Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations MikeeOK on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PHP Login Question

Status
Not open for further replies.
Guest_imported

Guest_imported

New member
Jan 1, 1970
0
i use a PHP FORUM i have a login form but i want to login automaticaly bypassing the login form.

like ... login.php?username=test1+password=test1

is this correct? (This doesnt work!)

Thanx in advance
 
Sort by date Sort by votes
why do these boards modify everything you *really* don't wantg them to.

if you use a url as shown after \the target-_new bit it should do what you want. ______________________________________________________________________
There's no present like the time, they say. - Henry's Cat.
 
Upvote 0 Downvote
You should really ask the person who wrote the forum how you do that. Since we can't see the script, we really have no way of knowing how you could bypass that particular systems login. //Daniel
 
Upvote 0 Downvote
Here is The Login File!



$header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: ';

if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )
{
//
// This appears to work for IIS5 CGI under Win2K. Uses getenv
// since this doesn't exist for ISAPI mode and therefore the
// normal Location redirector is used in preference
//
if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] )
{
$username = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';

$sql = "SELECT user_id, username, user_password, user_active, user_level
FROM " . USERS_TABLE . "
WHERE username = '" . str_replace("\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
}

if( $row = $db->sql_fetchrow($result) )
{
if( $row['user_level'] != ADMIN && $board_config['board_disable'] )
{
header($header_location . append_sid("index.$phpEx", true));
exit;
}
else
{
if( md5($password) == $row['user_password'] && $row['user_active'] )
{
$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;

$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin);

if( $session_id )
{
if( !empty($HTTP_POST_VARS['redirect']) )
{
header($header_location . append_sid($HTTP_POST_VARS['redirect'], true));
exit;
}
else
{
header($header_location . append_sid("index.$phpEx", true));
exit;
}
}
else
{
message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
}
}
else
{
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : '';

$template->assign_vars(array(
'META' => '<meta http-equiv=&quot;refresh&quot; content=&quot;3;url=' . append_sid(&quot;login.$phpEx?redirect=$redirect&quot;) . '&quot;>')
);

$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href=&quot;' . append_sid(&quot;login.$phpEx?redirect=$redirect&quot;) . '&quot;>', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href=&quot;' . append_sid(&quot;index.$phpEx&quot;) . '&quot;>', '</a>');

message_die(GENERAL_MESSAGE, $message);
}
}
}
else
{
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : &quot;&quot;;

$template->assign_vars(array(
'META' => '<meta http-equiv=&quot;refresh&quot; content=&quot;3;url=' . append_sid(&quot;login.$phpEx?redirect=$redirect&quot;) . '&quot;>')
);

$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href=&quot;' . append_sid(&quot;login.$phpEx?redirect=$redirect&quot;) . '&quot;>', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href=&quot;' . append_sid(&quot;index.$phpEx&quot;) . '&quot;>', '</a>');

message_die(GENERAL_MESSAGE, $message);
}
}
else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] )
{
if( $userdata['session_logged_in'] )
{
session_end($userdata['session_id'], $userdata['user_id']);
}

if( !empty($HTTP_POST_VARS['redirect']) )
{
header($header_location . append_sid($HTTP_POST_VARS['redirect'], true));
exit;
}
else
{
header($header_location . append_sid(&quot;index.$phpEx&quot;, true));
exit;
}
}
else
{
if( !empty($HTTP_POST_VARS['redirect']) )
{
header($header_location . append_sid($HTTP_POST_VARS['redirect'], true));
exit;
}
else
{
header($header_location . append_sid(&quot;index.$phpEx&quot;, true));
exit;
}
}
}
else
{
//
// Do a full login page dohickey if
// user not already logged in
//
if( !$userdata['session_logged_in'] )
{
$page_title = $lang['Login'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);

$template->set_filenames(array(
'body' => 'login_body.tpl')
);

if( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) )
{
$forward_to = $HTTP_SERVER_VARS['QUERY_STRING'];

if( preg_match(&quot;/^redirect=(.*)$/si&quot;, $forward_to, $forward_matches) )
{
$forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1];

$forward_match = explode('&', $forward_to);

if(count($forward_match) > 1)
{
$forward_page = '';

for($i = 1; $i < count($forward_match); $i++)
{
if( !ereg(&quot;sid=&quot;, $forward_match[$i]) )
{
if( $forward_page != '' )
{
$forward_page .= '&';
}
$forward_page .= $forward_match[$i];
}
}

$forward_page = $forward_match[0] . '?' . $forward_page;
}
else
{
$forward_page = $forward_match[0];
}
}
}
else
{
$forward_page = '';
}

$username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '';

$s_hidden_fields = '<input type=&quot;hidden&quot; name=&quot;redirect&quot; value=&quot;' . $forward_page . '&quot; />';

make_jumpbox('viewforum.'.$phpEx, $forum_id);
$template->assign_vars(array(
'USERNAME' => $username,

'L_ENTER_PASSWORD' => $lang['Enter_password'],
'L_SEND_PASSWORD' => $lang['Forgotten_password'],

'U_SEND_PASSWORD' => append_sid(&quot;profile.$phpEx?mode=sendpassword&quot;),

'S_HIDDEN_FIELDS' => $s_hidden_fields)
);

$template->pparse('body');

include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
else
{
header($header_location . append_sid(&quot;index.$phpEx&quot;, true));
exit;
}

}

?>
 
Upvote 0 Downvote
That script requires you to login using the POST method. Therefor you can't login using a query string. //Daniel
 
Upvote 0 Downvote
if you want to have a system to login automaticaly, the best way is to save information as cookies. Anikin
Hugo Alexandre Dias
Web-Programmer
anikin_jedi@hotmail.com
 
Upvote 0 Downvote
is it possible to make a php that make all the login steps automatic?
 
Upvote 0 Downvote
Yes, but because of the following reasons you shouldn't:
1. Security
2. Security
3. Security
If I was a user, I would much rather sign in than use some very insecure URL that can be seen by anyone using the same computer. //Daniel
 
Upvote 0 Downvote
i say more

1. security
2. privacy
3. ethics.
Anikin
Hugo Alexandre Dias
Web-Programmer
anikin_jedi@hotmail.com
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

cdlvj
  • Locked
  • Question
PHP Debugging
Replies
1
Views
641
cdlvj
cdlvj
W
  • Locked
  • Question
how to send checked row data in php
Replies
0
Views
537
wiltang2004
W
SashaBuilder3
  • Locked
  • Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
907
SashaBuilder3
SashaBuilder3
PeDa
  • Locked
  • Question
Unwanted spaces in php HTML mail 1
Replies
4
Views
604
PeDa
PeDa
Mandy_crw
  • Locked
  • Question
How to send sms in PHP using usb gsm modem?
Replies
1
Views
751
vishvajit
vishvajit

Part and Inventory Search

Sponsor

Back
Top