php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #44119 cms dispaying invalid password
Submitted: 2008-02-14 13:25 UTC Modified: 2008-02-16 17:41 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: oluleke7 at yahoo dot com Assigned:
Status: Not a bug Package: *Web Server problem
PHP Version: 4.4.8 OS: Unix
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2008-02-14 13:25 UTC] oluleke7 at yahoo dot com 
Description:
------------
 worked on an existing website by developing a new content management
 system. I tested it offline n worked perfectly offline n my own server
 hosted by cpanel.

But giving invalid username/password on the website host.

What could be the reason. I have checked the code properly but seems
 not to be bug.



Reproduce code:
---------------
<?php
$connect = mysql_connect("localhost", "user", "tpassword") or
	die ("Cannot connect, check your server connection.");

mysql_select_db ("database_name");
?>


login.php code

<?php
session_start();
$_SESSION['logged'] = 0;
include_once("lang.php");
if (isset($_POST['submit']))
{
require ("myloginquery.php");

if ($_POST['username'] == "$thisusername" && $_POST['password'] == "$thispassword") 
{
$_SESSION['logged'] = 1;
header ("Refresh: 2; URL=" . $_POST['redirect'] . " ");
echo "You are being redirected to your original page request<br>";
echo "(If your browser doesn?t support this, <a href=\"" .$_POST['redirect']. "\">click here</a>)";
}
else
{
?>
<html>
<head>
<title><? echo "$bk_website_name: Login"; ?></title>
<link href="adminstyle.css" type="text/css" rel="stylesheet">
</head>
<body>
<center>
<table width="750" border="1" cellspacing="0" cellpadding="0" bordercolor="#000000">
  <tr>
    <td bgcolor="#ffffff">
<img src="admin_images/header.jpg" width="750" height="125" border="0" alt="Site Admin"></a>
    </td>
  </tr>
  <tr>
    <td bgcolor="#33FFFF" align=center>
<br>
Invalid Username and/or Password<br><br>
<form action="login.php" method="post" autocomplete=off>
<input type="hidden" name="redirect" value="<?php echo $_POST['redirect'];?>">
Username: &nbsp;<input type="text" name="username"><br>
Password: &nbsp;&nbsp;<input type="password" name="password"><br><br>
<input type="submit" name="submit" value="Login">
</form>
    </td>
  </tr>
</table>
</center>
<?php
}
}
else
{
?>
<html>
<head>
<title><? echo "$bk_website_name: Login"; ?></title>
<link href="adminstyle.css" type="text/css" rel="stylesheet">
</head>
<body>
<center>
<table width="750" border="1" cellspacing="0" cellpadding="0" bordercolor="#000000">
  <tr>
    <td bgcolor="#ffffff">
<img src="admin_images/header.jpg" width="750" height="125" border="0" alt="Site Admin"></a>
    </td>
  </tr>
  <tr>
    <td bgcolor="#33FFFF" align=center>
<br>
You must be logged in to view this page<br><br>
<form action="login.php" method="post" autocomplete=off>
<input type="hidden" name="redirect" value="<?php echo $_GET['redirect']; ?>">
Username: &nbsp;<input type="text" name="username"><br>
Password: &nbsp;&nbsp;<input type="password" name="password"><br><br>
<input type="submit" name="submit" value="Login">
</form>
    </td>
  </tr>
</table>
</center>
<?php
}
?>
</body>
</html>
mylogin.php code
<?
include_once("config.php");
$query = "SELECT *
	FROM admin
	WHERE user_name = '$username' AND user_pswd = '$password'
	LIMIT 1";
$result = mysql_query($query)
or die(mysql_error());

while ($row = mysql_fetch_assoc($result)) { 
$myusername = $row["user_name"];
$mypassword = $row["user_pswd"];
}

	if (mysql_num_rows($result) == 1) {

	$thisusername = $myusername;
	$thispassword = $mypassword;

	}
	else {
	$thisusername = "xxxxxxxxxxxxxxxxxxxxxxx655555555748888888880333333333333333333949999999999999999999999999999999999999999995906p;.,q91qazKCnuhsgdytryxxxxxxxxxxxxxxxxxxxxxxxxxyyyyyyyyyyyyyyyyyyyyyyyyyyy";
	$thispassword = "sssndhhhhhhhvnnnnnnnnnyfnnnnnnnnnnnbjuuuuuuuuuuuuugmmmmmmmmmmmmibbbbbbbbbbbbbbbbut47777777775999999999999999996666666666666666666697f77777777u44444444444gdyyyyyyyyyyyyyyyyyyyyyyfhtttttttttttttttttttttttjvgjjjjjjjjjjjjjjjjjjjjjjjjfkkkkkkkkkkkkkk";
	}
?>

Expected result:
----------------
 

Welcome! 
Main Web Page Manager 
Document Manager 
Changes Main Admin's Password 
Log Out 
 

Welcome, please use the navigation links to your left to perform neccessary action
 
 

Name of the Site and the navigation menu 4 the cms 
 


Actual result:
--------------
Navigation menu for the cms

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-02-16 17:41 UTC] johannes@php.net 
In PHP 4.2.0, the 'register_globals' setting default changed to
'off'. See http://www.php.net/release_4_2_0.php for more info.
We are sorry about the inconvenience, but this change was a necessary
part of our efforts to make PHP scripting more secure and portable.

.
 
PHP Copyright © 2001-2023 The PHP Group
All rights reserved. 		Last updated: Tue Sep 26 16:01:24 2023 UTC