|
|
Posted by John Swartzentruber on 03/01/05 22:52
On 3/1/2005 2:12 PM Jason Barnett wrote:
> John Swartzentruber wrote:
>
>>Somehow my PHP 5.0.3 or something is configured incorrectly. When I try
>>to get past an authentication input, nothing happens. For example, I
>>have phpMyAdmin configured now to use mysqli, but when I enter the
>>username and password, the screen doesn't change. In previous testing, I
>>saw that an incorrect authentication was detected and reported, but a
>>correct authentication had no affect.
>
>
> Not sure if this is a phpMyAdmin bug or not, but you might try to clear
> out all cookies that your browser has from john.swartzentruber.us. For
> that matter you should see if you *have* any cookie set from
> john.swartzenruber.us. I'm not pointing fingers at phpMyAdmin, but just
> tossing out a possible solution.
>
>
>>My phpinfo() output is at http://john.swartzentruber.us/test.php
>>
>>For example, I'm trying to use a simple file upload script called "file
>>thingie" that is at http://www.solitude.dk/filethingie/download.php
>>
>>I have edited the original file only to decrease the maximum file size
>>to 500 bytes and limit uploads to text files. I hope no one here tries
>>to be nasty. The user name is "USERNAME2" and the password is "PASSWORD".
>
>
> Yeah... I wouldn't suggest putting user / pw combos onto the web even if
> you intend on changing it later. You just never know.
Well, if someone can get past the login page, at least someone is making
progress :-)
>>Can anyone check this out and give me some clues or things to look into?
>>Is there some setting that would cause _POST data to disappear? How
>>would I go about debugging this?
>
>
> Start by going to the form page's action page (since your test.php page
> only displays phpinfo() I'm not sure what this is going to be). We'll
> call this page action.php.
I forgot to mention that the page in question was
http://john.swartzentruber.us/test.php I'm working on creating an even
simpler script, but since I'm not that familiar with either HTML forms
or PHP, it is taking some time. In these examples, the action page is
the same page as original page (i.e., "filethingie.php"). When I look at
the page source (i.e., the PHP output) in my browser, this is what the
form looks like (sorry about the word wrapping):
<form action="filethingie.php" method="post">
<h1>Please Login</h1> <input type="hidden" name="log_lang"
value="en" /> <div>
<label for="log_user">User: </label><input type="text"
size="15" name="log_user" id="log_user" />
</div>
<div>
<label for="log_pass">Pass: </label><input type="password"
size="15" name="log_pass" id="log_pass" />
<input type="hidden" name="action" value="login" />
<input type="submit" value="login" />
</div>
</form>
> The simplest way to debug this (but it's effective) is to
> var_dump($_POST) at the top of action.php. Insert this at the very top
> of the page (likely to cause a lot of errors :) and then gradually cut /
> paste that code throughout the action page. Do this until you narrow
> down the problem code.
Well, I've been trying print_r($_POST), and it is always empty. That's
the problem.
> Since this is a file upload script you are doing you will probably want
> to var_dump($_FILES) as well. Heck, if you're having *session* problems
> then you should be looking into the $_SESSION array and (possibly) the
> $_COOKIE array.
I'll try removing the session stuff to see if that is significant. It
looks like $_SESSION is also empty, although I do see what appear to be
session files created in /tmp, which is where they go.
To summarize, it appears that the problem is not with authentication per
se, but is that $_POST is empty when the script is called from a form in
the same file.
I'll try to test this using a different action script and see what
happens. In the meantime, if you see anything or have any other ideas,
please let me know. I appreciate you taking the time to help.
[Back to original message]
|