Jump to content

Admin login script issue.

DeeAy

By DeeAy
in PHP Coding Help

 Share

Recommended Posts

DeeAy Newbie

DeeAy

Posted
Posted

Hi all,

 

Sorry to be a pain, but I've been out of the php game for quite a few years and have just come back to it briefly to help someone out.

I've been using an old admin auth script that I used to use a long time ago but it's not working, and I can't for the life of me work it out :/

 

I apologise for the noobishness of the code, but as I said, it's been a long time.

Any and all help would be very greatly appreciated.

 

Here is the code:

 

<?

 

require("config.php");

 

mysql_connect($server,$login,$password) or die('Error connecting to server');

mysql_select_db($base) or die('Error connecting to database');

 

$req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login'");

$data = @mysql_fetch_array($req);

$member_name = $data["username"];

$member_pass = $data["mempass"];

$member_userlevel = $data["level"];

 

if($member_pass == $admin_pass)

{

SetCookie("mgdwebby","$member_name:$member_pass:$member_userlevel");

}

 

include("header.php");

 

?>

 

 

 

<?

 

if($action=="login")

{

 

if($admin_login==""){ echo"Wrong info. "; }

elseif($admin_pass==""){ echo"Wrong info. "; }

else{

 

require("config.php");

 

mysql_connect($server,$login,$password) or die('Error connecting to server');

mysql_select_db($base) or die('Error connecting to database');

 

$req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login'");

$data = @mysql_fetch_array($req);

$member_name = $data["username"];

$member_pass = $data["mempass"];

 

if($member_pass == $admin_pass)

{

 

echo"<head><meta http-equiv=\"refresh\" content=\"2;URL=admin.php\"></head><br><center>Please

 

Wait.</center><br>";

$auth = explode(":",$HTTP_COOKIE_VARS["mgdwebby"]);

if(empty($auth[0]) || empty($auth[1]))

{

}

else

{

echo"Welcome<br>";

include("admin_left.php");

}

}

else

{

echo"Wrong info. ";

}

    }

}

else

{

 

echo"<form method='post' action='?action=login'>

<table width='307' align='center' cellspacing='0' cellpading='0' border='0'>

  <tr>

    <td width='200'> Login : </td>

    <td> <input type='text' name='admin_login'></td>

  </tr>

  <tr>

    <td width='200'> Password : </td>

    <td> <input type='password' name='admin_pass'></td>

  </tr>

  <tr>

    <td colspan='2' align='center'><center><input type='submit' value='Login'></center></td>

</table> ";

 

}

 

?>

 

 

 

<?

 

include("footer.php");

 

?>

Link to comment
Share on other sites
litebearer Member

litebearer

Posted
Posted

username and password should simply be normal usage - ig login password and username = database info they are logged in - LEVELL should be the determining factor ie 1 = normal user, 2 = admin then store into a session variable. --- user can view, add, edit --- admin can view, add, edit, delete, change user status etc etc

Link to comment
Share on other sites
DeeAy Newbie

DeeAy

Posted
  • Author
Posted

The problem that i've got is that when attempting to log in with a correct user id and password, the input fields are cleared, the address updates to include "?action=login" at the end (e.g. admin/?action=login) but what should happen is that the page should refresh and redirect to the admin.php page using the login credentials (username, password and level) for the logged in user where they are presented with the options that their level gives them access to.

 

It's as if the page refresh isn't working, or the cookie isn't being created with the credentials.

Unfortunately i'm not certain about what exactly is wrong, which is why i'm here really :(

 

The same script (with a different cookie name) and the same database entries worked for me a few years ago, but for some reason now they're not, and I haven't got a clue why :/

Link to comment
Share on other sites
litebearer Member

litebearer

Posted
Posted

Un-tested, un-proofe-read; however, I think you will get the drift...

 

<?
session_start();
if(isset($_POST['admin_pass']) AND isset($_POST['admin_login'])){
$admin_pass = trim($_POST['admin_pass']);
$admin_login = trim($_POST['admin_login']);
if($admin_pass != "" AND $admin_login != "") {
	require("config.php");
	mysql_connect($server,$login,$password) or die('Error connecting to server');
	mysql_select_db($base) or die('Error connecting to database');
	$req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login' AND mempass = '$admin_pass'");
	if(mysql_num_rows>0){
		$data = mysql_fetch_array($req);
		$_SESSION[member_name] = $data['username'];
		$_SESSION[member_pass] = $data['mempass'];
		$_SESSION[member_userlevel] = $data['level'];
		/* redirect to whatever page */
		exit();
	}else{
		unset($_POST['admin_pass']);
		unset($_POST['admin_login']);
		/* redirect to self */
		exit();
	}
}else{
		unset($_POST['admin_pass']);
		unset($_POST['admin_login']);
		/* redirect to self */
		exit();
}
}else{
include("header.php");
?>
<form method='post' action=''>
<table width="307" align="center" cellspacing="0" cellpading="0" border="0">
	<tr>
		<td width="200"> Login : </td>
		<td> <input type="text" name="admin_login"></td>
	</tr>
	<tr>
		<td width="200"> Password : </td>
		<td> <input type="password" name="admin_pass"></td>
	</tr>
	<tr>
		<td colspan="2" align="center"><input type="submit" value="Login"></td>
	</tr>
   </table>
   <?PHP
include("footer.php");
}
?>

Link to comment
Share on other sites
DeeAy Newbie

DeeAy

Posted
  • Author
Posted

Thanks for that.

I've given it a go but not had any joy with it.

I'm starting to think that i've really been out of the game for too long and should stop offering to help people out haha.

 

I "think" the issue with my originally posted script could be that the cookie isn't being created.

I'm not sure why I can't utilise what you've posted, probably stupidity on my part.

 

I think that this is going to result in a lot of banging my head against the wall :/

Link to comment
Share on other sites
DeeAy Newbie

DeeAy

Posted
  • Author
Posted

<?

session_start();

if(isset($_POST['admin_pass']) AND isset($_POST['admin_login'])){

$admin_pass = trim($_POST['admin_pass']);

$admin_login = trim($_POST['admin_login']);

if($admin_pass != "" AND $admin_login != "") {

require("config.php");

mysql_connect($server,$login,$password) or die('Error connecting to server');

mysql_select_db($base) or die('Error connecting to database');

$req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login' AND mempass='$admin_pass'");

if(mysql_num_rows>0){

$data = mysql_fetch_array($req);

$_SESSION[member_name] = $data['username'];

$_SESSION[member_pass] = $data['mempass'];

$_SESSION[member_userlevel] = $data['level'];

$URL = "admin.php";

header ("Location: $URL");

exit();

}else{

unset($_POST['admin_pass']);

unset($_POST['admin_login']);

$URL="index2.php";

header ("Location: $URL");

exit();

}

}else{

unset($_POST['admin_pass']);

unset($_POST['admin_login']);

$URL="index2.php";

header ("Location: $URL");

exit();

}

}else{

include("header.php");

?>

<form method='post' action=''>

<table width="307" align="center" cellspacing="0" cellpading="0" border="0">

<tr>

<td width="200"> Login : </td>

<td> <input type="text" name="admin_login"></td>

</tr>

<tr>

<td width="200"> Password : </td>

<td> <input type="password" name="admin_pass"></td>

</tr>

<tr>

<td colspan="2" align="center"><input type="submit" value="Login"></td>

</tr>

  </table>

  <?PHP

include("footer.php");

}

?>

Link to comment
Share on other sites
litebearer Member

litebearer

Posted
Posted

My personal way of testing :) ...

 

<?
session_start();
if(isset($_POST['admin_pass']) AND isset($_POST['admin_login'])){
$admin_pass = trim($_POST['admin_pass']);
$admin_login = trim($_POST['admin_login']);
if($admin_pass != "" AND $admin_login != "") {
	require("config.php");
	mysql_connect($server,$login,$password) or die('Error connecting to server');
	mysql_select_db($base) or die('Error connecting to database');
	$req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login' AND mempass='$admin_pass'");
	if(mysql_num_rows>0){
		$data = mysql_fetch_array($req);
		$_SESSION[member_name] = $data['username'];
		$_SESSION[member_pass] = $data['mempass'];
		$_SESSION[member_userlevel] = $data['level'];
		$URL = "admin.php";
/* ADDED THESE LINE TO TEST */
echo "Here 1";
exit();

		header ("Location: $URL");
		exit();
	}else{
		unset($_POST['admin_pass']);
		unset($_POST['admin_login']);
		$URL="index2.php";
/* ADDED THESE LINE TO TEST */
echo "Here 2";
exit();
		header ("Location: $URL");
		exit();
	}
}else{
	unset($_POST['admin_pass']);
	unset($_POST['admin_login']);
	$URL="index2.php";
	header ("Location: $URL");
	exit();
}
}else{
include("header.php");
?>
<form method='post' action=''>
<table width="307" align="center" cellspacing="0" cellpading="0" border="0">	
	<tr>
		<td width="200"> Login : </td>
		<td> <input type="text" name="admin_login"></td>
	</tr>
	<tr>
		<td width="200"> Password : </td>
		<td> <input type="password" name="admin_pass"></td>
	</tr>
	<tr>
		<td colspan="2" align="center"><input type="submit" value="Login"></td>
	</tr>
</table>
<?PHP
include("footer.php");
}
?>

Link to comment
Share on other sites
litebearer Member

litebearer

Posted
Posted

We'll solve this yet! ;)

 

New test...

