real_illusions Posted February 7, 2008 Share Posted February 7, 2008 I have the following code that uses a mysql database to prevent unauthorised access to an admin page. I have entered the user and password (using md5) into the database manually using phpmyadmin.However, on filling out the form, i get a blank page, even with the error_reporting at the top.Nothing is in the source code, no errors...absolutely nothing.I cant figure out what could be wrong..any ideas? <?phperror_reporting(E_ALL);?><?php// include the config and open database filesinclude 'config.php';include 'opendb.php';// Check if there is a cookie set alreadyif (isset($_COOKIE['CookieLogin']))// If the cookie exists, then redirect to the admin page{$username = $_COOKIE['CookieLogin'];$password - $_COOKIE['Key_CookieLogin'];$check = mysql_query ("SELECT * FROM users WHERE username = '$username'") or die (mysql_error());while ($info = mysql_fetch_array( $check )){if ($pass != $info['password']){}}{header ("Location: admin.php");}}//if the login form is submittedif (isset($_POST['submit'])) { // makes sure they filled it inif(!$_POST['username'] | !$_POST['pass']) {die('You did not fill in a required field.');}// checks it against the databaseif (!get_magic_quotes_gpc()) {$_POST['email'] = addslashes($_POST['email']);}$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'") ordie (mysql_error());// Gives error is user doesn't exist$check2 = mysql_num_rows($check);if ($check2 == 0) {die (mysql_error());}while ($info = mysql_fetch_array( $check )){$_POST['pass'] = stripslashes($_POST['pass']);$info['password'] =stripslashes($info['password']);$_POST['pass'] = md5($_POST['pass']);// Gives error if password is wrongif ($_POST['pass'] !=$info['password']) {die (mysql_error());}else{// if login is ok then we add a cookie$_POST['username'] = stripslashes($_POST['username']);$hour = time() + 3600;setcookie(CookieLogin, $_POST['username'], $hour);setcookie(Key_CookieLogin, $_POST['pass'], $hour);//then redirect them to the admin pageheader("Location: admin.php");}}}else{// if they are not logged in?><form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">Username:<br /><input type="text" name="username" maxlength="40"><br />Password:<br /><input type="password" name="pass" maxlength="50"><br /><input type="submit" name="submit" value="Login"></form><?php}?> Link to comment Share on other sites More sharing options...
boen_robot Posted February 7, 2008 Share Posted February 7, 2008 I believe you're having an extra bracket, and are missing an echo at this point: if ($pass != $info['password']){}}else{header ("Location: admin.php");}You're probably not seeing errors because you also need to enable error displaying. You can do so withini_set('display_errors','On'); however, I'm not sure if this would work for when the error is a parsing error. I'm only sure it works on evaluation errors. Link to comment Share on other sites More sharing options...
real_illusions Posted February 7, 2008 Author Share Posted February 7, 2008 if ($pass != $info['password']){}}echo{header ("Location: admin.php");}gives an error of, unexpected { on the line below 'echo'and else, as you've written it gives an error of unexpected T_ELSE on that line (echo is on that line in this post above). Link to comment Share on other sites More sharing options...
teng84 Posted February 8, 2008 Share Posted February 8, 2008 your code is weird.. this is what really happen when you dont indent your codes.. tab is free..! indent your code properly first and maybe you will the problem all by your self Link to comment Share on other sites More sharing options...
Synook Posted February 8, 2008 Share Posted February 8, 2008 You need to get rid of that second closing brace before the }. And try else not echo if ($pass != $info['password']){}else{header ("Location: admin.php");} Link to comment Share on other sites More sharing options...
justsomeguy Posted February 8, 2008 Share Posted February 8, 2008 Or just do this:if ($pass == $info['password']){header ("Location: admin.php");}There's no point to having an empty block ({}) in the code. Link to comment Share on other sites More sharing options...
real_illusions Posted February 8, 2008 Author Share Posted February 8, 2008 your code is weird..Well..some people say i'm a weird person Or just do this:if ($pass == $info['password']){header ("Location: admin.php");}There's no point to having an empty block ({}) in the code.Thanks..but its still not working..i get unexpected $end right at the bottom..sorted out the correct number of {}'s, but it says unexpected T_ELSE on line 71 -71 else72 {7374 // if they are not logged inetc etc..There is 2 else's in a row that i can see..surely that cant be right?? :)Maybe the answer will come to me when i haven't been up for over 14 hours and i get some sleep... Link to comment Share on other sites More sharing options...
zppblood Posted February 8, 2008 Share Posted February 8, 2008 $password - $_COOKIE['Key_CookieLogin']; Change - to =if(!$_POST['username'] | !$_POST['pass']) { Make sure you have two |, ||You have pass and password as variables and field names, which I think may have been mess ups?setcookie(CookieLogin, $_POST['username'], $hour); Change CookieLogin to a string, PHP will think it's a constant.setcookie(Key_CookieLogin, $_POST['pass'], $hour); Same as above cookie setting. Link to comment Share on other sites More sharing options...
real_illusions Posted February 8, 2008 Author Share Posted February 8, 2008 How is changing the password and cookie to a string any better compared to a variable? As its submitted from a form, surely it needs to be checked by making it a variable? Or can a string be used in the same way?I didn't write it myself..its a script that i found online that dealt with registration and the like..so i just stripped out the parts for just the login. Link to comment Share on other sites More sharing options...
justsomeguy Posted February 8, 2008 Share Posted February 8, 2008 You're probably going to want to open your code in a program like ConTEXT and track down all of the brackets you have in there. It's hard to read the un-indented code and see which brackets don't match up. If you open it in ConTEXT you can put the cursor next to a bracket and hit CTRL-M to jump to the matching bracket. It will help you track down which one is the problem. It would also help to indent your code. Link to comment Share on other sites More sharing options...
Synook Posted February 9, 2008 Share Posted February 9, 2008 setcookie(CookieLogin, $_POST['username'], $hour); How is changing the password and cookie to a string any better compared to a variable?With the above setcookie call, the PHP interpreter will try to look for the constant CookieLogin and assign that as the cookie name. So if you had define("CookieLogin", "Login") before that your cookie will be named "Login". However, without a definition for CookieLogin that setcookie will fail. It should be[code]setcookie("CookieLogin", $_POST['username'], $hour); Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.