Hi all,
I've been busy with the CMS written by Peter Zeidman, and I've run into some problems. It seems like the form which is used to give $_POST['user'] and $_POST['pass'] doesn't work. I've put some extra if's into the code to see if they continue to be empty and they do.
So my question is how do I solve this? I'm new to PHP so I've got no clue at all.
I adjusted some pieces in the source for them to work. Also I know it's not a MySQL problem because the adding of articles works fine (ow and I did rename some of the tables, users instead of cmsusers, articles instead of cmsarticles, but that all works fine)
Here's the code:
Welcome.php
PHP Code:
<?php
require_once('../includes/Sentry.php');
$theSentry = new Sentry();
if (!$theSentry->checkLogin(2) )
{
header("Location: login.php");
die();
}
?>
<html>
<head>
<title>Welcome</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
Welcome to the admin area
</body>
</html>
Login.php
PHP Code:
<?php
require_once("../includes/Sentry.php");
$sentry = new Sentry();
if ($_POST['user'] != '')
{
echo "<center>Username submitted</center><br>";
$sentry->checkLogin($_POST['user'],$_POST['pass'],4,'welcome.php','failed.php');
}
if($_POST['pass'] != '')
{
echo "<center>Password entered</center><br>";
}
if($_POST['pass'] == '')
{
echo "<center>Password is not yet entered</center><br>";
}
if($_POST['user'] == '')
{
echo "<center>No username submitted by form</center><br>";
}
if ($_GET['action'] == 'logout')
{
if ($sentry->logout())
{
echo '<center>You have been logged out</center><br>';
}
else
echo '<center>No need to log out, you were never logged in</center><br>';
}
?>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<table width="25%" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000066">
<tr>
<td align="center" bgcolor="#000066"><font color="#FFFFFF" size="2" face="Verdana, Arial, Helvetica, sans-serif"><strong>Login</strong></font></td>
</tr>
<tr>
<td bordercolor="#FFFFFF">
<form name="form1" method="post" action="login.php">
<p> User:<input type="text" name="user"></p>
<p> Pass:<input type="password" name="pass">
</font></p>
<p align="center"><input type="submit" name="Submit2" value="Submit"></p>
</form>
<div align="right"><font size="2" face="Verdana, Arial, Helvetica, sans-serif"><a href="login.php?action=logout">Logout</a> </font></div>
</td>
</tr>
</table>
</body>
</html>
Sentry.php
PHP Code:
<?php
////////////////////////////////////////////////////////////////////////////////////////
// Class: sentry
// Purpose: Control access to pages
///////////////////////////////////////////////////////////////////////////////////////
class sentry {
var $loggedin = false; // Boolean to store whether the user is logged in
var $userdata; // Array to contain user's data
function sentry(){
session_start();
header("Cache-control: private");
}
//======================================================================================
// Log out, destroy session
function logout()
{
if($_SESSION['user'] && $_SESSION['pass'])
{
unset($this->userdata);
session_destroy();
return true;
}
else
return false;
}
//======================================================================================
// Log in, and either redirect to goodRedirect or badRedirect depending on success
function checkLogin($user = '',$pass = '',$group = '',$goodRedirect = '',$badRedirect = ''){
// Include database and validation classes, and create objects
require_once('DbConnector.php');
require_once('Validator.php');
$validate = new Validator();
$loginConnector = new DbConnector();
// If user is already logged in then check credentials
if ($_SESSION['user'] && $_SESSION['pass']){
// Validate session data
if (!$validate->validateTextOnly($_SESSION['user']))
{
return false;
}
if (!$validate->validateTextOnly($_SESSION['pass']))
{
return false;
}
$getUser = $loginConnector->query("SELECT * FROM users WHERE user = '".$_SESSION['user']."' AND pass = '".$_SESSION['pass']."' AND thegroup <= ".$group.' AND enabled = 1');
if ($loginConnector->getNumRows($getUser) > 0){
// Existing user ok, continue
if ($goodRedirect != '') {
header("Location: ".$goodRedirect."?".strip_tags(session_id())) ;
}
return true;
}
else
{
// Existing user not ok, logout
$this->logout();
return false;
}
// User isn't logged in, check credentials
}
else
{
// Validate input
if (!$validate->validateTextOnly($user))
{
return false;
}
if (!$validate->validateTextOnly($pass))
{
return false;
}
// Look up user in DB
$getUser = $loginConnector->query("SELECT * FROM users WHERE user = '$user' AND pass = MD5('$pass') AND thegroup <= $group AND enabled = 1");
$this->userdata = $loginConnector->fetchArray($getUser);
if ($loginConnector->getNumRows($getUser) > 0){
// Login OK, store session details
// Log in
$_SESSION["user"] = $user;
$_SESSION["pass"] = $this->userdata['pass'];
$_SESSION["thegroup"] = $this->userdata['thegroup'];
if ($goodRedirect) {
header("Location: ".$goodRedirect."?".strip_tags(session_id())) ;
}
return true;
}else{
// Login BAD
unset($this->userdata);
if ($badRedirect) {
header("Location: ".$badRedirect) ;
}
return false;
}
}
}
}
?>
Thanks in advance
, Rope.
Linear Mode
