PHP Forum

**Gilligan** · 05:01 PM

for some reason i can't login to the admin area of my script. heres the page code.

PHP Code:


			
<?php //parse and display stats


 
 include('/websites/LinuxPackage02/gk/s_/uk/gks.uk.com/public_html/1/includes/db.php');

//if the php is called without parameters on the url, assign
//the variables default starting values.
if(!isset($start)){
    $start = "0";
}
$finish = $start + $increment;

//take all stat data from the db.

dbConnect();
    $sql = "select Name from countstats";
    $result = mysql_query($sql);
    $rows = mysql_num_rows($result);
    
    $sql1 = "select IP from countstats";
    $result1 = mysql_query($sql1);
    
    $sql2 = "select DateTime from countstats";
    $result2 = mysql_query($sql2);
    
    $sql3 = "select StatNo from countstats";
    $result3 = mysql_query($sql3);
    
//assign to array cells.    

    for ($x=0;$x<$rows;$x++) {
        $array[$x] = mysql_result($result,$x);
        $array1[$x] = mysql_result($result1,$x);
        $array2[$x] = mysql_result($result2,$x);
        $array3[$x] = mysql_result($result3,$x);
    }
    
//echo table headings
include("restrict.php");    
    echo('
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>

<table border="0" cellpadding="2" cellspacing="1" bgcolor="#000000">
<tr bgcolor="#FFFFFF">
<td width="145"><B>Name</B></td>
<td width="100"><B>Visitor IP</B></td>
<td width="100"><B>Date / Time</B></td>
<td width="70"><B>#</B></td>
</tr>');

//echo the data up to the finish / increment limit.

for ($x=$start;$x<$finish && $x<$rows;$x++) {
    echo('<tr bgcolor="#FFFFFF">
            <td width="145">'.$array[$x].'</td>
               <td width="100">'.$array1[$x].'</td>
            <td width="100">'.$array2[$x].'</td>
               <td width="70">'.$array3[$x].'</td>            
           </tr>'
          );

}

echo('</table><BR>');

//evaluate the new values for pages in next / previous linkings.

$fstart = $start + $increment;
$ffinish = $finish + $increment;
$bstart = $start - $increment;
$bfinish = $finish - $increment;

//this part decides whether a next x link is relevant (obviously not if you are at the end of the data), and whether a
//previous x link is required (obviously not if you are at the beginning of the record).

if($finish < $rows){ echo('<a href="displaystat.php?start='.$fstart.'">Show next '.$increment.'</A><BR>
');}

if($start > 0) {echo('<a href="displaystat.php?start='.$bstart.'">Show previous '.$increment.'</A><BR>
');}

//this section divides the number of rows, ie stat records, by the increment amount, thus discovering how many pages
//this data will take up in the current format. It then prints the correct link with parameters to make the script show
//these records.

echo('<table border="0" width="450" cellpadding="2" cellspacing="0" bgcolor="#ffffff">
<tr bgcolor="#FFFFFF">
Page: ');
$pages = $rows / $increment;
for ($x=0;$x<=$pages;$x++) {
$v1 = $increment * $x;
$v2 = $v1 + $increment;
echo('<a href="displaystat.php?start='.$v1.'">'.$x.'</A> | ');
}
echo('<BR><BR></tr></table></body></html>');
?>

Here's restrict.php

PHP Code:


			
<?php

session_start();

if(!isset($uid)) {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<title>Please Login:</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

</head>
<BODY>
<p class="style2"><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
                <table width="285" border="0" cellpadding="2" cellspacing="1">
                  <tr> 
                    <td width="91"><span class="style3"><font size="2">User 
                      ID:</font></span></td>
                    <td width="187"><span class="style3"><font size="2"> 
                      <input type="text" name="uid" size="10">
                      </font></span></td>
                  </tr>
                  <tr> 
                    <td><span class="style3"><font size="2">Password: 
                      </font></span></td>
                    <td class="style1"><span class="style3"><font size="2"> 
                      <input type="password" name="pwd" size="10">
                      </font></span></td>
                  </tr>
                  <tr> 
                    <td><span class="style3"><font size="1">
                      <input name="Submit" value="Submit" type="submit" id="Submit">
                      </font> </span></td>
                    <td><span class="style3"></span></td>
                  </tr>
                </table>
              </form> </p>
              </body>
              </html>

<?php
exit;
}

session_register("uid");
session_register("pwd");

$pwd = str_replace( '$', "$", $pwd);
 
if ( get_magic_quotes_gpc() )
{
 $pwd = stripslashes($pwd);
}

$luser = strtolower($uid);
$pwd = strtolower($pwd);

if($luser !== strtolower($scriptuser) or $pwd !== strtolower($scriptpass)) {

  session_unregister("uid");  
  session_unregister("pwd");
  
  unset($uid);
  unset($pwd);
  
session_start();
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Error:</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
Wrong Pass.
</body>
</html>
<?php
  exit;
}
?>

and db.php has login details

Can someone please help me fix this?

**ziffgone** · 03-01-2008, 06:11 PM

Gilligan,

Are you getting any errors?

Regards...

**Gilligan** · 03-01-2008, 06:14 PM

strangely enough, no.

i click login with the correct details and it just displays the login box again

**ziffgone** · 03-01-2008, 06:28 PM

Ok, where is the script getting the POST info from the Login Form.

Is the post gathered in the db.php script?

Regards...

**Gilligan** · 03-01-2008, 06:34 PM

here's db.php (minus the actual info)

PHP Code:


			
<?php 
 
//start edits here

$dbhost = "localhost"; //db host, usually just localhost
$dbuser = "123"; //db username
$dbpass = "pass"; //db password
$increment = "50"; //the amount of data rows shown on each stats page
$scriptuser = "admin"; // the admin login allowed to access the control panel.
$scriptpass = "pass"; // the admin password allowed to access the control panel.

function dbConnect(
$db="321" //your database name goes here
) { 

//end edits, do not edit below this line
    global $dbhost, $dbuser, $dbpass;
    
    $dbcnx = @mysql_connect($dbhost, $dbuser, $dbpass)
        or die(mysql_error());
    
    if ($db!="" and !@mysql_select_db($db))        
        die("The site database is unavailable.");
        
    return $dbcnx;
}
?>

**ziffgone** · 03-01-2008, 06:37 PM

From what I can see, the "$uid" value the restrict.php file looks for, "if(!isset($uid))" is not being set.

Try this (See the "ADDED CODE" area for the code to add to your "restrict.php" file):

PHP Code:


			
<?php

session_start();


/* ADDED CODE */
$uid=$_POST['uid'] ? Trim(stripslashes($_POST['uid'])) : false;
$pwd=$_POST['pwd'] ? Trim(stripslashes($_POST['pwd'])) : false;
/* END ADDED CODE */

if(!isset($uid)) {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<title>Please Login:</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

</head>
<BODY>
<p class="style2"><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
                <table width="285" border="0" cellpadding="2" cellspacing="1">
                  <tr> 
                    <td width="91"><span class="style3"><font size="2">User 
                      ID:</font></span></td>
                    <td width="187"><span class="style3"><font size="2"> 
                      <input type="text" name="uid" size="10">
                      </font></span></td>
                  </tr>
                  <tr> 
                    <td><span class="style3"><font size="2">Password: 
                      </font></span></td>
                    <td class="style1"><span class="style3"><font size="2"> 
                      <input type="password" name="pwd" size="10">
                      </font></span></td>
                  </tr>
                  <tr> 
                    <td><span class="style3"><font size="1">
                      <input name="Submit" value="Submit" type="submit" id="Submit">
                      </font> </span></td>
                    <td><span class="style3"></span></td>
                  </tr>
                </table>
              </form> </p>
              </body>
              </html>

<?php
exit;
}

session_register("uid");
session_register("pwd");

$pwd = str_replace( '$', "$", $pwd);
 
if ( get_magic_quotes_gpc() )
{
 $pwd = stripslashes($pwd);
}

$luser = strtolower($uid);
$pwd = strtolower($pwd);

if($luser !== strtolower($scriptuser) or $pwd !== strtolower($scriptpass)) {

  session_unregister("uid");  
  session_unregister("pwd");
  
  unset($uid);
  unset($pwd);
  
session_start();
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Error:</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
Wrong Pass.
</body>
</html>
<?php
  exit;
}
?>

Regards...

**Gilligan** · 03-01-2008, 06:45 PM

still not working.

**ziffgone** · 03-01-2008, 06:50 PM

Try changing:

PHP Code:


			
if(!isset($uid)) {

to this:

PHP Code:


			
if(!$uid) {

...

**Gilligan** · 03-01-2008, 07:05 PM

no, still same problem

**ziffgone** · 03-01-2008, 07:12 PM

OK, try this, replace all code in restrict.php, (back up your original first):

PHP Code:


			
 <?php

session_start();


/* ADDED CODE */
$uid=$_POST['uid'] ? Trim(stripslashes($_POST['uid'])) : false;
$pwd=$_POST['pwd'] ? Trim(stripslashes($_POST['pwd'])) : false;
/* END ADDED CODE */

if(!$uid) {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<title>Please Login:</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

</head>
<BODY>
<p class="style2"><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
                <table width="285" border="0" cellpadding="2" cellspacing="1">
                  <tr> 
                    <td width="91"><span class="style3"><font size="2">User 
                      ID:</font></span></td>
                    <td width="187"><span class="style3"><font size="2"> 
                      <input type="text" name="uid" size="10">
                      </font></span></td>
                  </tr>
                  <tr> 
                    <td><span class="style3"><font size="2">Password: 
                      </font></span></td>
                    <td class="style1"><span class="style3"><font size="2"> 
                      <input type="password" name="pwd" size="10">
                      </font></span></td>
                  </tr>
                  <tr> 
                    <td><span class="style3"><font size="1">
                      <input name="Submit" value="Submit" type="submit" id="Submit">
                      </font> </span></td>
                    <td><span class="style3"></span></td>
                  </tr>
                </table>
              </form> </p>
              </body>
              </html>

<?php
exit;
}
else{

session_register("uid");
session_register("pwd");

$pwd = str_replace( '$', "$", $pwd);
 
if ( get_magic_quotes_gpc() )
{
 $pwd = stripslashes($pwd);
}

$luser = strtolower($uid);
$pwd = strtolower($pwd);

if($luser !== strtolower($scriptuser) or $pwd !== strtolower($scriptpass)) {

  session_unregister("uid");  
  session_unregister("pwd");
  
  unset($uid);
  unset($pwd);
  
session_start();
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Error:</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
Wrong Pass.
</body>
</html>
<?php
  exit;
}
}
?>

**Gilligan** · 03-01-2008, 07:29 PM

Hmmm, still same problem