Forum Moderators: coopster
I have created a log on area which is not re-directing to the welcome page when the password and user name are correct.
I have been looking over this code for about an hour now and can't get anywhere.
Any help would be appreciated.
index.php Page:
<?php
require_once("_includes/Sentry.php");
$sentry = new Sentry();
if ($HTTP_POST_VARS['user']!=''){
$sentry->checkLogin($HTTP_POST_VARS['user'],$HTTP_POST_VARS['pass'],'welcome.php','failed.php');
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/loose.dtd" >
<HTML>
<HEAD>
...
</head>
<body>
...
<div id="container_entry">
<div id="main_col">
Welcome to the PFL Admin Center. <br /><br /> Please log in below.
<br /><br />
<form name="login" method="POST" action="index.php">
<div id="formrow"> <span class="formInput">
<label for="Username">Username:</label>
</span> <span class="formLabel">
<input name="user" " type="text" id="user">
</span> </div>
<br />
<div id="formrow"> <span class="formInput">
<label for="Password">Password: </label>
</span> <span class="formLabel">
<input name="pass" type="password" id="pass">
</span> </div>
<br />
<div class="formRow">
<input name="submit" type="submit" value="login" id="submit" title="login" class="formButton" />
</div>
</form>
<br />
<div id="warning">
NB - Please do not let your browser save your password.
</div>
</div>
</div>
...
And the Sentry Page is as follows:
<?php
class sentry {
var $loggedin = false;// To store whether ot not the user is logged in
var $userdata;// Array to contain the user's data
function sentry(){
session_start();
header("Cache-control: private");
}
/*********************************************************
* Log Out, Destroy the Session
*********************************************************/
function logout(){
unset($this->userdata);
session_destroy();
return true;
}
/*********************************************************
* Log In and either redirect to goodRedirect or
* badRedirect depending on success
*********************************************************/
function checkLogin($user = '',$pass = '',$goodRedirect = '',$badRedirect = ''){
// Need to Include Database and Validation classes, and create objects
require_once('DbConnector.php');
require_once('Validator.php');
$validate = new Validator();
$loginConnector = new DbConnector();
// If user is already logged in then check credentials
if ($_SESSION['user'] && $_SESSION['pass']){
//Validate Session data
if (!$validate->validateTextOnly($_SESSION['user'])){return false;}
if (!$validate->validateTextOnly($_SESSION['pass'])){return false;}
$getUser = $loginConnector->query("SELECT * FROM nov_users WHERE pfl_admin_users = '".$_SESSION['user']."' AND pass = '".$_SESSION['pass']."' ");
if ($loginConnector->getNumRows($getUser) . 0){
// Existing user confirmed, Continue
if ($goodRedirect!= '') {
header("location: ".$goodRedirect."?".strip_tags(session_id())) ;
}
return true;
}else{
// User Denied, logout
$this->logout();
return false;
}
// User isn't logged in, check credentials
}else{
//Validate input
if (!$validate->validateTextOnly($user)){return false;}
if (!$validate->validateTextOnly($pass)){return false;}
// Look User up in the database
$getUser = $loginConnector->query("SELECT * FROM pfl_admin_users WHERE user = '$user' AND pass = PASSWORD('$pass') ");
$this->userdata = $loginConnector->fetchArray ($getUser);
if ($loginConnector->getNumRows($getUser) . 0){
// Login OK, Store Session details
// Log In
$_SESSION["user"] = $user;
$_SESSION["pass"] = $pass;
if ($goodRedirect) {
header("Location: ".$goodRedirect."?".strip_tags(session_id())) ;
}
return true;
}else{
// Login Failed
unset($this->userdata);
if ($badRedirect) {
header("Location: ".$badRedirect) ;
}
return false;
}
}
}
}
?>
<meta http-equiv='Refresh' content='0;url=http://www.webmasterworld.com'>
So maybe something like this in the header
<?php
If(login == "OK"){
<meta http-equiv='Refresh' content='0;url=success.php'>
}Else{
<meta http-equiv='Refresh' content='0;url=login.php'>
}
?>
what exactly is happening when the user/pass combo is correct?
also what is happening when they are not?
Nothing seems to be happening.
No matter if i place the correct user/pass or not, it always returns to the index.php page!
It look like there is an extra closing bracket in function checkLogin. Maybe my eyes are failing me.. Just in case, have you tried running this with error reporting on. Maybe there's something waiting in an error message.
Thanks, there does appear to an an extra closing bracket. D'oh. will see if this works now.
Thanks
I think that all the script is picking up is in the form where is has action="index.php" and therefore only ever seems to be re-directing the login back to the index page.
Maybe i am missing something here, either way things are very confusing.
I have looked over the validator and not noticed anything, but then i am not really too sure what i am looking for. maybe you might notice something...
<?php
require_once 'SystemComponent.php';
class Validator extends SystemComponent {
var $errors; // A variable to store a list of error messages
// Validate something's been entered
// NOTE: Only this method does nothing to prevent SQL injection
// use with addslashes() command
function validateGeneral($theinput,$description = ''){
if (trim($theinput)!= "") {
return true;
}else{
$this->errors[] = $description;
return false;
}
}
// Validate text only
function validateTextOnly($theinput,$description = ''){
$result = ereg ("^[A-Za-z0-9\ ]+$", $theinput );
if ($result){
return true;
}else{
$this->errors[] = $description;
return false;
}
}
// Validate text only, no spaces allowed
function validateTextOnlyNoSpaces($theinput,$description = ''){
$result = ereg ("^[A-Za-z0-9]+$", $theinput );
if ($result){
return true;
}else{
$this->errors[] = $description;
return false;
}
}
// Validate email address
function validateEmail($themail,$description = ''){
$result = ereg ("^[^@ ]+@[^@ ]+\.[^@ \.]+$", $themail );
if ($result){
return true;
}else{
$this->errors[] = $description;
return false;
}
}
// Validate numbers only
function validateNumber($theinput,$description = ''){
if (is_numeric($theinput)) {
return true; // The value is numeric, return true
}else{
$this->errors[] = $description; // Value not numeric! Add error description to list of errors
return false; // Return false
}
}
// Validate date
function validateDate($thedate,$description = ''){
if (strtotime($thedate) === -1 ¦¦ $thedate == '') {
$this->errors[] = $description;
return false;
}else{
return true;
}
}
// Check whether any errors have been found (i.e. validation has returned false)
// since the object was created
function foundErrors() {
if (count($this->errors) > 0){
return true;
}else{
return false;
}
}
// Return a string containing a list of errors found,
// Seperated by a given deliminator
function listErrors($delim = ' '){
return implode($delim,$this->errors);
}
// Manually add something to the list of errors
function addError($description){
$this->errors[] = $description;
}
}
?>
I scanned the class and didn't see anything that was obviously an error. What I did see was that the Validator class extends yet another class. Before you post that class and give us all your secrets, may I recommend some reading.
PHP Troubleshooting [webmasterworld.com] can be your friend when looking for problems.
The forum Charter [webmasterworld.com] is there for the benefit of everyone.
And, did you ever determine if failed.php might be getting re-written or redirected to index.php? It's possible that you db connection is failing, or that the record is not getting found. But if there is a re-write then you won't ever see failed.php. That's just a guess on my part as to what the problem might be ... Places to look for a rewrite would be your .htaccess file. Places to look for a redirect would be in failed.php.
One thing you can try is to insert break points in the functions of your classes. This will break things to be sure, but the goal is see if the code is executing up to a certain point. I would also have a look at the database tables and make sure the queries that access them will work. For instance, does the column nov_users actually exist. It probably does, but sometimes the little things will trip you up.
Thanks for all your time on this. I will read through what you recomended. My thoughts at the moment are that there is a failure to the db.
Not thought about breaking up the code to see at which point it fails, nice idea.
As i said earlier, i am new to this language and think that i may be trying something a little beyond me at the moment and therefore getting a bit confussed.
Thanks again for your help, I appreciate it.
Dwighty
