[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 224
  • Last Modified:

login script working from nothing?

Ok, this is the most confusing script I've ever worked with.

I have no problem getting it to work.....the problem is that I don't know why it's working.....It shouldn't work....
and some of the variables aren't even defined unless I'm using globals I guess

Well anyway let me explain
Here is the link to the full script I've been editing and using if you want to look at it
www.dockterz.com/party/oldlogin.phps

Alright.....
What I understand of this script is

It first checks to see if you are logging out or not..and logs you out
Then it checks to see if you just came from the login form.....and if you did.....check the login information
Then it has the set of form templates to display at specific times.

On the check login part is where I have the problem/confusion
Right here starting at line 20 it says
[PHP Code]

    $user_data = mysql_num_rows($result);
    if ($user_data != 0) {
        setcookie ("user", md5($user_data[user]));
        setcookie ("pass", md5($user_data[pass]));
        header("Location: $_SERVER[PHP_SELF]");
    } else {
        $login_error = true; }

 

It sets a cookie for what it recieves for a num_rows query. And not only that, it pretends that it's an array when it's not.

What I've been trying to do is this.
[PHP Code]

                $num = mysql_num_rows($result);
    $user_data = mysql_num_rows($result);
    if ($num != 0) {
        setcookie ("user", md5($user_data[user]));
        setcookie ("pass", md5($user_data[pass]));
        header("Location: $_SERVER[PHP_SELF]");
    } else {
        $login_error = true; }

 

but it doesn't work for some reason

On Line 45 it compares what I typed in the login form to the cookie....but the odd thing is.......It says....if the Cookie....which has a value of nothing equals the value of what they put for username....then let them pass

And it works....WTF?!?!
it doesn't take a genious to know that username != ""


[PHP Code]

} elseif ($_COOKIE[user] == md5($_POST[username]) && $_COOKIE[pass] == md5($_POST[password])) {

 


Can anyone make heads or tails of this....because I'm lost....
Here's the link below to see this script in action
www.dockterz.com/party/post.php

the username is : user
and the password is : pass
0
zanus123
Asked:
zanus123
  • 3
  • 2
1 Solution
 
zanus123Author Commented:
sorry.....forgot to change this

This is what I've been trying to do....on Line 20

[PHP Code]

    $num = mysql_num_rows($result);
    $user_data = mysql_fetch_array($result);
    if ($num != 0) {
        setcookie ("user", md5($user_data[user]));
        setcookie ("pass", md5($user_data[pass]));
        header("Location: $_SERVER[PHP_SELF]");
    } else {
        $login_error = true; }
0
 
juliuspcCommented:
OK I think I see what is going on.  As you pointed out, the $user_data = mysql_num_rows($result) is surprising.

If I logged in correctly, then line 22:
        setcookie ("user", md5($user_data[user]));

$user_data currently equals 1.  "user" is being used as an undeclared constant.  So the cookie is md5( 1[someconstant] ).  That would never compile, but if you experiment you will find that this is exactly what is going on:
   $foo = 1;
   print md5( $foo[someconstant] );

The so-called encrypted password on line 23 is of course exactly the same.

But here is the catch, line 24 redirects the page to itself.  Go back to the beginning of the code and start again.  On line 7, logout == true fails.  Lines 12 and 13 reference $_POST -- but we currently have no form submission (because of the redirect).  Well guess what, md5($_POST['username']) is equal to md5($user_date[user]) -- both pretty useless, but equal.

On line 16, the if() fails -- again because no $POST.  Line 30 if() fails, so we're left at line 45.  This is true, because all the referenced variables came from md5( $someArray[SomeUnsetIndex] ).  It looks like a username/password check, but it isn't.

If you had instead entered the wrong password, the only prevention from logging you in is on line 21, which sets $login_error because the num_rows() was 0.

My advice: start from scratch!  Or better yet, use PEAR's Auth stuff, which saves you from reinventing the wheel.
0
 
zanus123Author Commented:
Wow, great interpretation you gave....must have took some time

But yeah I'm just about to agree.  I am going to have to use something else.
I've never been anygood with login scripts.....even simple ones......because they have to do with sessions..and cookies....which I can't really figure out because they're not really there.

This login works great if you just want it to restrict a page...but I'm trying to include user information and such.........and that's not possible with this script.

Do you or anybody have a working login script that you could post? That'd be great.
0
 
zanus123Author Commented:
Some questions on the script.......I know you didn't write it but some of the key things you pointed out are the things that I couldn't believe were working.......like

"That would never compile, but if you experiment you will find that this is exactly what is going on:
   $foo = 1;
   print md5( $foo[someconstant] ); "

I've experimented with them here
www.dockterz.com/party/wtf.php

If I md5 an [undeclared constant]=>[value], then basically I'll get a value of nothing and that's what it encrypts to: d41d8cd98f00b204e9800998ecf8427e
and it encrypts both the username and the password the same way.

I mean.....this isn't the thing that bothering me.....it's just that later on, when you said
"
Go back to the beginning of the code and start again.  On line 7, logout == true fails.  Lines 12 and 13 reference $_POST -- but we currently have no form submission (because of the redirect).  
----------------------
Well guess what, md5($_POST['username']) is equal to md5($user_date[user]) -- both pretty useless, but equal.

Well guess what else I don't get........
One:  how come later on when I close the page and open it again it works.....If I close the page..the POST vars should delete themselves like they have on every other project I've done.

and Two: If the POST vars did happen to save the information.....how....when it compares the cookie to the post............is the encrypted value: user equal to the encrypted value of: nothing

Well anyway......I'm gonna have to find a new alternative if I want user info
0
 
juliuspcCommented:
"One:  how come later on when I close the page and open it again it works.....If I close the page..the POST vars should delete themselves like they have on every other project I've done.
"

They do delete themselves.  To access the site, you just have to have the cookies set -- which is no security because the cookie is md5( " " ).  You don't have to actually be logged in for the page to think you are logged in.

"and Two: If the POST vars did happen to save the information.....how....when it compares the cookie to the post............is the encrypted value: user equal to the encrypted value of: nothing
"

The test that is run when you load the page without the form submission is:
elseif ($_COOKIE[user] == md5($_POST[username]) && $_COOKIE[pass] == md5($_POST[password]))

$_COOKIE[user] (if you logged in) is the encrypted value of nothing.  md5($_POST[username]) is also the encrypted value of nothing because there is no $_POST.  So they are equal.

Yes you do need to use another login script.  I suggest PEAR::Auth:
http://pear.php.net/manual/en/package.authentication.auth.intro.php

0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now