...

View Full Version : Cannot login after register globals was switched offf



Errica
08-29-2007, 01:43 AM
Any way to fix this??

Here's the form tag:

<form name="editform" method="post" action="<?php echo $_SERVER['PHP_SELF'];?>" onsubmit="if(q&&!q.closed)q.close();return true">

Here is some supplemental code:


if ($action == "logout")
{
Setcookie("logincookie[pwd]","",time() -86400);
Setcookie("logincookie[user]","",time() - 86400);
include($logout_page);
exit;
}
else if ($action == "login")
{
if (($loginname == "") || ($password == ""))
{
include($invalidlogin_page);
exit;
}
else if (strcmp($user_passwords[$loginname],$password) == 0)
{
Setcookie("logincookie[pwd]",$password,time() + 86400);
Setcookie("logincookie[user]",$loginname,time() + 86400);
}
else
{
include($invalidlogin_page);
exit;
}
}
else
{
if (($logincookie[pwd] == "") || ($logincookie[user] == ""))
{
include($login_page);
exit;
}
else if (strcmp($user_passwords[$logincookie[user]],$logincookie[pwd]) == 0)
{
Setcookie("logincookie[pwd]",$logincookie[pwd],time() + 86400);
Setcookie("logincookie[user]",$logincookie[user],time() + 86400);
}
else
{
include($invalidlogin_page);
exit;
}
}
?>

Mwnciau
08-29-2007, 01:47 AM
Put this at the top:


$loginname = $_POST['loginname'];
$password = $_POST['password'];

And change the last bit to this:

if (($_COOKIE['logincookie[pwd]'] == "") || ($_COOKIE['logincookie[user]'] == ""))
{
include($login_page);
exit;
}
else if ($user_passwords[$_COOKIE['logincookie[user]']] == $_COOKIE['logincookie[pwd]']))
{
Setcookie("logincookie[pwd]",$_COOKIE['logincookie[pwd]'],time() + 86400);
Setcookie("logincookie[user]",$_COOKIE['logincookie[user]'],time() + 86400);
}
else
{
include($login_page);
exit;
}

Errica
08-29-2007, 01:54 AM
That didn't work. I tried placing it at the top and at the top of protect.php (which is where the supplemental code was/is from)

What else can I try?

Mwnciau
08-29-2007, 01:55 AM
oh:


$action = $_POST['action'];

aswell

Errica
08-29-2007, 02:01 AM
Here's all the code:

Form page:

<?
$loginname = $_POST['loginname'];
$password = $_POST['password'];
$action = $_POST['action'];
?>

<? include("protect.php"); ?>



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title></title>
<link rel="stylesheet" href="styles.css" type="text/css">
</head>

<body>

<table>
<form name="editform" method="post" action="<?php echo $_SERVER['PHP_SELF'];?>" onsubmit="if(q&&!q.closed)q.close();return true">
<tr>
<td>...</td>
</tr>
</form>
</table>

</body>
</html>


protect.php


<?


$user_passwords = array (

"demo" => "demo"
);

$logout_page = "logout.php";

$login_page = "login.php";

$invalidlogin_page = "invalidlogin.php";



if ($action == "logout")
{
Setcookie("logincookie[pwd]","",time() -86400);
Setcookie("logincookie[user]","",time() - 86400);
include($logout_page);
exit;
}
else if ($action == "login")
{
if (($loginname == "") || ($password == ""))
{
include($invalidlogin_page);
exit;
}
else if (strcmp($user_passwords[$loginname],$password) == 0)
{
Setcookie("logincookie[pwd]",$password,time() + 86400);
Setcookie("logincookie[user]",$loginname,time() + 86400);
}
else
{
include($invalidlogin_page);
exit;
}
}
else
{
if (($logincookie[pwd] == "") || ($logincookie[user] == ""))
{
include($login_page);
exit;
}
else if (strcmp($user_passwords[$logincookie[user]],$logincookie[pwd]) == 0)
{
Setcookie("logincookie[pwd]",$logincookie[pwd],time() + 86400);
Setcookie("logincookie[user]",$logincookie[user],time() + 86400);
}
else
{
include($invalidlogin_page);
exit;
}
}
?>

Mwnciau
08-29-2007, 04:00 AM
protect.php

<?

$loginname = $_POST['loginname'];
$password = $_POST['password'];
$action = $_POST['action'];

$user_passwords = array (

"demo" => "demo"
);

$logout_page = "logout.php";

$login_page = "login.php";

$invalidlogin_page = "invalidlogin.php";



if ($action == "logout")
{
Setcookie("logincookie[pwd]","",time() -86400);
Setcookie("logincookie[user]","",time() - 86400);
include($logout_page);
exit;
}
else if ($action == "login")
{
if (($loginname == "") || ($password == ""))
{
include($invalidlogin_page);
exit;
}
else if (strcmp($user_passwords[$loginname],$password) == 0)
{
Setcookie("logincookie[pwd]",$password,time() + 86400);
Setcookie("logincookie[user]",$loginname,time() + 86400);
}
else
{
include($invalidlogin_page);
exit;
}
}
else
{
if (($_COOKIE['logincookie[pwd]'] == "") || ($_COOKIE['logincookie[user]'] == ""))
{
include($login_page);
exit;
}
else if ($user_passwords[$_COOKIE['logincookie[user]']] == $_COOKIE['logincookie[pwd]']))
{
Setcookie("logincookie[pwd]",$_COOKIE['logincookie[pwd]'],time() + 86400);
Setcookie("logincookie[user]",$_COOKIE['logincookie[user]'],time() + 86400);
}
else
{
include($login_page);
exit;
}
}
?>

Errica
08-29-2007, 10:30 AM
Still doesn't work. Anything else?

CFMaBiSmAd
08-29-2007, 02:12 PM
Define: "Still doesn't work" What is your code doing, what results do you get, a blank page? Error? Login does not work? Form does not display? Is this on a live server that you could post a link to?

If you are getting a blank page, do a "view source" in your browser and tell us what is present.

Also, in any case, check your web server log for errors and/or turn on full php error reporting to see if there are is anything that would explain why it is not working.

Errica
08-29-2007, 05:41 PM
Sorry. I'm getting a parse error on the following line:

else if ($user_passwords[$_COOKIE['logincookie[user]']] == $_COOKIE['logincookie[pwd]']))


<?

$loginname = $_POST['loginname'];
$password = $_POST['password'];
$action = $_POST['action'];

$user_passwords = array (

"news" => "demo"
);

$logout_page = "logout.php";

$login_page = "login.php";

$invalidlogin_page = "invalidlogin.php";



if ($action == "logout")
{
Setcookie("logincookie[pwd]","",time() -86400);
Setcookie("logincookie[user]","",time() - 86400);
include($logout_page);
exit;
}
else if ($action == "login")
{
if (($loginname == "") || ($password == ""))
{
include($invalidlogin_page);
exit;
}
else if (strcmp($user_passwords[$loginname],$password) == 0)
{
Setcookie("logincookie[pwd]",$password,time() + 86400);
Setcookie("logincookie[user]",$loginname,time() + 86400);
}
else
{
include($invalidlogin_page);
exit;
}
}
else
{
if (($_COOKIE['logincookie[pwd]'] == "") || ($_COOKIE['logincookie[user]'] == ""))
{
include($login_page);
exit;
}
else if ($user_passwords[$_COOKIE['logincookie[user]']] == $_COOKIE['logincookie[pwd]']))
{
Setcookie("logincookie[pwd]",$_COOKIE['logincookie[pwd]'],time() + 86400);
Setcookie("logincookie[user]",$_COOKIE['logincookie[user]'],time() + 86400);
}
else
{
include($login_page);
exit;
}
}
?>

Here's the login page:


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title></title>
</head>

<body>

<table>
<form method="post" action="<? echo $PHP_SELF ?>?action=login">
<tr>
<td><b>Login name:</b><br>
<input type="text" size="30" name="loginname"></td>
</tr>
<tr>
<td><b>Password:</b><br>
<input type="password" size="30" name="password"></td>
</tr>
<tr>
<td><p><? if (substr($PHP_SELF,-9) == "login.php") { echo "<p>Never link directly to this file, always link to the protected file!</p>"; } else { echo "<input class=send type=submit value=\"Login!\">"; } ?></p></td>
</tr>
</form>
</table>

</body>
</html>

CFMaBiSmAd
08-29-2007, 05:59 PM
So, the whole parse error - Parse error: syntax error, unexpected ')' in ... tells you what the problem is. There is one extra ) on the end of that line.

The references to $PHP_SELF in the form don't work with register globals off either. These need to be $_SERVER['PHP_SELF'] Edit: This statement applies to the last form you posted as the earlier forms are different from this one and they do already use $_SERVER...

Errica
08-29-2007, 08:15 PM
The error doesn't state an unexpected ')'

Further, when I remove the ) at the end of that line, I go back to the same issue in the beginning...I cannot log in. Anything else? This is maddening! :(


Here's the latest:


<?

$loginname = $_POST['loginname'];
$password = $_POST['password'];
$action = $_POST['action'];

$user_passwords = array (

"news" => "demo"
);

$logout_page = "logout.php";

$login_page = "login.php";

$invalidlogin_page = "invalidlogin.php";



if ($action == "logout")
{
Setcookie("logincookie[pwd]","",time() -86400);
Setcookie("logincookie[user]","",time() - 86400);
include($logout_page);
exit;
}
else if ($action == "login")
{
if (($loginname == "") || ($password == ""))
{
include($invalidlogin_page);
exit;
}
else if (strcmp($user_passwords[$loginname],$password) == 0)
{
Setcookie("logincookie[pwd]",$password,time() + 86400);
Setcookie("logincookie[user]",$loginname,time() + 86400);
}
else
{
include($invalidlogin_page);
exit;
}
}
else
{
if (($_COOKIE['logincookie[pwd]'] == "") || ($_COOKIE['logincookie[user]'] == ""))
{
include($login_page);
exit;
}
else if ($user_passwords[$_COOKIE['logincookie[user]']] == $_COOKIE['logincookie[pwd]'])
{
Setcookie("logincookie[pwd]",$_COOKIE['logincookie[pwd]'],time() + 86400);
Setcookie("logincookie[user]",$_COOKIE['logincookie[user]'],time() + 86400);
}
else
{
include($login_page);
exit;
}
}
?>


and the login



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title></title>
</head>

<body>

<table>
<form method="post" action="<? echo $_SERVER['PHP_SELF'] ?>?action=login">
<tr>
<td><b>Login name:</b><br>
<input type="text" size="30" name="loginname"></td>
</tr>
<tr>
<td><b>Password:</b><br>
<input type="password" size="30" name="password"></td>
</tr>
<tr>
<td><p><? if (substr($_SERVER['PHP_SELF'],-9) == "login.php") { echo "<p>Never link directly to this file, always link to the protected file!</p>"; } else { echo "<input class=send type=submit value=\"Login!\">"; } ?></p></td>
</tr>
</form>
</table>

</body>
</html>

CFMaBiSmAd
08-29-2007, 08:37 PM
The code in post #9 in this thread generates the error I mentioned (tested.)

A parse error is a fatal error. Your code in post #9 never executes. Since you have removed the extra ), the code is executing now.


I go back to the same issue in the beginning...I cannot log in.Telling us step by step what you do and what happens at each step is the only way for us to "see" what you see when you try this. Give more specific details of what you see.

You have not corrected the problem I pointed out in the form with the $PHP_SELF variable.

Errica
08-29-2007, 08:47 PM
Actually I did correct the problem in the form (I just inadvertently posted the wrong code). It's now corrected.

What I mean by the same issue is that after I enter the correct username and password, the text fields (for username and password) clear out and I do not proceed. In addition the url goes from /index.php to /index.php?action=login but I'm still stuck at the login page.

Errica
08-29-2007, 08:56 PM
I've attached the files (I've removed everything extraneous). Can someone PLEASE take a look? :)

Start at /edit/index.php

CFMaBiSmAd
08-29-2007, 08:59 PM
I just looked more closely at the code in the post (will probably try it to see what it does.) However, the following line is incorrect -

$action = $_POST['action']; The ?action parameter on the end of the url is a $_GET parameter. Change the above line to the following -

$action = $_GET['action'];

CFMaBiSmAd
08-29-2007, 09:11 PM
If you make the $_GET correction, mentioned in the above post, to the code that is present in your .zip attachment, it will log in (tested.)

Errica
08-29-2007, 11:06 PM
Did you get the second zip (via pm)...with the dilemma after clicking submit? I just noticed there was a pg 2. to this thread. :confused:

FYI...I will post the final working code after it's done!

CFMaBiSmAd
08-29-2007, 11:13 PM
The references to $_COOKIE in the code need to be changed. Make the following changes in protect.php (line numbers should be +/- one of the original, I might have added/subtracted at the start of the file for testing purposes...) -

// line 47
if (($_COOKIE['logincookie']['pwd'] == "") || ($_COOKIE['logincookie']['user'] == ""))
...
// lines 52 - 55
else if ($user_passwords[$_COOKIE['logincookie']['user']] == $_COOKIE['logincookie']['pwd'])
{
Setcookie("logincookie[pwd]",$_COOKIE['logincookie']['pwd'],time() + 86400);
Setcookie("logincookie[user]",$_COOKIE['logincookie']['user'],time() + 86400);
...



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum