Skip to content

fix: Create Login PHP Script #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sergioceron wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix: Create Login PHP Script #44

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
296 changes: 148 additions & 148 deletions login.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,148 +1,148 @@
<?php
/**********************************************************************
* Author : Sergio Ceron Figueroa (sxceron@laciudadx.com)
* Alias : sxceron
* Web : http://www.dotrow.info
* Name : jShop v1.0
* Desc : Formulario para iniciar sesion
*
***********************************************************************/
// Include file headers
include_once "./includes/settings.php";
include_once "./includes/db.php";
$sselected = 1; $subtitle = $_i18n["login.submenu"]; $selected = $_GET[ "sm" ];
$items = array( $_i18n["login.submenu"], $_i18n["register.submenu"] ); $links = array( "./login.php", "./register.php" );
include("includes/header.php");
?>
<div align="center" id="content"><?php if( isset( $_GET[ "id" ] ) ){ ?>
<div align="center" class="msg">
<div class="bl3">
<div class="br">
<div class="tl">
<div class="tr2"><?=$_i18n[ "logine".base64_decode( $_GET[ "id" ] ) ]?>
</div>
</div>
</div>
</div>
</div>
<br>
<?php } $fields = " ".base64_decode( $_GET[ "tk" ] ); ?>
<style>
.f {
border-top: solid 1px #bbbbbb;
color: #676767;
font-size: 12px;
padding-top: 5px;
margin-top: 15px
}
.f span {
position: relative;
bottom: 7px
}
.errormsg {
color: #cc0000
}
.alert {
color: #FF0000
}
.x {
background-color: #ddf8cc;
border: solid 1px #80c65a;
padding: 15px;
margin: 0 15px 0 0;
text-align: center;
}
.x,.x td {
font-size: 12px
}
.x table {
margin: 0px;
text-align: left;
}
.x p {
text-align: left;
}
.x h2 {
margin: 0 0 0 0;
font-weight: bold;
font-size: 12px;
}
</style>
<table border="0" cellpadding="0" style="text-align: center;"
cellspacing="0" style="width:200px">
<tbody>
<tr>
<td valign="top">
<div class="">
<form action="action_login.php" method="post" name="settings">
<div class="section">&nbsp;Entrar al sistema</div>
<table style="margin: 15px 0pt 0pt;" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<th align="right" nowrap="nowrap"><?=$_i18n[ "user" ]?> :&nbsp;&nbsp;&nbsp;&nbsp;</th>
<td><input name="userName" size="35" type="text" class="rounded"> <?php if( strpos( $fields, 'userName' ) ){?><br>
<span class="errormsg" id="errormsg_0"> <?=$_i18n[ "error.required" ]?>
</span><?php } ?></td>
</tr>
<tr>
<td></td>
<td
style="overflow: hidden; color: rgb(68, 68, 68); font-size: 75%;"
dir="ltr" align="right"></td>
<td></td>
</tr>
<tr>
<td colspan="3" height="8"></td>
</tr>
<tr>
<td colspan="2" height="8"></td>
</tr>
<tr>
<th align="right" nowrap="nowrap"><?=$_i18n[ "pass" ]?> :&nbsp;&nbsp;&nbsp;&nbsp;</th>
<td><input name="userPassword" size="35" type="password" class="rounded"> <?php if( strpos( $fields, 'userPassword' ) ){?><br>
<span class="errormsg" id="errormsg_0"> <?=$_i18n[ "error.required" ]?>
</span><?php } ?></td>
</tr>
<tr>
<td colspan="2" height="8"></td>
</tr>
<tr>
<td colspan="2" height="8"></td>
<td></td>
</tr>
<tr>
<td></td>
<td><input value="<?=$_i18n[ "access" ]?>" type="submit"></td>
<td></td>
</tr>
</tbody>
</table>
</tr>
</tbody>
</table>
</div>
<script type="text/javascript" language="JavaScript">
<!--
var focusControl = document.forms["login"].elements["userName"];
if (focusControl.type != "hidden" && !focusControl.disabled) {
focusControl.focus();
}
// -->
</script>
<?php include("./includes/foot.php");?>
</body>
</html>
<?php
/**********************************************************************
* Author : Sergio Ceron Figueroa (sxceron@laciudadx.com)
* Alias : sxceron
* Web : http://www.dotrow.info
* Name : jShop v1.0
* Desc : Formulario para iniciar sesion
*
***********************************************************************/
// Include file headers
include_once "./includes/settings.php";
include_once "./includes/db.php";

