Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 3 123 LastLast
Results 1 to 15 of 33
  1. #1
    New Coder
    Join Date
    Nov 2010
    Location
    Scotland
    Posts
    69
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Problem with login page

    A lot of people seem to be using this piece of code in their login page, when I use it it outputs " method="POST" on the page
    and the url after filling in the form is

    http://127.0.0.1/<?username=username&password=pass


    if I change the quotes around the question mark after echo to single quotes then the " method="POST" is not in the output.
    and the url after filling in the form is

    http://127.0.0.1/%3C?=$PHP_SELF?%3E%3C?if%28$QUERY_STRING%29{echo%27?%27%20.$QUERY_STRING;}?%3E


    PHP Code:
    <form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?"$QUERY_STRING;}?>" method="POST">

    Is this code correct and why is there a < after the IP ??

    Lost anyone help?

  • #2
    Regular Coder poyzn's Avatar
    Join Date
    Nov 2010
    Posts
    266
    Thanks
    2
    Thanked 61 Times in 61 Posts
    may be your short php tags are off. post here result if you try this
    PHP Code:
    <form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?><?php if($QUERY_STRING) { echo "?" $QUERY_STRING; } ?>" method="POST">

  • #3
    New Coder
    Join Date
    Nov 2010
    Location
    Scotland
    Posts
    69
    Thanks
    0
    Thanked 0 Times in 0 Posts
    By changing this <?if($QUERY_STRING)

    to this <?php if($QUERY_STRING)

    it no longer outputs " method="POST"

    So thanks for your input on that.

    But getting http:// undefined variable query string
    after login

  • #4
    Regular Coder poyzn's Avatar
    Join Date
    Nov 2010
    Posts
    266
    Thanks
    2
    Thanked 61 Times in 61 Posts
    First of all, generate your page and open the page source with your browser, find the form and post the whole form-tag here.

    Also make output with
    PHP Code:
    print_r($_REQUEST); 
    and post it here

  • #5
    New Coder
    Join Date
    Nov 2010
    Location
    Scotland
    Posts
    69
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I hope this what you meant

    ?>
    <form action="<?=$PHP_SELF?><br />
    <b>Notice</b>: Undefined variable: QUERY_STRING in <b>C:\Program Files\EasyPHP-5.3.3\www\login.php</b> on line <b>14</b><br />
    " method="POST">
    <p align="center">Members only. Please login to access this document.</p>
    <table align="center" border="0">
    <tr>
    <th>

    Username:
    </th>
    <th>
    <input type="text" name="username">
    </th>
    </tr>
    <tr>
    <th>
    Password:
    </th>
    <th>

    <input type="password" name="password">
    </th>
    </tr>
    <tr>
    <th colspan="2" align="right">
    <input type="submit" value="Login">
    </form>
    </th>
    </tr>
    </table>
    </body>

    </html>
    <?
    exit();
    }



    May as well show you what I am working with

    PHP Code:
    <?
    session_start
    (); // start session.
    ?>
    <!-- header tags, edit to match your own, or include template header file. -->
    <html>
    <head>
    <title>Login</title>
    <head>
    <body>
    <?
    if(!isset($username) | !isset($password)) {
    // escape from php mode.
    ?>
    <form action="<?=$PHP_SELF?><?php if($QUERY_STRING){ echo"?"$QUERY_STRING;}?>" method="POST">
    <p align="center">Members only. Please login to access this document.</p>
    <table align="center" border="0">
     <tr>
      <th>
    Username:
      </th>
      <th>
    <input type="text" name="username">
      </th>
     </tr>
     <tr>
      <th>
    Password:
      </th>
      <th>
    <input type="password" name="password">
      </th>
     </tr>
     <tr>
      <th colspan="2" align="right">
    <input type="submit" value="Login">
    </form>
      </th>
     </tr>
    </table>
    </body>
    </html>
    <?
    exit();
    }

    // If all is well so far.

    session_register("username");
    session_register("password"); // register username and password as session variables.

    // Here you would check the supplied username and password against your database to see if they exist.
    // For example, a MySQL Query, your method may differ.

    mysql_connect("localhost","root",""); 
    mysql_select_db("a2149809_MV") or die("Unable to select database"); 

    $sql mysql_query("SELECT `password` FROM `login` WHERE `username` = '$username'");
    $fetch_em mysql_fetch_array($sql);
    $numrows mysql_num_rows($sql);

    if(
    $numrows != "0" $password == $fetch_em["password"]) {
    $valid_user 1;
    }
    else {
    $valid_user 0;
    }

    // If the username exists and pass is correct, don't pop up the login code again.
    // If info can't be found or verified....

    if (!($valid_user))
    {
    session_unset();   // Unset session variables.
    session_destroy(); // End Session we created earlier.
    // escape from php mode.
    ?>
    <form action="<?=$PHP_SELF?><?php if($QUERY_STRING){ echo"?"$QUERY_STRING;}?>" method="POST">
    <p align="center">Incorrect login information, please try again. You must login to access this document.</p>
    <table align="center" border="0">
     <tr>
      <th>
    Username:
      </th>
      <th>
    <input type="text" name="username">
      </th>
     </tr>
     <tr>
      <th>
    Password:
      </th>
      <th>
    <input type="password" name="password">
      </th>
     </tr>
     <tr>
      <th colspan="2" align="right">
    <input type="submit" value="Login">
    </form>
      </th>
     </tr>
    </table>
    </body>
    </html>
    <?
    exit();
    }
    ?>

  • #6
    Regular Coder poyzn's Avatar
    Join Date
    Nov 2010
    Posts
    266
    Thanks
    2
    Thanked 61 Times in 61 Posts
    you variables $PHP_SELF and $QUERY_STRING are not defined. I can suggest you making your open form tag exactly like this and try.
    PHP Code:
    <form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?><?php if($_SERVER['QUERY_STRING']) { echo "?" $_SERVER['QUERY_STRING']; } ?>" method="POST">
    after that post only this part from the page source
    Code:
    <form action="<?=$PHP_SELF?><br />
    <b>Notice</b>: Undefined variable: QUERY_STRING in <b>C:\Program Files\EasyPHP-5.3.3\www\login.php</b> on line <b>14</b><br />
    " method="POST">
    Last edited by poyzn; 11-16-2010 at 05:14 PM.

  • #7
    New Coder
    Join Date
    Nov 2010
    Location
    Scotland
    Posts
    69
    Thanks
    0
    Thanked 0 Times in 0 Posts
    That worked I stayed on login.php

    <form action="/login.php" method="POST">

  • #8
    Regular Coder poyzn's Avatar
    Join Date
    Nov 2010
    Posts
    266
    Thanks
    2
    Thanked 61 Times in 61 Posts
    acually you don't even need QUERY_STRING part if you pass data with get-query
    make it
    PHP Code:
    <form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="get">
    and you'll get /login.php?username=username&password=password after submitting the form

  • #9
    New Coder
    Join Date
    Nov 2010
    Location
    Scotland
    Posts
    69
    Thanks
    0
    Thanked 0 Times in 0 Posts
    http://127.0.0.1/login.php?username=username&password=pass

    Yes that worked . I'm a little confused with this login script, if I have a page I want users to login to what would I do?, would I make that the target page instead of login.php or [self] ?.
    I have a table with the user and pass fields, but this script allows any user and pass so I must be doing something wrong there.

  • #10
    Regular Coder poyzn's Avatar
    Join Date
    Nov 2010
    Posts
    266
    Thanks
    2
    Thanked 61 Times in 61 Posts
    it's very simple. you may have separate login page, for example login.php where you check usernames and passwords. If username and password are matched you may redirect user into his account - to other page account.php. But on every page in the account you should check if user is authorized. If not then redirect him back to the login.php
    redirect with
    PHP Code:
    header("Location: /login.php"); 

  • #11
    New Coder
    Join Date
    Nov 2010
    Location
    Scotland
    Posts
    69
    Thanks
    0
    Thanked 0 Times in 0 Posts
    not sure what to put in place of ($_SERVER['PHP_SELF'])

    login:
    PHP Code:
    <?
    session_start
    (); // start session.
    ?>
    <!-- header tags, edit to match your own, or include template header file. -->
    <html>
    <head>
    <title>Login</title>
    <head>
    <body>

    <?
    $process 
    "loginprocess.php";
    ?>

    <form action="<?php echo htmlspecialchars($process); ?>" method="get">
    <p align="center">Members only. Please login to access this document.</p>
    <table align="center" border="0">
     <tr>
      <th>
    Username:
      </th>
      <th>
    <input type="text" name="username">
      </th>
     </tr>
     <tr>
      <th>
    Password:
      </th>
      <th>
    <input type="password" name="password">
      </th>
     </tr>
     <tr>
      <th colspan="2" align="right">
    <input type="submit" value="Login">
    </form>
      </th>
     </tr>
    </table>
    </body>
    </html>
    loginprocess:
    PHP Code:
    <?php

    // Inialize session
    session_start();


    // Retrieve username and password from database according to user's input
    mysql_connect("localhost","root",""); 
    mysql_select_db("a2149809_MV") or die("Unable to select database"); 

    $sql mysql_query("SELECT `password` FROM `login` WHERE `username` = '$username'");

    // Check username and password match
    if (mysql_num_rows($login) == 1) {
    // Set username session variable
    $_SESSION['username'] = $_POST['username'];
    // Jump to secured page
    header('Location: indexfull2.php');
    }
    else {
    // Jump to login page
    header('Location: login.php');
    }

    ?>

  • #12
    New Coder
    Join Date
    Nov 2010
    Location
    Scotland
    Posts
    69
    Thanks
    0
    Thanked 0 Times in 0 Posts
    removed

    PHP Code:
    <?
    $process 
    "loginprocess.php";
    ?>
    changed form to

    PHP Code:
    <form action="loginprocess.php" method="get"
    does work but brings me back to login.php checked by changing to some other page so user/pass not being verified.

  • #13
    Regular Coder poyzn's Avatar
    Join Date
    Nov 2010
    Posts
    266
    Thanks
    2
    Thanked 61 Times in 61 Posts
    firstly, try this login process in loginprocess.php:
    PHP Code:
    if(true) {
         
    header('Location: /indexfull2.php'); 
    } else {
         
    header('Location: /login.php');

    If it works then your have to check your interactions with db.

    Secondly, your form method is GET now, where do you get $_POST['username']; from?

  • #14
    New Coder
    Join Date
    Nov 2010
    Location
    Scotland
    Posts
    69
    Thanks
    0
    Thanked 0 Times in 0 Posts
    OK it works now with that thanks poyzn

    Would this be secure enough?

    PHP Code:
    <?php
    session_start
    (); 
    ?>
    <html>
    <head>
    <title>Login</title>
    <head>
    <body>

    <form action="loginprocess.php" method="get">
    <p align="center">Members only. Please login to access this document.</p>
    <table align="center" border="0">
     <tr>
      <th>
    Username:
      </th>
      <th>
    <input type="text" name="username">
      </th>
     </tr>
     <tr>
      <th>
    Password:
      </th>
      <th>
    <input type="password" name="password">
      </th>
     </tr>
     <tr>
      <th colspan="2" align="right">
    <input type="submit" value="Login">
    </form>
      </th>
     </tr>
    </table>
    </body>
    </html>
    PHP Code:
    <?php

    session_start
    ();

    mysql_connect("localhost","root",""); 
    mysql_select_db("a2149809_MV") or die("Unable to select database"); 

    $sql mysql_query("SELECT `password` FROM `login` WHERE `username` = '$username'");

    if(
    true) {
         
    header('Location: /indexfull2.php'); 
    } else {
         
    header('Location: /login.php');
    }  

    ?>

  • #15
    New Coder
    Join Date
    Nov 2010
    Location
    Scotland
    Posts
    69
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hold that result I'm allowed in with any user/pass, cleared cookies.


  •  
    Page 1 of 3 123 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •