From: oluleke7 at yahoo dot com
Operating system: Unix
PHP version: 4.4.8
PHP Bug Type: *Web Server problem
Bug description: cms dispaying invalid password
Description:
------------
worked on an existing website by developing a new content management
system. I tested it offline n worked perfectly offline n my own server
hosted by cpanel.
But giving invalid username/password on the website host.
What could be the reason. I have checked the code properly but seems
not to be bug.
Reproduce code:
---------------
<?php
$connect = mysql_connect("localhost", "user", "tpassword") or
die ("Cannot connect, check your server connection.");
mysql_select_db ("database_name");
?>
login.php code
<?php
session_start();
$_SESSION['logged'] = 0;
include_once("lang.php");
if (isset($_POST['submit']))
{
require ("myloginquery.php");
if ($_POST['username'] == "$thisusername" && $_POST['password'] ==
"$thispassword")
{
$_SESSION['logged'] = 1;
header ("Refresh: 2; URL=" . $_POST['redirect'] . " ");
echo "You are being redirected to your original page request<br>";
echo "(If your browser doesnt support this, <a href=\""
.$_POST['redirect']. "\">click here</a>)";
}
else
{
?>
<html>
<head>
<title><? echo "$bk_website_name: Login"; ?></title>
<link href="adminstyle.css" type="text/css" rel="stylesheet">
</head>
<body>
<center>
<table width="750" border="1" cellspacing="0" cellpadding="0"
bordercolor="#000000">
<tr>
<td bgcolor="#ffffff">
<img src="admin_images/header.jpg" width="750" height="125" border="0"
alt="Site Admin"></a>
</td>
</tr>
<tr>
<td bgcolor="#33FFFF" align=center>
<br>
Invalid Username and/or Password<br><br>
<form action="login.php" method="post" autocomplete=off>
<input type="hidden" name="redirect" value="<?php echo
$_POST['redirect'];?>">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br><br>
<input type="submit" name="submit" value="Login">
</form>
</td>
</tr>
</table>
</center>
<?php
}
}
else
{
?>
<html>
<head>
<title><? echo "$bk_website_name: Login"; ?></title>
<link href="adminstyle.css" type="text/css" rel="stylesheet">
</head>
<body>
<center>
<table width="750" border="1" cellspacing="0" cellpadding="0"
bordercolor="#000000">
<tr>
<td bgcolor="#ffffff">
<img src="admin_images/header.jpg" width="750" height="125" border="0"
alt="Site Admin"></a>
</td>
</tr>
<tr>
<td bgcolor="#33FFFF" align=center>
<br>
You must be logged in to view this page<br><br>
<form action="login.php" method="post" autocomplete=off>
<input type="hidden" name="redirect" value="<?php echo $_GET['redirect'];
?>">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br><br>
<input type="submit" name="submit" value="Login">
</form>
</td>
</tr>
</table>
</center>
<?php
}
?>
</body>
</html>
mylogin.php code
<?
include_once("config.php");
$query = "SELECT *
FROM admin
WHERE user_name = '$username' AND user_pswd = '$password'
LIMIT 1";
$result = mysql_query($query)
or die(mysql_error());
while ($row = mysql_fetch_assoc($result)) {
$myusername = $row["user_name"];
$mypassword = $row["user_pswd"];
}
if (mysql_num_rows($result) == 1) {
$thisusername = $myusername;
$thispassword = $mypassword;
}
else {
$thisusername =
"xxxxxxxxxxxxxxxxxxxxxxx655555555748888888880333333333333333333949999999999999999999999999999999999999999995906p;.,q91qazKCnuhsgdytryxxxxxxxxxxxxxxxxxxxxxxxxxyyyyyyyyyyyyyyyyyyyyyyyyyyy";
$thispassword =
"sssndhhhhhhhvnnnnnnnnnyfnnnnnnnnnnnbjuuuuuuuuuuuuugmmmmmmmmmmmmibbbbbbbbbbbbbbbbut47777777775999999999999999996666666666666666666697f77777777u44444444444gdyyyyyyyyyyyyyyyyyyyyyyfhtttttttttttttttttttttttjvgjjjjjjjjjjjjjjjjjjjjjjjjfkkkkkkkkkkkkkk";
}
?>
Expected result:
----------------
Welcome!
Main Web Page Manager
Document Manager
Changes Main Admin's Password
Log Out
Welcome, please use the navigation links to your left to perform
neccessary action
Name of the Site and the navigation menu 4 the cms
Actual result:
--------------
Navigation menu for the cms
--
Edit bug report at http://bugs.php.net/?id=44119&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=44119&r=trysnapshot44
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=44119&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=44119&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=44119&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=44119&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=44119&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=44119&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=44119&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=44119&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=44119&r=support
Expected behavior: http://bugs.php.net/fix.php?id=44119&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=44119&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=44119&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=44119&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=44119&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=44119&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=44119&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=44119&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=44119&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=44119&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=44119&r=mysqlcfg
