-1

I'm working on a login page using PHP with the intent of the page to take the user to landing page. There is a database set up with all the form fields populated and I set up test code to verify if the fields were being pulled properly and they were. But when the login website itself is being used, it redirects to itself no matter what the fields are filled with and wipes the fields clean. I've tried several different things with how the page was being called but still cannot get it to do anything other than wipe the fields clean and redirect to a clean version of itself. Here is the relevant code 

<?php
session_start();
include 'config.php';

    if(isset($_SESSION['user'])!="" && isset($_SESSION['store'])!=""){
        header('Location: http://server-ip/landing.php');
        exit();
    }

    $error = false;

    if($_SERVER["REQUEST_METHOD"] == "POST" && ($_POST['btn-login'])){

        $storeid = $_POST['Store'];//grabs store someone is logging in to

        $userid = trim($_POST['userID']); //grabs user ID, sql injection cleaning
        $userid = strip_tags($userid);
        $userid = htmlspecialchars($userid);

        $pass = trim($_POST['passhash']); //grabs the user password, sql injection cleaning
        $pass = strip_tags($pass);
        $pass = htmlspecialchars($pass);

        if(empty($storeid)){
            $error = true;
            $storeError = "Please select a store.";
        }

        if(empty($userid)){
            $error = true;
            $useridError = "Please enter your User ID.";
        }   else if (!filter_var($userid, FILTER_VALIDATE_INT)){
            $error = true;
            $useridError = "Please enter a valid User ID.";
        }

        if(empty($pass)){
            $error = true;
            $passError = "Please enter your password.";
        }

        //if no errors, continue
        if(!$error){
            $password = hash('sha256', $pass);
            $res=mysqli_query($conn,"SELECT userID, passhash FROM User WHERE userID='$userid'");
                $row = mysqli_fetch_array($res);
                $count = mysqli_num_rows($res); //if userID and password are correct 1 row should be returned.
            $sres=mysqli_query($conn,"SELECT storeID FROM Store WHERE storeID='$storeid'");
                $srow = mysqli_fetch_array($sres);

            if( $count == 1 && $row['password']==$password){
                $_SESSION['user'] = $row['userID'];
                $_SESSION['store'] = $srow['storeID'];
                $_SESSION["loggedin"] = true;
                header('Location: http://http://server-ip/landing.php');
                exit();
            }   else{
                $errMSG = "The userID or Password you entered was incorrect. Please try again.";
            }
        }
    }
?>


<!doctype html>
<html lang="en">
  <head>
    <title>PIMSHOE Login</title>
    <!-- Required meta tags -->
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">

    <!-- Bootstrap CSS -->
    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css" integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">

  </head>

  <body>
    <div class="container-fluid jumbotron text-center bg-primary text-white" style="margin-bottom:0">
      <h1>PIMSHOE Admin</h1>
    </div>
    <?php if(isset($useridError) || isset($errMSG) ||isset($storeError) || isset($passError)) { ?>
              <div role="alert" class="alert  alert-danger  text-center">
            <?php 
              if(isset($useridError)) { echo $Error; }  
              if(isset($passError)) { echo $passError; }
              if(isset($errMSG)) { echo $errMSG; } 
              if (isset($storeError)) { echo $storeError; }
            ?>
          </div>
      <?php } ?>
    <div class="row mt-5">
    <div class="col-sm-4">
    </div>
    <div class="col-sm-4">
        <h2 class="text-center mb-4 mt-1">Sign in</h2>


        <form id="loginform" class="form-horizontal" role="form" method="post" action="landing.php" accept-charset='UTF-8'>
          <div class="form-group">
            <label for="store"></label>
                  <?php
                    echo('<select class="form-control" id="store">
                    <option>Select Store</option>');
                    $sqli = "SELECT StoreID FROM Store";
                    $result = mysqli_query($conn, $sqli);
                    while($row = mysqli_fetch_array($result)){
                        echo('<option>'.$row['StoreID'].'</option>');
                    }
                    echo('</select>');
                  ?>
             </select>
          </div>
<hr>
            <div class="form-group">
                 <input type="text" name="user_name" class="form-control" maxlength="4" pattern="^[0-9]{4}" id="userID" placeholder="User ID">
          </div>
          <div class="form-group">
                    <input type="password" name="user_pass" class="form-control" id="password" placeholder="*********">
           </div>

            <div class="form-group">
            <button id="btn-login" name="btn-login" type="submit" class="btn btn-primary btn-block bg-primary"> Login  </button>
            </div>
            </form>
          <!--<a href="" class="float-right btn btn-outline-primary">Sign up</a> Admins insert new users, maybe have it go to a form that sends a request email to an admin?-->
            <p class="underlineHover"><a href="#">Forgot password?</a></p>
      </div>
    </div>
  </div>

    <!-- Optional JavaScript -->
    <!-- jQuery first, then Popper.js, then Bootstrap JS -->
    <script src="https://code.jquery.com/jquery-3.4.1.slim.min.js" integrity="sha384-J6qa4849blE2+poT4WnyKhv5vZF5SrPo0iEjwBvKU7imGFAV0wwj1yYfoRSJoZ+n" crossorigin="anonymous"></script>
    <script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script>
    <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js" integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6" crossorigin="anonymous"></script>
  </body>
</html>
Tyler
  • 1
  • 1
    I've never seen `if(isset($_SESSION['user'])!="" && isset($_SESSION['store'])!=""){` before. Are you trying to combine two different conditions? Is this an actual check? Seems to me it should be `if(isset($_SESSION['user']) && isset($_SESSION['store'])){` – Mech Mar 30 '20 at 18:17
  • 1
    @Mech I have and people are probably finding that on a site somewhere that think it works. Well, it doesn't and are given false information. What they have now is indeed failing them. – Funk Forty Niner Mar 30 '20 at 18:18
  • Don't use SHA256 to store passwords with, use `password_hash()`. You're also open to injection. Use a prepared statement. – Funk Forty Niner Mar 30 '20 at 18:20
  • 1
    `$pass = trim($_POST['passhash']); //grabs the user password, sql injection cleaning $pass = strip_tags($pass); $pass = htmlspecialchars($pass);` - That doesn't help against injection. – Funk Forty Niner Mar 30 '20 at 18:22
  • *"sql injection cleaning"* - There's no such thing. Please do not follow w3schools for advice on security. – Dharman Mar 30 '20 at 20:00
  • **Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) – Dharman Mar 30 '20 at 20:00

1 Answers1

-1

I think the problem is with your first if statement.

The function isset returns a boolean (true or false) and you are comparing its return with "". You could write the statement in one of the two ways:

if(isset($_SESSION['user']) && isset($_SESSION['store'])){

or 

if($_SESSION['user']!="" && $_SESSION['store']!=""){
Marco Mannes
  • 186
  • 8