php [Archive] - CodingForums.com

vineet2011

07-22-2012, 11:01 AM

hi i am new in php
i am stuck in the login code in username and password validation code
in this code if we dont enter the username and password then also it allows to login successfully
the code is

<?php

include('config.inc');

mysql_connect($hostname, $_username, $_password) or DIE(mysql_error());
mysql_select_db($_dbname) or DIE(mysql_error());

$u=trim($_POST['username']);

$p=trim($_POST[password]);

echo" --$u--$p--";

if($u="" && $p="")

{

echo("not allowed");
}

else
{

if($u!="" && $p!="");

{
echo" ---$u";

$query="select * from user_table where username='$u'";

$res=mysql_query($query) or DIE(mysql_error());

$final=mysql_fetch_array($res);

$pass=$final['password'];

if($_POST['password']!=$pass)

{

echo"Incorrect username or password";

}

else

{

$uname=$final['username'];

$type=$final['usertype'];

$_POST['op']="allowed";

echo"yo";

echo" Success $uname $type $_POST[op]";

//sesson_start();

$_SESSION['username']=$_POST['username'];

$_SESSION['permitted']="true";

$_SESSION['type']=$type;

//header("Location:new.php");

}

}
}

?>

Fou-Lu

07-23-2012, 05:45 AM

This is a horrendously tricky one.
Since you don't have proper error checking here, this is actually a disaster to follow.

if($u="" && $p="")

That is an assignment. Although the assignment itself is successful, the result of empty is loosely compared to false. Given the properties of an && comparison, what this does:

$u = 'cat';
$p = 'dog';
if ($u = "" && $p = "")
{
print 'not empty'; // although this isn't correct.
}
else
{
printf('$u = %s, $p = %s' . PHP_EOL, $u, $p);
}

Will actually result in $u = , $p = dog. Since the first condition of the && evaluates to false, the second condition doesn't apply.

Therefore you end up in the else. And evaluate this clause:

if($u!="" && $p!="");

Semi-colon at the end of a branch condition is always true (except a loop where its the last, but it still true once). So that effectively says if (false && true); which is true (without the semi-colon it is false).

Therefore you now process this:

echo" ---$u";

$query="select * from user_table where username='$u'";

$res=mysql_query($query) or DIE(mysql_error());

$final=mysql_fetch_array($res);

$pass=$final['password'];

$u is empty. Its highly improbable that you have a returned result. Therefore $final is an empty array. $final['password'] is null.

Now the last important one:

if($_POST['password']!=$pass)

If nothing is entered, then the login is successful. If username and password are entered, its a failure since the $_POST['password'] will not equal nothing.

So what you need to do is:

session_start();
// sql stuffs.

if (isset($_POST['username'], $_POST['password']))
{
$u = trim($_POST['username']);
$p = trim($_POST['password']);
if (empty($u) || empty($p))
{
print 'Username and password cannot be empty';
}
else
{
$query="select * from user_table where username='" . mysql_real_escape_string($u) . "'";
if ($qry = @mysql_query($query))
{
if (mysql_num_rows($qry) == 1)
{
$record = mysql_fetch_assoc($qry);
$password = $record['password'];
// of course, I assume you'll actually be hashing this in some way.
if ($password == $p)
{
$_SESSION['username']=$record['username'];
$_SESSION['permitted']=true;
$_SESSION['type']=$record['usertype'];
header("Location:new.php"); // this should be a fully qualified domain and path
}
else
{
print 'Password is incorrect';
}
}
else
{
print 'Username is incorrect';
}
}
else
{
die(mysql_error());
}
}
}

Untested, works fine in my head.

In the future, please choose a more suitable title as well as wrapping your code in tags to preserve the formatting.