I have a script with no errors but when I login it comes back to blank fields in 1 second. Can't get in to make changes/settings.
Submitting a wrong login will bring up a wrong pw message. I know the user/pw is correct because I saw it in phpmyadmin.
Thanks
L-D
Posting the existing code might help solving the problem.
Hi,
Yes... but not being a PHP person I don't know which files to post.
Admin folder does not have much or anything covering the problem that I can see.
Here is connect.php
Thanks,
L-D
<?php
include "connect.php";
$settings = mysql_query ('select * from settings') or die(mysql_error());
$settingrecord = mysql_fetch_array($settings);
while ($settingrecord = mysql_fetch_array($settings)) {
switch ($settingrecord["name"]) {
case "sitename";
$sitename = $settingrecord["setting"];
break;
case "adminid";
$adminid = $settingrecord["setting"];
break;
case "adminpw";
$adminpw = $settingrecord["setting"];
break;
case "paypal";
$paypal = $settingrecord["setting"];
break;
case "stormpay";
$stormpay = $settingrecord["setting"];
break;
case "safepay";
$safepay = $settingrecord["setting"];
break;
case "solidtrust";
$solidtrust = $settingrecord["setting"];
break;
case "adminemail";
$adminemail = $settingrecord["setting"];
break;
case "prointerval";
$prointerval = $settingrecord["setting"];
break;
case "basecolour";
$basecolour = $settingrecord["setting"];
break;
case "contrastcolour";
$contrastcolour = $settingrecord["setting"];
break;
case "fonttype";
$fonttype = $settingrecord["setting"];
break;
case "fontcolour";
$fontcolour = $settingrecord["setting"];
break;
case "freepost";
$freepost = $settingrecord["setting"];
break;
case "propost";
$propost = $settingrecord["setting"];
break;
case "domain";
$domain = $settingrecord["setting"];
break;
case "com1";
$com1 = $settingrecord["setting"];
break;
case "com2";
$com2 = $settingrecord["setting"];
break;
case "com3";
$com3 = $settingrecord["setting"];
break;
case "com4";
$com4 = $settingrecord["setting"];
break;
case "com5";
$com5 = $settingrecord["setting"];
break;
case "ups";
$ups = $settingrecord["setting"];
break;
case "adminfee";
$adminfee = $settingrecord["setting"];
break;
case "rand";
$rand = $settingrecord["setting"];
break;
}
}
if( isset( $_SESSION['ulogin'] ) ) // if( session_is_registered("ulogin") )
{
$userinfo=mysql_query ("select * from members where userid='".$_SESSION['uname']."'");
$userrecord=mysql_fetch_array($userinfo);
$id=$userrecord["id"];
$name=$userrecord["name"];
$contact_email=$userrecord["contact_email"];
$subscribed_email=$userrecord["subscribed_email"];
$paypal_email=$userrecord["paypal_email"];
$stormpay_email=$userrecord["stormpay_email"];
$safepay_email=$userrecord["safepay_email"];
$solidtrust_email=$userrecord["solidtrust_email"];
$contact_email=$userrecord["contact_email"];
$password=$userrecord["pword"];
$userid=$userrecord["userid"];
$status=$userrecord["status"];
$referid=$userrecord["referid"];
$verified=$userrecord["verified"];
$solos=$userrecord["solos"];
$points=$userrecord["points"];
$commission=$userrecord["commission"];
$ip=$userrecord["ip"];
$joindate=$userrecord["joindate"];
$lastpost=$userrecord["lastpost"];
$subscribed=$userrecord["subscribed"];
$memtype=$userrecord["memtype"];
$up=$userrecord["up"];
$random=$userrecord["random"];
$hits_unique=$userrecord["hits_unique"];
$hits_visitor=$userrecord["hits_visitor"];
}
?>
For a start post a file that contains the login form. If you see an action attribute in the form tag and if it points to some other php file, post code in that file. For example if this is the form tag code:
<form method="post" action="process_form.php">
post the code from the process_form.php file.
Here is the login source code..
<center>
<form method="POST" action="loginnow.php"><br>
Admin Id:<br><input type="text" name="Adminid" value=""><br>
Password:<br><input type="password" name="Password" value=""><br>
<input type="submit" value="Login">
</form>
</center>
Here is loginnow.php
<?php
session_start();
include "../adminheader.php";
include "../config.php";
include "../style.php";
$ID = $_POST['Adminid'];
$Password = $_POST['Password'];
// errorchecking first:
if (empty($Password)) {
echo "Password field is empty, please click your browsers 'back' button.";
exit;
}
if (empty($ID)) {
echo "Admin id field is empty, please click your browsers 'back' button.";
exit;
}
if(($Password != $adminpw) || ($ID != $adminid))
{
echo "Error. Wrong Admin Login.";
exit;
}
else
{
$_SESSION["alogin"];
$alogin = true;
//header("Location: index.php");
echo '<META HTTP-EQUIV="Refresh" Content="0;URL=index.php">';
}
include "../footer.php";
?>
If pasword and ID are OK then the code between lines 31 and 34 should execute:
$_SESSION["alogin"];
$alogin = true;
//header("Location: index.php");
echo '<META HTTP-EQUIV="Refresh" Content="0;URL=index.php">';
Successful login would (presumably) redirect you to some admin page. On successful login your code attempts redirection to index.php. Is this the admin page or the login page? Additionaly line $_SESSION["alogin"]; does nothing useful. I think this session variable should be assigned some value.
I would suggest you figure out what is the target page for successful login and change the above lines to something like:
$_SESSION["alogin"] = $somevariable; // I am guessing this
$alogin = true;
header("Location: someAdminPage.php"); // I am guessing this
exit();
Ok, here is settings.php from admin folder.
<?php
session_start();
include "../adminheader.php";
include "../config.php";
include "../style.php";
include "../config.php";
if( $_SESSION["alogin"] ) {
?><table> <tr> <td width="15%" valign=top><br> <? include("adminnavigation.php"); ?>
</td><td valign="top" align="center" width="5%"> <td valign="top" align="center" ><br><br>
<?
echo "<font size=2 face='$fonttype' color='$fontcolour'><p><center>";
if ($action=="save") {
if (($maxwinningp==0)||($maxwinningp==1)) {
$maxwinningp=2;
}
if ($scratchfreqp==1) {
$scratchfreqp=2;
}
if (($scratchoddsp==0)||($scratchoddsp==1)) {
$scratchoddsp=2;
}
$update1=mysql_query("update settings set setting='$sitenamep' where name='sitename'");
$update2=mysql_query("update settings set setting='$domainp' where name='domain'");
$update3=mysql_query("update settings set setting='$adminpwp' where name='adminpw'");
$update4=mysql_query("update settings set setting='$adminemailp' where name='adminemail'");
$update5=mysql_query("update settings set setting='$paypalp' where name='paypal'");
$update6=mysql_query("update settings set setting='$stormpayp' where name='stormpay'");
$update9=mysql_query("update settings set setting='$prointervalp' where name='prointerval'");
$update10=mysql_query("update settings set setting='$bannerpricep' where name='bannerprice'");
$update13=mysql_query("update settings set setting='$bannerpricep' where name='bannerprice'") ;
$update14=mysql_query("update settings set setting='$freecommissionp' where name='freecommission'");
$update15=mysql_query("update settings set setting='$procommissionp' where name='procommission'");
$update16=mysql_query("update settings set setting='$freepostp' where name='freepost'");
$update17=mysql_query("update settings set setting='$propostp' where name='propost'");
$update18=mysql_query("update settings set setting='$com1p' where name='com1'");
$update19=mysql_query("update settings set setting='$com2p' where name='com2'");
$update20=mysql_query("update settings set setting='$com3p' where name='com3'");
$update21=mysql_query("update settings set setting='$com4p' where name='com4'");
$update22=mysql_query("update settings set setting='$com5p' where name='com5'");
$update23=mysql_query("update settings set setting='$upsp' where name='ups'");
$update24=mysql_query("update settings set setting='$adminfeep' where name='adminfee'");
$update25=mysql_query("update settings set setting='$safepayp' where name='safepay'");
$update26=mysql_query("update settings set setting='$solidtrustp' where name='solidtrust'");
$update33=mysql_query("update settings set setting='$basecolourp' where name='basecolour'") ;
$update34=mysql_query("update settings set setting='$contrastcolourp' where name='contrastcolour'");
$update35=mysql_query("update settings set setting='$fonttypep' where name='fonttype'");
$update36=mysql_query("update settings set setting='$fontcolourp' where name='fontcolour'");
echo "<p><b>Your settings have been saved.</b></p>";
}
else {
?> <H2>Your Site Settings</H2><p>Is is absolutely vital you set this up first
before doing anything else. You can change your settings at any time you wish.</p><form method="GET" action="settings.php">
<input type="hidden" name="action" value="save"> <center> <hr> <p><b>Site settings</b></p>Sitename<br>
<input type="text" name="sitenamep" value="<? echo $sitename; ?>"><br><br> The
url to where your script is installed including http:// (no trailing '/')<br>
<input type="text" name="domainp" value="<? echo $domain; ?>"><br><br> Admin password<br>
<input type="text" name="adminpwp" value="<? echo $adminpw; ?>"><br><br> Your
contact email<br> <input type="text" name="adminemailp" value="<? echo $adminemail; ?>"><br><br>
Your Paypal email (leave blank if you do not wish to offer paypal as a payment
method)<br> <input type="text" name="paypalp" value="<? echo $paypal; ?>"> <br><br>
Your Alertpay email (leave blank if you do not wish to offer Alertpay as a payment
method)<br> <input type="text" name="stormpayp" value="<? echo $stormpay; ?>"><br><br>
Your SafepaySolutions username (leave blank if you do not wish to offer SafePaySolutions as a payment
method)<br>
<input type="text" name="safepayp" value="<? echo $safepay; ?>"><br>
<br>
<strong>(UNAVAILABLE IN THIS VERSION) </strong>Your SolidTrustPay email (leave blank if you do not wish to offer SolidTrustPay as a payment
method)<br>
<input type="text" name="solidtrustp" value="<? echo $solidtrust; ?>" />
<br>
<br>
Admin (PROCESSING) FEE per transaction<br> <input type="text" name="adminfeep" value="<? echo $adminfee; ?>"><br><br>
<hr> <p><b>Membership Level Price settings</b></p>
Level 1 price<br> <input type="text" name="com1p" value="<? echo $com1; ?>"><br><br>
Level 2 price<br> <input type="text" name="com2p" value="<? echo $com2; ?>"><br><br>
Level 3 price<br> <input type="text" name="com3p" value="<? echo $com3; ?>"><br><br>
Level 4 price<br> <input type="text" name="com4p" value="<? echo $com4; ?>"><br><br>
Level 5 price<br> <input type="text" name="com5p" value="<? echo $com5; ?>"><br><br>
<br>
<br>
<hr> <p><br>
<b>Misc settings</b></p>
<p>If you are stuck, use basecolour #E2E2E2, contrastcolour
#C0C0C0, fonttype Tahoma and fontcolour #5C5C5C.</p>Base colour<br> <input type="text" name="basecolourp" value="<? echo $basecolour; ?>"><br><br>
Contrast colour<br> <input type="text" name="contrastcolourp" value="<? echo $contrastcolour; ?>"><br><br>
Font type<br> <input type="text" name="fonttypep" value="<? echo $fonttype; ?>"><br><br>
Font colour<br> <input type="text" name="fontcolourp" value="<? echo $fontcolour; ?>"><br><br>
<hr> <input type="submit" value=" Save "> </form></center> <? }
echo "</td><td valign=top align=center width=5%></tr></table>";
}
else {
echo "Unauthorised Access!";
}
include "../footer.php";
mysql_close($dblink);
?>
Have you changed the code in the loginnow.php file?
Ummm... no. Because I really don't know exactly just what to change to what. I need to be held by the hand! I can cut 'n paste but that's it.
If you could take a section, modify it I can put it in there.
Thanks,
L-D
I do not garanteeu that the code below will work. It is meant to show where to put the changes. See the comments in the changed code.
<?php
session_start();
include "../adminheader.php";
include "../config.php";
include "../style.php";
$ID = $_POST['Adminid'];
$Password = $_POST['Password'];
// errorchecking first:
if (empty($Password)) {
echo "Password field is empty, please click your browsers 'back' button.";
exit;
}
if (empty($ID)) {
echo "Admin id field is empty, please click your browsers 'back' button.";
exit;
}
if(($Password != $adminpw) || ($ID != $adminid))
{
echo "Error. Wrong Admin Login.";
exit;
} else {
// --------------------
// this bit has changed
// --------------------
// I am guessing this since I do not know the logic
$_SESSION["alogin"] = $somevariable;
// maybe this one goes into $_SESSION["alogin"]
// if yes put if before the above line
$alogin = true;
// this redirects to rhe target page
// I called it someAdminPage.php, you have to name it by it's real name
header("Location: someAdminPage.php"); // I am guessing this
// this preventively stops the script
exit();
}
include "../footer.php";
?>
Hi broj1,
I'm going to work on this 2nite.
While in admin folder I saw addnav.php. It appears that I can add another level. It does not mention it in settings.php.??? ...or anywhere else.
I can't try it because I still can't get in. Is that what it is?
<?php
session_start();
include "../adminheader.php";
include "../config.php";
include "../style.php";
if( $_SESSION ["alogin"] ) {
?><table>
<tr>
<td width="15%" valign=top><br>
<? include("adminnavigation.php"); ?>
</td>
<td valign="top" align="center"><br><br> <?
echo "<font size=2 face='$fonttype' color='$fontcolour'><p><b><center>";
?>
<center>
<p>Add a navigation button to the members area.</p>
<form method="POST" action="addnavnow.php">
Name:<br><input type="text" name="name" value=""><br>
Url:<br><input type="text" name="url" value=""><br>
Sequence:<br><input type="text" name="seq" value=""><br>
Available to:
<select name="memtype">
<option value="">All</option>
<option value="0">Free</option>
<option value="1">Level 1</option>
<option value="2">Level 2</option>
<option value="3">Level 3</option>
<option value="4">Level 4</option>
<option value="5">Level 5</option>
</select><br>
<input type="submit" value="Add">
</form>
</center>
</td>
</tr>
</table>
<?
}
else {
echo "Unauthorised Access!";
}
include "../footer.php";
?>
addnavnow.php
<?php
session_start();
include "../adminheader.php";
include "../config.php";
include "../style.php";
$name = $_POST['name'];
$url = $_POST['url'];
$seq = $_POST['seq'];
$memtype = $_POST['memtype'];
if( $_SESSION ["alogin"] ) {
?><table>
<tr>
<td width="15%" valign=top><br>
<? include("adminnavigation.php"); ?>
</td>
<td valign="top" align="center"><br><br> <?
echo "<font size=2 face='$fonttype' color='$fontcolour'><p><b><center>";
$query = "insert into navigation (name,url,status,seq,memtype) VALUES ('$name','$url','ON',$seq,'$memtype')";
$result = mysql_query ($query)
or die ("Insert failed");
echo "Your new navigation has been saved.";
?> <p>Click <a href=navigation.php>here</a> to go back<p>
</table>
</td>
</tr>
</table>
<?
}
else {
echo "Unauthorised Access!";
}
include "../footer.php";
mysql_close($dblink);
?>
Thanks,
L-D
Hi,
You know what? Thanks for your help but I'm so unqualified to do what you ask that I have to excuse myself because I'll foul it up. You usually chat with PHP people, not in my case.
Also, I goofed, settings is part of the admin area. So I'm posting index.php.
<?php
session_start();
include "../adminheader.php";
include "../config.php";
include "../style.php";
if( $_SESSION["alogin"] ) {
?>
<table width="100%">
<tr>
<td width="15%" valign=top><br>
<? include("adminnavigation.php"); ?>
</td>
<td valign="top" align="center"><br><br> <?
echo "<font size=2 face='$fonttype' color='$fontcolour'><p><center>";
?>
<p><H2>Welcome to the admin area!</H2></p>
<p>First you MUST go to 'Settings' to set up all variables of your program</p>
<p>To edit the text on your pages, go to 'edit pages'.</p>
<p>Use 'Email Members' to send to all contact emails addresses.</p>
<p>To add further buttons (or disable existing buttons) in the members area, click 'Edit Navigation'.</p>
<p> </p>
</td>
</tr>
</table>
<?
}
else {
?>
<center>
<form method="POST" action="loginnow.php"><br>
Admin Id:<br><input type="text" name="Adminid" value=""><br>
Password:<br><input type="password" name="Password" value=""><br>
<input type="submit" value="Login">
</form>
</center>
<?
}
echo "<font size=2 face='$fonttype' color='$fontcolour'><p><b><center>";
include "../footer.php";
?>
It would seem that the problem is in the area of index, loginnow and ? What is strange is that it has worked before and I had no motivation or knowhow to modify it. Just a reminder, when loging in it pops back to the login in a second. Inserting wrong info gets a wrong pw error.
The pw is right according to phpmyadmin.
Thanks,
L-D
What is actualy your goal? Not knowing PHP and messing arround with login (or any other) scripts will get you in trouble sooner or later. If you want to build or maintain a web application the first prerequisite is to know the language and be familiar with technologies used otherwise you might be in for a trouble. Unpurposely you could expose confidential data or make damage to the customer or users.
YES! You are right. I just want it to work. I'd look into a professional consultant and say "Here, fix this" but funds are tight so I have to make do. Looking back I should have learned PHP but I didn't know I'd be needing it. Not looking forward to learning it either. :-/ Chineese, maybe.
No, I definitely would not want a site with poor security. It's an old script too.
L-D
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.