Solved

Login Page Problem. Only submits entered info when incorrect.

Posted on 2004-10-16
4
187 Views
Last Modified: 2008-02-26
Hi,

The problem is:
When I try to login with the correct username and password it displays the login form and says that the username and password wasn't received. (it should start a session and redirect me to another page (set using GET))

But if I try to login in with the correct username and incorrect password it says that it received the username and password then tells me that the password is incorrect. (this is what it should do).

<?php
require('header.php');
$Page_Title = "BCS Admin Login";

if (isset($_GET['page'])) {
      $page = $_GET['page'];
} else {
      $page = "admintools";
}

if (isset($_POST['Uname'])) {
      $Uname = $_POST['Uname'];
      echo "username received by post<br />";
} else {
      $Uname = "";
      echo "username not received<br />";
}

if (isset($_POST['passw'])) {
      $passw1 = $_POST['passw'];
      echo "password received by post<br />";
} else {
      $passw1 = "";
      echo "password not received<br />";
}

//Database Connection Settings (hidden for question)
$Host = "****";
$DBUser = "****";
$DBPass = "****";
$DBName = "****";
$UserTable = "****";
$ToolsTable = "****";
$Link = mysql_connect($Host, $DBUser, $DBPass) or die("<center><b><font color='#ff0000'>Sorry there was a connecting to the database.</font></b></center>");

//Receive info about the page wanted
if ($page <> "admintools") {
      $ToolsQuery = "SELECT * FROM $ToolsTable WHERE(loginmode = '$page')";
      $ToolsResult = mysql_db_query($DBName, $ToolsQuery, $Link) or die("<center><font color='#ff0000'>Sorry there was a problem receiving the links from the database.</font></center><br />Problem:<br />" . mysql_error());
      while ($ToolRow = mysql_fetch_array($ToolsResult)) {
            $alloweduser = $ToolRow['allowed_user'];
            $link = $ToolRow['link'];
      }
} else {
      $link = "admin.php";
}

//Check Login is correct & redirect or display login form or error message
if (($Uname > "") AND ($passw1 > "")) {
      $epassw1 = md5($passw1);
      $UserQuery = "SELECT * FROM $UserTable WHERE(user = '$Uname')";
      $UserResult = mysql_db_query($DBName, $UserQuery, $Link) or die("<center><font color='#ff0000'>Invalid Username.</font><br /><a href='login.php?page=$page'>Try Again</a>");
      while ($Row = mysql_fetch_array($UserResult) or die(mysql_error())) {
            if (($Row['usertype'] == $alloweduser) OR ($Row['usertype'] == "admin")) {
                  $passw2 = $Row['pass'];
                  if ($passw2 == $epassw1) {
                        session_start();
                        $_SESSION["usern"] = $Uname;
                        header("Location:$link") or die(header_error());
                        die;
                  } else {
                        $badatt = $Row['bad_attempts'];
                        $badatt_Query = "UPDATE $UserTable SET bad_attempts = '$badatt' WHERE(id = '$Row[id]')";
                        echo "<center><font color='#ff0000'>Invalid Password.<br />This attempt has been logged!</font><br /><a href='login.php?page=$page'>Try Again</a>";
                  }
            } else {
                  echo "<center><font color='#ff0000'>Sorry you do not have permission to use this page.<br />Contact your system administrator or the head of BCS School Intranet for more help.</font></center>";
            }
      }
} else {
      if (($Uname == "") AND ($passw1 > "")) {
            echo "<form name='adminlogin' method='post' action='login.php?page=$page'><table border='0'><tr><th colspan='2'>Admin Login</th></tr><tr><td colspan='2'><font color='#ff0000'>You must enter your username.</font></td></tr><tr><td>Username:</td><td><input type='text' name='Uname'></td></tr><tr><td>Password:</td><td><input type='password' name='passw'></td></tr><tr><td colspan='2'><input type='submit' name='submit' value='Login'></td></tr></table></form>";
      } elseif (($Uname > "") AND ($passw1 == "")) {
            echo "<form name='adminlogin' method='post' action='login.php?page=$page'><table border='0'><tr><th colspan='2'>Admin Login</th></tr><tr><td colspan='2'><font color='#ff0000'>You must enter your password.</font></td></tr><tr><td>Username:</td><td><input type='text' name='Uname'></td></tr><tr><td>Password:</td><td><input type='password' name='passw'></td></tr><tr><td colspan='2'><input type='submit' name='submit' value='Login'></td></tr></table></form>";
      } else {
            echo "<form name='adminlogin' method='post' action='login.php?page=$page'><table border='0'><tr><th colspan='2'>Admin Login</th></tr><tr><td colspan='2'>&nbsp;</td></tr><tr><td>Username:</td><td><input type='text' name='Uname'></td></tr><tr><td>Password:</td><td><input type='password' name='passw'></td></tr><tr><td colspan='2'><input type='submit' name='submit' value='Login'></td></tr></table></form>";
      }
}
require('footer.php');
?>

Thanks In Advance
mms_master
0
Comment
Question by:mms_master
  • 3
4 Comments
 
LVL 12

Expert Comment

by:minichicken
ID: 12328702
Can you post the array value of $_POST and $_GET using

print_r ($_POST);
print_r ($_GET);

in your page. thanks.....
0
 
LVL 12

Accepted Solution

by:
minichicken earned 50 total points
ID: 12328734
Use print_r ($_POST); and print_r ($_GET); to see if your form values are passed correctly from your HTML login form.....
What form method are you using? How do you manage to use both POST and GET?

Did you use something like this as your HTML form?

<form name = "form1" method ="POST" action = "login.php?page=my_page.php">

If you submit a form like this you will get both POST and GET vars.
0
 
LVL 5

Author Comment

by:mms_master
ID: 12328809
Sorry, I just managed to figure out what was wrong, and it turns out that it is submitting the information. Infact the whole thing works lol.

The problem I had is that this site is being made by a team of friends. The login system was just updated from a single user login to a multi user login (thats why I made this login script). I thought that another team member had allready updated the secure pages to work with the multi user login but it turns out that he hasn't. So when I thought that it wasn't sending the information it turns out that it all worked, sent me to a secure page then that page sent me back thinking that I hadn't logged in. Because I was sent back to login it then said that no information had been submitted. I was redirected so fast that I didn't notcie.

sorry for wasting your time.
Because you tried to help, I will give you the points anyway.

Thanks
mms_master
0
 
LVL 12

Expert Comment

by:minichicken
ID: 12328924
lol
Thanks :)
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
This article discusses four methods for overlaying images in a container on a web page
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now