"Not active" in Login Admin file allowing access

Issues related to the Login tools of WYSIWYG Web Builder.
Forum rules
PLEASE READ THE FORUM RULES BEFORE YOU POST:
viewtopic.php?f=12&t=1901

MUST READ:
http://www.wysiwygwebbuilder.com/login_basics.html
http://www.wysiwygwebbuilder.com/login_tools.html

TIP:
A lot of information about the login tools can be found in the help/manual.
Also checkout the demo template that is include with the software.
trenoweth
 
 
Posts: 63
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

"Not active" in Login Admin file allowing access

Post by trenoweth » Mon Jun 04, 2018 12:10 am

Hello,

I am using the login script and have just realised that instead of going to the error page, a "Not active" login is allowing access in the same way as an "Active" one. I've puzzled over this for ages, please tell me where I'm going wrong.

I have copied the existing files across to a dummy login, which is at http://www.trenoweth.co.uk/Test/Login/login.php

file name : login.php

User name is: Logintest and p/w is: test
************************************************************************************************************************

<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['form_name']) && $_POST['form_name'] == 'loginform')
{
$success_page = 'http://www.trenoweth.co.uk/Test/logintest.html';
$error_page = 'http://www.trenoweth.co.uk/Test/Login/loginfail.php';
$database = '../usersdb.php';
$crypt_pass = md5($_POST['password']);
$found = false;
$fullname = '';
$session_timeout = 600;
if(filesize($database) > 0)
{
$items = file($database, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
foreach($items as $line)
{
list($username, $password, $email, $name, $active) = explode('|', trim($line));
if ($username == $_POST['username'] && $active != "0" && $password == $crypt_pass)
{
$found = true;
$fullname = $name;
}
}
}
if($found == false)
{
header('Location: '.$error_page);
exit;
}
else
{
if (session_id() == "")
{
session_start();
}
$_SESSION['username'] = $_POST['username'];
$_SESSION['fullname'] = $fullname;
$_SESSION['expires_by'] = time() + $session_timeout;
$_SESSION['expires_timeout'] = $session_timeout;
header('Location: '.$success_page);
exit;
}
}
$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
$password = isset($_COOKIE['password']) ? $_COOKIE['password'] : '';
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>-</title>
<link href="login.css" rel="stylesheet">
</head>
<body>
<blockquote>
<p>Please remember that your user name and password are case sensitive - if a character is in the
incorrect case you&#39;ll simply be returned to this screen.</p>

</blockquote>
<div id="wb_Login1" style="position:absolute;left:150px;top:200px;width:300px;height:214px;z-index:0;">
<form name="loginform" method="post" accept-charset="UTF-8" action="<?php echo basename(__FILE__); ?>" id="loginform">
<input type="hidden" name="form_name" value="loginform">
<table id="Login1">
<tr>
<td class="header">Log In</td>
</tr>
<tr>
<td class="label"><label for="username">User Name</label></td>
</tr>
<tr>
<td class="row"><input class="input" name="username" type="text" id="username" value="<?php echo $username; ?>"></td>
</tr>
<tr>
<td class="label"><label for="password">Password</label></td>
</tr>
<tr>
<td class="row"><input class="input" name="password" type="password" id="password" value="<?php echo $password; ?>"></td>
</tr>
<tr>
<td style="text-align:center;vertical-align:bottom"><input class="button" type="submit" name="login" value="Log In" id="login"></td>
</tr>
</table>
</form>
</div>
</body>
</html>
************************************************************************************************************************
file name: loginfail.php

The same as above but with a message that either User name or Password was incorrect. This ought to show when the Login is set to "not active" (as it is at present) but instead it goes the the success file, logintest.html
************************************************************************************************************************
file name: http://www.trenoweth.co.uk/Test/logintest.html

A basic file advising successful login.
************************************************************************************************************************
admin file: http://www.trenoweth.co.uk/Test/LoginAdmin.php

P/w for this is: test2018
************************************************************************************************************************

User avatar
Pablo
 
Posts: 12605
Joined: Tue Mar 28, 2006 12:00 pm
Location: Europe
Contact:

Re: "Not active" in Login Admin file allowing access

Post by Pablo » Mon Jun 04, 2018 6:18 am

There is a problem with the database. It has one '|' too many.
How was this database created?

trenoweth
 
 
Posts: 63
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: "Not active" in Login Admin file allowing access

Post by trenoweth » Tue Jun 05, 2018 1:01 am

Hello Pablo,

Many thanks for the reply, which I really struggled to find but can now see.

Right, but which '|' is the additional one please?

I have just created fictitious logins using the "Create new user" link on the Admin page which has exactly the same problem. I haven't edited the script at all, this is exactly as it is on the server:

usersdb.php file is:

Logintest|098f6bcd4621d373cade4e832627b4f6||||0|NA
Freddie|098f6bcd4621d373cade4e832627b4f6|fred@hisemail.com|Fred|Flintstone|0|NA
Barney|098f6bcd4621d373cade4e832627b4f6|barney@hisemail.com|Barney|Rubble|0|NA

Login is at: http://www.trenoweth.co.uk/Test/Login/login.php
All passwords are test
Admin is at: http://www.trenoweth.co.uk/Test/LoginAdmin.php
Password is test2018

trenoweth
 
 
Posts: 63
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: "Not active" in Login Admin file allowing access

Post by trenoweth » Tue Jun 05, 2018 3:06 am

I have just spent quite some time removing a '|' one at a time, testing, then restoring it when it didn't help, but I always found a non active login went through to the success page.

