1 (edited by newera70 2005-06-09 22:49)

Topic: PHP Login Help

Well I have a php login script that i have been messing around with I added to it but i need help... it lets you login with any user/pass please help fix this...

<?
session_start();

$panel_pass = md5("letmein"); // password: letmein
$panel_user = please; // username: please

if(!empty($_POST['pass']) && !empty($_POST['user']))
{
    $_SESSION['pass'] = md5($_POST['pass']);
    $_SESSION['user'] = $_POST['user'];
}

if($_SESSION['pass']!=$panel_pass && $_SESSION['user']!=$panel_user)
{

    ?>
<html>
<head>
</head>
<body>
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
<center>
<table border="1">
<tr>
<td colspan="2" bgcolor="#666666"><center><b>Password Protection</b></center></td>
</tr><tr>
<td width="100"><center>Username:</center></td>
<td><center><input type="text" name="user"></center></td>
</tr><tr>
<td width="100"><center>Password:</center></td>
<td><center><input type="password" name="pass"></center></td>
</tr><tr>
<td colspan="2"><center><input type="submit" value="Login"></center></td>
</center>
</form>
</tr>
</table><br><br>
</body>
</html>

<?
exit();
}
?>
// Code the login protects goes under here...

2 (edited by Smartys 2005-06-09 23:28)

Re: PHP Login Help

Well, the && in the session info check should be a ||. Otherwise, if you get the username right you don't need the password (because for the if statement to be true both have to be incorrect)

http://fluxbb.org

Free PunBB Hosting - lots of mods, easy to customize

Re: PHP Login Help

Thank you here is my outcome...

<?
session_start();

$panel_pass = md5("letmein"); // password: letmein
$panel_user = please; // username: please

if(!empty($_POST['pass']) || !empty($_POST['user']))
{
    $_SESSION['pass'] = md5($_POST['pass']);
    $_SESSION['user'] = $_POST['user'];
}
else if(!empty($_POST['pass']))
{
    $_SESSION['pass'] = md5($_POST['pass']);
}
else if( !empty($_POST['user']))
{
    $_SESSION['user'] = $_POST['user'];
}

if($_SESSION['pass']!=$panel_pass || $_SESSION['user']!=$panel_user)
{

    ?>
<html>
<head>
</head>
<body>
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
<center>
<table border="1">
<tr>
<td colspan="2" bgcolor="#666666"><center><b>Password Protection</b></center></td>
</tr><tr>
<td width="100"><center>Username:</center></td>
<td><center><input type="text" name="user"></center></td>
</tr><tr>
<td width="100"><center>Password:</center></td>
<td><center><input type="password" name="pass"></center></td>
</tr><tr>
<td colspan="2"><center><input type="submit" value="Login"></center></td>
</center>
</form>
</tr>
</table><br><br>
</body>
</html>

<?
exit();
}
?>
// Code the login protects goes under here...