Okay. I'm coding a login function for an online security subject at uni. It's written in PHP5, on a Solaris server; I don't have permissions to alter or even access the php.ini file, I believe.
What is supposed to happen is:
User fills in their username and password, hits 'submit'
javascript takes a timestamp, usernamd and password, calculates an md5 hash, fills in a hidden form with the username, hashvalue and timestamp, and sends that to login.php
login.php takes those values, checks the username, checks the timestamp, and makes its own hash (from the password in its databanks), and compares. If successful, it redirects to the transaction.htm l page. If not, it directs the user to a bagLogin.html page.
The Problem:
When my validation functions return true or false, and I have my redirect conditions as "if($errors == 0)" then it redirects to the transaction page regardless of invalid logins - even if the username doesn't exist. As far as I can tell, my validation functions *should* work; they're relatively simple (and if they were failing, I'd expect them to deny all rather than allow all).
However, if I change any of that - if my validation returns 1 or 0 rather than true/false, for example, or my condition is "if($errors == true)" or even "if($errors )", it just sits there at login.php, not displaying anything - even though I have all error reporting and debugging turned on, and echo testing statements, it's entirely blank.
I hope I've explained this clearly enough for someone to give me a guide to the problem. As this is for an assignment, I'm loath to post code up on here. I'd appreciate any advice.
5  1664   Markus 6,050
Recognized Expert Expert
Okay. I'm coding a login function for an online security subject at uni. It's written in PHP5, on a Solaris server; I don't have permissions to alter or even access the php.ini file, I believe.
What is supposed to happen is:
User fills in their username and password, hits 'submit'
javascript takes a timestamp, usernamd and password, calculates an md5 hash, fills in a hidden form with the username, hashvalue and timestamp, and sends that to login.php
login.php takes those values, checks the username, checks the timestamp, and makes its own hash (from the password in its databanks), and compares. If successful, it redirects to the transaction.htm l page. If not, it directs the user to a bagLogin.html page.
The Problem:
When my validation functions return true or false, and I have my redirect conditions as "if($errors == 0)" then it redirects to the transaction page regardless of invalid logins - even if the username doesn't exist. As far as I can tell, my validation functions *should* work; they're relatively simple (and if they were failing, I'd expect them to deny all rather than allow all).
However, if I change any of that - if my validation returns 1 or 0 rather than true/false, for example, or my condition is "if($errors == true)" or even "if($errors )", it just sits there at login.php, not displaying anything - even though I have all error reporting and debugging turned on, and echo testing statements, it's entirely blank.
I hope I've explained this clearly enough for someone to give me a guide to the problem. As this is for an assignment, I'm loath to post code up on here. I'd appreciate any advice.
Can you post the code (using the relevant code tags) so we can have a good look at it, and suggest ways to help!
Regards,
Okay...Apprecia te the help. I'll post what I can of the code (have to be careful, my uni is very strict on plagiarism.
This vrsion of it allows anyone through, but it's technically comparing boolean values to ints ($errors will be true or false). If I correct that (either by changing the return values to ints, or changing the if statement to boolean) it just sits with a blank page with the URL of this script. -
<?php
-
session_start();
-
error_reporting(E_ALL);
-
ini_set('display_errors', true);
-
-
if(isset($_SESSION['USER']))
-
{
-
header("Location: logout.php");
-
}
-
-
if(isset($_POST['hName']))
-
{
-
if(strcmp($_POST['hName'], "NOTSET"))
-
{
-
$errors = jsLogin();
-
if($errors == 0)
-
{
-
$_SESSION['USER'] = $_POST['hName'];
-
header("Location: transaction.html");
-
}
-
else
-
{
-
header("Location noLogin.html");
-
}
-
}
-
else
-
{
-
$errors = noJSLogin();
-
if($errors == 0)
-
{
-
$_SESSION['USER'] = $_POST['NOJSname'];
-
header("Location: transaction.html");
-
}
-
else
-
{
-
header("Location noLogin.html");
-
}
-
}
-
}
-
else
-
{
-
header("Location noLogin.html");
-
}
-
-
?>
I haven't given the validation function code; assume it returns boolean true if the data is valid. If that's required (ie if there's nothing 'wrong' with this part) then I'd much rather PM the validation code, or have someone say "here's a list of most probable causes" or something, thanks. Your help is much appreciated.
