welcome ".$_SESSION['fname']."</title>"; // The frames begin from here. print <<<EndCode <frameset cols="250,*" border="0"> <frame name="contents" target="main" src="lefta.php" scrolling="auto" noresize> <frame name="main" src="righta.php"> </frameset> EndCode; print "</html>"; } ?> and this is the function.php file mentioned in the code.... <?php function check() { /*session_start(); header("Cache-control: private");*/ if (isset($_SESSION['uname']) && isset($_SESSION['passwd']) ) { if (isset($_SESSION['stat']) && $_SESSION['stat']=='ok') { return true; } $conn = mysql_connect("localhost", "mysql usrname", "mysql pswd"); if (mysql_errno()) { return false; } $selected = mysql_select_db("exam", $conn); if (mysql_errno()) { return false; } $result=mysql_query("select * from user where uname='".$_SESSION['uname']."' and password=password('".$_SESSION['passwd']."')"); if (mysql_num_rows($result)) { $name_row = mysql_fetch_row($result); $_SESSION['fname']=$name_row[1]; $_SESSION['stat']='ok'; return true; } return false; } else { return false; } } function str_replace1($text) { $len=strlen($text); $new=""; for ($i=0;$i<$len;$i++) { if ($text{$i}=='\\') { $new=$new.'\\\\'; } else if ($text{$i}=='\'') { $new=$new.'\\\''; } else $new=$new.$text{$i}; } return $new; } ?> please guide me whr the problem is and wat should be done to overcome this problem... Thank you Quote Link to comment https://forums.phpfreaks.com/topic/97638-login-problem/ Share on other sites More sharing options...
MadTechie Posted March 24, 2008 Share Posted March 24, 2008 change if (!check() || $_POST['uname']!='root') { to if ( (!check()) && ($_POST['uname']=='root' && $_POST['passwd'] == 'qwerty')) { However if they just type admin.htm their be in to the "admin.htm" area. change the admin.htm to a admin.php file and add something like this to the start <?php session_start(); if($_SESSION['stat']!='ok') { die("No Access"); } ?> Quote Link to comment https://forums.phpfreaks.com/topic/97638-login-problem/#findComment-499572 Share on other sites More sharing options...
shash98 Posted March 24, 2008 Author Share Posted March 24, 2008 i changed as u said me to but i still get logged in with anonymous passwords...this is the modified code <?php session_start(); header("Cache-control: private"); if (isset($_POST['uname']) && isset($_POST['passwd']) ) { $_SESSION['uname']=$_POST['uname']; $_SESSION['passwd']=$_POST['passwd']; $_SESSION['stat']="ok"; } @include("function.php"); if ( (!check()) && ($_POST['uname']=='root' && $_POST['passwd'] == 'qwerty')) { header("Location: admin.php"); session_destroy(); exit; } else { print "<html><title>Welcome ".$_SESSION['fname']."</title>"; // The frames begin from here. print <<<EndCode <frameset cols="250,*" border="0"> <frame name="contents" target="main" src="lefta.php" scrolling="auto" noresize> <frame name="main" src="righta.php"> </frameset> EndCode; print "</html>"; } ?> i also changed admin.htm to admin.php and this is the code i added .... <?php session_start(); if($_SESSION['stat']!='ok') { die("No Access"); } ?> and this is the actual admin.htm code <html> <head> <title>AdminPage</title> <script language="JavaScript"> function start() { login.uname.focus(); } function doSubmit() { if (document.login.uname.value=="" || document.login.passwd.value=="") { alert("Please enter valid data"); return false; } document.login.submit(); } </script> </head> <body onLoad="start()"> <form action="logina.php" method="post" name="login"> <center> <table cellspacing="0" cellpadding="5" border="0" width="245"> <tr> <td colspan="2" bgcolor="#99CCFF"><B><font color="#800000">Administrator Login<font></B></td> </tr> <tr> <td bgcolor="#C0C0C0" width="64"><font color="#800000">Username:</font></td> <td bgcolor="#C0C0C0" width="181"><input type="text" name="uname" size="22"></td> </tr> <tr> <td bgcolor="#C0C0C0" width="64"><font color="#800000">Password:</font></td> <td bgcolor="#C0C0C0" width="181"> <input type="password" name="passwd" size="15" maxlength="10"> <input type="submit" value="Go" onClick="return doSubmit()"></td> </tr> </table> </center> </form> </body> </html> wat should i do? i still get logged in using random password other than actual password which is "qwerty" Quote Link to comment https://forums.phpfreaks.com/topic/97638-login-problem/#findComment-499613 Share on other sites More sharing options...
MadTechie Posted March 24, 2008 Share Posted March 24, 2008 change if ( (!check()) && ($_POST['uname']=='root' && $_POST['passwd'] == 'qwerty')) { to if ( ($_POST['uname']=='root' && $_POST['passwd'] == 'qwerty')) { Quote Link to comment https://forums.phpfreaks.com/topic/97638-login-problem/#findComment-499738 Share on other sites More sharing options...
shash98 Posted March 25, 2008 Author Share Posted March 25, 2008 i did as u said, this time its not logging me in at all wat to do? Quote Link to comment https://forums.phpfreaks.com/topic/97638-login-problem/#findComment-500155 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.