tags:

views:

25

answers:

2

Hi guys. I recently purchased a flash blog on Flashcomponents.net : http://www.flashcomponents.net/component/advanced_xml_flash_blog_with_cms_and_rating_system.html There is the blog and the blog "editor", for wich you have to log in. The password is defined in a Php file named 'admin.php'. The problem is that, whatever password I type, I never managed to log in..

Here is the code of 'admin.php' :

<?php

$password = "admin";

if($_POST['un'] == $password){
    print "t";
}else{
    print "Access denied";
}

?>

Can anyone help ?

A: 

Add before the if line: print_r($_POST); to make sure the data you think is being posted is being posted.

Aaron Harun
+1  A: 

You should also not store the password like that. At the very least, run it through MD5:

$password = "yourmd5edpasshere";

if(md5($_POST['un']) == $password){
    print "t";
}else{
    die('Access denied');
}

However, due to the fact that the variable is called 'un', and is "admin", I'd be inclined to think that it was a username and not a password.

If this is indicative of the quality of the rest of the program, (and for a "flash blog" I wouldn't be surprised) then your money was wasted

Jhong