TheServant 1,168
Recognized Expert Top Contributor
Yeah, I can't see any errors there.Are you 100% sure the validation scripts are working? Just echo the output from them to find out.
If I correct that (either by changing the return values to ints, or changing the if statement to boolean) it just sits with a blank page with the URL of this script.
Not sure what you're saying here but there is no output in this script so you wouldn't expect anything other than a blank page. Make an echo statement at the top of your code, and do your "correction ". Move the statement down your code until it doesn't display and that is probably where your error is.
Also, maybe it is a header problem? If that script is sending the header location line back to the original form, it is possible that one is crashing in some way? Check that out, or post your form code.
Problem solved. Some of the header(location ) things are missing colons between location and the URI. *sheepish* All good, now.
(Clarification (though it's kinda moot now) I meant the validation scripts return boolean, but are being tested against ints in the quoted script above.)
TheServant 1,168
Recognized Expert Top Contributor
lol, yeah, should've seen that. I remember looking at one and moving onto the next idea, but should've checked 'em all. Hope you stop by again.
Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: Stijn Goris |
last post by:
Hi all,
I have a question regarding the header function. I send a browser to a
certain page (eg first.php ) wich sends no output to the browser. This page
sends the browser to another page (eg second.php) with the
header("Location:") function. second.php doesn't either send any output to
the browser. The browser is then send to another page also with the header()
function.
Now my problem: I have to send user and password data...
|
by: Jeff |
last post by:
I've been able to find this question on a Google group search but not
the answer. Plus I'm a late convert to php transferring over from ASP.
I hope this isn't too many strikes against me.
When I issue a "header(Location:/myscript.php?key1=value1&key2=value2);"
the redirect happens just fine but the url in the address field keeps
the previous url instead of the url I passed in the header call.
This seems to happen only with I.E....
|
by: Liam |
last post by:
I'm trying to get a shopping cart button to go to an
HTTPS URL instead of the HTTP address it's goijng to
right now.
The page, in ASPX, has a .VB page that when the button's
clicked runs a funtion that does this:
Response.Redirect.System.Configuration.ConfigurationSettin
gs.AppSettings("ksroot") & "checkout")
It's not my page, and I'm trying to figure out how it's
|
by: john |
last post by:
Hello,
One our thrid page for some reason the response.redirect isn't working
on the live server. It works fine on the development machine but when we
move the code to the live server it doesn't work. The first page is a login
page and the response.redirect does work there but not on the third page.
Any ideas? Thanks in advance.
John
|
by: Klem |
last post by:
Hi
I am expiriancing a very,very strange problem.
I have an asp.net application that hangs (sometimes) when trying to
execute Response.Redirect("page.aspx",true) command.
What is very strange is that it behaives differently when accessed from
different locations even where IE browsers are the same version.
It works without any problems on localhost. It also works without any
| | |
by: shapper |
last post by:
Hello,
I am using the following code line in my VB code to redirect to another
page inside my web site:
Response.Redirect("Message.aspx")
I am getting the error:
The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for
|
by: comp.lang.php |
last post by:
<?
header('Pragma: no-cache'); // ENSURE CLIENT-SIDE CACHE FLUSHING
$url = "$projectURLPath/index.php";
if ($_REQUEST) $url .= '?logoutMsg='.
urlencode($_REQUEST);
if ($willAuthenticate && $willUseSSL) {
$dest = 'https://' . $_SERVER . $url;
} elseif ($willBasicAuthenticate && $willUseSSL) {
$dest = 'https://EnterYourUserName:EnterPassword@' .
$_SERVER . $url;
|
by: Justin |
last post by:
Harlow... i need some help on these... im actually trying to do a page
using php... the function is to receive certain parameters from a 3rd
party provider... and i need to redirect my page to another page after
certain validation. it's ok when i use the url to do the testing...
the validation part works fine... scenario as below:
if situation a, echo abc
if situation b, echo abc then refresh to another page.
|
by: Sin Jeong-hun |
last post by:
class Manager
{
public event ItemEventHandler ItHappened;
public Manager
{
Item i;
i.ItHappend+=new ItemEventHandler(OnItHappened);
}
void OnItHappened(...)
{
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
