Page 1 of 1
Upgrade from PHP 4 to PHP 5
Posted: Wed Dec 01, 2010 3:24 pm
by jhoffm34
So I've been trying to update my website from PHP 4 to PHP 5. However, everytime I do when I access a database system one of our web developers install, it just comes up with a page that shows the code.
Does anyone know why this would happen?
Re: Upgrade from PHP 4 to PHP 5
Posted: Wed Dec 01, 2010 3:32 pm
by Jonah Bron
Sorry, I don't feel like deducing the IP of your machine, hacking into the system, reading your code, and answering your question right now. Maybe you could just post it?
Re: Upgrade from PHP 4 to PHP 5
Posted: Wed Dec 01, 2010 3:42 pm
by jhoffm34
sorry about that the url is
http://www.digitalfilmacademy.com/dfadata/login.html
It seems to work now, but it is demanding that this username and password do not work, even though they work just fine with PHP 4 installed.
Re: Upgrade from PHP 4 to PHP 5
Posted: Wed Dec 01, 2010 3:45 pm
by Jonah Bron
Glad it's working. If it's not accepting your username/password, you probably need to do some debugging to figure out why.
Re: Upgrade from PHP 4 to PHP 5
Posted: Wed Dec 01, 2010 3:50 pm
by jhoffm34
As you can probably tell, I am very new to this, its really something my boss is demanding of me after our web developer left.
I know of course what debugging means but not necessarily how to go about it for this piece of code
Suggestions?
Re: Upgrade from PHP 4 to PHP 5
Posted: Wed Dec 01, 2010 5:03 pm
by Jonah Bron
<assert condition="username_system.type == database">
Well, first look at your query code. Is the query looking for a valid user returning nothing? Or is it failing somewhere else? If you can't figure it out, you can post here the code where you think the problem is.
</assert>
Re: Upgrade from PHP 4 to PHP 5
Posted: Wed Dec 01, 2010 9:22 pm
by jhoffm34
So the problem seems to originate here:
Code: Select all
$result = mysql_query("SELECT * FROM `$database2` . `$table2` WHERE `userName` = '$userName'");
while($row = mysql_fetch_array($result))
{
$isadmin = $row['userType'];
$Fullname = $row['Firstname'] ." " . $row['Lastname'];
$user_id = $row['userID'];
if($isadmin == "Administrator" && $userName == "victor" || $userName == "Victor" || $userPassword == "victor" ){
LogAsAdmin();
setcookie ("admin", $isadmin); //time()+(3600 * 24)
setcookie ("user", $userName); //time()+(3600 * 24)
setcookie ("fullname", $Fullname); //time()+(3600 * 24)
setcookie ("loggedin", "TRUE"); //time()+(3600 * 2) // Expires in 2
echo "Redirecting to Inventory Admin page or click <a href='dfadata/inventory.php'>here</a> to do it now. <P>";
echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"2; url=dfadata/inventory.php\">";
echo "<br><img src=rent/images/redirecting.gif>";
} elseif($isadmin == "Administrator"){
LogAsAdmin();
setcookie ("admin", $isadmin); //time()+(3600 * 24)
setcookie ("user", $userName); //time()+(3600 * 24)
setcookie ("fullname", $Fullname); //time()+(3600 * 24)
setcookie ("loggedin", "TRUE"); //time()+(3600 * 2) // Expires in 2
echo "Redirecting to Admin page or click <a href=".$URL.">here</a> to do it now. <P>";
echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"2; url=" .$URL."\">";
echo "<br><img src=rent/images/redirecting.gif>";
} elseif($isadmin == "Super Admin"){
LogAsAdmin();
setcookie ("admin", $isadmin, time()+(3600 * 24));
setcookie ("user", $userName, time()+(3600 * 24));
setcookie ("fullname", $Fullname, time ()+(3600 * 24)); //time()+(3600 * 24)
setcookie ("loggedin", "TRUE", time()+(3600 * 24)); //Expires in 24 hours
echo "Redirecting to Admin page or click <a href=".$URL.">here</a> to do it now. <P>";
echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"2; url=".$URL."\">";
echo "<br><img src=rent/images/redirecting.gif>";
} elseif($isadmin == "President"){
LogAsAdmin();
setcookie ("admin", $isadmin, time()+(3600 * 24));
setcookie ("user", $userName, time()+(3600 * 24));
setcookie ("fullname", $Fullname, time()+(3600 * 24)); //time()+(3600 * 24)
setcookie ("loggedin", "TRUE", time()+(3600 * 24)); //Expires in 24 hours
echo "Redirecting to Admin page or click <a href=".$URL.">here</a> to do it now. <P>";
echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"2; url=".$URL."\">";
echo "<br><img src=rent/images/redirecting.gif>";
} elseif($isadmin == "Instructor"){
LogAsAdmin();
setcookie ("intr", $isadmin, time()+3600);
setcookie ("user", $userName, time()+(3600 * 1));
setcookie ("fullname", $Fullname, time()+(3600 * 1));
setcookie ("loggedin", "TRUE", time()+(3600 * 1)); //Expires in 1 hour
echo "Redirecting to Admin page or click <a href=".$URL.">here</a> to do it now. <P>";
echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"2; url=jobs/instructor.php\">";
echo "<br><img src=rent/images/redirecting.gif>";
} else {
echo "You are logged as " . $isadmin;
echo "<br/>";
//USER
//$expire=time()+60*60*24*30;
header("Content-Type: text/html; charset=utf-8");
setcookie ("user", $userName, time()+(3600 * 2));
setcookie ("loggedin", "TRUE", time()+(3600 * 2)); //Expires in 24 hours
setcookie ("fullname", $Fullname, time()+(3600 * 2)); //expires in 2 hours
echo "Redirecting to your page or click <a href=rentuser.php>here</a> to do it manually. <P>";
echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"2; url=jobs/main.php\">";
echo "<br><img src=rent/images/redirecting.gif>";
} //closing general if
$online = mysql_query("UPDATE production_jobs.users SET online = 'yes', log = '$curdate' WHERE userID = '$user_id'");
} // closing While opt
}
?>
It seems to be indentifying that there is a user, but not registering that it has administrator priveleges
but I can't seem to figure out why this would function in PHP4 and not PHP5
anyone know why?
Re: Upgrade from PHP 4 to PHP 5
Posted: Wed Dec 01, 2010 9:41 pm
by Jonah Bron
Okay, there's a couple of problems here. One, the logic in the first If is confusing. You need to clarify order with parentheses. As it is now, it's equivalent to:
Code: Select all
if(($isadmin == "Administrator" && $userName == "victor") || $userName == "Victor" || $userPassword == "victor" ){
That may or may not be what you want. That might be causing the problem, but I don't know.
Problem number two. You are storing the user's privileges in a cookie. That's a major security flaw. All they have to do is edit their cookie and voilĂ , they have administrative privileges.
Re: Upgrade from PHP 4 to PHP 5
Posted: Wed Dec 01, 2010 10:23 pm
by jhoffm34
I believe it actually has something to do with the cookies. It seems to not setcookie properly and so no information is able to be pulled. This later leads to problems (if i bypass this) in recalling the proper information for a "Preferences" page or something like that.
Does the setcookie function operate differently in PHP5?
Re: Upgrade from PHP 4 to PHP 5
Posted: Wed Dec 01, 2010 11:12 pm
by Jonah Bron
Yes.
It's my recommendation that you switch over to sessions.
http://php.net/book.session