Page 1 of 2

Login Script Broke on new server, PRETTY please - FREE BEER

Posted: Mon Jul 26, 2004 10:57 am
by romeo
I transfered my site to a new server its a windows server running 4.3.3 and the login script I used to rea da text file and match login and password stopped working

Did a function change, it seems that no matter what the data entered is not matched in the text file (constantly fails)? maybe some thing like globals is off? I 'm sure a more expereinced eye cna pick it up


Here is the code

SAVING SPACE, DELETED OLD CODE. LOOK FOR NEW BELOW

Posted: Mon Jul 26, 2004 11:06 am
by feyd
try passing 'rb' instead of 'r' to fopen..

Posted: Mon Jul 26, 2004 11:18 am
by redmonkey
Possibly a case of register globals being set to off. Have you tried using $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] instead of PHP_AUTH_USER and PHP_AUTH_PW respectively.

Posted: Mon Jul 26, 2004 11:35 am
by romeo
got a different error

Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in login.php on line 34


so it may be have been the globals... any help here, i dont see the problem

SAVING SPACE, DELETED OLD CODE. LOOK FOR NEW BELOW

Posted: Mon Jul 26, 2004 11:40 am
by feyd

Code: Select all

if ( ( $username == "$_SERVER['PHP_AUTH_USER']" ) &&
             ( $password == "$_SERVER['PHP_AUTH_PW']" ) ) {
you can lose the double quotes around those variables. :)

Posted: Mon Jul 26, 2004 11:42 am
by romeo
I tried that, but then it went back to the wya it was before, like it was igonring the variables all together and not authenticating

Posted: Mon Jul 26, 2004 11:44 am
by feyd
are you getting any errors with it? like fopen(webusers.php) cannot open file stream or something?

Posted: Mon Jul 26, 2004 11:47 am
by romeo
no errors, im assuming its just not reading the file as the login and password im giving is correct

Posted: Mon Jul 26, 2004 12:21 pm
by feyd
looks like you need to debug it, lots of echos of differing things and whatnot.

Posted: Mon Jul 26, 2004 1:10 pm
by romeo
yeah it works fine on the other server, dont know what coudl be different, is there a way to force errors?

Posted: Mon Jul 26, 2004 1:14 pm
by feyd

Code: Select all

ini_set('display_errors', '1');
error_reporing(E_ALL);
although parse errors won't echo out unless you alter your php.ini.. check into your error logs too..

Posted: Mon Jul 26, 2004 1:15 pm
by romeo
trying now

Posted: Mon Jul 26, 2004 1:28 pm
by romeo
it was a typo
error_reporting(E_ALL);

But it is still not giving me any errors..

Does anyone have any idea, please

Posted: Mon Jul 26, 2004 2:45 pm
by romeo
here is the currect code, for those just joining us

Code: Select all

<?php

ini_set('display_errors', '1');
ini_set('error_reporting', E_ALL);

$auth = false; // Assume user is not authenticated

if (isset( $_SERVER['PHP_AUTH_USER'] ) && isset( $_SERVER['PHP_AUTH_PW'] )) {

    // Read the entire file into the variable $file_contents

    $filename = 'webusers.php';
    $fp = fopen( $filename, 'r' );
    $file_contents = fread( $fp, filesize( $filename ) );
    fclose( $fp );

    // Place the individual lines from the file contents into an array.

    $lines = explode ( "\n", $file_contents );

    // Split each of the lines into a username and a password pair
    // and attempt to match them to $PHP_AUTH_USER and $PHP_AUTH_PW.

foreach ( $lines as $line ) {

list( $memberid, $membername, $contactname, $username, $password, $email, $reportname ) = explode( '|', $line );

$memberid = trim($memberid);
$membername = trim($membername);
$contactname = trim($contactname);
$username = trim($username);
$password = trim($password);
$email = trim($email);
$reportname = trim($reportname);

if (($username == $_SERVER['PHP_AUTH_USER']) && ($password == $_SERVER['PHP_AUTH_PW'])) 
		{
            // A match is found, meaning the user is authenticated.
            // Stop the search.
            $auth = true;
            break;
        }
    }
}

if (!$auth) {
    header( 'WWW-Authenticate: Basic realm="Private"' );
    header( 'HTTP/1.0 401 Unauthorized' );
    echo 'Authorization Required.';
    exit;
} else {
$memberid = base64_encode($memberid);
$membername = base64_encode($membername);
$email = base64_encode($email);
$contact = base64_encode($contactname);
$reportname = base64_encode($reportname);

    header("Location: http://www.lblah.com/vppages/membersonl ... reportname");
}
?>

Come on, Ill buy you a beer

Posted: Mon Jul 26, 2004 2:52 pm
by romeo
how about 2 beers? (im desperate)

whats the command to avoid defining variables?