User avatar
Pablo
 
Posts: 12605
Joined: Tue Mar 28, 2006 12:00 pm
Location: Europe
Contact:

Re: "Not active" in Login Admin file allowing access

Post by Pablo » Tue Jun 05, 2018 6:05 am

Your admin looks different than the standard script. There is an extra column 'surname'.
Did you add this yourself?

trenoweth
 
 
Posts: 63
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: "Not active" in Login Admin file allowing access

Post by trenoweth » Tue Jun 05, 2018 6:14 am

Yes, I added it so that the database may be sorted into alphabetical order by surname.

I've also been trying to set up a completely new login script starting from scratch using WB14 (the previous one above was originally written on WB11) but I don't seem to be able to get anywhere with LoginAdmin.

It generates an HTML file, has no link that I can see for the usersdb.php file, is already populated with a number of names starting with yours that cannot be edited nor deleted. Nor do the New User and Logout buttons work, so I presume this is just a demo page?

User avatar
Pablo
 
Posts: 12605
Joined: Tue Mar 28, 2006 12:00 pm
Location: Europe
Contact:

Re: "Not active" in Login Admin file allowing access

Post by Pablo » Tue Jun 05, 2018 6:16 am

Yes, I added it so that the database may be sorted into alphabetical order by surname.
That is what causing the extra '|' in the user database, which makes it invalid for the other scripts.
It generates an HTML file, has no link that I can see for the usersdb.php file, is already populated with a number of names starting with yours that cannot be edited nor deleted. Nor do the New User and Logout buttons work, so I presume this is just a demo page?
Are you using the latest update?

trenoweth
 
 
Posts: 63
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: "Not active" in Login Admin file allowing access

Post by trenoweth » Tue Jun 05, 2018 6:17 am

In my efforts to resolve the extra '|' problem I took the surnames right out of the equation so I was left with just the original five columns, but the problem was still there.

trenoweth
 
 
Posts: 63
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: "Not active" in Login Admin file allowing access

Post by trenoweth » Tue Jun 05, 2018 6:19 am

Are you using the latest update?
As I have mentioned, the script was originally written with WB11 though I think it has also been through WB12. I do now have the latest WB14 and haven't been able to produce a working LoginAdmin page from it. Just the HTML file with the pre-populated names that cannot be edited.

User avatar
Pablo
 
Posts: 12605
Joined: Tue Mar 28, 2006 12:00 pm
Location: Europe
Contact:

Re: "Not active" in Login Admin file allowing access

Post by Pablo » Tue Jun 05, 2018 6:20 am

Are you using the latest update: version 14.0.4?

trenoweth
 
 
Posts: 63
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: "Not active" in Login Admin file allowing access

Post by trenoweth » Tue Jun 05, 2018 6:24 am

I downloaded it on 4th June, which says it is Version 14 (May 7 2018)

trenoweth
 
 
Posts: 63
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: "Not active" in Login Admin file allowing access

Post by trenoweth » Tue Jun 05, 2018 6:30 am

But isn't this rather irrelevant? I should be able to add a new field providing it is added everywhere, in the sign-up and the admin scripts?

User avatar
Pablo
 
Posts: 12605
Joined: Tue Mar 28, 2006 12:00 pm
Location: Europe
Contact:

Re: "Not active" in Login Admin file allowing access

Post by Pablo » Tue Jun 05, 2018 6:50 am

But isn't this rather irrelevant?
It is very relevant, because the latest update has many improvements. Including fixes in the login admin.
I should be able to add a new field providing it is added everywhere, in the sign-up and the admin scripts?
No, you cannot just add new fields everywhere. The database has a defined structure, if you add extra fields then this will affect all login tools. So, if you modify the admin script then you also need to update the other scripts.

trenoweth
 
 
Posts: 63
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: "Not active" in Login Admin file allowing access

Post by trenoweth » Tue Jun 05, 2018 6:55 am

Which I did. The added file in the Admin page was also added to the sign-up page. I think I'm correct in saying that the other files (login, password reminder) are not affected as they don't use the additional field.

If I write new scripts for the main files will I be able to use the existing LoginAdmin? I wouldn't have thought so but as the presnt version doesn't seem to produce one how to go forward?

User avatar
Pablo
 
Posts: 12605
Joined: Tue Mar 28, 2006 12:00 pm
Location: Europe
Contact:

Re: "Not active" in Login Admin file allowing access

Post by Pablo » Tue Jun 05, 2018 7:10 am

Adding extra fields between the existing fields will affect the other tools.
For example, the login script expects the 5th parameter to be the 'active' field.

You will not have this problem if you use a MySQL database because then the field order does not matter.
but as the presnt version doesn't seem to produce one how to go forward?
Please make sure you have version 14.0.4, then the admin script will work the same as before.

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests