PHP 5.2 Upgrade - Login Page Not Working Now

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
CGoal
Forum Newbie
Posts: 4
Joined: Fri Jul 30, 2010 3:13 pm

PHP 5.2 Upgrade - Login Page Not Working Now

Post by CGoal »

So while I was working on one project that required me to upgrade my PHP version to get Zen Cart installed, it looks like my other clients page is not working anymore.

I upgraded my language to PHP 5.2
This is hosted through GoDaddy.

There must be something that is not supported that I lost for this upgrade.
Here is my code that is not working.

Login.php

Code: Select all

<table width="1000" align="center">

<tr>
<td width="200" valign="top">
<form action="LoginAction.php" method="Post">
Email Address:<br />
<input type="Text" name="psEmail" />
<br />
Password:<br />
<input type="password" name="psPassword" />
<br />
<input type="submit" value="Login" />
<input type="hidden" name="psRefer" value="<? echo($refer) ?>"
</form>
</td>
<td>administration only</td>
</tr>
</table>
LoginAction.php

Code: Select all

<?php
// Check if the information has been filled in
if($psEmail == '' || $psPassword == '') {
// No login information
header('Location: Login.php?refer='.urlencode($psRefer));
} else {
// Authenticate user
$hDB = mysql_connect('**SERVER**', '**DATABASE**', '**PASSWORD**');
mysql_select_db('**DATABASE**', $hDB);
$sQuery = "
Select iUser, MD5(UNIX_TIMESTAMP() + iUser + RAND(UNIX_TIMESTAMP())) sGUID
From tblUsers
Where sEmail = '$psEmail'
And sPassword = password('$psPassword')";
$hResult = mysql_query($sQuery, $hDB);
if(mysql_affected_rows($hDB)) {
$aResult = mysql_fetch_row($hResult);
// Update the user record
$sQuery = "
Update tblUsers
Set sGUID = '$aResult[1]'
Where iUser = $aResult[0]";
mysql_query($sQuery, $hDB);
// Set the cookie and redirect
setcookie("session_id", $aResult[1]);
if(!$psRefer) $psRefer = 'prep_admin.php';
header('Location: '.$psRefer);
} else {
// Not authenticated
header('Location: Login.php?refer='.urlencode($psRefer));
}
}
?>
This has been working for over a year, and I think my PHP 5.2 upgrade over the weekend put the kibosh on it.

Any help is appreciated.
Thanks
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: PHP 5.2 Upgrade - Login Page Not Working Now

Post by AbraCadaver »

Your code is relying on register_globals which has been deprecated for quite a while now and is unsafe. I'm not sure where $refer is coming from on the first page, but if it is in the URL, then you need to access it as $_GET['refer']. All of the values coming from your form need to be accessed as $_POST['variablename'] in the second page.

Also, the code is very unsafe.You need to validate and sanitize/escape the user supplied data before using it (submitting to the DB).
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
Post Reply