Password not parsing

@wyclefJan 19.2006

Can someone explain to me why the password doesn’t parse here?

[code=php] <?php // start the session session_start();

// include the login info require ‘pwd/pass.php’;

$user = $_POST[‘username’]; $pass = $_POST[‘password’];

if(isset($user) && isset($pass)) { if($data[$user][‘password’] == md5($pass)) { $_SESSION[‘username’] = $user . ” ” . md5($pass); header(‘Location: ‘ . $data[$user][‘url’]); } else { login(‘Invalid Entry. Please try again’); echo “$data[$user][‘password’] == md5($pass)”; die(); } } else { login(); } ?>

<?php function login($default=’Client Login’) { ?> <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd”>

<html xmlns=”http://www.w3.org/1999/xhtml” xml:lang=”en” lang=”en”> <head> <title>Login</title> </head>

<body> <form action=”http://www.demo.zanzinato.com/index_test.php” method=”post”> <h1><? echo $default ?></h1> <p>Username:<br /><input type=”text” size=”42″ name=”username” /></p> <p>Password:<br /><input type=”password” size=”42″ name=”password” /></p> <p><input type=”submit” tabindex=”3″ value=”Login” /></p> </form> </body> </html>

<?php } ?> [/code]

to post a comment

PHP

33 Comments(s) _↴

@acorbelliJan 19.2006 — #What do you mean by "doesn't parse"?

@LiLcRaZyFuZzYJan 19.2006 — #what does the error say?

@wyclefauthorJan 20.2006 — #no error. this line echo "$data[$user]['password'] == md5($pass)"; simply returns on entering of an invalid password...

['password'] == md5(whateveritype)

@acorbelliJan 20.2006 — #So that means that the md5(password) does not equal whatever is in your data[user][password] variable.

Which means that either you're entering in the wrong password, or the password stored in data[user][password] is not correct.

@NogDogJan 20.2006 — #If you're trying to see what the actual values being compared are:

[code=php]
 echo $data[$user]['password']." == ".md5($pass);
 [/code]

@wyclefauthorJan 20.2006 — #I've attached the login.php file and the page.php file which is a page you would be redirected to upon successful login. I think if you forget what I mentioned previously, and test out the files yourself...using

username: tst

password: your_password

and pay attention to how it seems like you have to login twice to get redirected you will at least understand the problem i'm trying to resolve.

[upl-file uuid=fec4fc39-53fe-4268-84cd-81b7325f0352 size=1kB]page.zip[/upl-file]

@LiLcRaZyFuZzYJan 20.2006 — #your code is quite a mess and there seem to be some logic problems..

i've got it working, but i currently don't have time, i'll post the code later if no-one else help you out

@wyclefauthorJan 20.2006 — #Thanks. I'd really appreciate it.

@LiLcRaZyFuZzYJan 20.2006 — #here

[upl-file uuid=4d5908a6-2143-4a5d-864b-6dd145da16b6 size=1kB]wyclef.zip[/upl-file]

@wyclefauthorJan 20.2006 — #Thanks. I'll look this over. I'm not sure the error part is working though.

@wyclefauthorJan 23.2006 — #I didn't have much luck getting the error component functioning. Is this working for anyone else?

@LiLcRaZyFuZzYJan 23.2006 — #i'm not sure if it is what you mean:

[upl-file uuid=be03e4eb-d663-4f1d-8e2e-0057ecd94f6f size=2kB]wyclef.zip[/upl-file]

@wyclefauthorJan 23.2006 — #Thanks! This seems like a much better solution than what I started with because the user and password don't have to be on the actual page.

@LiLcRaZyFuZzYJan 23.2006 — #you're welcome

Yes i'd advise to put the file in a non-public directory and to include it, so the names won't be displayed in the very unlikely case that the server should have a problem and display the php source.

@wyclefauthorJan 24.2006 — #Do you have any reccomendations how I could have this login form still work with a base href pointing to another domain? I'm currently using this on a subdomain and use a base href of the main domain to pull all the images and javascripts but it's messing up the login process.

@LiLcRaZyFuZzYJan 24.2006 — #what do you mean by 'base url'? where is there an url in the script?

@wyclefauthorJan 24.2006 — #within the head tags...

<base href="http://www.domain.com" />

@wyclefauthorJan 24.2006 — #like this...

[code=php]
 <?php
 # start session
 session_start();
 
  $data = array("tst"=>array("url"=>"page.php","password"=>"1060b7b46a3bd36b3a0d66e0127d0517")); // your_password
 
  if(isset($_POST['username'])){
   $user = $_POST['username'];
   $password = $_POST['password'];
 
   if(!empty($user) && !empty($password)){
 
   if($data[$user]['password'] == md5($password)){
   # register a new session variable : $_SESSION['logged']
   $_SESSION['logged'] = true;
 
   # redirect..where?..aah to 'page.php'!
   header("Location: ".$data[$user]['url']);
   }else{
   header("Location: ".$_SERVER['PHP_SELF']."?error=true&type=pwd");
   }
   }else{
   header("Location: ".$_SERVER['PHP_SELF']."?error=true&type=empty");
   }
  }
 
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
 
 
   <!-- BASE HREF HERE TO PULL IMGS AND JAVASCRIPTS FROM ELSEWHERE -->
   <base href="http://www.differentdomain.com" />
 
 
 
   <title>Login</title>
   <style type="text/css">
   p#error{
   border: 1px solid #444;
   width: 400px;
   background-color: #fde592;
   }
   </style>
  </head>
 
  <body>
   <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
   <h1>title</h1>
   <?php
   if($_GET['error']){
   switch($_GET['type']){
   case "pwd":
   echo "<p id="error">Error: Password doesn't match</p>";
   break;
   case "empty":
   echo "<p id="error">Error: Field(s) empty</p>";
   break;
   }
 
   }
   ?>
   <p>Username:<br /><input type="text" size="42" name="username" /></p>
   <p>Password:<br /><input type="password" size="42" name="password" /></p>
   <p><input type="submit" tabindex="3" value="Login" /></p>
   </form>
  </body>
 </html>
 
 [/code]

@LiLcRaZyFuZzYJan 24.2006 — #and it doesn't work if you add your base tag???

@wyclefauthorJan 24.2006 — #no, when u login or logout it keeps looking for the base url and then tacking the PHP_SELF info on the end of it...

@LiLcRaZyFuZzYJan 24.2006 — #use an absolute url for the action argument of the form

@wyclefauthorJan 24.2006 — #what about for the logout link?

@LiLcRaZyFuZzYJan 25.2006 — #i don't see any log out link, but i guess you could still use an absolute URL

now, you could also use absolute URLs for your images and scripts and keep using relative URLs for your PHP

@AndrewpcaJan 25.2006 — #ON a similar note, perhaps someone can tell me what all this means?

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/pgcgad2/public_html/login2.php:9) in /home/pgcgad2/public_html/login2.php on line 49

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/pgcgad2/public_html/login2.php:9) in /home/pgcgad2/public_html/login2.php on line 49

Parse error: parse error, unexpected T_STRING in /home/pgcgad2/public_html/database.php on line 3

I'm doing exactly the same thing as Wyclef

website is www.p-c-a.co.uk and the page in question is

www.p-c-a.co.uk/login2.php

Thanks.

@LiLcRaZyFuZzYJan 25.2006 — #do you have any characters outputted before calling the header() function?

@AndrewpcaJan 25.2006 — #No.

I think the problem is that the login page (login2.php) is itself a collection of other files.

It is the basic template file, using php include function to include a header, footer, and menu. Then in the main page division the page particulars are modified. In this case, the php login script.

I have copied this login script from someone else who had posted it on here (apparently there's a lot of us using it!) I have NO idea what the header function does AT ALL! do I need it?

The script for my page is...

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>

<title>Pioneer Commodity Analysis</title>

<META name="description" content="">

<META name="keywords" content="">

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<link rel="stylesheet" type="text/css" media="screen" href="screen.css">

<link rel="stylesheet" type="text/css" media="print" href="print.css"/>

</head>

<body>

<div class="container">

<div class="head">

<?php include ('header.htm'); ?>

</div>

<div class="left">

<p class="noindent">

<?php include ('menu.htm'); ?>

</p></div>

<div class="content">

<h2>Log in</h2>

<h4>Online results portal</h4>

<p class="normal">Clients will be able to log in from May 2006. To register your interest in the meantime please

<a href = "MAILTO:[email protected]">email us</a></p>

<?php

######################################################################

# Login script

######################################################################

# use sessions:

session_start();

# the following include does:

# mysql_connect(host, user, password)

# mysql_select_db(database)

require("database.php");

# if we received post data from login form, process it:

if(isset($_POST['submit']))

{

# I'm using the old_password() MySQL function due to the setup on my PC

$query = sprintf("SELECT * FROM users WHERE name='%s' AND " .

"password=OLD_PASSWORD('%s')",

mysql_real_escape_string($_POST['username']),

mysql_real_escape_string($_POST['password']));

$result = mysql_query($query) or die("ERROR: " . mysql_error());

if(mysql_num_rows($result) > 0) # we found a match, so set $_SESSION flag:

{

$_SESSION['logged'] = TRUE;

if(isset($_SESSION['caller'])) # if we got here from another page, go there

{

header("Location: " . $_SESSION['caller']);

exit;

}

else # otherwise go to main page

{

header("Location: http://localhost/login.php");

exit;

}

}

else # invalid login, so create error message

{

$error = "<p id='error'>ERROR: Invalid user name and/or password.</p>";

}

}

# next is the HTML for the login form

?>

<form action='<?php echo $_SESSION['PHP_SELF'] ?>' method='post'>

<fieldset>

<legend>Log In</legend>

<p><label for="username">User Name:</label>

<input name="username" type="text" size="16" maxlength="16">

</p>

<p><label for="password">Password:</label>

<input name="password" type="password" size="16" maxlength="16">

</p>

<p><input type="submit" name="submit" value="Log In"></p>

<?php

if(!empty($error))

{

echo $error;

}

?>

</div>

<div class="foot">

<?php include ('footer.htm'); ?>

</div>

</div>

</body>

</html>

Any suggestions?

@wyclefauthorJan 25.2006 — #i don't see any log out link, but i guess you could still use an absolute URL

now, you could also use absolute URLs for your images and scripts and keep using relative URLs for your PHP[/QUOTE]

The logout link on page.php

@LiLcRaZyFuZzYJan 25.2006 — #ah i remember, yep

hmm, i'd suggest that you use absolute URLs for external links and relative for internal links, instead of the other way around

@wyclefauthorJan 25.2006 — #ok, but just so i understand how would that logout link be reconfigured to work the other way?

@LiLcRaZyFuZzYJan 25.2006 — #absolute link to 'page.php' and add '?logout' at the end

@SpectreReturnsJan 26.2006 — #I think that everyone should be required to go through a manditory PHP course before posting on this board (required and manditory, seems a bit redundant, but meh). It'd save a lot of time with people just taking scripts and having no idea what they do.

@NogDogJan 26.2006 — #I think that everyone should be required to go through a manditory PHP course before posting on this board (required and manditory, seems a bit redundant, but meh). It'd save a lot of time with people just taking scripts and having no idea what they do.[/QUOTE]
And nobody should be allowed to post HTML pages on the web until they've read the w3.org HTML and CSS spec.'s and can pass a basic HTML/CSS exam, but we know that's not going to happen, either; so we cope with it and try to point them in the right direction (which might include, "Take a programming course"), preferably in a friendly manner.

PS: I've never taken a PHP course - it's all been on-the-job training. (Only IT courses I've ever taken: Intro to IT, Intro RPG-II, Intro Ada - and don't ask me to do anything in RPG or Ada as I haven't touched them in at least a dozen years.)

@SpectreReturnsJan 26.2006 — #but we know that's not going to happen[/QUOTE]
*evil grin* Lets take over all of the hosting companies and install software to validate all pages on upload, and then delete them if they aren't right.

By the way: sorry for hijacking the thread.

Also in #PHP _↴

Code syntax,can help?Using PHP to save xml to a database.Arrays

Success!

Help @wyclef spread the word by sharing this article on Twitter...

Tweet This

Password not parsing

33 Comments(s) _↴

# Login script

# use sessions:

# the following include does:

# mysql_connect(host, user, password)

# mysql_select_db(database)

# if we received post data from login form, process it:

# I'm using the old_password() MySQL function due to the setup on my PC

# next is the HTML for the login form

Also in #PHP _↴

Success!

Social

Version

Password not parsing

33 Comments(s) ↴

# Login script

# use sessions:

# the following include does:

# mysql_connect(host, user, password)

# mysql_select_db(database)

# if we received post data from login form, process it:

# I'm using the old_password() MySQL function due to the setup on my PC

# next is the HTML for the login form

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

33 Comments(s) _↴

Also in #PHP _↴