[RESOLVED] acess denied for user system when file is included

moboter

I must have overlooked something
as I get an acess denied for user system using password no when I include this file

<?php
session_start();
//connect.php name of this file
$_SESSION['username']= $dbuser;   

$_SESSION['passwort']= $dbpass;
$_SESSION['webdb']= $db_name; 
$dbuser= $_POST["username"];
$dbpass = $_POST["passwort"];
$db_name="eilers-webdb"; // Database name  

$dbverbindung = mysql_connect('localhost', $dbuser, $dbpass);
if (!$dbverbindung) {
    die('Verbindung Fehlgeschlagen:&nbsp; ' . mysql_error());
} 
echo 'Sie sind angemeldet als &nbsp;<strong>' .$dbuser. '<strong>';    

mysql_select_db( $db_name )or die (mysql_error()); 
?>

the file where it is included is here

<?php
session_start();
$dbuser= $_SESSION['dbuser'];
$dbpass= $_SESSION['dbpass'];
include ("head.php");
include ("connect.php");

halojoy

I dont understand this:
$dbuser= $POST["username"];
$dbpass = $POST["passwort"];

Where is the post form they come from???

<?php
session_start();

error_reporting(E_ALL); // debug
ini_set('display_errors', '1'); // debug

$dbuser= $_SESSION['dbuser'];
$dbpass= $_SESSION['dbpass'];
include ("head.php");
//connect.php
$_SESSION['username']= $dbuser;   

$_SESSION['passwort']= $dbpass;
$_SESSION['webdb']= $db_name;
//$dbuser= $_POST["username"];
//$dbpass = $_POST["passwort"];
$db_name="eilers-webdb"; // Database name  

$dbverbindung = mysql_connect('localhost', $dbuser, $dbpass);
if (!$dbverbindung) {
    die('Verbindung Fehlgeschlagen:&nbsp; ' . mysql_error());
}
echo 'Sie sind angemeldet als &nbsp;<strong>' .$dbuser. '<strong>';    

mysql_select_db( $db_name )or die (mysql_error());

?>

moboter

Sorry missed the POST form.
I thought it didnt matter as the variables were filled.

echo"<div style:width=\"100%\"><table width=\"300\" border=\"0\" align=\"center\" cellpadding=\"0\" cellspacing=\"1\" bgcolor=\"#CCCCCC\">
<tr>
    <td><form name=\"login\" method=\"post\" action=\"checkloginTEST.php\"> 
        <table width=\100%\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" bgcolor=\"#FFFFFF\">
            <tr><td colspan=\"2\" align=\"center\"><strong>Anmeldung </strong></td></tr>
            <tr><td width=\"78\">Benutzer</td>
                <td width=\"294\"><input name=\"username\" type=\"text\" id=\"username\"></td>
            </tr>
            <tr><td>Passwort</td>
                <td><input type=\"password\" name=\"passwort\"  id=\"passwort\"></td>
            </tr>
            <tr>
                <td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"Submit\" value=\"Anmelden\"></td>
            </tr>
        </table>
        </form>
    </td>
    </tr>
</table></div>";
?>

halojoy

I see.

acess denied for user system using password no
This means there is not correct $dbuser and/or $dbpass

So please test run this as checkloginTEST.php
Will display $dbuser/$dbpass

<?php
session_start();

error_reporting(E_ALL); // debug
ini_set('display_errors', '1'); // debug

$dbuser= $_SESSION['dbuser'];
$dbpass= $_SESSION['dbpass'];
include ("head.php");

//connect.php
$_SESSION['username']= $dbuser;   

$_SESSION['passwort']= $dbpass;
$_SESSION['webdb']= $db_name;
$dbuser= $_POST["username"];
$dbpass = $_POST["passwort"];
$db_name="eilers-webdb"; // Database name  

echo 'user: '.$dbuser.'<br>';
echo 'pass: '.$dbpass.'<br>';
echo 'base: '.$db_name.'<br>';
exit('stop');

$dbverbindung = mysql_connect('localhost', $dbuser, $dbpass);
if (!$dbverbindung) die('Verbindung Fehlgeschlagen: ' . mysql_error());

echo 'Sie sind angemeldet als &nbsp;<strong>' .$dbuser. '<strong>';    

mysql_select_db( $db_name )or die (mysql_error());

?>

moboter

With this slightly modified script only added $db_name=""; I dont get any errors.
I mean all the variables have the right value.
however username and passwort dont get stored in the variables for subsequent use. So when I call the next page I get the Undefined index: username and Undefined index: passwort

<?php
session_start();

error_reporting(E_ALL); // debug
ini_set('display_errors', '1'); // debug

$dbuser= $_SESSION['dbuser'];
$dbpass= $_SESSION['dbpass'];
include ("head.php");

//connect.php
$db_name="";
$_SESSION['username']= $dbuser;   

$_SESSION['passwort']= $dbpass;
$_SESSION['webdb']= $db_name;
$dbuser= $_POST["username"];
$dbpass = $_POST["passwort"];
$db_name="eilers-webdb"; // Database name  

echo 'user: '.$dbuser.'<br>';
echo 'pass: '.$dbpass.'<br>';
echo 'base: '.$db_name.'<br>';


$dbverbindung = mysql_connect('localhost', $dbuser, $dbpass);
if (!$dbverbindung) die('Verbindung Fehlgeschlagen: ' . mysql_error());

echo 'Sie sind angemeldet als &nbsp;<strong>' .$dbuser. '<strong>';    

mysql_select_db( $db_name )or die (mysql_error());

?>

I believe that the $_POST is influencing the session value

halojoy

You can try to change to set SESSION after
This will not change the values, but they will be stored into SESSION

//connect.php
$db_name="";
$dbuser= $_POST["username"];
$dbpass = $_POST["passwort"];
$db_name="eilers-webdb"; // Database name  

$_SESSION['username']= $dbuser;   

$_SESSION['passwort']= $dbpass;
$_SESSION['webdb']= $db_name;

echo 'user: '.$dbuser.'<br>';
echo 'pass: '.$dbpass.'<br>';
echo 'base: '.$db_name.'<br>';

moboter

Still no luck
webdb is still ok
but no values for username nor password (undefined index)
any other ideas?
I don't want to forget to say thank you for all the effort you've put into my problem so far.

johanafm

first run of the code (displaying login form), there is no post data.

