Upgrade from PHP 4 to PHP 5
Moderator: General Moderators
Upgrade from PHP 4 to PHP 5
So I've been trying to update my website from PHP 4 to PHP 5. However, everytime I do when I access a database system one of our web developers install, it just comes up with a page that shows the code.
Does anyone know why this would happen?
Does anyone know why this would happen?
- Jonah Bron
- DevNet Master
- Posts: 2764
- Joined: Thu Mar 15, 2007 6:28 pm
- Location: Redding, California
Re: Upgrade from PHP 4 to PHP 5
Sorry, I don't feel like deducing the IP of your machine, hacking into the system, reading your code, and answering your question right now. Maybe you could just post it?
Re: Upgrade from PHP 4 to PHP 5
sorry about that the url is http://www.digitalfilmacademy.com/dfadata/login.html
It seems to work now, but it is demanding that this username and password do not work, even though they work just fine with PHP 4 installed.
It seems to work now, but it is demanding that this username and password do not work, even though they work just fine with PHP 4 installed.
Last edited by jhoffm34 on Wed Dec 01, 2010 10:21 pm, edited 1 time in total.
- Jonah Bron
- DevNet Master
- Posts: 2764
- Joined: Thu Mar 15, 2007 6:28 pm
- Location: Redding, California
Re: Upgrade from PHP 4 to PHP 5
Glad it's working. If it's not accepting your username/password, you probably need to do some debugging to figure out why.
Re: Upgrade from PHP 4 to PHP 5
As you can probably tell, I am very new to this, its really something my boss is demanding of me after our web developer left.
I know of course what debugging means but not necessarily how to go about it for this piece of code
Suggestions?
I know of course what debugging means but not necessarily how to go about it for this piece of code
Suggestions?
- Jonah Bron
- DevNet Master
- Posts: 2764
- Joined: Thu Mar 15, 2007 6:28 pm
- Location: Redding, California
Re: Upgrade from PHP 4 to PHP 5
<assert condition="username_system.type == database">
Well, first look at your query code. Is the query looking for a valid user returning nothing? Or is it failing somewhere else? If you can't figure it out, you can post here the code where you think the problem is.
</assert>
Well, first look at your query code. Is the query looking for a valid user returning nothing? Or is it failing somewhere else? If you can't figure it out, you can post here the code where you think the problem is.
</assert>
Re: Upgrade from PHP 4 to PHP 5
So the problem seems to originate here:
It seems to be indentifying that there is a user, but not registering that it has administrator priveleges
but I can't seem to figure out why this would function in PHP4 and not PHP5
anyone know why?
Code: Select all
$result = mysql_query("SELECT * FROM `$database2` . `$table2` WHERE `userName` = '$userName'");
while($row = mysql_fetch_array($result))
{
$isadmin = $row['userType'];
$Fullname = $row['Firstname'] ." " . $row['Lastname'];
$user_id = $row['userID'];
if($isadmin == "Administrator" && $userName == "victor" || $userName == "Victor" || $userPassword == "victor" ){
LogAsAdmin();
setcookie ("admin", $isadmin); //time()+(3600 * 24)
setcookie ("user", $userName); //time()+(3600 * 24)
setcookie ("fullname", $Fullname); //time()+(3600 * 24)
setcookie ("loggedin", "TRUE"); //time()+(3600 * 2) // Expires in 2
echo "Redirecting to Inventory Admin page or click <a href='dfadata/inventory.php'>here</a> to do it now. <P>";
echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"2; url=dfadata/inventory.php\">";
echo "<br><img src=rent/images/redirecting.gif>";
} elseif($isadmin == "Administrator"){
LogAsAdmin();
setcookie ("admin", $isadmin); //time()+(3600 * 24)
setcookie ("user", $userName); //time()+(3600 * 24)
setcookie ("fullname", $Fullname); //time()+(3600 * 24)
setcookie ("loggedin", "TRUE"); //time()+(3600 * 2) // Expires in 2
echo "Redirecting to Admin page or click <a href=".$URL.">here</a> to do it now. <P>";
echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"2; url=" .$URL."\">";
echo "<br><img src=rent/images/redirecting.gif>";
} elseif($isadmin == "Super Admin"){
LogAsAdmin();
setcookie ("admin", $isadmin, time()+(3600 * 24));
setcookie ("user", $userName, time()+(3600 * 24));
setcookie ("fullname", $Fullname, time ()+(3600 * 24)); //time()+(3600 * 24)
setcookie ("loggedin", "TRUE", time()+(3600 * 24)); //Expires in 24 hours
echo "Redirecting to Admin page or click <a href=".$URL.">here</a> to do it now. <P>";
echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"2; url=".$URL."\">";
echo "<br><img src=rent/images/redirecting.gif>";
} elseif($isadmin == "President"){
LogAsAdmin();
setcookie ("admin", $isadmin, time()+(3600 * 24));
setcookie ("user", $userName, time()+(3600 * 24));
setcookie ("fullname", $Fullname, time()+(3600 * 24)); //time()+(3600 * 24)
setcookie ("loggedin", "TRUE", time()+(3600 * 24)); //Expires in 24 hours
echo "Redirecting to Admin page or click <a href=".$URL.">here</a> to do it now. <P>";
echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"2; url=".$URL."\">";
echo "<br><img src=rent/images/redirecting.gif>";
} elseif($isadmin == "Instructor"){
LogAsAdmin();
setcookie ("intr", $isadmin, time()+3600);
setcookie ("user", $userName, time()+(3600 * 1));
setcookie ("fullname", $Fullname, time()+(3600 * 1));
setcookie ("loggedin", "TRUE", time()+(3600 * 1)); //Expires in 1 hour
echo "Redirecting to Admin page or click <a href=".$URL.">here</a> to do it now. <P>";
echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"2; url=jobs/instructor.php\">";
echo "<br><img src=rent/images/redirecting.gif>";
} else {
echo "You are logged as " . $isadmin;
echo "<br/>";
//USER
//$expire=time()+60*60*24*30;
header("Content-Type: text/html; charset=utf-8");
setcookie ("user", $userName, time()+(3600 * 2));
setcookie ("loggedin", "TRUE", time()+(3600 * 2)); //Expires in 24 hours
setcookie ("fullname", $Fullname, time()+(3600 * 2)); //expires in 2 hours
echo "Redirecting to your page or click <a href=rentuser.php>here</a> to do it manually. <P>";
echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"2; url=jobs/main.php\">";
echo "<br><img src=rent/images/redirecting.gif>";
} //closing general if
$online = mysql_query("UPDATE production_jobs.users SET online = 'yes', log = '$curdate' WHERE userID = '$user_id'");
} // closing While opt
}
?>
but I can't seem to figure out why this would function in PHP4 and not PHP5
anyone know why?
- Jonah Bron
- DevNet Master
- Posts: 2764
- Joined: Thu Mar 15, 2007 6:28 pm
- Location: Redding, California
Re: Upgrade from PHP 4 to PHP 5
Okay, there's a couple of problems here. One, the logic in the first If is confusing. You need to clarify order with parentheses. As it is now, it's equivalent to:
That may or may not be what you want. That might be causing the problem, but I don't know.
Problem number two. You are storing the user's privileges in a cookie. That's a major security flaw. All they have to do is edit their cookie and voilà, they have administrative privileges.
Code: Select all
if(($isadmin == "Administrator" && $userName == "victor") || $userName == "Victor" || $userPassword == "victor" ){Problem number two. You are storing the user's privileges in a cookie. That's a major security flaw. All they have to do is edit their cookie and voilà, they have administrative privileges.
Re: Upgrade from PHP 4 to PHP 5
I believe it actually has something to do with the cookies. It seems to not setcookie properly and so no information is able to be pulled. This later leads to problems (if i bypass this) in recalling the proper information for a "Preferences" page or something like that.
Does the setcookie function operate differently in PHP5?
Does the setcookie function operate differently in PHP5?
- Jonah Bron
- DevNet Master
- Posts: 2764
- Joined: Thu Mar 15, 2007 6:28 pm
- Location: Redding, California