<?
session_start();
if(isset($_POST['admin_pass']) AND isset($_POST['admin_login'])){
$admin_pass = trim($_POST['admin_pass']);
$admin_login = trim($_POST['admin_login']);
if($admin_pass != "" AND $admin_login != "") {
	require("config.php");
	mysql_connect($server,$login,$password) or die('Error connecting to server');
	mysql_select_db($base) or die('Error connecting to database');

/* added the following test */
	$query = "SELECT * FROM members";
	$result = mysql_query($query);
	while($row=mysql_fetch_array($result)) {
		echo $admin_pass . " - " . $admin_login . " x " $row['mempass'] . " - " . $row['username'] . "<br/>";
	}
	echo "the password is " . $admin_pass;
	exit();		
/* end of this test */

	$req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login' AND mempass='$admin_pass'");

	if(mysql_num_rows>0){
		$data = mysql_fetch_array($req);
		$_SESSION[member_name] = $data['username'];
		$_SESSION[member_pass] = $data['mempass'];
		$_SESSION[member_userlevel] = $data['level'];
		$URL = "admin.php";
		/* ADDED THESE LINE TO TEST */
		echo "Here 1";
		exit();
		header ("Location: $URL");
		exit();
	}else{
		unset($_POST['admin_pass']);
		unset($_POST['admin_login']);
		$URL="index2.php";
		header ("Location: $URL");
		exit();
	}
}else{
	unset($_POST['admin_pass']);
	unset($_POST['admin_login']);
	$URL="index2.php";
	header ("Location: $URL");
	exit();
}
}else{
include("header.php");
?>
<form method='post' action=''>
<table width="307" align="center" cellspacing="0" cellpading="0" border="0">
<tr>
<td width="200"> Login : </td>
<td> <input type="text" name="admin_login"></td>
</tr>
<tr>
<td width="200"> Password : </td>
<td> <input type="password" name="admin_pass"></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="Login"></td>
</tr>
</table>
<?PHP
include("footer.php");
}
?>

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

It's on this line: echo $admin_pass . " - " . $admin_login . " x " $row['mempass'] . " - " . $row['username'] . "<br/>";, you're missing a concatenation operator, but you really don't need to be using all that concatenation. You can just echo it in double quotes like so.

 

echo "$admin_pass - $admin_login x {$row['mempass']} - {$row['username']}<br/>";

Link to comment
Share on other sites
litebearer Member

litebearer

Posted
Posted

Modified the test portion...

 

EDITED

/* added the following test */
	$query = "SELECT * FROM members";
	$result = mysql_query($query);
	while($row=mysql_fetch_array($result)) {
		if($admin_pass == $row['mempass']) {
			echo "Passwords match";
		}
	}
	exit();		
/* end of this test */

Link to comment
Share on other sites
litebearer Member

litebearer

Posted
Posted

Grrrrrrrrrrrr Need to eat more carrots!!!

 

Think I found it...

<?
session_start();
if(isset($_POST['admin_pass']) AND isset($_POST['admin_login'])){
$admin_pass = trim($_POST['admin_pass']);
$admin_login = trim($_POST['admin_login']);
if($admin_pass != "" AND $admin_login != "") {
	require("config.php");
	mysql_connect($server,$login,$password) or die('Error connecting to server');
	mysql_select_db($base) or die('Error connecting to database');
	$query = SELECT username,mempass,level FROM members WHERE username='$admin_login' AND mempass='$admin_pass'";
	$req = mysql_query($query);
	if(mysql_num_rows($req) > 0){
		$data = mysql_fetch_array($req);
		$_SESSION[member_name] = $data['username'];
		$_SESSION[member_pass] = $data['mempass'];
		$_SESSION[member_userlevel] = $data['level'];
		$URL = "admin.php";
		/* ADDED THESE LINE TO TEST */
		echo "Here 1";
		exit();
		header ("Location: $URL");
		exit();
	}else{
		unset($_POST['admin_pass']);
		unset($_POST['admin_login']);
		$URL="index2.php";
		header ("Location: $URL");
		exit();
	}
}else{
	unset($_POST['admin_pass']);
	unset($_POST['admin_login']);
	$URL="index2.php";
	header ("Location: $URL");
	exit();
}
}else{
include("header.php");
?>
<form method='post' action=''>
<table width="307" align="center" cellspacing="0" cellpading="0" border="0">
<tr>
<td width="200"> Login : </td>
<td> <input type="text" name="admin_login"></td>
</tr>
<tr>
<td width="200"> Password : </td>
<td> <input type="password" name="admin_pass"></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="Login"></td>
</tr>
</table>
<?PHP
include("footer.php");
}
?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.