I have a Login script (it's a basic demonstration exercise of PHP for the web class i'm in) that is insecure, but intentionally so. Advice regarding exploits will go unnoticed, as this is for testing purposes only.
I have stumped the teacher. The code I have written has been bugfixed a number of times, yet my code still does not run correctly. I double-checked the functions I was using with the version of PHP on my webhost (I'm running 5.4) to make sure things were correctly written.
We can't figure out what's wrong. Maybe someone else can?
Here's the three files:
login.php
<html>
<body>
<form action="process.php" method="post">
Username: <input type="text" name="name"><br>
Password: <input type="text" name="pass"><br>
<input type="submit">
<?php
if (isset($_SESSION ["errorwelcome"])){
echo ($_SESSION ["errorwelcome"]);
unset($_SESSION ["errorwelcome"]);
}
if (isset($_SESSION ["errorunpass"])){
echo ($_SESSION ["errorunpass"]);
unset($_SESSION ["errorunpass"]);
}
?>
</form>
</body>
</html>
process.php
<?php
if ($_POST ["name"] == "shmailey"){
if ($_POST ["pass"] == "password"){
$_SESSION["login"] = 1;
header('Location: welcome.php');
exit;
}
}
if ($_POST ["name"] != "shmailey"){
$_SESSION ["errorunpass"] = "Uh oh, we didn't recognize those credentials. Incorrect Username and/or Password.";
header('Location: login.php');
exit;
}
?>
welcome.php
<?php
if (isset($_SESSION ["login"])){
unset ($_SESSION["login"]);
}
else{
$_SESSION["errorwelcome"] = "You need to login first.";
unset ($_SESSION["login"]);
header('Location: login.php');
exit;
}
?>
<html>
<body>
<?php
echo "Login Success";
echo "Username: shmailey";
echo "Password: password";
?>
</body>
</html>