PHP - Site Migration, Problems With White Pages For Login/out On New Host

Hello:

I wanted to see if I can make my password protected pages in my admin area, and the login form "more secure."
I was told I should use MD5 / SALTING / HASHING to do this.

I have tried some online tutorials, but am not understanding it, so I wanted to start from what I have and build upon it>

This is my database table storing the myAdmins data (when I initially insert it into the database):
Code: [Select]
CREATE TABLE `myAdmins` (
  `id` int(4) NOT NULL auto_increment,
  `myUserName` varchar(65) NOT NULL default '',
  `myPassword` varchar(65) NOT NULL default '',
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;

INSERT INTO myAdmins VALUES("1","abc","123");

This is the login form I use:
Code: [Select]
<?php

include('../include/myConn.php');
include('include/myAdminNav.php');

session_start();
session_destroy();

$message="";

$Login=$_POST['Login'];
if($Login){
$myUserName=$_POST['myUserName'];
$myPassword=$_POST['myPassword'];

$result=mysql_query("select * from myAdmins where myUserName='$myUserName' and myPassword='$myPassword'");
if(mysql_num_rows($result)!='0'){
session_register("myUserName");
header("location:a_Home.php");
exit;
}else{
$message="<div class=\"myAdminLoginError\">Incorrect Username or Password</div>";
}

}
?>

<form id="form1" name="form1" method="post" action="<? echo $PHP_SELF; ?>">

<? echo $message; ?>

Username: <input name="myUserName" type="text" id="myUserName" size="40" />
Password: <input name="myPassword" type="password" id="myPassword" size="40" />

<input name="Login" type="submit" id="Login" value="Login" />

</form>



This is the code on top of each page I password protect:
Code: [Select]
<?
session_start();
if(!session_is_registered(myUserName)){
header("location:Login.php");
}
?>

Works well, but can it be "better"??

And, if I am allowing the admin to update his/her username or password, I do it this way:
Code: [Select]
<?php

include('../include/myConn.php');
include('include/myCheckLogin.php');

if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$myUserName = mysql_real_escape_string($_POST['myUserName']);
$myPassword = mysql_real_escape_string($_POST['myPassword']);

$sql = "

UPDATE myAdmins
   SET
      myUserName = '$myUserName',
      myPassword = '$myPassword'
  ";
mysql_query($sql) && mysql_affected_rows()

?>

<?php
}

$query=mysql_query("SELECT * FROM myAdmins") or die("Could not get data from db: ".mysql_error());

while($result=mysql_fetch_array($query))

{
  $myUserName=$result['myUserName'];
  $myPassword=$result['myPassword'];
}

?>


<form method="post" action="<?php echo $PHP_SELF;?>">
<input type="hidden" name="POSTBACK" value="EDIT">

Username: <input type="text" size="60" maxlength="60" name="myUserName" value="<?php echo $myUserName; ?>">
Password: <input type="password" size="60" maxlength="60" name="myPassword" value="<?php echo $myPassword; ?>">

<input type="submit" value="Submit" />
         
</form>


Should it be "better" .. ??

I don't seem to understand how to "encrypt" all of this to make it "stronger" ..

Ideas? Improvements?

I am in the process of creating a web page form and related scripts that will take a file (or listing of files) posted in a form and enter the data into a database and then use rsync to move from a staging web server to a production web server. With the current form i have written i am able to do a single file and i am able to handle an entire directory (basically because there is only a single row of data extracted from and inserted into the database that rsync then reads and moves. So, my problem is the form page and related insert into the database. I am not sure what i need to do in the form to be able to allow a developer or qa person to drop a listing of files into it, and have that then get extracted and inserted as individual rows into the database. Does anyone have any thoughts on a good way to do this? Basically taking this snippet

    <form method="post" action="<?php echo $PHP_SELF;?>">
        File Name:<input type="text" size="12" maxlength="12" name="name"><br />
        File to Sync:<input type="text" size="12" maxlength="255" name="dir_path"><br />
        <br />
            <input type="submit" value="submit" name="submit">
    </form>

and re-working it to handle a listing of fully pathed files and then insert that into the db, which is done currently by this snippet

     $conn=mysql_connect (DB_HOST, DB_USER, DB_PASS) or die(mysql_error($conn));
            mysql_select_db(DB_NAME);
            $sql="INSERT INTO fsfiles (name, dir_path)
                VALUES
            ('$_POST[name]','$_POST[dir_path]')";
                if (!mysql_query($sql,$conn))
                    {
                        die('Error: ' . mysql_error());
                    }
                       echo "File: ".$name." added for sync<br />";
            mysql_close($conn);

Any help would be GREATLY appreciated. Thank you in advance

Hello everyone:

I wanted to see how I can make a simple login page (user name and password) that redirects to a page(s) if the login is correct. Also, I wanted to put protection on the page(s) that will send the user back to the login page if the credentials are nor correct.

I would imagine the username/password would be stored in a database table (Admins), and the correct login info would be stored in a session ..?

I am use to doing this with ASP, but never PHP. I want to make sure I understand how to do this properly and securely so I can use this as a model for other systems.

In ASP I would do a protected page like this:
a_login_check.asp
Code: [Select]
<%
if session("admin_user_name") = "" then
session.abandon
response.redirect "login.asp"
end if
%>

Protected-Page.asp
Code: [Select]
<!-- #include file="include/a_check_login.asp" -->
<html>
...
CONTENT

...
</html>

And of course there is the login page itself ...
(I thought it would be nice to add a "Forgot Password" link on the login page, but if that is too complicated I can do that later .. or is it easy ??)

Anyway, can someone point-out to me how to do this.

I would appreciate it!

Any pointers would be much appreciated.

I got my PHP app working (not without some great help from this forum) but when I migrated my PHP scripts and MySQL database to my ISP's platform the app fell apart since the web is the destination for this app, I then had to diagnose and fix what happened.

The problem:
On the ISP's platform, a query string  passed unescaped with say a QUOTE in it came in on the subsequent GET ESCAPED. On my platform they arrived UNESCAPED.

Is this a php.ini discrepancy or a version discrepancy between us please?

Thing is I'd like to get the local version working again after all the changes because what worked on one broke on the other, now the other is fixed the one is broken if you get my drift.

Platform / Version variations:
Local implementation is Win7, Apache 2.2.19 / PHP 5.3.6 / MySQL 5.5
ISP is Linux not sure of the Apache version believe it is 2.? PHP 5.2.14 / MySQL Client Api 4.1.22

Any input or links for reading would be appreciated.

Jamie

I have no idea where to start or which board would be the proper place to put this but what I"m attempting to do is integrate this idea with my custom cms I'm making now is that once inside I can take down my site in case I (administrator) wanted to perform some maintenance on my site and have it instead display a custom 404 page. Any ideas on where to start. I tried using my best friend google but he gave me nothing. Maybe a few tutorials of this might help.

This topic has been moved to Application Design.

http://www.phpfreaks.com/forums/index.php?topic=355963.0

Hello, I'm having problems with creating send mail form, what it does it's just reload on "submit" click... I'm working on this for the last hour and still can't figure out what I'm missing. I don't get any error not even confirmation of successful or unsuccessful send...

Here's the code
<html>
     <body>
 <?php
                echo'<form enctype="multipart/form-data" method="post">';
echo'<form method="post" action="sendmail">';
echo'<input type = "text" value ="'.$email_to.'" name = "user_mail">';
echo '<input type="submit" name="Submit" value="Submit">';
echo '</form>';
?>
<?php elseif ($_GET['send']=='sendmail'):?>


<?php
$fileatt = "testfile.pdf"; // Path to the file 
$fileatt_type = "application/pdf"; // File Type 
$fileatt_name = "testfile.pdf"; // Filename that will be used for the file as the attachment 

$email_to = $user_mail; //send to
$email_from = "dont@have.it"; // Who the email is from 
$email_subject = "Your attached file"; // The Subject of the email 
$email_message = "Thanks for visiting mysite.com! Here is your free file.<br>";
$email_message .= "Thanks for visiting.<br>"; // Message that the email has in it 

$email_to = $_POST['email']; // Who the email is to 

$headers = "From: ".$email_from; 

$file = fopen($fileatt,'rb'); 
$data = fread($file,filesize($fileatt)); 
fclose($file); 

$semi_rand = md5(time()); 
$mime_boundary = "==Multipart_Boundary_x{$semi_rand}x"; 

$headers .= "\nMIME-Version: 1.0\n" . 
"Content-Type: multipart/mixed;\n" . 
" boundary=\"{$mime_boundary}\""; 

$email_message .= "Here's your file .\n\n" . 
"--{$mime_boundary}\n" . 
"Content-Type:text/html; charset=\"iso-8859-1\"\n" . 
"Content-Transfer-Encoding: 7bit\n\n" . 
$email_message .= "\n\n"; 

$data = chunk_split(base64_encode($data)); 

$email_message .= "--{$mime_boundary}\n" . 
"Content-Type: {$fileatt_type};\n" . 
" name=\"{$fileatt_name}\"\n" . 
//"Content-Disposition: attachment;\n" . 
//" filename=\"{$fileatt_name}\"\n" . 
"Content-Transfer-Encoding: base64\n\n" . 
$data .= "\n\n" . 
"--{$mime_boundary}--\n"; 

$ok = @mail($email_to, $email_subject, $email_message, $headers); 

if($ok) { 
echo "<font face=verdana size=2><center>Mail was sent.</center>";

} else { 
die("Sorry but the email could not be sent. Please go back and try again!"); 
} 
?>
<?php endif;?>
</html>
        </body>

Folks,

I need to do few scrapping from a Site, problem is, i have to be logged in first to that site to access any content.

Link:

Quote

https://www.majesticseo.com/account/login?redirect=%2Faccount%2Flogin


Login Details a

Quote

Email: wow@mailinator.com
Password: natashaworld


What PHP code do i need to use to login to this site, so i can continue running my other Codes to scrape few data???

Cheers
Natasha T

Most of my website is written in php4. My hosting server has support for both 4 and 5 just by changing file extension. .php which is the default supports 4, .php5 of course supports 5. The problem I am having is that the pages with the .php5 extensions are not recognizing session variables. Is there something I should be doing differently in 5 for my session variables?

For example a variable request like this returns 0

print $_SESSION['FULLNAME'];

Please Help!! Thank you in advance?

Hi,
     I want to auto login to remote site from my site using curl,i am using a curl script that login on same page with showing only html page,created cookie on my server too but i want to create cookie on remote server so that if i will open that remote site URL on my browser on another tab it shows me as logged-in.
Here is a code i am using

$fp = fopen("cookie.txt", w);
fclose($fp);

echo 'still loading <br/>';
       
if (fb_login($login_email,$login_pass)){
   $ch = curl_init();
   curl_setopt($ch, CURLOPT_URL, 'https://askabookdealer.com/logincode.php?redirected=1&referrer=index');
   curl_setopt($ch, CURLOPT_POSTFIELDS,'txtuname='.$login_email.'&txtpass='.$login_pass.'&x=15&y=6&login_submit=');
   curl_setopt($ch, CURLOPT_POST, 1);
   curl_setopt($ch, CURLOPT_HEADER, 0);
   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
   curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
   curl_setopt($ch, CURLOPT_COOKIEJAR, str_replace('\\','/',dirname(__FILE__)).'/cookie.txt');
   curl_setopt($ch, CURLOPT_COOKIEFILE, str_replace('\\','/',dirname(__FILE__)).'/cookie.txt');
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
   curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 (.NET CLR 3.5.30729)");
$html = curl_exec($ch);

 curl_close($ch);
 
  echo $html;

}

 
function fb_login($login_email, $login_pass){
 
 $ch = curl_init();
 curl_setopt($ch, CURLOPT_URL, 'https://askabookdealer.com/logincode.php?redirected=1&referrer=index');
 curl_setopt($ch, CURLOPT_POSTFIELDS,'txtuname='.$login_email.'&txtpass='.$login_pass.'&x=15&y=6&login_submit=');
 curl_setopt($ch, CURLOPT_POST, 1);
 curl_setopt($ch, CURLOPT_HEADER, 0);
 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
 curl_setopt($ch, CURLOPT_COOKIEJAR, str_replace('\\','/',dirname(__FILE__)).'/cookie.txt');
 curl_setopt($ch, CURLOPT_COOKIEFILE, str_replace('\\','/',dirname(__FILE__)).'/cookie.txt');
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 (.NET CLR 3.5.30729)");
$html = curl_exec($ch);
 $err = 0;
 $err = curl_errno($ch);
 curl_close($ch);

 if ($err != 0){
 echo 'error='.$err."\n";
 return(false);
 } else {
 echo 'fetching..';
 return(true);
 }
 
}


Please Help,how can i get the solution for this,Thanks.