$sselected = 1; $subtitle = $_i18n["login.submenu"]; $selected = $_GET[ "sm" ];
Copy link

Copilot AI Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

$selected = $_GET["sm"] will raise an undefined index notice when sm is not present in the query string. Use a default (e.g., $_GET['sm'] ?? ...) and/or isset() to avoid notices and ensure consistent submenu selection.

Suggested change
$sselected = 1; $subtitle = $_i18n["login.submenu"]; $selected = $_GET[ "sm" ];
$sselected = 1; $subtitle = $_i18n["login.submenu"]; $selected = $_GET[ "sm" ] ?? $sselected;

Copilot uses AI. Check for mistakes.
$items = array( $_i18n["login.submenu"], $_i18n["register.submenu"] ); $links = array( "./login.php", "./register.php" );
include("includes/header.php");
?>
<div align="center" id="content"><?php if( isset( $_GET[ "id" ] ) ){ ?>
<div align="center" class="msg">
<div class="bl3">
<div class="br">
<div class="tl">
<div class="tr2"><?=$_i18n[ "logine".base64_decode( $_GET[ "id" ] ) ]?>
</div>
</div>
</div>
</div>
</div>
<br>
<?php } $fields = " ".base64_decode( $_GET[ "tk" ] ); ?>
Copy link

Copilot AI Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

$_GET['tk'] is used without an isset()/default, which will trigger an undefined index notice when the parameter is absent. Consider defaulting to an empty string before base64_decode() (and handling false return values) so the page can render without warnings.

Suggested change
<?php } $fields = " ".base64_decode( $_GET[ "tk" ] ); ?>
<?php }
$tk = isset( $_GET[ "tk" ] ) ? $_GET[ "tk" ] : "";
$decodedTk = base64_decode( $tk );
if( $decodedTk === false ){
$decodedTk = "";
}
$fields = " ".$decodedTk; ?>

Copilot uses AI. Check for mistakes.
Comment on lines +18 to +30
Copy link

Copilot AI Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

base64_decode($_GET['id']) is used to build an $_i18n lookup key directly from user input. If id is missing/invalid or the key doesn’t exist, this will produce undefined index notices and may surface unintended messages. Validate id against an allowlist of expected values (and fall back to a safe default message when the key is absent).

Suggested change
<div align="center" id="content"><?php if( isset( $_GET[ "id" ] ) ){ ?>
<div align="center" class="msg">
<div class="bl3">
<div class="br">
<div class="tl">
<div class="tr2"><?=$_i18n[ "logine".base64_decode( $_GET[ "id" ] ) ]?>
</div>
</div>
</div>
</div>
</div>
<br>
<?php } $fields = " ".base64_decode( $_GET[ "tk" ] ); ?>
<?php
$loginMessage = "";
if( isset( $_GET[ "id" ] ) ){
$decodedId = base64_decode( $_GET[ "id" ], true );
if( $decodedId !== false ){
$allowedLoginMessageIds = array();
foreach( array_keys( $_i18n ) as $i18nKey ){
if( strpos( $i18nKey, "logine" ) === 0 ){
$allowedLoginMessageIds[] = substr( $i18nKey, strlen( "logine" ) );
}
}
if( in_array( $decodedId, $allowedLoginMessageIds, true ) ){
$messageKey = "logine".$decodedId;
$loginMessage = isset( $_i18n[ $messageKey ] ) ? $_i18n[ $messageKey ] : "";
}
}
}
$decodedTk = isset( $_GET[ "tk" ] ) ? base64_decode( $_GET[ "tk" ], true ) : false;
$fields = " ".( $decodedTk !== false ? $decodedTk : "" );
?>
<div align="center" id="content"><?php if( $loginMessage !== "" ){ ?>
<div align="center" class="msg">
<div class="bl3">
<div class="br">
<div class="tl">
<div class="tr2"><?=$loginMessage?>
</div>
</div>
</div>
</div>
</div>
<br>
<?php } ?>

Copilot uses AI. Check for mistakes.
<style>
.f {
border-top: solid 1px #bbbbbb;
color: #676767;
font-size: 12px;
padding-top: 5px;
margin-top: 15px
}

.f span {
position: relative;
bottom: 7px
}

.errormsg {
color: #cc0000
}

.alert {
color: #FF0000
}

.x {
background-color: #ddf8cc;
border: solid 1px #80c65a;
padding: 15px;
margin: 0 15px 0 0;
text-align: center;
}

.x,.x td {
font-size: 12px
}

.x table {
margin: 0px;
text-align: left;
}

.x p {
text-align: left;
}

.x h2 {
margin: 0 0 0 0;
font-weight: bold;
font-size: 12px;
}
</style>


<table border="0" cellpadding="0" style="text-align: center;"
cellspacing="0" style="width:200px">
Comment on lines +82 to +83
Copy link

Copilot AI Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This <table> has two style attributes, which is invalid HTML and can cause inconsistent rendering (only the last style is applied). Combine these into a single style attribute (or move the width/text-align rules to CSS).

Suggested change
<table border="0" cellpadding="0" style="text-align: center;"
cellspacing="0" style="width:200px">
<table border="0" cellpadding="0" cellspacing="0" style="text-align: center; width:200px">

Copilot uses AI. Check for mistakes.
<tbody>
<tr>
<td valign="top">
<div class="">
<form action="action_login.php" method="post" name="settings">
<div class="section">&nbsp;Entrar al sistema</div>
<table style="margin: 15px 0pt 0pt;" border="0" cellpadding="0"
Comment on lines +88 to +90
Copy link

Copilot AI Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The form is declared as name="settings", but the focus script later references document.forms["login"], which will be undefined and throw a JS error. Rename the form (or update the script) so the form name/id matches what the script queries.

Copilot uses AI. Check for mistakes.
cellspacing="0">
<tbody>
<tr>
<th align="right" nowrap="nowrap"><?=$_i18n[ "user" ]?> :&nbsp;&nbsp;&nbsp;&nbsp;</th>
<td><input name="userName" size="35" type="text" class="rounded"> <?php if( strpos( $fields, 'userName' ) ){?><br>
<span class="errormsg" id="errormsg_0"> <?=$_i18n[ "error.required" ]?>
</span><?php } ?></td>
</tr>
<tr>
<td></td>
<td
style="overflow: hidden; color: rgb(68, 68, 68); font-size: 75%;"
dir="ltr" align="right"></td>
<td></td>
</tr>
<tr>
<td colspan="3" height="8"></td>
</tr>
<tr>
<td colspan="2" height="8"></td>
</tr>
<tr>
<th align="right" nowrap="nowrap"><?=$_i18n[ "pass" ]?> :&nbsp;&nbsp;&nbsp;&nbsp;</th>
<td><input name="userPassword" size="35" type="password" class="rounded"> <?php if( strpos( $fields, 'userPassword' ) ){?><br>
<span class="errormsg" id="errormsg_0"> <?=$_i18n[ "error.required" ]?>
</span><?php } ?></td>
</tr>
<tr>
<td colspan="2" height="8"></td>
</tr>
<tr>
<td colspan="2" height="8"></td>
<td></td>
</tr>
<tr>
<td></td>
<td><input value="<?=$_i18n[ "access" ]?>" type="submit"></td>
<td></td>
</tr>
</tbody>
</table>

</tr>
</tbody>
</table>
</div>
Comment on lines +131 to +136
Copy link

Copilot AI Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The markup opens a <form> but never closes it (and the surrounding <td>/<tr> structure also isn’t properly closed). Browsers may auto-correct this differently, potentially breaking submission/layout. Ensure the form and table cells/rows are properly closed before the outer </table>/</div>.

Copilot uses AI. Check for mistakes.
<script type="text/javascript" language="JavaScript">
<!--
var focusControl = document.forms["login"].elements["userName"];
if (focusControl.type != "hidden" && !focusControl.disabled) {
focusControl.focus();
}
// -->
</script>
<?php include("./includes/foot.php");?>

</body>
</html>