The PHP file:
<?
print_r($_REQUEST);
$thispage = 'login';
require('db.php');
if($_POST['admin_username'] && $_POST['admin_password']) {
$query="SELECT * FROM login where name='".mysql_real_escape_string($_POST['admin_username'])."' AND pass = '".mysql_real_escape_string($_POST['admin_password'])."' AND level='admin'";
echo $query;
$result = mysql_query($query);
while ($row = mysql_fetch_array($result)){
if($row['name'] && $row['pass']) {
$_SESSION['isAdmin'] = 1;
$_SESSION['loggedin'] = 1;
setcookie('isAdmin' , 1, time()+3600, '/', $settings['cookiedomain']);
setcookie('loggedin' , 1, time()+3600, '/', $settings['cookiedomain']);
header("Location: index.php");
exit();}
else {
header("Location: login.php?msg=Invalid%20Login");
exit();
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Admin Area</title>
<link href="style.css" rel='stylesheet' />
<link rel="stylesheet" href="bubble-tooltip.css" media="screen">
<style>
.style1 {color: #171717}
</style>
</head>
<body>
<div id='content' style='width: 500px; border: 1px solid #171717; margin-top: 100px; background-color: #404040;'>
<h1 align="center"><img src="header.jpg" width="333" height="91" /></h1>
<p align="center">Welcome to the Admin Area</p>
<? if($_GET['msg']) { ?>
<center>
<p style='color: #FF9900; font-weight: bold;'><? echo $_GET['msg']; ?></p>
</center>
<? } ?>
<form id="form1" name="form1" method="post" enctype="multipart/form-data" action="">
<table width="311" border="0" align="center">
<tr>
<td width="68"><strong>Username</strong></td>
<td width="231"><input type="text" name="admin_username" style='background-color: #ffffff; border: 1px solid #1F1F1F; font-size: 11px; color: #1F1F1F; width: 200px;' /></td>
</tr>
<tr>
<td><strong>Password</strong></td>
<td><input type="password" name="admin_password" style='background-color: #ffffff; border: 1px solid #1F1F1F; font-size: 11px; color: #1F1F1F; width: 200px;' /></td>
</tr>
<tr>
<td colspan="2"><div align="center">
<input type="submit" name="button" value="Login" />
</div></td>
</tr>
</table>
</form>
<p align="center"> </p>
</div>
<div id='footer'></div>
</body>
</html>
At the top I have print_r($_REQUEST); and all I get back is Array(). Same result when I use print_r($_POST);.
Firebug shows the POST vars being submitted for sure, without a doubt, and the keynames match up perfectly.
here’s copy-pasted data from Firebug, under the POST section:
Partsmultipart/form-data
admin_username jeff
admin_password 51622384
button Login
post_max_size set to 8M as per phpinfo(); command.
What am I possibly missing? This was working on our previous server. After migration, nobody can log in thanks to this issue.
Turns out it was a redirect loop issue!
Firebug was a bit misleading, but upon inspecting, i realized that there were two lines in a row:
POST login.php
GET index.php
Indicating it attempted to loop to index.php after a successful run. Why it didn’t ignore the header() command after the print_r() command should have spat out a result, I am not sure. Generally headers can only be passed BEFORE there is output.
Anyway, index.php had a var being checked, and upon false it would send back to login.php:
This was written by the previous developer, and this doesn’t work on the newer version of PHP.
Hence I changed that up to
Hope this helps.
PHP version changes can be a pain in the ass, especially if the code you inherit isn’t up to par.