• T
    User

    Script per login che non effettua il login

    Salve a tutti,
    ho un problema con uno script php che protegge attraverso il login una sezione del sito.
    Lo script è composto di 8 file più il css: il problema è che lo script non effettua il login, ossia quando provo a registrarmi, mi dice che l'iscrizione è avvenuta, e reindizza alla pagina di login, metto username e password ma non accede, mi dice che i dati sono incorretti.

    questa è la pagina di login, la index.php

    
<?php
session_start(); // Maintain session state
header("Cache-control: private");    // Fixes IE6's back button problem.

// Are we logged in, or logging in?
if(@$_SESSION['user']) header("location: login.php");
else{
?>
<html>
<head>

<link rel = "stylesheet" type = "text/css" href = "style.css">
<title>members area: mike holloway</title>
</head>
<body onload = "document.getElementById('user').focus();">

<form method = "post" action = "login.php">
<table border = "0" cellspacing = "0" cellpadding = "10" width = "50%" align = "center" style = "height: 100%;">
    <tr>
        <td colspan = "3" valign = "bottom">
            <span class = "bold">members area, v: 3.0</span>    <br>
            <?php
            // Get user count
            $file = file("users.php");
            $userCount = 0;

            for($line = 0; $line < sizeof($file); $line++){
                if("//" != substr($file[$line], 0, 2)) $userCount++;
            }
            ?>
            <span class = "hilight">we have</span> <span class = "bold hilight"><?php print $userCount; ?></span> <span class = "hilight">members and growing!</span>
        </td>
    </tr>
    <tr>
        <td colspan = "3" height = "5%">
            <a href = "addUser.php">signup</a> 
            <?php
            // Check if we need to add a message
            if(@$_GET["fail"]) echo "| <span class = 'alert'>Incorrect username or password</span>";
            elseif(@$_GET["logout"]) echo "| <span class = 'alert'>Successfully logged out</span>";
            elseif(@$_GET["new"]) echo "| <span class = 'alert'>Successfully registered</span>";
            ?>
        </td>
    </tr>
    <tr>
        <td width = "30%" height = "10" valign = "bottom">
            username:
        </td>
        <td width = "70%" height = "10" valign = "bottom">
            <input type = "text" id = "user" name = "user" style = "width: 80%" class = "text" tabindex = "1">
        </td>
        <td rowspan = "2" width = "16" height = "16" align = "right" valign = "bottom">
            <input type = "image" src = "next.gif" width  = "16" height = "16" name = "submit" alt = "arrow pointing right: next" tabindex = "3">
        </td>
    </tr>
    <tr>
        <td width = "30%" height = "10" valign = "bottom">
            password:
        </td>
        <td width = "70%" height = "10" valign = "bottom">
            <input type = "password" name = "pass" style = "width: 80%" class = "text" tabindex = "2">
        </td>
    </tr>
    <tr>
        <td colspan = "3" valign = "top" style = "color: #cccccc;">
            freeware by: <a href = "mikeholloway.co.uk" target = "_blank">mike holloway<a/>, 2003.
        </td>
    </tr>
</table>
</form>
</body>
</html>
<?php
}
?>
```questa la pagina che richiama, la login.php

    <?php
    session_start(); // Maintain session state
    header("Cache-control: private"); // Fixes IE6's back button problem.

    // Redirect if not logging in
    if(!@$_POST['user'] && !@$_SESSION['user']) header("location: index.php");
    else{
    if(@$_SESSION['user']){
    @include("userarea.php");
    }
    else{
    // Get the posted username and password
    $user = strtolower($_POST['user']);
    $pass = $_POST['pass'];

        // Include the flat-file
    $file = file("users.php") or die("Problem getting the user details flat-file [users.php]");

    // Get the size of file
    $totalLines = sizeof($file);

    // Get the users details line by line
    $line = 0;
    $match = 0;
    do{
        // Check the line isn't a comment
        if("//" != substr($file[$line], 0, 2)){
            // Break our records up
            @list($username, $password, $permission, $email, $url, $dob, $location, $joined) = explode("<del>", $file[$line]);

            // Check the username and passwords match
            if((strtolower($user) == strtolower($username)) && (md5($pass) == $password)) $match = 1;
            else $match = 0;
        }

        // Exit loop if match found
        if($match) break;
        
        // Increment line count
        $line++;
    } while($line < $totalLines);

    // Include the file or send them back
    if($match){
        $_SESSION["user"] = $user;
        $_SESSION["pass"] = $pass;
        $_SESSION["permission"] = $permission;
        $_SESSION["email"] = $email;
        $_SESSION["url"] = $url;
        $_SESSION["dob"] = $dob;
        $_SESSION["location"] = $location;
        $_SESSION["joined"] = $joined;
        
        // Refresh page
        header("location: ". $_SERVER['PHP_SELF']);
    }
    else header("location: index.php?fail=1");
}

    }
    ?>

    grazie fin d'ora
    0
  • T
    User

    up
    c'è qualcuno che può darmi una mano?

    0
Effettua l'accesso per rispondere