Mavituna Security - Netsparker Vulnerability Scanner

[Advertise With HackThisSite.org]

Hack This Site - Forums Index

Working on PHP login and need help.

For the discussion of Perl, Python, Ruby, and PHP and other interpreted languages.
Post a reply

Working on PHP login and need help.

Post by Bren2010 on Mon Feb 02, 2009 7:02 pm
([msg=17290]see Working on PHP login and need help.[/msg])

Ok, so I'm working on a PHP login script and can't figure out what I've done wrong. Even when I type the correct login it says that I got it wrong. I'll post the code. Can anyone tell me what I did wrong?

login.php
Code: Select all
<?php
$cookie = $_COOKIE["user"];

if ($cookie=="user1")
{
   header('Location: home.php');
}
else if ($cookie=="user2")
{
   header('Location: home.php');
}

else
{}
?>
<html>
<body>
<center>
<form id="login" method="post" action="check.php">
<table border="1">
<tr>
<td colspan="2">
<h3><b><center>Login</center></b></h3>
</td>
</tr>
<tr>
<td>
Username:
</td>
<td>
<input type="text" id="user">
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" id="pass">
</td>
</tr>
<tr>
<td colspan="2">
<center>
<input type="submit" value="Submit">
</center>
</td>
</tr>
</table>
</form>
</center>
</body>
</html>


check.php
Code: Select all
<?php
$expire=time()+60*59;
if ($_POST["user"]=="user1" AND $_POST["pass"]=="password1")
{
   header('Location: home.php');
   setcookie("user", "user2");
}
else if ($_POST["user]=="user2" AND $_POST["pass"]=="password2")
{
   header('Location: home.php');
   setcookie("user", "user1")

}
else
{
   header('Location: fail.php');
}
?>
<html>
<head>
<style type="text/css">
.red
{
color: red
}
</style>
</head>
<body>
<center><span class="red">Validating input...</span></center>
</body>
</html>


home.php
Code: Select all
<?php
$cookie = $_COOKIE["user"];

if ($cookie=="user1")
{}
else if ($cookie=="user2")
{}

else
{
   header('Location: login.php');
}
?>
<html>
<body>
<span>Congrats! You made it!</span>
</body>
</html>
User avatar
Bren2010
Poster
Poster
 
Posts: 340
Joined: Fri Sep 19, 2008 3:23 pm
Blog: View Blog (0)

Re: Working on PHP login and need help.

Post by kiyoura on Wed Feb 04, 2009 11:50 pm
([msg=17406]see Re: Working on PHP login and need help.[/msg])

Hmm....

You know, those "{}" around your statements are not needed at all, as a matter of fact they don't even make sense.
If your not going to put code inside the statements, why use them at all?
If you look at your home.php page, you'll see:

Code: Select all
<?php
$cookie = $_COOKIE["user"];

if ($cookie=="user1")
{}
else if ($cookie=="user2")
{}

else
{
   header('Location: login.php');
}
?>


I think this will fix your problem:

Code: Select all
<?php
$cookie = $_COOKIE['user'];
if (($cookie == "user1") || ($cookie == "user2")) {
echo <<< HTML
<html>
<body>
<span>Congrats! You made it!</span>
</body>
</html>
HTML;
} else {  header("Location: login.php"); }
?>
-
Image
-
kiyoura
New User
New User
 
Posts: 24
Joined: Sun May 04, 2008 7:56 pm
Blog: View Blog (0)
Post a reply

Return to Interpreted Languages

Who is online

Users browsing this forum: No registered users and 0 guests

Disclaimer :
HackThisSite does not support illegal activities.
The management of this board is not responsible for the content of any external internet sites.
Powered by phpBB © 2000-2009 phpBB Group
Carbon Style By Echo -=Designs By Echo=- © 2007 Echo
Administration Control Panel