Okay. I'm coding a login function for an online security subject at uni. It's written in PHP5, on a Solaris server; I don't have permissions to alter or even access the php.ini file, I believe.
What is supposed to happen is:
User fills in their username and password, hits 'submit'
javascript takes a timestamp, usernamd and password, calculates an md5 hash, fills in a hidden form with the username, hashvalue and timestamp, and sends that to login.php
login.php takes those values, checks the username, checks the timestamp, and makes its own hash (from the password in its databanks), and compares. If successful, it redirects to the transaction.html page. If not, it directs the user to a bagLogin.html page.
The Problem:
When my validation functions return true or false, and I have my redirect conditions as "if($errors == 0)" then it redirects to the transaction page regardless of invalid logins - even if the username doesn't exist. As far as I can tell, my validation functions *should* work; they're relatively simple (and if they were failing, I'd expect them to deny all rather than allow all).
However, if I change any of that - if my validation returns 1 or 0 rather than true/false, for example, or my condition is "if($errors == true)" or even "if($errors)", it just sits there at login.php, not displaying anything - even though I have all error reporting and debugging turned on, and echo testing statements, it's entirely blank.
I hope I've explained this clearly enough for someone to give me a guide to the problem. As this is for an assignment, I'm loath to post code up on here. I'd appreciate any advice.
5  1653   Markus 6,050
Recognized Expert Expert
Okay. I'm coding a login function for an online security subject at uni. It's written in PHP5, on a Solaris server; I don't have permissions to alter or even access the php.ini file, I believe.
What is supposed to happen is:
User fills in their username and password, hits 'submit'
javascript takes a timestamp, usernamd and password, calculates an md5 hash, fills in a hidden form with the username, hashvalue and timestamp, and sends that to login.php
login.php takes those values, checks the username, checks the timestamp, and makes its own hash (from the password in its databanks), and compares. If successful, it redirects to the transaction.html page. If not, it directs the user to a bagLogin.html page.
The Problem:
When my validation functions return true or false, and I have my redirect conditions as "if($errors == 0)" then it redirects to the transaction page regardless of invalid logins - even if the username doesn't exist. As far as I can tell, my validation functions *should* work; they're relatively simple (and if they were failing, I'd expect them to deny all rather than allow all).
However, if I change any of that - if my validation returns 1 or 0 rather than true/false, for example, or my condition is "if($errors == true)" or even "if($errors)", it just sits there at login.php, not displaying anything - even though I have all error reporting and debugging turned on, and echo testing statements, it's entirely blank.
I hope I've explained this clearly enough for someone to give me a guide to the problem. As this is for an assignment, I'm loath to post code up on here. I'd appreciate any advice.
Can you post the code (using the relevant code tags) so we can have a good look at it, and suggest ways to help!
Regards,
Okay...Appreciate the help. I'll post what I can of the code (have to be careful, my uni is very strict on plagiarism.
This vrsion of it allows anyone through, but it's technically comparing boolean values to ints ($errors will be true or false). If I correct that (either by changing the return values to ints, or changing the if statement to boolean) it just sits with a blank page with the URL of this script. -
<?php
-
session_start();
-
error_reporting(E_ALL);
-
ini_set('display_errors', true);
-
-
if(isset($_SESSION['USER']))
-
{
-
header("Location: logout.php");
-
}
-
-
if(isset($_POST['hName']))
-
{
-
if(strcmp($_POST['hName'], "NOTSET"))
-
{
-
$errors = jsLogin();
-
if($errors == 0)
-
{
-
$_SESSION['USER'] = $_POST['hName'];
-
header("Location: transaction.html");
-
}
-
else
-
{
-
header("Location noLogin.html");
-
}
-
}
-
else
-
{
-
$errors = noJSLogin();
-
if($errors == 0)
-
{
-
$_SESSION['USER'] = $_POST['NOJSname'];
-
header("Location: transaction.html");
-
}
-
else
-
{
-
header("Location noLogin.html");
-
}
-
}
-
}
-
else
-
{
-
header("Location noLogin.html");
-
}
-
-
?>
I haven't given the validation function code; assume it returns boolean true if the data is valid. If that's required (ie if there's nothing 'wrong' with this part) then I'd much rather PM the validation code, or have someone say "here's a list of most probable causes" or something, thanks. Your help is much appreciated.
TheServant 1,168
Recognized Expert Top Contributor
Yeah, I can't see any errors there.Are you 100% sure the validation scripts are working? Just echo the output from them to find out.
If I correct that (either by changing the return values to ints, or changing the if statement to boolean) it just sits with a blank page with the URL of this script.
Not sure what you're saying here but there is no output in this script so you wouldn't expect anything other than a blank page. Make an echo statement at the top of your code, and do your "correction". Move the statement down your code until it doesn't display and that is probably where your error is.
Also, maybe it is a header problem? If that script is sending the header location line back to the original form, it is possible that one is crashing in some way? Check that out, or post your form code.
Problem solved. Some of the header(location) things are missing colons between location and the URI. *sheepish* All good, now.
(Clarification (though it's kinda moot now) I meant the validation scripts return boolean, but are being tested against ints in the quoted script above.)
TheServant 1,168
Recognized Expert Top Contributor
lol, yeah, should've seen that. I remember looking at one and moving onto the next idea, but should've checked 'em all. Hope you stop by again.
Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: Stijn Goris |
last post by:
Hi all,
I have a question regarding the header function. I send a browser to a
certain page (eg first.php ) wich sends no output to the browser. This page
sends the browser to another page (eg...
|
by: Jeff |
last post by:
I've been able to find this question on a Google group search but not
the answer. Plus I'm a late convert to php transferring over from ASP.
I hope this isn't too many strikes against me.
When I...
|
by: Liam |
last post by:
I'm trying to get a shopping cart button to go to an
HTTPS URL instead of the HTTP address it's goijng to
right now.
The page, in ASPX, has a .VB page that when the button's
clicked runs a...
|
by: john |
last post by:
Hello,
One our thrid page for some reason the response.redirect isn't working
on the live server. It works fine on the development machine but when we
move the code to the live server it doesn't...
|
by: Klem |
last post by:
Hi
I am expiriancing a very,very strange problem.
I have an asp.net application that hangs (sometimes) when trying to
execute Response.Redirect("page.aspx",true) command.
What is very strange...
| | |
by: shapper |
last post by:
Hello,
I am using the following code line in my VB code to redirect to another
page inside my web site:
Response.Redirect("Message.aspx")
I am getting the error:
The page isn't redirecting...
|
by: comp.lang.php |
last post by:
<?
header('Pragma: no-cache'); // ENSURE CLIENT-SIDE CACHE FLUSHING
$url = "$projectURLPath/index.php";
if ($_REQUEST) $url .= '?logoutMsg='.
urlencode($_REQUEST);
if ($willAuthenticate &&...
|
by: Justin |
last post by:
Harlow... i need some help on these... im actually trying to do a page
using php... the function is to receive certain parameters from a 3rd
party provider... and i need to redirect my page to...
|
by: Sin Jeong-hun |
last post by:
class Manager
{
public event ItemEventHandler ItHappened;
public Manager
{
Item i;
i.ItHappend+=new ItemEventHandler(OnItHappened);
}
void OnItHappened(...)
{
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
