shash98 Posted March 24, 2008 Share Posted March 24, 2008 Hi, this script is an admin login page and the username is "root" and i assigned the password as "qwerty". so wen i am trying to login, it is logging me in with watever password i assign to the username "root",instead it should only log me in wen i type "qwerty" as password but watever password i type to the username "root" i am logging in. If i change the username from "root" to an other, i am unable to log in which is appropriate <?php session_start(); header("Cache-control: private"); if (isset($_POST['uname']) && isset($_POST['passwd']) ) { $_SESSION['uname']=$_POST['uname']; $_SESSION['passwd']=$_POST['passwd']; $_SESSION['stat']="ok"; } @include("function.php"); if (!check() || $_POST['uname']!='root') { header("Location: admin.htm"); session_destroy(); exit; } else { print "<html><title>Welcome ".$_SESSION['fname']."</title>"; // The frames begin from here. print <<<EndCode <frameset cols="250,*" border="0"> <frame name="contents" target="main" src="lefta.php" scrolling="auto" noresize> <frame name="main" src="righta.php"> </frameset> EndCode; print "</html>"; } ?> and this is the function.php file mentioned in the code.... <?php function check() { /*session_start(); header("Cache-control: private");*/ if (isset($_SESSION['uname']) && isset($_SESSION['passwd']) ) { if (isset($_SESSION['stat']) && $_SESSION['stat']=='ok') { return true; } $conn = mysql_connect("localhost", "mysql usrname", "mysql pswd"); if (mysql_errno()) { return false; } $selected = mysql_select_db("exam", $conn); if (mysql_errno()) { return false; } $result=mysql_query("select * from user where uname='".$_SESSION['uname']."' and password=password('".$_SESSION['passwd']."')"); if (mysql_num_rows($result)) { $name_row = mysql_fetch_row($result); $_SESSION['fname']=$name_row[1]; $_SESSION['stat']='ok'; return true; } return false; } else { return false; } } function str_replace1($text) { $len=strlen($text); $new=""; for ($i=0;$i<$len;$i++) { if ($text{$i}=='\\') { $new=$new.'\\\\'; } else if ($text{$i}=='\'') { $new=$new.'\\\''; } else $new=$new.$text{$i}; } return $new; } ?> please guide me whr the problem is and wat should be done to overcome this problem... Thank you Link to comment https://forums.phpfreaks.com/topic/97638-login-problem/ Share on other sites More sharing options...
MadTechie Posted March 24, 2008 Share Posted March 24, 2008 change if (!check() || $_POST['uname']!='root') { to if ( (!check()) && ($_POST['uname']=='root' && $_POST['passwd'] == 'qwerty')) { However if they just type admin.htm their be in to the "admin.htm" area. change the admin.htm to a admin.php file and add something like this to the start <?php session_start(); if($_SESSION['stat']!='ok') { die("No Access"); } ?> Link to comment https://forums.phpfreaks.com/topic/97638-login-problem/#findComment-499572 Share on other sites More sharing options...
shash98 Posted March 24, 2008 Author Share Posted March 24, 2008 i changed as u said me to but i still get logged in with anonymous passwords...this is the modified code <?php session_start(); header("Cache-control: private"); if (isset($_POST['uname']) && isset($_POST['passwd']) ) { $_SESSION['uname']=$_POST['uname']; $_SESSION['passwd']=$_POST['passwd']; $_SESSION['stat']="ok"; } @include("function.php"); if ( (!check()) && ($_POST['uname']=='root' && $_POST['passwd'] == 'qwerty')) { header("Location: admin.php"); session_destroy(); exit; } else { print "<html><title>Welcome ".$_SESSION['fname']."</title>"; // The frames begin from here. print <<<EndCode <frameset cols="250,*" border="0"> <frame name="contents" target="main" src="lefta.php" scrolling="auto" noresize> <frame name="main" src="righta.php"> </frameset> EndCode; print "</html>"; } ?> i also changed admin.htm to admin.php and this is the code i added .... <?php session_start(); if($_SESSION['stat']!='ok') { die("No Access"); } ?> and this is the actual admin.htm code <html> <head> <title>AdminPage</title> <script language="JavaScript"> function start() { login.uname.focus(); } function doSubmit() { if (document.login.uname.value=="" || document.login.passwd.value=="") { alert("Please enter valid data"); return false; } document.login.submit(); } </script> </head> <body onLoad="start()"> <form action="logina.php" method="post" name="login"> <center> <table cellspacing="0" cellpadding="5" border="0" width="245"> <tr> <td colspan="2" bgcolor="#99CCFF"><B><font color="#800000">Administrator Login<font></B></td> </tr> <tr> <td bgcolor="#C0C0C0" width="64"><font color="#800000">Username:</font></td> <td bgcolor="#C0C0C0" width="181"><input type="text" name="uname" size="22"></td> </tr> <tr> <td bgcolor="#C0C0C0" width="64"><font color="#800000">Password:</font></td> <td bgcolor="#C0C0C0" width="181"> <input type="password" name="passwd" size="15" maxlength="10"> <input type="submit" value="Go" onClick="return doSubmit()"></td> </tr> </table> </center> </form> </body> </html> wat should i do? i still get logged in using random password other than actual password which is "qwerty" Link to comment https://forums.phpfreaks.com/topic/97638-login-problem/#findComment-499613 Share on other sites More sharing options...
MadTechie Posted March 24, 2008 Share Posted March 24, 2008 change if ( (!check()) && ($_POST['uname']=='root' && $_POST['passwd'] == 'qwerty')) { to if ( ($_POST['uname']=='root' && $_POST['passwd'] == 'qwerty')) { Link to comment https://forums.phpfreaks.com/topic/97638-login-problem/#findComment-499738 Share on other sites More sharing options...
shash98 Posted March 25, 2008 Author Share Posted March 25, 2008 i did as u said, this time its not logging me in at all wat to do? Link to comment https://forums.phpfreaks.com/topic/97638-login-problem/#findComment-500155 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.