Page 1 of 1

What wrong with this code

Posted: Mon Apr 10, 2006 7:40 am
by m0nk3yb0y
The following code was working fine on my development platform php 4.4.2 but is now not working on the live site php 4.3.2.

Can anyone tell me what I've done wrong?

Code: Select all

<?PHP
ob_start();
include 'include/header.php';
if ($REQUEST_METHOD == 'POST')
{
$crypt = md5($_POST[password]);

	if (!$db->query("SELECT * FROM users WHERE password = '$crypt' AND userName = '$_POST[userName]'"))
	{
	echo"<META HTTP-EQUIV=Refresh CONTENT=\"5; URL=login.php\">\n<h3>BAD PASSWORD TRY AGAIN</h3>";
	}
	else
	{
	$user = $db->get_row("SELECT * FROM users WHERE userName = '$_POST[userName]'");
	/*Start login session and register variables*/
	session_start();
	session_register("sess_user");
	$sess_user="$user->idusers";
	session_register("sess_name");
	$sess_name="$user->userName";
	/*Insert a 1 to say user is online 
	$db->query("UPDATE users SET online = '1' WHERE iduser = '$sess_user'");*/
	echo"<META HTTP-EQUIV=Refresh CONTENT=\"5; URL=index.php\">\n<h3>You're logged in as $sess_name</h3>";
	}
}
else
{
?>
<!--Main Content //-->
	<h2>Log in Please</h2>
	<form name="login" action="login.php" method="post">
	<table cellspacing="1">
	<tr><td><p>Your Username</p></td></tr>
	<tr><td><input type="text" name="userName" maxlength="30"></td></tr>
	<tr><td><p>Password</p></td></tr>
	<tr><td><input type="password" name="password" maxlength="30"></td></tr>
	<tr><td><input type="submit" name="login" value="Login"></td></tr>
	</table>
	</form>
<!--Main Content ends //-->
<?PHP
}//close the above if statement
include 'include/footer.php';
?>
ps I'm using ez_sql as my db wrapper

Re: What wrong with this code

Posted: Mon Apr 10, 2006 7:53 am
by timvw
m0nk3yb0y wrote:The following code was working fine on my development platform php 4.4.2 but is now not working on the live site php 4.3.2.

Can anyone tell me what I've done wrong?
ENOCRYSTALBALL.

- What exactly isn't working?
What are the error messages and notices?
- Where does $REQUEST_METHOD come from? Sure you don't want $_SERVER['REQUEST_METHOD']?

Posted: Mon Apr 10, 2006 8:02 am
by m0nk3yb0y
Sorry bout that.

The $REQUEST_METHOD comes from the form that is in the html further down in the code.
Basicly the form submits the user and pass back onto itself and the if statement picks out the varibles and checks them against whats in the db.

As far as whats happening I'm gettng no error messages and the form just seems to reload itself with nothing happening.

Sorry for being vague. I hope this helps.

-m0nk3yb0y

Posted: Mon Apr 10, 2006 8:12 am
by m0nk3yb0y
Ok, I tried changing to $_SERVER['REQUEST_METHOD'] and also changing the posted variables to $_POST[variable_name] format and it kinda worked but it seems that the sessions are not being declared.

How do I debug this?

Posted: Mon Apr 10, 2006 8:41 am
by shiznatix
don't use session_register() and the sort. use the $_SESSION global variable.

Posted: Mon Apr 10, 2006 8:49 am
by m0nk3yb0y
Thanx for the tip. That was totally the problem I'm now in the process of going through my app and replacing all the POST variables and SESSION variable with the more updated global kind.

Man it doesn't pay to be lazy :lol:
-m0nk3yb0y