php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44119 cms dispaying invalid password
Submitted: 2008-02-14 13:25 UTC Modified: 2008-02-16 17:41 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: oluleke7 at yahoo dot com Assigned:
Status: Not a bug Package: *Web Server problem
PHP Version: 4.4.8 OS: Unix
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: oluleke7 at yahoo dot com
New email:
PHP Version: OS:

 

 [2008-02-14 13:25 UTC] oluleke7 at yahoo dot com
Description:
------------
 worked on an existing website by developing a new content management
 system. I tested it offline n worked perfectly offline n my own server
 hosted by cpanel.

But giving invalid username/password on the website host.

What could be the reason. I have checked the code properly but seems
 not to be bug.



Reproduce code:
---------------
<?php
$connect = mysql_connect("localhost", "user", "tpassword") or
	die ("Cannot connect, check your server connection.");

mysql_select_db ("database_name");
?>


login.php code

<?php
session_start();
$_SESSION['logged'] = 0;
include_once("lang.php");
if (isset($_POST['submit']))
{
require ("myloginquery.php");

if ($_POST['username'] == "$thisusername" && $_POST['password'] == "$thispassword") 
{
$_SESSION['logged'] = 1;
header ("Refresh: 2; URL=" . $_POST['redirect'] . " ");
echo "You are being redirected to your original page request<br>";
echo "(If your browser doesn?t support this, <a href=\"" .$_POST['redirect']. "\">click here</a>)";
}
else
{
?>
<html>
<head>
<title><? echo "$bk_website_name: Login"; ?></title>
<link href="adminstyle.css" type="text/css" rel="stylesheet">
</head>
<body>
<center>
<table width="750" border="1" cellspacing="0" cellpadding="0" bordercolor="#000000">
  <tr>
    <td bgcolor="#ffffff">
<img src="admin_images/header.jpg" width="750" height="125" border="0" alt="Site Admin"></a>
    </td>
  </tr>
  <tr>
    <td bgcolor="#33FFFF" align=center>
<br>
Invalid Username and/or Password<br><br>
<form action="login.php" method="post" autocomplete=off>
<input type="hidden" name="redirect" value="<?php echo $_POST['redirect'];?>">
Username: &nbsp;<input type="text" name="username"><br>
Password: &nbsp;&nbsp;<input type="password" name="password"><br><br>
<input type="submit" name="submit" value="Login">
</form>
    </td>
  </tr>
</table>
</center>
<?php
}
}
else
{
?>
<html>
<head>
<title><? echo "$bk_website_name: Login"; ?></title>
<link href="adminstyle.css" type="text/css" rel="stylesheet">
</head>
<body>
<center>
<table width="750" border="1" cellspacing="0" cellpadding="0" bordercolor="#000000">
  <tr>
    <td bgcolor="#ffffff">
<img src="admin_images/header.jpg" width="750" height="125" border="0" alt="Site Admin"></a>
    </td>
  </tr>
  <tr>
    <td bgcolor="#33FFFF" align=center>
<br>
You must be logged in to view this page<br><br>
<form action="login.php" method="post" autocomplete=off>
<input type="hidden" name="redirect" value="<?php echo $_GET['redirect']; ?>">
Username: &nbsp;<input type="text" name="username"><br>
Password: &nbsp;&nbsp;<input type="password" name="password"><br><br>
<input type="submit" name="submit" value="Login">
</form>
    </td>
  </tr>
</table>
</center>
<?php
}
?>
</body>
</html>
mylogin.php code
<?
include_once("config.php");
$query = "SELECT *
	FROM admin
	WHERE user_name = '$username' AND user_pswd = '$password'
	LIMIT 1";
$result = mysql_query($query)
or die(mysql_error());

while ($row = mysql_fetch_assoc($result)) { 
$myusername = $row["user_name"];
$mypassword = $row["user_pswd"];
}

	if (mysql_num_rows($result) == 1) {

	$thisusername = $myusername;
	$thispassword = $mypassword;

	}
	else {
	$thisusername = "xxxxxxxxxxxxxxxxxxxxxxx655555555748888888880333333333333333333949999999999999999999999999999999999999999995906p;.,q91qazKCnuhsgdytryxxxxxxxxxxxxxxxxxxxxxxxxxyyyyyyyyyyyyyyyyyyyyyyyyyyy";
	$thispassword = "sssndhhhhhhhvnnnnnnnnnyfnnnnnnnnnnnbjuuuuuuuuuuuuugmmmmmmmmmmmmibbbbbbbbbbbbbbbbut47777777775999999999999999996666666666666666666697f77777777u44444444444gdyyyyyyyyyyyyyyyyyyyyyyfhtttttttttttttttttttttttjvgjjjjjjjjjjjjjjjjjjjjjjjjfkkkkkkkkkkkkkk";
	}
?>

Expected result:
----------------
 

Welcome! 
Main Web Page Manager 
Document Manager 
Changes Main Admin's Password 
Log Out 
 

Welcome, please use the navigation links to your left to perform neccessary action
 
 

Name of the Site and the navigation menu 4 the cms 
 


Actual result:
--------------
Navigation menu for the cms

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-02-16 17:41 UTC] johannes@php.net
In PHP 4.2.0, the 'register_globals' setting default changed to
'off'. See http://www.php.net/release_4_2_0.php for more info.
We are sorry about the inconvenience, but this change was a necessary
part of our efforts to make PHP scripting more secure and portable.

.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Nov 05 09:01:29 2024 UTC