SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Addict caddyfixr's Avatar
    Join Date
    Aug 2004
    Location
    Albuquerque, NM
    Posts
    249
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    accesscontrol troubles

    I have been playing with Kevins accesscontrol.php and it will not athenicate my
    userid and password. I can do a querry on myphpadmin it finds the userid and
    password. So with that I know I am using the right database and the right table.
    Here is the code, maybe you can see a problem.
    PHP Code:
    <?php // accesscontrol.php
    include_once 'common.php'//error script
    include_once 'db.php';     //server login

    session_start();

    $uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
    $pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];

    if(!isset(
    $uid)) {
      
    ?>
      <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml">
      <head>
        <title> Please Log In for Access </title>
        <meta http-equiv="Content-Type"
          content="text/html; charset=iso-8859-1" />
      </head>
      <body>
      <h1> Login Required </h1>
      <p>You must log in to access this area of the site. If you are
         not a registered user, <a href="accesscontrol/signup.php">click here</a>
         to sign up for instant access!</p>
      <p><form method="post" action="<?=$_SERVER['accesscontrol/PHP_SELF']?>">
        User ID: <input type="text" name="uid" size="8" /><br />
        Password: <input type="password" name="pwd" SIZE="8" /><br />
        <input type="submit" value="Log in" />
      </form></p>
      </body>
      </html>
      <?php
      
    exit;
    }

    $_SESSION['uid'] = $uid;
    $_SESSION['pwd'] = $pwd;

    dbConnect("lv_2005collegebook");
    $sql "SELECT * FROM Team WHERE
            userid = '
    $uid' AND password = PASSWORD('$pwd')";
    $result mysql_query($sql);
    if (!
    $result) {
      
    error('A database error occurred while checking your '.
            
    'login details.\\nIf this error persists, please '.
            
    'contact [email]bla@bla.com[/email].');
    }

    if (
    mysql_num_rows($result) == 0) {
      unset(
    $_SESSION['uid']);
      unset(
    $_SESSION['pwd']);
      
    ?>
      <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml">
      <head>
        <title> Access Denied </title>
        <meta http-equiv="Content-Type"
          content="text/html; charset=iso-8859-1" />
      </head>
      <body>
      <h1> Access Denied </h1>
      <p>Your user ID or password is incorrect, or you are not a
         registered user on this site. To try logging in again, click
         <a href="<?=$_server['accesscontrol/php_self']?>">here</a>. To register for instant
         access, click <a href="accesscontrol/signup.php">here</a>.</p>
      </body>
      </html>
      <?php
      
    exit;
    }

    $contactname mysql_result($result,0,'fullname');
    ?>
    Thanks,
    Steve

  2. #2
    We like music. weirdbeardmt's Avatar
    Join Date
    May 2001
    Location
    Channel Islands Girth: Footlong
    Posts
    5,882
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Code:
     <a href="<?=$_server['accesscontrol/php_self']?>">here</a>.
    What the heck is that? I dunno if that's allowed. Surely that should be $_SERVER[PHP_SELF]... but using dirs like that might be causing you problems.
    I swear to drunk I'm not God.
    Matt's debating is not a crime
    Hint: Don't buy a stupid dwarf Clicky

  3. #3
    SitePoint Addict caddyfixr's Avatar
    Join Date
    Aug 2004
    Location
    Albuquerque, NM
    Posts
    249
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by weirdbeardmt
    Code:
     <a href="<?=$_server['accesscontrol/php_self']?>">here</a>.
    What the heck is that? I dunno if that's allowed. Surely that should be $_SERVER[PHP_SELF]... but using dirs like that might be causing you problems.
    That is the only part of the code that works. It is a link to the
    accesscontrol.php but only comes in to play if the userid and password
    fail the test of
    PHP Code:
    if(!isset($uid)) { 

  4. #4
    SitePoint Addict caddyfixr's Avatar
    Join Date
    Aug 2004
    Location
    Albuquerque, NM
    Posts
    249
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    I changed $_server['accesscontrol/php_self']
    to read $_server['php_self'] with no luck. Something is a miss but I just can't seem locate the problem.

  5. #5
    SitePoint Addict caddyfixr's Avatar
    Join Date
    Aug 2004
    Location
    Albuquerque, NM
    Posts
    249
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I figured it out! I was using the PASSWORD() in my code but not storing it that
    way in the database.
    PHP Code:
    // I changed below
    userid '$uid' AND password PASSWORD('$pwd')"; 

    // to now read 
    userid = '
    $uid' AND password = '$pwd'"
    The PASSWORD() function encrypts the password and since I stored the
    value in plain text it would never match.

    Now the next task is to match the row ID to the password and userid.

    WAAAAAhooooooo


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •