Page 1 of 2
Sessioncheck
Posted: Tue Jan 17, 2006 2:34 pm
by joshm
I believe I'm having sessioncheck issues. I'm not really a php person, or a database person so I can't be sure. We had a website built for us, and got screwed so I am left to figure things out on my own. I'm now down to 2 issues. One being this sessioncheck thing. when I go to ligin to our admin area the login screen comes up and I enter the username and password. then it says "You are not AUTHORIZED to view this page." I did a code serch in all the php files and found that phrase in the sessioncheck.php file. this is what my code looks like.
Code: Select all
<?php
session_start();
ob_start();
if(strtolower(md5($_SERVER['SERVER_ADDR']))!='d8c068d81fd577ee1ed71222f87c4953')
{
echo "You are not AUTHORIZED to view this page.";
//Header("Location:index.php");
exit;
}
/*
include_once('../business/clsmaintenance.php');
$Maintenance = new Maintenance();
if($Maintenance->CheckSchedule())
{
$Maintenance->DoMaintenance();
}
*/
if(!(session_is_registered($_SESSION["sesadmin"])))
{
Header("Location:index.php");
exit;
}
?>
If anyone can help me that would help a lot because I'm pretty lost. I know what the session check is supposed to do I just don't know how to fix the problem. Thanks in advance for any help or knowlege passed my way.
Posted: Tue Jan 17, 2006 4:17 pm
by John Cartwright
Did you switch domains or transfer this code from a development server to live server?
Posted: Tue Jan 17, 2006 5:15 pm
by Jenk
Code: Select all
if(!(session_is_registered($_SESSION["sesadmin"])))
That's an oxymoron if I ever saw one

Posted: Tue Jan 17, 2006 6:15 pm
by raghavan20
Code: Select all
bool session_is_registered ( string name )
if(!(session_is_registered($_SESSION["sesadmin"])))
{
Header("Location:index.php");
exit;
}
}
in your statement you are passing value of the session variable, sesadmin to session_is_registerted() which is wrong.
Instead if you are going to check a session variable is registered, you should pass the name of the variable to session_is_registered().
so it should be...
Code: Select all
if(!(session_is_registered("sesadmin"]))
{
Header("Location:index.php");
exit;
}
}
Also do make sure when you execute md5 on your server address you yield the constant md5ed value.
sessioncheck
Posted: Tue Jan 17, 2006 11:30 pm
by joshm
Jcart wrote:Did you switch domains or transfer this code from a development server to live server?
No but we did switch from one live server to another live server, which I'm pretty sure is the problem. I actually have the site running on one server perfectly fine, but on the server I switched it to it doesn't work. I thought maybe it had something to do with the string of numbers on line 4 'd8c068d81fd577ee1ed71222f87c4953' but I'm not sure.
As for the rest of the responses I thank you, but like I said I don't know php so I'm pretty lost to all of what was said.
Posted: Wed Jan 18, 2006 2:11 am
by raghavan20
Code: Select all
if(strtolower(md5($_SERVER['SERVER_ADDR']))!='d8c068d81fd577ee1ed71222f87c4953')
For you I am explaining again, this expects the address of the server when hashed using md5 algorithm should yield 'd8c068d81fd577ee1ed71222f87c4953', which won't happen since you have changed server.
What you have to do now is, run a separate file, find md5("your_new_server_address") and assume that value as
val_md5...
Code: Select all
val_md5 = md5($_SERVER['SERVER_ADDR']); //note down this value and go to the original file and replace the if statement like...
if(strtolower(md5($_SERVER['SERVER_ADDR']))!= val_md5)//the val_md5 is the value I asked you to note down
Posted: Wed Jan 18, 2006 2:21 am
by joshm
raghavan20 wrote:Code: Select all
if(strtolower(md5($_SERVER['SERVER_ADDR']))!='d8c068d81fd577ee1ed71222f87c4953')
For you I am explaining again, this expects the address of the server when hashed using md5 algorithm should yield 'd8c068d81fd577ee1ed71222f87c4953', which won't happen since you have changed server.
What you have to do now is, run a separate file, find md5("your_new_server_address") and assume that value as
val_md5...
Code: Select all
val_md5 = md5($_SERVER['SERVER_ADDR']); //note down this value and go to the original file and replace the if statement like...
if(strtolower(md5($_SERVER['SERVER_ADDR']))!= val_md5)//the val_md5 is the value I asked you to note down
How do I find the md5?
Posted: Wed Jan 18, 2006 2:21 am
by timvw
It's pretty obvious the author of that code didn't want that it would work on a different domain.
Simply removing the if block would make the problem go away.
Posted: Wed Jan 18, 2006 2:29 am
by joshm
timvw wrote:It's pretty obvious the author of that code didn't want that it would work on a different domain.
Simply removing the if block would make the problem go away.
Is that going to mess anything else on the site? like normal users not admin users and or shopping cart?
Posted: Wed Jan 18, 2006 2:38 am
by joshm
actually I just did a search in the source code for all my php files and md5 is attached to a ton of files so I know I need to find the md5 for my server somehow. Any ideas?
Thanks for all the help.
Posted: Wed Jan 18, 2006 2:48 am
by raghavan20
md5 as said, is an hashing algorithm to hash passwords and other data.
What you have to do is, use the inbuilt function of PHP,
md5() and run this function with your server name as input and substitute this value in the if statement.
Posted: Wed Jan 18, 2006 2:53 am
by joshm
raghavan20 wrote:use the inbuilt function of PHP,
md5() and run this function with your server name as input and substitute this value in the if statement.
I know you must think I'm a retard, but could you explain how to go about doing that. I've been trying to research it on php website but I'm not really finding anything I understand
Posted: Wed Jan 18, 2006 3:18 am
by Jenk
create a new file on the server you wish to run this application on, with the following contents:
Code: Select all
<?php
echo md5($_SERVER['SERVER_ADDR']);
?>
That will give you the md5 value you need to replace.
raghavan20 - as the manual says, session_is_registered is not to be used if using the $_SESSION superglobal, use isset($_SESSION['var']) instead.
Posted: Wed Jan 18, 2006 3:26 am
by joshm
Jenk wrote:create a new file on the server you wish to run this application on, with the following contents:
Code: Select all
<?php
echo md5($_SERVER['SERVER_ADDR']);
?>
That will give you the md5 value you need to replace.
raghavan20 - as the manual says, session_is_registered is not to be used if using the $_SESSION superglobal, use isset($_SESSION['var']) instead.
you are my GODs thank you all for your help! It worked! I'm SOOOOO greatful. Now if only I could fix the one last problem I am having with my damn directories. If anyone is willing to help me with that problem I can explain it.
Posted: Wed Jan 18, 2006 3:30 am
by timvw
Now here is what i would have done:
Code: Select all
/*
if(strtolower(md5($_SERVER['SERVER_ADDR']))!='d8c068d81fd577ee1ed71222f87c4953')
{
echo "You are not AUTHORIZED to view this page.";
//Header("Location:index.php");
exit;
}
*/
Might even consider to completely delete those lines.