code was working but not anymore?!?!
Moderator: General Moderators
code was working but not anymore?!?!
hi, ive built a content managements system for somebody and it all worked fine but when i uploaded it to their server where their web space is it doesnt work. well it kinda does.. the stuff that viewers can view is viewable so database is working. but when it comes to login into the content management, nothing happens!
i have an include file at the top of the page code to validate if the login is correct on submit. but its as if its totally missing this out because if it was me login in wrong it should show an error but i dont even get that. the page just reloads itself.
any ideas as to what would be causing this?.. ive double checked my spelling of the file incase i changed it by accident but thats all fine.
i have an include file at the top of the page code to validate if the login is correct on submit. but its as if its totally missing this out because if it was me login in wrong it should show an error but i dont even get that. the page just reloads itself.
any ideas as to what would be causing this?.. ive double checked my spelling of the file incase i changed it by accident but thats all fine.
feyd | Please use
inside the validate it looks like this..
feyd | Please use
Code: Select all
andCode: Select all
tags where appropriate when posting code. Read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
right well this is the login page.. its not the includes thats causing the prob coz i tried it without them and just put the code in and it still didnt work.Code: Select all
<?php
include("db_connect.inc");
include("validate.inc");
}
?>
<HTML>
<HEAD>
<title>Falcon Hotel - Content Management</title>
<LINK REL="stylesheet" HREF="css.css" TYPE="text/css">
</HEAD>
<BODY>
<center>
<h3>Falcon Hotel Login</h3>
<hr WIDTH="100%" size="1"></hr>
<FORM METHOD="post" action="<?=$PHP_SELF?>">
<TABLE CELLPADDING="10" CELLSPACING="2">
<TR>
<TD class="output2"><p class="grey"><b>username:</b></p></TD>
<TD class="output"><INPUT TYPE="text" name="username" CLASS="size"></TD>
</TR>
<TR>
<TD class="output2"><p class="grey"><b>password:</b></p></TD>
<TD class="output"><INPUT TYPE="password" name="password" CLASS="size"></TD>
</TR>
<TR>
<TD></TD>
<TD class="output2"><INPUT TYPE="submit" name="submit" value="submit"></TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>Code: Select all
<?php
if ($submit) {
$username=$_REQUEST['username'];//get username from form
$password=$_REQUEST['password'];//get password from form
session_start();
$result = mysql_query("SELECT * FROM login_sys WHERE pass='$password' AND login='$username'");
if ($row = mysql_fetch_array($result)) {
//--set session variable--//
$_SESSION['loggedin'] = TRUE;
header("Location: http://server.name/~username/cms/admin.php");
}
else {
//--dont set a session, give an error message--//
echo "Login failure";
}
}
?>feyd | Please use
Code: Select all
andCode: Select all
tags where appropriate when posting code. Read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
looks like your code assumes register_globals is on.
Run the following in a new file on both servers and tell us the results please.
Run the following in a new file on both servers and tell us the results please.
Code: Select all
<?php
$ve = phpversion();
$os = PHP_OS;
$er = intval(error_reporting());
$rg = (in_array(strtolower(ini_get('register_globals')), array(0, false, '', null, 'off')) ? 'Off' : 'On');
$de = (in_array(strtolower(ini_get('display_errors')), array(0, false, '', null, 'off')) ? 'Off' : 'On');
$eol = (isset($_SERVER['HTTP_HOST']) ? "<br />\n" : "\n");
$ec = array(
'E_STRICT' => 2048,
'E_ALL' => 2047,
'E_USER_NOTICE' => 1024,
'E_USER_WARNING' => 512,
'E_USER_ERROR' => 256,
'E_COMPILE_WARNING' => 128,
'E_COMPILE_ERROR' => 64,
'E_CORE_WARNING' => 32,
'E_CORE_ERROR' => 16,
'E_NOTICE' => 8,
'E_PARSE' => 4,
'E_WARNING' => 2,
'E_ERROR' => 1,
);
$e = array();
$t = $er;
foreach ($ec as $n => $v)
{
if (($t & $v) == $v)
{
$e[] = $n;
$t ^= $v;
}
}
$er = $er . ' (' . implode(' | ', $e) . ')';
echo 'PHP Version: ' . $ve . $eol;
echo 'PHP OS: ' . $os . $eol;
echo 'Error Reporting: ' . $er . $eol;
echo 'Register Globals: ' . $rg . $eol;
echo 'Display Errors: ' . $de . $eol;
?>hi,sorry bout not showing the code properly..
anyway on the server im using now it showed..
PHP Version: 4.4.1
PHP OS: Linux
Error Reporting: 2039 (E_USER_NOTICE | E_USER_WARNING | E_USER_ERROR | E_COMPILE_WARNING | E_COMPILE_ERROR | E_CORE_WARNING | E_CORE_ERROR | E_PARSE | E_WARNING | E_ERROR)
Register Globals: Off
Display Errors: On
so is the prob because globals is off?
if so what should i do? im not really sure what its meaning.
also i cant do it on the other server at the moment seems to be down
anyway on the server im using now it showed..
PHP Version: 4.4.1
PHP OS: Linux
Error Reporting: 2039 (E_USER_NOTICE | E_USER_WARNING | E_USER_ERROR | E_COMPILE_WARNING | E_COMPILE_ERROR | E_CORE_WARNING | E_CORE_ERROR | E_PARSE | E_WARNING | E_ERROR)
Register Globals: Off
Display Errors: On
so is the prob because globals is off?
if so what should i do? im not really sure what its meaning.
also i cant do it on the other server at the moment seems to be down
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
you'll need to rewrite your code such that all data you think is input from url or submissions is done through the superglobals $_GET, $_POST, etc.
In this particular case,should at minimum change to however, looking for the submission button is not the best idea. Instead look for $_SERVER['REQUEST_METHOD'] being "POST" or for a form element (or elements) that should always be apart of the submission.
Additionally, you have a security hole in your code involving SQL injection with $username and $password. Read through the security forum for more detail.
In this particular case,
Code: Select all
if($submit)Code: Select all
if($_POST['submit'])Additionally, you have a security hole in your code involving SQL injection with $username and $password. Read through the security forum for more detail.
ok thanks alot for the help, and added tips
ill get me reading goggles on!!
o also will i need to change into ???
o also will i need to change
Code: Select all
$_REQUEST['stuff'];Code: Select all
$_POST['stuff'];