Page 1 of 1

Server configuration causing login/out error notice

Posted: Sun Nov 22, 2009 5:37 pm
by Jackt
I am new to php please excuse my ignorance. However, Please can anybody help?
I have been trying unsuccessfully for three days now to get a log in system working on my site. It consists of a public section and a protected Admin section. The admin has several pages which I have been trying to make available using sessions. I have had it all workng on my "Localhost" but when I put it up to the server I get an error notice as follows:
Notice: Undefined variable: HTTP_SERVER_VARS in E:\domains\d\ccrc\user\htdocsadminlogin.php on line 7

I have re configured my "Localhost" servber and have traced the probl;em to a PHP.ini setting: register_long_arrays = Off
In addition it doesnt log in or out properly.
Is there a replacement piece of code that I can use and still retain the admin authentication over several protected pages?

I cant get the system to accept the file so here is the offending section:
<?php require_once('../Connections/jtaberner1.php'); ?>
<?php
//initialize the session
session_start();

// ** Logout the current user. **
$logoutAction = $HTTP_SERVER_VARS['PHP_SELF']."?doLogout=true";
//$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";

If I turn register_long_arrays = On on my Localhost it works ok at home.

Thank you in advance for help.

Regards

Jackt

Re: Server configuration causing login/out error notice

Posted: Sun Nov 22, 2009 6:08 pm
by requinix

Code: Select all

$logoutAction = $HTTP_SERVER_VARS['PHP_SELF']."?doLogout=true";
//$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
Think about that.

Re: Server configuration causing login/out error notice

Posted: Mon Nov 23, 2009 7:41 am
by Jackt
Hi again

Thanks for getting back to me so quickly.

From my reading on the net, am I correct in my understanding that $HTTP_SERVER_VARS['PHP_SELF']. is an ols server variable and support for this was discontinued in PHP ver,.4.o. Because of the live server configaration I can not change it but I can change my local server config. This is why it doesnt work on the live server. I dont know what this bit of code is suppposed to do so can you please explain that and is there a replacement that will suite PHP5?

Many thanks

Jackt

Re: Server configuration causing login/out error notice

Posted: Mon Nov 23, 2009 10:28 am
by iankent
You're right about $HTTP_SERVER_VARS - it's now been deprecated and replaced by $_SERVER

Try $_SERVER['PHP_SELF'] instead :)

Re: Server configuration causing login/out error notice

Posted: Mon Nov 23, 2009 12:00 pm
by Jackt
Hello Iankent

Thanks for your reply. I have tried $_SERVER['PHP_SELF'] and while it has got rid of the error message I still have no control over access to the admin page.

I have a log in page which if successfull gives you access to the admin. I have session_start(); at the top of each page, I believe to enable the administrator to navigate admin pages without repeating the login for each page.

Neither the log in nor the log out works but the cookie is set in the temp folder when the login page is first accessed but without actually logging in. Deleting the cookie and re-booting the browser clears it until the next time the page is accessed.

The log in comprises username and password and the associated table has users with "admin" status.
If you can help me to get the log in to work I might have half a chance of finding my way through the logout.

Log in code is as follows: Sorry about the length of it.

<?php require_once('../Connections/jtaberner1.php'); ?>
<?php
session_start();
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "accessLevel";
$MM_redirectLoginSuccess = "admin.php";
$MM_redirectLoginFailed = "../home.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_jtaberner1, $jtaberner1);
$LoginRS__query=sprintf("SELECT userName, password, accessLevel FROM users WHERE userName=%s AND password=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $jtaberner1) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {

$loginStrGroup = mysql_result($LoginRS,0,'accessLevel');

//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;

if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>

Hope you can see what I am doing wrong.

Best regards
Jack

Re: Server configuration causing login/out error notice

Posted: Mon Nov 23, 2009 12:20 pm
by iankent
First thing thats obvious is that you're setting session variables and then using a header() call to redirect the page. This is a known problem in PHP which means you'll need to call session_write_close() just before the call to header() to force PHP to save the session variables you've set.

If that doesn't help, try having a look here:
http://articles.sitepoint.com/article/a ... -control/1
It's an excerpt from PHP Anthology that deals with access control, e.g. logins, ACLs and sessions.

also, when posting code please use the code or php tags :)

hth

Re: Server configuration causing login/out error notice

Posted: Mon Nov 23, 2009 3:17 pm
by Jackt
Hi Iankent
Thank you for the pointer. It will take me a little time to work through the article but it looks very promising.

You mentioned that when posting code please use the code or php tags. Please can you explain what these are if they are not the usual <?php tags?

Thanks again for your help
Best regards

Jack

Re: Server configuration causing login/out error notice

Posted: Mon Nov 23, 2009 3:21 pm
by iankent
Only when you're posting code on the forum - it applies formatting to the code and makes it much easier to read, e.g.

Code: Select all

$i = 1;
function hello($x) {
    echo "Hello $x";
}
hello($i);
which will output this:

Code: Select all

 
$i = 1;
function hello($x) {
    echo "Hello $x";
}
hello($i);
 
instead of this:
$i = 1;
function hello($x) {
echo "Hello $x";
}
hello($i);

hope that explains it! :)

Re: Server configuration causing login/out error notice

Posted: Mon Nov 23, 2009 3:34 pm
by Jackt
I see now what you mean. Thank you!

I'm going back to your recommended article.

Best regards

Jack