Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Login Page Problem. Only submits entered info when incorrect.

Posted on 2004-10-16
4
Medium Priority
?
206 Views
Last Modified: 2008-02-26
Hi,

The problem is:
When I try to login with the correct username and password it displays the login form and says that the username and password wasn't received. (it should start a session and redirect me to another page (set using GET))

But if I try to login in with the correct username and incorrect password it says that it received the username and password then tells me that the password is incorrect. (this is what it should do).

<?php
require('header.php');
$Page_Title = "BCS Admin Login";

if (isset($_GET['page'])) {
      $page = $_GET['page'];
} else {
      $page = "admintools";
}

if (isset($_POST['Uname'])) {
      $Uname = $_POST['Uname'];
      echo "username received by post<br />";
} else {
      $Uname = "";
      echo "username not received<br />";
}

if (isset($_POST['passw'])) {
      $passw1 = $_POST['passw'];
      echo "password received by post<br />";
} else {
      $passw1 = "";
      echo "password not received<br />";
}

//Database Connection Settings (hidden for question)
$Host = "****";
$DBUser = "****";
$DBPass = "****";
$DBName = "****";
$UserTable = "****";
$ToolsTable = "****";
$Link = mysql_connect($Host, $DBUser, $DBPass) or die("<center><b><font color='#ff0000'>Sorry there was a connecting to the database.</font></b></center>");

//Receive info about the page wanted
if ($page <> "admintools") {
      $ToolsQuery = "SELECT * FROM $ToolsTable WHERE(loginmode = '$page')";
      $ToolsResult = mysql_db_query($DBName, $ToolsQuery, $Link) or die("<center><font color='#ff0000'>Sorry there was a problem receiving the links from the database.</font></center><br />Problem:<br />" . mysql_error());
      while ($ToolRow = mysql_fetch_array($ToolsResult)) {
            $alloweduser = $ToolRow['allowed_user'];
            $link = $ToolRow['link'];
      }
} else {
      $link = "admin.php";
}

//Check Login is correct & redirect or display login form or error message
if (($Uname > "") AND ($passw1 > "")) {
      $epassw1 = md5($passw1);
      $UserQuery = "SELECT * FROM $UserTable WHERE(user = '$Uname')";
      $UserResult = mysql_db_query($DBName, $UserQuery, $Link) or die("<center><font color='#ff0000'>Invalid Username.</font><br /><a href='login.php?page=$page'>Try Again</a>");
      while ($Row = mysql_fetch_array($UserResult) or die(mysql_error())) {
            if (($Row['usertype'] == $alloweduser) OR ($Row['usertype'] == "admin")) {
                  $passw2 = $Row['pass'];
                  if ($passw2 == $epassw1) {
                        session_start();
                        $_SESSION["usern"] = $Uname;
                        header("Location:$link") or die(header_error());
                        die;
                  } else {
                        $badatt = $Row['bad_attempts'];
                        $badatt_Query = "UPDATE $UserTable SET bad_attempts = '$badatt' WHERE(id = '$Row[id]')";
                        echo "<center><font color='#ff0000'>Invalid Password.<br />This attempt has been logged!</font><br /><a href='login.php?page=$page'>Try Again</a>";
                  }
            } else {
                  echo "<center><font color='#ff0000'>Sorry you do not have permission to use this page.<br />Contact your system administrator or the head of BCS School Intranet for more help.</font></center>";
            }
      }
} else {
      if (($Uname == "") AND ($passw1 > "")) {
            echo "<form name='adminlogin' method='post' action='login.php?page=$page'><table border='0'><tr><th colspan='2'>Admin Login</th></tr><tr><td colspan='2'><font color='#ff0000'>You must enter your username.</font></td></tr><tr><td>Username:</td><td><input type='text' name='Uname'></td></tr><tr><td>Password:</td><td><input type='password' name='passw'></td></tr><tr><td colspan='2'><input type='submit' name='submit' value='Login'></td></tr></table></form>";
      } elseif (($Uname > "") AND ($passw1 == "")) {
            echo "<form name='adminlogin' method='post' action='login.php?page=$page'><table border='0'><tr><th colspan='2'>Admin Login</th></tr><tr><td colspan='2'><font color='#ff0000'>You must enter your password.</font></td></tr><tr><td>Username:</td><td><input type='text' name='Uname'></td></tr><tr><td>Password:</td><td><input type='password' name='passw'></td></tr><tr><td colspan='2'><input type='submit' name='submit' value='Login'></td></tr></table></form>";
      } else {
            echo "<form name='adminlogin' method='post' action='login.php?page=$page'><table border='0'><tr><th colspan='2'>Admin Login</th></tr><tr><td colspan='2'>&nbsp;</td></tr><tr><td>Username:</td><td><input type='text' name='Uname'></td></tr><tr><td>Password:</td><td><input type='password' name='passw'></td></tr><tr><td colspan='2'><input type='submit' name='submit' value='Login'></td></tr></table></form>";
      }
}
require('footer.php');
?>

Thanks In Advance
mms_master
0
Comment
Question by:mms_master
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 12

Expert Comment

by:minichicken
ID: 12328702
Can you post the array value of $_POST and $_GET using

print_r ($_POST);
print_r ($_GET);

in your page. thanks.....
0
 
LVL 12

Accepted Solution

by:
minichicken earned 200 total points
ID: 12328734
Use print_r ($_POST); and print_r ($_GET); to see if your form values are passed correctly from your HTML login form.....
What form method are you using? How do you manage to use both POST and GET?

Did you use something like this as your HTML form?

<form name = "form1" method ="POST" action = "login.php?page=my_page.php">

If you submit a form like this you will get both POST and GET vars.
0
 
LVL 5

Author Comment

by:mms_master
ID: 12328809
Sorry, I just managed to figure out what was wrong, and it turns out that it is submitting the information. Infact the whole thing works lol.

The problem I had is that this site is being made by a team of friends. The login system was just updated from a single user login to a multi user login (thats why I made this login script). I thought that another team member had allready updated the secure pages to work with the multi user login but it turns out that he hasn't. So when I thought that it wasn't sending the information it turns out that it all worked, sent me to a secure page then that page sent me back thinking that I hadn't logged in. Because I was sent back to login it then said that no information had been submitted. I was redirected so fast that I didn't notcie.

sorry for wasting your time.
Because you tried to help, I will give you the points anyway.

Thanks
mms_master
0
 
LVL 12

Expert Comment

by:minichicken
ID: 12328924
lol
Thanks :)
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question