Re: Authentication fails

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 3/1/2005 2:12 PM Jason Barnett wrote:
John Swartzentruber wrote:

Somehow my PHP 5.0.3 or something is configured incorrectly. When I try
to get past an authentication input, nothing happens. For example, I
have phpMyAdmin configured now to use mysqli, but when I enter the
username and password, the screen doesn't change. In previous testing, I
saw that an incorrect authentication was detected and reported, but a
correct authentication had no affect.


Not sure if this is a phpMyAdmin bug or not, but you might try to clear
out all cookies that your browser has from john.swartzentruber.us.  For
that matter you should see if you *have* any cookie set from
john.swartzenruber.us.  I'm not pointing fingers at phpMyAdmin, but just
tossing out a possible solution.


My phpinfo() output is at http://john.swartzentruber.us/test.php

For example, I'm trying to use a simple file upload script called "file
thingie" that is at http://www.solitude.dk/filethingie/download.php

I have edited the original file only to decrease the maximum file size
to 500 bytes and limit uploads to text files. I hope no one here tries
to be nasty. The user name is "USERNAME2" and the password is "PASSWORD".


Yeah... I wouldn't suggest putting user / pw combos onto the web even if
you intend on changing it later.  You just never know.

Well, if someone can get past the login page, at least someone is making progress :-)



Can anyone check this out and give me some clues or things to look into?
Is there some setting that would cause _POST data to disappear? How
would I go about debugging this?


Start by going to the form page's action page (since your test.php page
only displays phpinfo() I'm not sure what this is going to be).  We'll
call this page action.php.

I forgot to mention that the page in question was http://john.swartzentruber.us/test.php I'm working on creating an even simpler script, but since I'm not that familiar with either HTML forms or PHP, it is taking some time. In these examples, the action page is the same page as original page (i.e., "filethingie.php"). When I look at the page source (i.e., the PHP output) in my browser, this is what the form looks like (sorry about the word wrapping):


<form action="filethingie.php" method="post">
<h1>Please Login</h1> <input type="hidden" name="log_lang" value="en" /> <div>
<label for="log_user">User: </label><input type="text" size="15" name="log_user" id="log_user" />
</div>
<div>
<label for="log_pass">Pass: </label><input type="password" size="15" name="log_pass" id="log_pass" />


          <input type="hidden" name="action" value="login" />
          <input type="submit" value="login" />
     </div>
</form>



The simplest way to debug this (but it's effective) is to
var_dump($_POST) at the top of action.php.  Insert this at the very top
of the page (likely to cause a lot of errors :) and then gradually cut /
paste that code throughout the action page.  Do this until you narrow
down the problem code.

Well, I've been trying print_r($_POST), and it is always empty. That's the problem.



Since this is a file upload script you are doing you will probably want
to var_dump($_FILES) as well.  Heck, if you're having *session* problems
then you should be looking into the $_SESSION array and (possibly) the
$_COOKIE array.

I'll try removing the session stuff to see if that is significant. It looks like $_SESSION is also empty, although I do see what appear to be session files created in /tmp, which is where they go.


To summarize, it appears that the problem is not with authentication per se, but is that $_POST is empty when the script is called from a form in the same file.

I'll try to test this using a different action script and see what happens. In the meantime, if you see anything or have any other ideas, please let me know. I appreciate you taking the time to help.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux