Jump to content

login problem


shash98

Recommended Posts

Hi,

this script is an admin login page and the username is "root" and i assigned the password as "qwerty". so wen i am trying to login, it is logging me in with watever password i assign to the username "root",instead it should only log me in wen i type "qwerty" as password but watever password i type to the username "root" i am logging in. If i change the username from "root" to an other, i am unable to log in which is appropriate

<?php
session_start();
header("Cache-control: private");
if (isset($_POST['uname']) && isset($_POST['passwd']) ) {
$_SESSION['uname']=$_POST['uname'];
$_SESSION['passwd']=$_POST['passwd'];
$_SESSION['stat']="ok";
}
@include("function.php");
if (!check() || $_POST['uname']!='root') { 
	header("Location: admin.htm");
session_destroy();
exit;
}
else {
print "<html><title>Welcome ".$_SESSION['fname']."</title>";

// The frames begin from here.	
print <<<EndCode
<frameset cols="250,*" border="0">
  <frame name="contents" target="main" src="lefta.php" scrolling="auto" noresize>
  <frame name="main" src="righta.php">
</frameset>
EndCode;

print "</html>";
}
?>

 

and this is the function.php file mentioned in the code....

<?php
function check() {
  /*session_start();
  header("Cache-control: private");*/
  if (isset($_SESSION['uname']) && isset($_SESSION['passwd']) ) 
  {
if (isset($_SESSION['stat']) && $_SESSION['stat']=='ok') {
	return true;
}
$conn = mysql_connect("localhost", "mysql usrname", "mysql pswd");
if (mysql_errno()) {
	return false;
}
$selected = mysql_select_db("exam", $conn);
if (mysql_errno()) {
	return false;
}
$result=mysql_query("select * from user where uname='".$_SESSION['uname']."' and password=password('".$_SESSION['passwd']."')");
if (mysql_num_rows($result)) {
	$name_row = mysql_fetch_row($result);
	$_SESSION['fname']=$name_row[1];
	$_SESSION['stat']='ok';
	return true;
}
return false;
  }
  else { return false; }
}
function str_replace1($text) {
$len=strlen($text);
$new="";
for ($i=0;$i<$len;$i++) {
	if ($text{$i}=='\\') {
		$new=$new.'\\\\';
	}
	else if ($text{$i}=='\'') {
		$new=$new.'\\\'';
	}
	else
		$new=$new.$text{$i};
}
return $new;
}

?>

please guide me whr the problem is and wat should be done to overcome this problem...

Thank you

 

Link to comment
https://forums.phpfreaks.com/topic/97638-login-problem/
Share on other sites

change

if (!check() || $_POST['uname']!='root') { 

to

if ( (!check()) && ($_POST['uname']=='root' && $_POST['passwd'] == 'qwerty')) { 

 

However if they just type admin.htm their be in to the "admin.htm" area.

change the admin.htm to a admin.php file and add something like this to the start

<?php
session_start();
if($_SESSION['stat']!='ok')
{
die("No Access");
}
?>

Link to comment
https://forums.phpfreaks.com/topic/97638-login-problem/#findComment-499572
Share on other sites

i changed as u said me to but i still get logged in with anonymous passwords...this is the modified code

<?php
session_start();
header("Cache-control: private");
if (isset($_POST['uname']) && isset($_POST['passwd']) ) {
$_SESSION['uname']=$_POST['uname'];
$_SESSION['passwd']=$_POST['passwd'];
$_SESSION['stat']="ok";
}
@include("function.php");
if ( (!check()) && ($_POST['uname']=='root' && $_POST['passwd'] == 'qwerty')) {
	header("Location: admin.php");
session_destroy();
exit;
}
else {
print "<html><title>Welcome ".$_SESSION['fname']."</title>";

// The frames begin from here.	
print <<<EndCode
<frameset cols="250,*" border="0">
  <frame name="contents" target="main" src="lefta.php" scrolling="auto" noresize>
  <frame name="main" src="righta.php">
</frameset>
EndCode;

print "</html>";
}
?>

 

i also changed admin.htm to admin.php and this is the code i added ....

<?php
session_start();
if($_SESSION['stat']!='ok')
{
die("No Access");
}
?>

and this is the actual admin.htm code

<html>
<head>
<title>AdminPage</title>
<script language="JavaScript">
function start() {
login.uname.focus();
}
function doSubmit()
{
if (document.login.uname.value=="" || document.login.passwd.value=="") {
	alert("Please enter valid data");
	return false;
    }
document.login.submit();
}
</script>
</head>
<body onLoad="start()">
<form action="logina.php" method="post" name="login">
<center>
<table cellspacing="0" cellpadding="5" border="0" width="245">
<tr>
	<td colspan="2" bgcolor="#99CCFF"><B><font color="#800000">Administrator Login<font></B></td>
</tr>
<tr>
   <td bgcolor="#C0C0C0" width="64"><font color="#800000">Username:</font></td>
   <td bgcolor="#C0C0C0" width="181"><input type="text" name="uname" size="22"></td>
</tr>
<tr>
   <td bgcolor="#C0C0C0" width="64"><font color="#800000">Password:</font></td>
   <td bgcolor="#C0C0C0" width="181">
   <input type="password" name="passwd" size="15"  maxlength="10">  
   <input type="submit" value="Go" onClick="return doSubmit()"></td>
</tr>
</table>
</center>
</form>
</body>
</html>

wat should i do? i still get logged in using random password other than actual password which is "qwerty"

Link to comment
https://forums.phpfreaks.com/topic/97638-login-problem/#findComment-499613
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.