PHP Page Forbidden
Author
I''m doing some renovating on my site, and right now I''m working on a login script. Its in PHP.
The login page loads fine. it displays a username and password box and a submit button if !$login ($login is the name of the submit form object).
so this works ok. i enter the name and password, hit login and it POSTs the data to the same script, which should then log me in (mm, cookies).
Problem is, then it says the page is forbidden. So, its only forbidden when I''m posting data. I''m not sure how to fix this. Are you?
(http://www.ironfroggy.com/)
(http://www.ironfroggy.com/pinch)
Have you checked the docs on http://www.php.net ?
Also, if you could post some source code, that would help greatly.
"Doomed to crumble, unless we grow, and strengthen our communication" - Maynard James Keenan, Tool
Edited by - daerid on February 18, 2002 1:45:58 PM
Also, if you could post some source code, that would help greatly.
"Doomed to crumble, unless we grow, and strengthen our communication" - Maynard James Keenan, Tool
Edited by - daerid on February 18, 2002 1:45:58 PM
Author
this code takes the POSTed data and logs in the user
this is a portion of the php script for displaying the login page, this works.
(http://www.ironfroggy.com/)
(http://www.ironfroggy.com/pinch)
[Edit: Hate scrolling so far right.]
Edited by - Oluseyi on February 18, 2002 4:20:17 PM
if ($login) { $sqlresult = mysql_query("SELECT Username,Password FROM User"); while ($row = mysql_fetch_array($sqlresult)) { $userdata[$row["Username"]] = $row["Password"]; } if ($userdata[$Username] = $Password) { // set cookie /* I CANT REVEAL THIS CODE, BUT IT SHOULDNT AFFECT ANYTHING THE WAY THIS CODE IS FAILING. IT SIMPLY LOGS THE USER INTO THE SYSTEM AND LOADS THE ADMIN PAGE */ } } this is a portion of the php script for displaying the login page, this works.
else { ?> <html> <head> <title>Login</title> </head> <body> <form ACTION="login.php" METHOD="POST"> Username: <input TYPE="text" name="Username" SIZE="20"><br> Password: <input TYPE="password" name="Password" SIZE="20"><br> <input TYPE="submit" name="login" value="Submit"> </form> </body> </html> <?php }?> (http://www.ironfroggy.com/)
(http://www.ironfroggy.com/pinch)
[Edit: Hate scrolling so far right.]
Edited by - Oluseyi on February 18, 2002 4:20:17 PM
I don''t use PHP so forgive any stupid mistakes.
I''m guessing $row returns a row from the table, userdata[item] returns the item sent from a form and $row["item"] returns a field item from the row. I also assume that the while loop will break and leave row (as an index) as is when username=username.
assuming this finds a matching user name and then breaks the loop:
then this is checking password
In ASP I''d search through each record as its returned and break when username = loginname then test password=password. I''d also only allow unique loginnames.
Hope this helps.
,Jay
I''m guessing $row returns a row from the table, userdata[item] returns the item sent from a form and $row["item"] returns a field item from the row. I also assume that the while loop will break and leave row (as an index) as is when username=username.
if ($login) { $sqlresult = mysql_query("SELECT Username,Password FROM User"); while ($row = mysql_fetch_array($sqlresult)) { $userdata[$Username] = $row["Username"]; } if ($userdata[$Password] = $row["Password"]) { // set cookie /* I CANT REVEAL THIS CODE, BUT IT SHOULDNT AFFECT ANYTHING THE WAY THIS CODE IS FAILING. IT SIMPLY LOGS THE USER INTO THE SYSTEM AND LOADS THE ADMIN PAGE */ } } assuming this finds a matching user name and then breaks the loop:
$userdata[$Username] = $row["Username"]; then this is checking password
if ($userdata[$Password] = $row["Password"]) In ASP I''d search through each record as its returned and break when username = loginname then test password=password. I''d also only allow unique loginnames.
Hope this helps.
,Jay
Author
$row is temporary object holding a username and password. $row is set for each row in the table, and then the $userdata is a hash-table of the form $userdata[$username] = $password. the while is exited when all the rows in the table are used.
Then, assuming that $userdata[$Username] = $Password ($Username and $Password are the values from the form), the user is logged into the system. but, none of this matters. my web server says that login.php (this file) is unaccessable to me. yet, it lets me use it when $login does not exist (that is, when i havent logged in yet). but when i hit the button and the page loads, POSTing the login data, i cant access the php file at all!
(http://www.ironfroggy.com/)
(http://www.ironfroggy.com/pinch)
Then, assuming that $userdata[$Username] = $Password ($Username and $Password are the values from the form), the user is logged into the system. but, none of this matters. my web server says that login.php (this file) is unaccessable to me. yet, it lets me use it when $login does not exist (that is, when i havent logged in yet). but when i hit the button and the page loads, POSTing the login data, i cant access the php file at all!
(http://www.ironfroggy.com/)
(http://www.ironfroggy.com/pinch)
Check the case and try changing the method to 'get', no "". You might want to try giving the form an ID or a Name like "login".
,Jay
Edited by - Jason Zelos on February 18, 2002 5:59:30 PM
<form ACTION="login.php" METHOD="POST"> ,Jay
Edited by - Jason Zelos on February 18, 2002 5:59:30 PM
Author
using GET would put a password bluntly into the address. i dont want something like that. plus, i try to stay to XHTML conformities as much as i can. quotes are required for attribute valyes in XML.
(http://www.ironfroggy.com/)
(http://www.ironfroggy.com/pinch)
(http://www.ironfroggy.com/)
(http://www.ironfroggy.com/pinch)
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
