This page worked like a charm for years... enter the correspondng user id and password and you would be redirected to your directory. Now suddenly, all attempts to log in - valid or otherwise - result in the page remaining static... no message, no redirect, nothing.
Nothing in the code has changed, it just plain doesn't work anymore. Could this be the result of some kind of change on the server side?
Yeah, I know it's not super secure, but it was good enough for our purposes. I'm certainly open to better suggestions. I just need it to work... and keep working.
Please be gentle! I know almost nothing of programming.
Here is the page code:
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" >
<link href="ilium.css" rel="stylesheet" media="screen">
<title>Ilium: Client Login</title>
</head>
<body bgcolor="#bfbfcc" background="img/loginbg.gif">
<?php
/* init vars */
$userExists = false;
$userIndex = -1;
$authenicated = false;
/***********************************************
* edit this to add new users/password *
* - add user/pass/directory to the array *
* below: must be in same array index to work *
***********************************************/
$user = array('foo', 'bar');
$pass = array('foo', 'bar');
$directory = array('foo', 'bar');
// run user/pass check if data passed
if (isset($username) && isset($password))
{
// check if user name exists
for ($i = 0; $i < count($user); $i++)
{
if ($user[$i] == $username)
{
$userExists = true;
$userIndex = $i;
break;
}
}
// so user exists, now test password
if ($userExists)
{
$message = $message . "Username Valid<br>\n";
if ($pass[$userIndex] == $password)
{
$authenicated = true;
$link = "/incoming/clients050203/" . $directory[$userIndex] . "/";
$message = $message . "Password Valid - Redirecting to your folder...<br>\n";
}
else
{
$message = $message . "Incorrect Password<br>\n";
}
}
else
{
$message = $message . "Incorrect User Name<br>\n";
}
}
?>
<?php
// user has been authenicated - move them to the correct directory
if ($authenicated)
{
echo "<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=" . $link . "\">";
}
?>
<img src="img/spacer.gif" alt="" width="1" height="112" border="0">
<form action="login.php" method="post">
<table width="496">
<tr>
<td width="100"></td>
<td colspan="4" width="469"><img src="img/please.gif" alt="" width="469" height="19" border="0"></td>
</tr>
<tr>
<td width="100"><img src="img/spacer.gif" alt="" width="100" height="1" border="0"></td>
<td width="227">
<img src="img/spacer.gif" alt="" width="227" height="1" border="0"><br>
</td>
<td align="right" valign="top" width="84"><input type="text" name="username" size="12"><br></td>
<td width="43"><img src="img/spacer.gif" alt="" width="43" height="1" border="0"><br>
<br>
</td>
<td align="right" valign="top" width="109"><input type="password" name="password" size="16">
<p><br>
</p>
</td>
</tr>
<tr>
<td width="100"></td>
<td valign="top" width="227"><div class="messages"><?=$message?></div></td>
<td width="84"><br>
</td>
<td width="43"><br>
</td>
<td align="right" width="109"><input type="image" src="img/enter.gif" ALT="enter"><br>
<br开发者_如何学Go>
<br>
<br>
<br>
</td>
</tr>
</table>
</form>
</body>
</html>
As far as I can see, your code relies on register_globals, which has been deprecated for years now. Your server might have been upgraded to a newer version of php.
Using register_globals is really bad, not the "you should not" kind of bad, but the "it is insane to use it". Please don't try to find a work around. User the $_GET and $_POST parameters to accomplish your goal.
It looks like you're depending on global variables being initialized, rather than using them correctly. You use $username and $password without initializing them. The correct way would be to do:
$username = $_POST['username']; $password = $_POST['password'];
Before you use them. This would be a result in them updating stuff on the server side.
Read up on register_globals, and why you should disable them (probably someone has done that). Use the $_POST array.
BTW: if I can guess the path to /incoming/clients050203/...../, can I bypass your login script completely? Seems like it..
BTW2: now I also spy the '<?=$message?>', which are called short_open_tags, which will probably disappear somewhere in the future. Just to prevent the mayhem of today to happen in a few years :)
You are echoing a < META> tag into the middle of the body, which is invalid markup and will probably not correctly redirect.
This won't fix your security, but try putting all your PHP code before any HTML declaration and use:
header('Location: ' . /incoming/clients050203/" . $directory[$userIndex] . "/');
精彩评论