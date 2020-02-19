Hi
I am trying to execute the login form. The code is given below:
<?php
require_once('header.php');
$error = $user = $pass = "";
if (isset($_POST['userlogin']))
{
$user = $_POST['user'];
$pass = $_POST['pass'];
if ($user == "" || $pass == "") {
echo '<div class="alert alert-danger" role="alert">Not all fields were entered.</div>';
echo $login_form;
} else {
$result = queryMySQL("SELECT username, CONCAT_WS('', firstname, ' ', lastname) as uname, is_admin FROM users
WHERE username='$user' AND password='$pass' AND is_active=1");
if ($result->num_rows == 0)
{
echo '<div class="alert alert-danger" role="alert">Invalid login attempt.</div>';
echo $login_form;
}
else
{
$row = $result->fetch_array(MYSQLI_ASSOC);
$_SESSION['user'] = $row['username'];
$_SESSION['uname'] = $row['uname'];
$_SESSION['is_admin'] = $row['is_admin'];
setcookie("user_details", $row['username'], time()+3600*24);
$uri = $_SERVER['REQUEST_URI'];
$uri_tokens = explode("/", $uri);
if ($uri_tokens[1] == "login.php") {
echo("<script>location.href = 'board.php';</script>");
} else {
$redirect_uri = $uri_tokens[1] . "/board.php";
echo("<script>location.href = '" . $redirect_uri . "';</script>");
}
}
}
} else {
echo $login_form;
}
In the login form, I am typing “z1” as the username and “z1” as the password. The mysql table has an entry for this user:
mysql> select * from users;
±---------±---------±----------±---------±---------±----------+
| username | password | firstname | lastname | is_admin | is_active |
±---------±---------±----------±---------±---------±----------+
| admin | admin | Admin | User | 1 | 1 |
| user | user | Ordinary | User | 0 | 1 |
| z1 | z1 | at | attacker | 0 | 1 |
±---------±---------±----------±---------±---------±----------+
3 rows in set (0.00 sec)
mysql>
However, its going to the next page, the url changes to:
http://localhost/CS4331-TOY-APPLICATION/CS4331-TOY-APPLICATION/board.php
but I am getting the message:
“404 not Found”
I have tried with other users also. I dont know what is the purpose of CONCAT_WS
My nginx server’s error.log file empty.
Some body please guide me what is the problem.
Zulfi.