|
|
Posted by AnrDaemon on 11/11/07 11:15
Greetings, Ezechiele.
In reply to Your message dated Friday, November 9, 2007, 19:44:40,
More light to issue.
Common:
Code structure is ambigous. You're continue to work on user input even if
there's nothing to do after first block.
Pack code into if's, draw logic on paper if that would help You better than
raw code.
And please do not use such lame formatting rules. It is hard to decide what
happened after many if's in this code.
Now read the rest: (or load into any environmet with Colorer support and call
errors list)
<?php
session_start();
error_reporting(E_ALL);
if (!defined("BASE_PATH"))
{
define('BASE_PATH', isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] :
// FIX Why not dirname($_SERVER['SCRIPT_NAME']) ??
substr($_SERVER['PATH_TRANSLATED'], 0, -1*strlen($_SERVER['SCRIPT_NAME'])));
}
$_SERVER['DOCUMENT_ROOT'] = BASE_PATH;
include($_SERVER['DOCUMENT_ROOT']."/script/dbconnect.php");
if (!isset($_SESSION['Login']))
{
$_SESSION['Login'] = false;
}
//echo "SESSION[Login]:".$_SESSION['Login'];
$IdUser = session_id();
$data = date('Y-m-d');
if (!isset($_COOKIE["TeachingOnLine"]))
{
// BUG $_COOKIE array does not filled when setcookie called
setcookie("TeachingOnLine", $IdUser, time()+60*60*24*365);
// FIX You should call it yourself if You want to use it's value in current script
// FIX $_COOKIE["TeachingOnLine"] = $IdUser;
}
else
{
$IdUser = $_COOKIE["TeachingOnLine"];
}
// Apertura tabelle dei dati
//mysql_select_db($dbname);
$username = $_POST["username"];
if (strlen($username) <= 3)
{
session_write_close();
// BUG CRITICAL: DO NOT TRUST USER INPUT! EVER!
if (isset($_SERVER['HTTP_REFERER']))
{
$url = $_SERVER['HTTP_REFERER'];
}
else
{
$url='http://'.$SERVER['HTTP_HOST']."/index.php";
}
header("Location: $url");
}
$username = mysql_escape_string($username);
$password = $_POST["password"];
$password = mysql_escape_string($password);
$tabella = "utenti";
// Ricerca nella tabella Utenti la coppia UserName e UserPassword
// BUG CRITICAL: DO NOT FETCH PASSWORDS FROM DATABASE! EVER!
$query = "SELECT IdUser, Username, UserPassword FROM $tabella WHERE ('$password' = UserPassword) and ('$username'=Username)";
$result = mysql_query($query) or die(mysql_error());
// Legge IdUser
$record = mysql_fetch_array($result);
//$UserId=$record["IdUser"];
//$Username=$record["Username"];
//echo "UserId=".$UserId;
//echo " Username=".$Username;
// Se esiste l'utente con username e password allora consenti il login
if (mysql_affected_rows() == 1)
{
$_SESSION['Login'] = true;
//echo "SESSION[Login]:".$_SESSION['Login'];
$_POST['Login'] = false;
////echo '<input type="hidden" name="Login" value='.$_SESSION['Login'].">";
$UserId = $record['IdUser'];
$Username = $record["Username"];
//echo "UserId=".$UserId;
$permessi = "permessiutente";
$query_permessi = "SELECT IdUtente, TipoPermesso FROM $permessi WHERE (IdUtente='$UserId')";
$risultato = mysql_query($query_permessi) or die (mysql_error());;
if (mysql_affected_rows()>0)
{
$record = mysql_fetch_array($risultato);
$permit = $record["TipoPermesso"];
//echo "Permesso ".$permit;
// BUG Why such lame? If You want to change user permissions, You can't before cookie expires.
if (!isset($_SESSION["TipoPermesso"]))
{
$_SESSION["TipoPermesso"] = $permit;
}
////echo '<input type="hidden" name="TipoPermesso" value='.$_SESSION['TipoPermesso'].">";
//echo "Tipo Permesso :". $_SESSION['TipoPermesso'];
}
$url = 'http://'.$_SERVER['HTTP_HOST']."/index.php";
//echo "Referer: ".$url;
//echo "Login:".$_SESSION['Login'];
session_write_close();
header("Location: $url");
}
else // Invia l'utente sulla pagina di registrazione
{
$_SESSION['Login'] = false;
//echo "SESSION[Login]:".$_SESSION['Login'];
$_POST['Login'] = false;
$url='http://'.$_SERVER['HTTP_HOST']."/script/RegistraUtente.php";
session_write_close();
header ("Location: $url");
}
?>
--
Sincerely Yours, AnrDaemon <anrdaemon@freemail.ru>
Navigation:
[Reply to this message]
|