Page 1 of 1
code was working but not anymore?!?!
Posted: Wed Mar 15, 2006 7:07 am
by khuti
hi, ive built a content managements system for somebody and it all worked fine but when i uploaded it to their server where their web space is it doesnt work. well it kinda does.. the stuff that viewers can view is viewable so database is working. but when it comes to login into the content management, nothing happens!
i have an include file at the top of the page code to validate if the login is correct on submit. but its as if its totally missing this out because if it was me login in wrong it should show an error but i dont even get that. the page just reloads itself.
any ideas as to what would be causing this?.. ive double checked my spelling of the file incase i changed it by accident but thats all fine.
Posted: Wed Mar 15, 2006 7:47 am
by Benjamin
Sounds like one of the functions you are using isn't available on the version of PHP installed on the server. Might want to post some code as well. That would help us help you.
Posted: Wed Mar 15, 2006 8:24 am
by khuti
feyd | Please use Code: Select all
tags where appropriate when posting code. Read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
right well this is the login page.. its not the includes thats causing the prob coz i tried it without them and just put the code in and it still didnt work.
Code: Select all
<?php
include("db_connect.inc");
include("validate.inc");
}
?>
<HTML>
<HEAD>
<title>Falcon Hotel - Content Management</title>
<LINK REL="stylesheet" HREF="css.css" TYPE="text/css">
</HEAD>
<BODY>
<center>
<h3>Falcon Hotel Login</h3>
<hr WIDTH="100%" size="1"></hr>
<FORM METHOD="post" action="<?=$PHP_SELF?>">
<TABLE CELLPADDING="10" CELLSPACING="2">
<TR>
<TD class="output2"><p class="grey"><b>username:</b></p></TD>
<TD class="output"><INPUT TYPE="text" name="username" CLASS="size"></TD>
</TR>
<TR>
<TD class="output2"><p class="grey"><b>password:</b></p></TD>
<TD class="output"><INPUT TYPE="password" name="password" CLASS="size"></TD>
</TR>
<TR>
<TD></TD>
<TD class="output2"><INPUT TYPE="submit" name="submit" value="submit"></TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
inside the validate it looks like this..
Code: Select all
<?php
if ($submit) {
$username=$_REQUEST['username'];//get username from form
$password=$_REQUEST['password'];//get password from form
session_start();
$result = mysql_query("SELECT * FROM login_sys WHERE pass='$password' AND login='$username'");
if ($row = mysql_fetch_array($result)) {
//--set session variable--//
$_SESSION['loggedin'] = TRUE;
header("Location: http://server.name/~username/cms/admin.php");
}
else {
//--dont set a session, give an error message--//
echo "Login failure";
}
}
?>
feyd | Please use Code: Select all
tags where appropriate when posting code. Read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
Posted: Wed Mar 15, 2006 8:32 am
by feyd
looks like your code assumes register_globals is on.
Run the following in a new file on
both servers and tell us the results please.
Code: Select all
<?php
$ve = phpversion();
$os = PHP_OS;
$er = intval(error_reporting());
$rg = (in_array(strtolower(ini_get('register_globals')), array(0, false, '', null, 'off')) ? 'Off' : 'On');
$de = (in_array(strtolower(ini_get('display_errors')), array(0, false, '', null, 'off')) ? 'Off' : 'On');
$eol = (isset($_SERVER['HTTP_HOST']) ? "<br />\n" : "\n");
$ec = array(
'E_STRICT' => 2048,
'E_ALL' => 2047,
'E_USER_NOTICE' => 1024,
'E_USER_WARNING' => 512,
'E_USER_ERROR' => 256,
'E_COMPILE_WARNING' => 128,
'E_COMPILE_ERROR' => 64,
'E_CORE_WARNING' => 32,
'E_CORE_ERROR' => 16,
'E_NOTICE' => 8,
'E_PARSE' => 4,
'E_WARNING' => 2,
'E_ERROR' => 1,
);
$e = array();
$t = $er;
foreach ($ec as $n => $v)
{
if (($t & $v) == $v)
{
$e[] = $n;
$t ^= $v;
}
}
$er = $er . ' (' . implode(' | ', $e) . ')';
echo 'PHP Version: ' . $ve . $eol;
echo 'PHP OS: ' . $os . $eol;
echo 'Error Reporting: ' . $er . $eol;
echo 'Register Globals: ' . $rg . $eol;
echo 'Display Errors: ' . $de . $eol;
?>
Posted: Wed Mar 15, 2006 8:37 am
by khuti
hi,sorry bout not showing the code properly..
anyway on the server im using now it showed..
PHP Version: 4.4.1
PHP OS: Linux
Error Reporting: 2039 (E_USER_NOTICE | E_USER_WARNING | E_USER_ERROR | E_COMPILE_WARNING | E_COMPILE_ERROR | E_CORE_WARNING | E_CORE_ERROR | E_PARSE | E_WARNING | E_ERROR)
Register Globals: Off
Display Errors: On
so is the prob because globals is off?
if so what should i do? im not really sure what its meaning.
also i cant do it on the other server at the moment seems to be down

Posted: Wed Mar 15, 2006 8:44 am
by feyd
you'll need to rewrite your code such that all data you think is input from url or submissions is done through the superglobals $_GET, $_POST, etc.
In this particular case,
should at minimum change to
however, looking for the submission button is not the best idea. Instead look for $_SERVER['REQUEST_METHOD'] being "POST" or for a form element (or elements) that should always be apart of the submission.
Additionally, you have a security hole in your code involving SQL injection with $username and $password. Read through the security forum for more detail.
Posted: Wed Mar 15, 2006 8:48 am
by khuti
ok thanks alot for the help, and added tips

ill get me reading goggles on!!
o also will i need to change
into
???