Hi

I am trying to execute the login form. The code is given below:

<?php require_once('header.php'); $error = $user = $pass = ""; if (isset($_POST['userlogin'])) { $user = $_POST['user']; $pass = $_POST['pass']; if ($user == "" || $pass == "") { echo '<div class="alert alert-danger" role="alert">Not all fields were entered.</div>'; echo $login_form; } else { $result = queryMySQL("SELECT username, CONCAT_WS('', firstname, ' ', lastname) as uname, is_admin FROM users WHERE username='$user' AND password='$pass' AND is_active=1"); if ($result->num_rows == 0) { echo '<div class="alert alert-danger" role="alert">Invalid login attempt.</div>'; echo $login_form; } else { $row = $result->fetch_array(MYSQLI_ASSOC); $_SESSION['user'] = $row['username']; $_SESSION['uname'] = $row['uname']; $_SESSION['is_admin'] = $row['is_admin']; setcookie("user_details", $row['username'], time()+3600*24); $uri = $_SERVER['REQUEST_URI']; $uri_tokens = explode("/", $uri); if ($uri_tokens[1] == "login.php") { echo("<script>location.href = 'board.php';</script>"); } else { $redirect_uri = $uri_tokens[1] . "/board.php"; echo("<script>location.href = '" . $redirect_uri . "';</script>"); } } } } else { echo $login_form; }

In the login form, I am typing “z1” as the username and “z1” as the password. The mysql table has an entry for this user:

mysql> select * from users;

±---------±---------±----------±---------±---------±----------+

| username | password | firstname | lastname | is_admin | is_active |

±---------±---------±----------±---------±---------±----------+

| admin | admin | Admin | User | 1 | 1 |

| user | user | Ordinary | User | 0 | 1 |

| z1 | z1 | at | attacker | 0 | 1 |

±---------±---------±----------±---------±---------±----------+

3 rows in set (0.00 sec)

mysql>

However, its going to the next page, the url changes to:

http://localhost/CS4331-TOY-APPLICATION/CS4331-TOY-APPLICATION/board.php

but I am getting the message:

“404 not Found”

I have tried with other users also. I dont know what is the purpose of CONCAT_WS

My nginx server’s error.log file empty.

Some body please guide me what is the problem.

Zulfi.