Login script acting strangely

vikette

Trying to make a "simple" login script to password protect a few pages. I include the first page at the top of the password protected page. The form goes to a handler which valids against the database, etc. etc.

I had put in a couple of test lines at the end of the handler which indicate that the passwords are validating correctly against the database. The problem is that the login form reappears whether the login is correct or not.

<?
session_start(); // start session.
?>
<!-- header tags, edit to match your own, or include template header file. -->
<html>
<head>
<title>Login</title>
<head>
<body>
<?
if(!isset($username) | !isset($password)) 

{
// escape from php mode.
?>

<form action="loginHandler.php" method="POST">
<input name="referer" type="hidden" value="<?php echo $_SERVER['HTTP_REFERER']; ?>">
<input name="browser" type="hidden" value="<?php echo $_SERVER['PHP_SELF']; ?>">
<input name="ip" type="hidden" value="<?php echo $_SERVER['REMOTE_ADDR'];?>">

<p align="center">Members only. Please login to access this document.</p>
<table align="center" border="0">
 <tr>
  <th>
Username:
  </th>
  <th>
<input type="text" name="username" value="">
  </th>
 </tr>
 <tr>
  <th>
Password:
  </th>
  <th>
<input type="password" name="password" value="">
  </th>
 </tr>
 <tr>
  <th colspan="2" align="right">
<input type="submit" value="Login">

  </th>
 </tr>
</table>
</form>
</body>
</html>
<? exit();} ?>


<?
$url = $_SERVER['PHP_SELF'];
$from = $_SERVER['HTTP_REFERER'];
$username = $_POST['username'];
$password = $_POST['password'];
// If all is well so far.
/*If you want your script to work regardless of register_globals, you need to instead use the $_SESSION array as $_SESSION entries are automatically registered. If your script uses session_register(), it will not work in environments where the PHP directive register_globals is disabled. 
*/

$_SESSION['username'];
$_SESSION['password'];
//session_register("username");
//session_register("password"); // register username and password as session variables.

// Here you would check the supplied username and password against your database to see if they exist.

// config
$dbhost = "localhost";
$dbuser = "blah";
$dbpass = "blah";
$dbname = "blah";
$dbtblname = "login";

// open db
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die               

('Error connecting to mysql');
$dbselected=mysql_select_db($dbname,$conn);

$sql = mysql_query("SELECT password FROM $dbtblname WHERE username = '$username'");

$fetch_em = mysql_fetch_array($sql);
$numrows = mysql_num_rows($sql);

if($numrows != "0" & $password == $fetch_em["password"]) {
$valid_user = 1;
}
else {
$valid_user = 0;
}

// If the username exists and pass is correct, don't pop up the login code again.
// If info can't be found or verified....

if (!($valid_user))
{
session_start();
session_unset();   // Unset session variables.
session_destroy(); // End Session we created earlier.
//echo "got it wrong again";
echo '<meta http-equiv="refresh" content="0; URL=' . $from .'">';
}
else
{
header("Location: $from");
//exit();
}

?>

Using php 4.3.2: http://sars.uib.no/test/phpinfo.php

maxpup979

I could very well be wrong about this--but your $from variable is set to the http_referrer, regardless of whether or not the user is logged in. And I would guess that the referrer is the page that contains the login form. so if the login succeeds, the user is redirected to the login page. and if the login fails, the user is also redirected to the login page.

But I could be completely wrong on this...🙂

vikette

Hmmm. I assumed that since the login form is actually included in the protected page, that the $from would go back to the protected page. (I realize the meta statement and header()) are essentially the same thing.

Either way, I thought the isset statement is supposed to catch the server variables and determine how to proceed.

Honestly, there's something I'm fundamentally not grasping here.

maxpup979

ah. well then I was probably wrong...🙂
hmmmm....have you tested that the $valid_user variable is being set correctly?...the use of the bitwise & as opposed to the logical && may be causing a problem....

if($numrows != "0" & $password == $fetch_em["password"])
change to:
if(($numrows != "0") && ($password == $fetch_em["password"]))

maxpup979

oh wait a minute. hehehehehehe. (!$valid_user) will always resolve to true.

$x=0;
if (!($x)){print "true";}else{print "false";}

returns true every time. Granted, it is early so my logic may be faulty....
but test for the value instead. you know $valid users is set, so use

if($valid_user==0) etc...