// these (should) generate warnings, undefined index, since you have no post data
$dbuser= $_POST["username"];  // which means null is assigned to $dbuser
$dbpass = $_POST["passwort"];  // same...

$_SESSION['username']= $dbuser; // same
$_SESSION['passwort']= $dbpass;  // same

second run through the code: login form was posted

$dbuser= $_POST["username"];  // now there are values. some string is assigned
$dbpass = $_POST["passwort"];  // same...

$_SESSION['username']= $dbuser; // same
$_SESSION['passwort']= $dbpass;  // same

third run through the code: login form was not posted (some other action took place)
well, displaying the code is pointless. The exact same thing happens as in the first run through code.

However

if (isset($_POST['name_of_submit_button'])) {
// or: if (!empty($_POST['username) && !empty($_POST['passwort']))
	$SESSIONT['dbuser'] = $dbuser = $_POST["username"];
	$SESSIONT['dbpass'] = $dbpass = $_POST["passwort"];
}
else {
	$dbuser = $SESSIONT['dbuser'];
	$dbpass = $SESSIONT['dbpass'];
}

moboter

everything works fine on the first page
but as soon as I call the next page there are no values for username and password anymore. so I get the error Undefined index: username and Undefined index: passwort.
I changed the code you posted a little
didnt know if it was a typo

if (isset($_POST['submit'])) {
// or: if (!empty($_POST['username) && !empty($_POST['passwort']))
    $_SESSION['dbuser'] = $dbuser = $_POST['username'];
    $_SESSION['dbpass'] = $dbpass = $_POST['passwort'];
}
else {
    $dbuser = $_SESSION['dbuser'];
    $dbpass = $_SESSION['dbpass'];
}

I have not been lazy myself and tried to triple check values

<?php
session_start();

error_reporting(E_ALL); // debug
ini_set('display_errors', '1'); // debug
//graphic and css
include ("head.php");
//connect.php
//define variable
$db_name="";
$dbpass1="";
$dbuser1="";
//asign value to variable
$db_name="eilers-webdb"; // Database name 
//get data from loginbox.php and store data  works
//store session user name works only on the first page subsequent pages its empty
$_SESSION['username']= $dbuser1;
//store session pwd works only on the first page subsequent pages its empty
$_SESSION['passwort']= $dbpass1;
//store session dbname  works everywhere
$_SESSION['webdb']= $db_name;
//forcing the session data
if (isset($_SESSION['passwort']))
   {
   $_SESSION['passwort'] = $_POST['passwort'];
   }
if (isset($_SESSION['username']))
   {
   $_SESSION['username'] = $_POST['username'];
   }
//Trying to show saved session data
echo 'Hallo: '.$_SESSION['username'].'<br>';
echo 'your Passwort: '.$_SESSION['passwort'].'<br>';
echo 'your Database: '.$_SESSION['webdb'].'<br>';
//is filled by the POST only
$dbuser1=$_SESSION['username'];   

echo 'user: '.$dbuser1.'<br>';
$dbpass1=$_SESSION['passwort'];
echo 'pass: '.$dbpass1.'<br>';
//is filled from session
echo 'base: '.$db_name.'<br>';
$dbverbindung = mysql_connect('localhost', $_SESSION['username'], $_SESSION['passwort']);
if (!$dbverbindung) die('Verbindung Fehlgeschlagen: ' . mysql_error());
echo 'Sie sind angemeldet als &nbsp;<strong>' .$_SESSION['username']. '<strong>';    

mysql_select_db( $db_name )or die (mysql_error());
?>

johanafm

You nullify the code I suggested by

# $db variables hold nothing on the second page which means: Empty these $_SESSION variables
$_SESSION['username']= $dbuser1;
$_SESSION['passwort']= $dbpass1;

//store session dbname  works everywhere
# Yes, but that's because it does NOT come ONCE from a posted form. It's hard coded
# like this:
	# $db_name = 'name_of_your_db';
# And then you set this session var EVERY TIME.
$_SESSION['webdb']= $db_name;

# also very strange. If session data is set: overwrite it.
//forcing the session data
if (isset($_SESSION['passwort']))
   {
   $_SESSION['passwort'] = $_POST['passwort'];
   }
if (isset($_SESSION['username']))
   {
   $_SESSION['username'] = $_POST['username'];
   }

Ditch all of the above, and go with the code I suggested since:
1. It starts by checking if these values were posted, which should only be done when needed. Most likely that is once: at a user authentication check, such as login
2. If such data was posted, store them in SESSION vars. Once. No need to overwrite session vars. Ever. Unless of course there is new post data, in which case 1 above kicks in, and then 2.
3. Every time: assign session vars to $dbuser etc.

And 3. above could be dropped as well. It's just me being lazy and preferring to write $dbname over $_SESSION['dbname'].

moboter

Yesterday I had a terrible day after working (it really worked!) with your code I tried out the same Page with the IE and it didnt work.
I spent hours and hours trying to figure out want went wrong.
Yet the solution I found today was extremly simple.
a typo sneeked in!
I dont know when and where it came from it doesnt matter anymore.
But the name of the submit button had a capital letter in it.
Thank you all for your patience.