Trouble with logon script

php logon script problems

  • (2 Pages)
  • +
  • 1
  • 2

18 Replies - 2619 Views - Last Post: 22 November 2005 - 06:08 PM Rate Topic: -----

#1 Israel  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 7
  • View blog
  • Posts: 817
  • Joined: 22-November 04

Trouble with logon script

Posted 12 November 2005 - 02:46 AM

Anyone know what's wrong with this logon script? It doesn't seem to keep anyone with the wrong password out:

<?php
if(!empty($_POST["username"]) && !empty($_POST["password"])){
if($_POST["username"] == "Israel" && $_POST["password"] == "blah"){
echo "Hello Israel";
} else {
echo "You entered a wrong password or username";
}
} else {
echo "You did not supply the right password";
}
?>
<form action="http://tinyurl.com/9wxmh/" method="POST">
<input type="text" name="username"><br>
<input type="password" name="password"><br>
<input type="submit" value="Log in"></form>
</body>
</html>

This post has been edited by Israel: 13 November 2005 - 12:06 AM


Is This A Good Question/Topic? 0
  • +

Replies To: Trouble with logon script

#2 snoj  Icon User is offline

  • Married Life
  • member icon

Reputation: 84
  • View blog
  • Posts: 3,564
  • Joined: 31-March 03

Re: Trouble with logon script

Posted 12 November 2005 - 09:42 AM

Change && to AND. I think that may be your problem.
Was This Post Helpful? 0
  • +
  • -

#3 Israel  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 7
  • View blog
  • Posts: 817
  • Joined: 22-November 04

Re: Trouble with logon script

Posted 12 November 2005 - 10:55 PM

Nope... It still runs with the wrong password.
Was This Post Helpful? 0
  • +
  • -

#4 snoj  Icon User is offline

  • Married Life
  • member icon

Reputation: 84
  • View blog
  • Posts: 3,564
  • Joined: 31-March 03

Re: Trouble with logon script

Posted 12 November 2005 - 11:24 PM

Are you storing and checking sessions in the protected pages?
Was This Post Helpful? 0
  • +
  • -

#5 Israel  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 7
  • View blog
  • Posts: 817
  • Joined: 22-November 04

Re: Trouble with logon script

Posted 13 November 2005 - 12:06 AM

Ok...this is probably where I stop and realize I need to just hush and dig my face back in the php book I'm reading cause you totally lost me there... :huh:
Was This Post Helpful? 0
  • +
  • -

#6 snoj  Icon User is offline

  • Married Life
  • member icon

Reputation: 84
  • View blog
  • Posts: 3,564
  • Joined: 31-March 03

Re: Trouble with logon script

Posted 13 November 2005 - 12:13 AM

Are you using sessions or some other means to let your php script know that you're you on the pages where you need to be logged in?
Was This Post Helpful? 0
  • +
  • -

#7 Israel  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 7
  • View blog
  • Posts: 817
  • Joined: 22-November 04

Re: Trouble with logon script

Posted 13 November 2005 - 12:46 AM

No... I was not doing this. I'm going to have do more reading on the link you sent. Pretty good one, thanks :D
Was This Post Helpful? 0
  • +
  • -

#8 Amadeus  Icon User is offline

  • g+ + -o drink whiskey.cpp
  • member icon

Reputation: 248
  • View blog
  • Posts: 13,506
  • Joined: 12-July 02

Re: Trouble with logon script

Posted 13 November 2005 - 08:11 AM

I'm wondering if it could be something with the cache on your browser...I just ran that piece of code, and it ran fine...only the correct combination let me in, any others kept me out.
Was This Post Helpful? 0
  • +
  • -

#9 Israel  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 7
  • View blog
  • Posts: 817
  • Joined: 22-November 04

Re: Trouble with logon script

Posted 13 November 2005 - 10:43 PM

Really....? :blink:
Was This Post Helpful? 0
  • +
  • -

#10 Ridikule  Icon User is offline

  • D.I.C Head

Reputation: 7
  • View blog
  • Posts: 68
  • Joined: 29-September 05

Re: Trouble with logon script

Posted 14 November 2005 - 01:54 PM

The snippet you provided should work. I don't see any problem with it.
Was This Post Helpful? 0
  • +
  • -

#11 Israel  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 7
  • View blog
  • Posts: 817
  • Joined: 22-November 04

Re: Trouble with logon script

Posted 14 November 2005 - 09:55 PM

Ok, I've tried the script from 2 different boxes and I don't know why it works for everyone else but me... But I have a hunch. I should start by explaining that this is the entirity of my code:

<html>
<head>
<title>php test</title>
</head>
<body bgcolor="#0000FF">
<?php
if(!empty($_POST["username"]) && !empty($_POST["password"])){
if($_POST["username"] == "Israel" && $_POST["password"] == "blah"){
echo "Hello Israel";
} else {
echo "You entered a wrong password or username";
}
} else {
echo "You did not supply the right password";
}
?>
<form action="http://tinyurl.com/9wxmh/" method="POST">
<input type="text" name="username"><br>
<input type="password" name="password"><br>
<input type="submit" value="Log in"></form>
</body>
</html> 


Obviosly http://tinyurl.com/9wxmh/ is where your supposed to go if you have the right password. (BTW I'm not trying to spam here, just an example) But I have no 404 file, no place to go for the wrong password. I'm assuming that's my problem, which is pretty simple and I should have probably seen long ago but I'm perpetually always half-asleep. (If my hunch is right) But if I'm right, where should I supply the 404 page? I would assume, after one of the else statements. Am I right?
Was This Post Helpful? 0
  • +
  • -

#12 Amadeus  Icon User is offline

  • g+ + -o drink whiskey.cpp
  • member icon

Reputation: 248
  • View blog
  • Posts: 13,506
  • Joined: 12-July 02

Re: Trouble with logon script

Posted 15 November 2005 - 06:36 AM

Actually, you should supply both pages in the if/elese, but this may be easier to accomplish with javascript, or by running that code on the receiving page...on that page, you can check the form values ent through, the redirect of the wrong combination is entered with a simple use of the header() call.
Was This Post Helpful? 0
  • +
  • -

#13 snoj  Icon User is offline

  • Married Life
  • member icon

Reputation: 84
  • View blog
  • Posts: 3,564
  • Joined: 31-March 03

Re: Trouble with logon script

Posted 15 November 2005 - 07:00 AM

The action attribute (http://tinyurl.com/9wxmh/) of the form is where the form looks for the script it's suppose to run on submition.

So just set the action to the url of the script you showed us and then add header("Location: http://tinyurl.com/9wxmh/") to the one if statement. Be sure to put header() before you send anything back to the client, be it via HTML or whatever!
Was This Post Helpful? 0
  • +
  • -

#14 Wizzy  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 6
  • View blog
  • Posts: 408
  • Joined: 20-November 05

Re: Trouble with logon script

Posted 20 November 2005 - 09:05 PM

no way that is a login form! I made one and it was over 10mb.

Firstly to test for empty values use | instead of &&

Now use identical operator (===) for testing the name and password

if this was for users to log in you would verify the password (in hash) with a db password for that user (in the same hash).
Was This Post Helpful? 0
  • +
  • -

#15 snoj  Icon User is offline

  • Married Life
  • member icon

Reputation: 84
  • View blog
  • Posts: 3,564
  • Joined: 31-March 03

Re: Trouble with logon script

Posted 21 November 2005 - 12:35 AM

Wizzy, on 20 Nov, 2005 - 11:02 PM, said:

no way that is a login form!  I made one and it was over 10mb.
It is a form and it does compute if the username and password supplied by the form user are correct. So it is infact a login form. ....And 10 MB is over doing it.

Wizzy, on 20 Nov, 2005 - 11:02 PM, said:

Firstly to test for empty values use | instead of &&
Though yes, that does make sense, the simplicty of this script it doesn't really matter, because it will fail if either is empty.

Wizzy, on 20 Nov, 2005 - 11:02 PM, said:

Now use identical operator (===) for testing the name and password
Actually he can use == if he wants. === is for when you want to include types in your comparisons. (Such as ints and strings of numbers.) (Further Reading)

Wizzy, on 20 Nov, 2005 - 11:02 PM, said:

if this was for users to log in you would verify the password (in hash) with a db password for that user (in the same hash).
You don't need a database to keep passwords. It can be unnecessary if you're the only user and no one else has access to the script and therefore the password. Now if you were going to store the password in a cookie then you probably want to save it in a hashed form. But then again...people can still use hashes to gain access into things. Hell I've done it.
Was This Post Helpful? 0
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2