I think I finally figured out what my problem is! I have this huge login system that I got and I think it's designed so that in order to login it has a popup window come up. Well I want embed this page so the user can login right their on the page. Before I was using include but that screws up all the submit buttons. Anyone know of a simple code to embed a page?

Hi, I am trying to make a registration form for users. The registration is for a seminar introducing a particular system for them. This (web based) system is merely a remote website. But in order for the users to actually use the system at the seminar, they HAVE to have logged in on the system in advance/prior to the seminar at least once. So in my registration form I want to include a curl login of the system, which should be invisible to the users. Hence I don't want to open a popup loading the system/remote site - I would like for this to happen without the users knowing it. So they enter username and password, Curl then does the login and then returns either "Succes! You were logge in!" or  "There was an error. You were not logged in!".

I have no use for additional information from the remote site - the only thing is that they should login this once - that's it. My code is below - and it works if the remote site is NOT using https (that is http ;-)) but if the remote site IS running https I get no message back.

The line "if (stristr($result, "loginerrors"))" is set because the remote site includes the keyword "loginerrors" if you weren't logged in properly.

 Any suggestions?


<?php
$post_data['username'] = 'something@domain.com';
$post_data['password'] = 'MyPassword';

//traverse array and prepare data for posting (key1=value1)
foreach ( $post_data as $key => $value) {
$post_items[] = $key . '=' . $value;
}

//create the final string to be posted using implode()
$post_string = implode ('&', $post_items);

//create cURL connection
$curl_connection = curl_init('https://www.domain.com/login.php');

//set options
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);

//set data to be posted
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);

//perform our request
$result = curl_exec($curl_connection);

if (stristr($result, "loginerrors"))
{
echo "There was an error. You were not logged in!";
}else{
echo "Succes! You were logge in!";
}

//close the connection
curl_close($curl_connection);
?>

I am a newbie. I need some guidance for logging onto an existing site, and downloading files.

Some tips what I should be looking for?

Thanks.

Hi guys, what I'm struggling to do is

1) Users land on https://www.mysite.com/login.php
2) Users type their email and password
3) POST data submitted to http://www.3rdparty.com/login.php with cURL
4) Users redirected to http://www.3rdparty.com/index.php (logged in).

I've been using this simple form to POST directly to the 3rd party site.

Code: [Select]
<form name="loginform" method="post" target="_blank" action="http://www.3rdparty.com/login.php">
Email <input name="email" type="text">
Password<input name="password" type="password">
<input name="submit" type="submit" id="loginbutton" value="login"></form>
This works great. But now I've installed a SSL on my site and I've just realised that using the form above, the data is still POSTed as a plain text because the 3rd party site is not https.
So I want to submit the form to my login.php form and let this form take the users to the 3rd party site. So at least the user inputs to my site is encrypted.
My new code looks like this.

Code: [Select]
<form name="loginform" method="post" target="_blank" action="login.php">
Email <input name="email" type="text">
Password<input name="password" type="password">
<input name="submit" type="submit" id="loginbutton" value="login"></form>
<?php
 if(isset($_POST['email']))     $email= $_POST['email'];
 if(isset($_POST['password']))   $password= $_POST['password'];
 if(isset($_POST['submit']))   $submit   = $_POST['submit'];
 
 $Curl_Session = curl_init('http://www.3rdparty.com/login.php');
 curl_setopt ($Curl_Session, CURLOPT_POST, 1);
 curl_setopt ($Curl_Session, CURLOPT_POSTFIELDS, "email=$email&password=$password&submit=$submit");
 curl_setopt ($Curl_Session, CURLOPT_FOLLOWLOCATION, 1);
 $result =  curl_exec ($Curl_Session);
 curl_exec ($Curl_Session);
 curl_close ($Curl_Session);

print $result;
?>

What this code is doing now is it's just rendering the www.3rdparty.com's login page (not logged in) on my site.
When I type wrong values, it renders www.3rdparty.com's login page with an error message on it.
So I think at least the values are being POSTed but it doesn't log me in.
All of the cURL codes available out there seem to POST the data and fetch some results back not redirecting the users to another site.
My ultimate goal is to POST the form and redirect the users to the 3rd party site's member area as well.
I tried header("Location: http://www.3rdparty.com/index.php"); but it just takes user to that page without being logged in.

Could anyone give me some hints?