Login Script Detective needed!


#1

The PHP Programmer I was using has disappeared, and he has left me with a log in script that generates a 404 not found error when you try and log in using any of the usernames or passwords. It was working, he made some change, then it stopped working for every user. All I want to do is to remove the login option so I can use the database.

The problem is I don’t know PHP well enough yet not to screw it up!!

Here is the script:

[code]

<?php // Buzz inet PHPLS04 - Check User Level session_start(); if(!isset($HTTP_SESSION_VARS['sessionlevel'])){ header("Location: ../Client/default.php"); } else { if($HTTP_SESSION_VARS['sessionlevel'] == M){ header("Location: ../Client/default.php"); } } ?> <?php require_once('../Connections/mydatabase.php'); ?> <?php $colname_SessionUser = "1"; if (isset($_SESSION['sessionuser'])) { $colname_SessionUser = (get_magic_quotes_gpc()) ? $_SESSION['sessionuser'] : addslashes($_SESSION['sessionuser']); } mysql_select_db($database_mydatabase, $mydatabase); $query_SessionUser = sprintf("SELECT * FROM CustomerAccess WHERE CustUsername = '%s'", $colname_SessionUser); $SessionUser = mysql_query($query_SessionUser, $mydatabase) or die(mysql_error()); $row_SessionUser = mysql_fetch_assoc($SessionUser); $totalRows_SessionUser = mysql_num_rows($SessionUser); ?> Home
'); } else { document.write('<' + 'script language="JavaScript" type="text/javascript" src="' + rjsPath + 'iemenu.js">'); }return true;}LoadMenus();

[/code][/code]


#2

If you are going to remove the option entirely, this should suffice:

[code]

<?php require_once('../Connections/mydatabase.php'); ?>

mysql_select_db($database_mydatabase, $mydatabase);
?>

Home
'); } else { document.write('<' + 'script language="JavaScript" type="text/javascript" src="' + rjsPath + 'iemenu.js">'); }return true;}LoadMenus(); [/code]

You still have your database connection in there, and the rest of the PHP code is removed.


#3

Thank you!

I’ll give it a try and let you know how it goes.

:D

#4

Ok I tried the script and it worked - to an extent.

I was able to get past the “404 not found” error message to the main menu, but when I try to access some of the links, such as “update records” view records", I get a number of different error messages, including parse errors and “cannot execute- try and log in”

My question is - are there typically other double checks or back checks that a password or security set up would do between a log on page to access the main menu and from there to the individual menu functions that access the database?

I may end up being better off trying to debug the original script than to surgically rip it up, but I’m kind of stuck since the programmer scarfered off on me.

Thanks.


#5

The login variables would have been passed in the session data - which I removed, due to you not needing it (or at least, thats what you said). Try removing it from the other pages as well. Also look for any references made to data that you have eliminated, and delete that as well.


#6

Thanks, I will give that a try.

Out of curiosity, does any of the above code I posted look wrong? It is from the main log on page where the “404 not found” error happens to every user.

I think if I could fix that problem or maybe know where to look from there for why it is generating that type of error, I might be able to keep the log on security set up in place and not have to slice it out of every page.

It’s frustrating starting at this place. I’m not advanced enough to troubleshoot well.


#7

Other than having several “?><?php” types in there and using the outdated $HTTP_SESSION_VARS instead of $_SESSION (both of which are non-fatal errors), the code looks fine to me.


#8

would either of those two factors cause a “404 page not found” error?

The reason I ask that is because when I replaced the original code with the one you edited I was able to get past that error to the main page, so obviously there is either something not quite right with that chunk of code or else it is calling upon something somewhere else that does not exist.


#9

The only thing I saw that could be causing that were the “header” commands up top the script - but I looked over the logic, and I can’t see anything flawed in it. I don’t see why it should work / not work in the circumstances you described. I’d have to run it myself to do more debugging, and that involves setting up the database/etc which is a little more work than I generally do at help forums.


#10

Well I wouldn’t expect you to do all that, anyway! Just answering questions I have has been a big help so far. At least I can see the main page again, and have more options than I did before. I’m still a little lost in the dark right now, but I will learn this, I have to. Sometimes it just helps to have someone give you batteries for your flashlight and point you in the right direction!

Thanks again.


#11

Glad I could help you.