...

View Full Version : Always returning true when it shouldn't?



thesavior
01-05-2006, 04:53 AM
if($login_username=="")
is always returning true, when i don't think it should. This is how it is set up.

adminlogin.php

<?php
session_start();

include "../includes/config.inc.php";
mysql_connect ($dbhost, $dbusername, $dbuserpass);
mysql_select_db($dbname) or die(mysql_error());
$query="SELECT * from $logtable where username='$username' and password='$password'";
$result= mysql_query($query) or die("Could not execute query: $q." . mysql_error());

if (mysql_num_rows($result) == 0)
{

echo "<div align=center><b>Oops! Your login is wrong. Please click back and try again.</b></div>";

}
else
{
session_register("$login_username");
Header("Location: protected.php");
}
?>

protected.php

<?php

if($login_username=="") {
Header("Location: ../index.php?act=admin");
} else {
include "../includes/config.inc.php";

switch($act)
{
case 'in': include('edittuts.php'); break;
default: include('admin.php'); break;
}
}


?>

I don't think this is supposed to be happening, but i can't figure out why it is...huh...

firepages
01-05-2006, 05:58 AM
$login_username is never set anywhere so it is always false
... until you use session_register which sets $login_username to "" (since $login_username is empty)

there is a bigger problem anyway , your code relies on register_globals = off & as such anyone can add protected.php?login_username=evil and be logged in

you should be setting with

$_SESSION['login_username'] = $username;

and checking with

if( !isset($_SESSION['login_username'])){
header("location:login.php");
}

you also should be passing $username and $password (I assume they are $_GET['username'] or $_POST['username'] etc) through a function such as mysql_real_escape_string() to remove any evil code passed on by ****s

thesavior
01-05-2006, 06:05 AM
ok, yah, i have a function that will get rid of all the bad possibilities for sql injections, but i haven't started using it yet.

but how do i use this:

$_SESSION['login_username'] = $username;
here: session_register("$login_username");

do i just replace session_register("$login_username"); ?

If so, then that didn't change anything and im still not getting through to protected.php

firepages
01-05-2006, 06:22 AM
yes replace session_register with $_SESSION['etc

on protected.php you also need to call session_start();

marek_mar
01-05-2006, 11:51 AM
register_globals = off
off ?

firepages
01-05-2006, 05:40 PM
lol, you know what I meant :D



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum