The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.
|
 |
|
Dev Shed Forums
> Programming Languages
> PHP Development
|
Is this a PHP 5 issue
Discuss Is this a PHP 5 issue in the PHP Development forum on Dev Shed.
Is this a PHP 5 issue PHP Development forum discussing coding practices, tips on PHP, and other PHP-related topics. PHP is an open source scripting language that has taken the web development industry by storm.
|
|
 |
|
|
|
|
Dev Shed Forums Sponsor:
|
|
|
November 1st, 2012, 07:15 PM
|
|
|
|
Is this a PHP 5 issue
OK, I've been using a CMS built by a friend of mine who is an absolute genius. I've been using it for years with no problem. But now, nothing works, not even the query checks. So, I have the following code after the login status:
Code:
$mysql = mysql_connect($host, $user, $pass);
if(!$mysql)
{
echo 'Cannot connect to database. Please try again or email name@host.com';
exit;
}
// select the appropriate database
$mysql = mysql_select_db($db);
if(!$mysql)
{
echo 'Cannot select database. Please try again or email sean@hostname.com';
exit;
}
// query the database to see if there is a record which matches
$query = "select * from login where
username = '$username' and
psswd = '$psswd'";
$result = mysql_query( $query );
if(!$result)
{
echo 'Cannot run query.';
exit;
}
When I try to login, none of the checks work . . . nothing happens at all. Is this a PHP4 vs. PHP5 issue. Can anyone give me some insight.
thanks so much!
-S
Last edited by lelales : November 2nd, 2012 at 04:18 AM.
Reason: typo
|
November 1st, 2012, 07:59 PM
|
 |
Still alive
|
|
Join Date: Mar 2007
Location: Washington, USA
|
|
|
Be more descriptive about what "nothing works" means. What you do see? Not see? What should it do?
Has anything changed recently?
|
November 1st, 2012, 08:07 PM
|
|
|
|
hey requinix
The script doesn't throw any error messages . . . nothing happens at all, except the login "username" and "passwords" go blank. I was thinking that I would get one of the error messages, but that's all that happens, which is basically nothing.
I'm out of ideas on how to trouble shoot this. If you have any ideas, please pass them along
Thanks so much!
-S
|
November 1st, 2012, 10:07 PM
|
|
Still alive
|
|
Join Date: Mar 2007
Location: Washington, USA
|
|
|
Does the page refresh? You're not really describing much but that's what it sounds like it's doing.
Post more of the code. Specifically, the stuff coming after what you already posted.
|
November 2nd, 2012, 04:08 AM
|
|
|
|
Hey requinix
Thanks for the help.
Here is the code that follows:
Code:
$count = mysql_fetch_row($result);
$ticker = mysql_num_rows($result);
if ( $count > 0)
{
// visitor's name and password combination are correct
if ($ticker>0){
$HTTP_SESSION_VARS['valid_user'] = $username;
$HTTP_SESSION_VARS['main_admin'] = $username;
} else {
$HTTP_SESSION_VARS['valid_user'] = $count2[1];
$currDate = date('Y m d');
$currDateAdj = str_replace(' ', '-', $currDate);
$currTime = date('h').' '.date('i');
$currTimeAdj = str_replace(' ', ':', $currTime).' '.date('a');
}
echo '<h2>You are logged in.</h2>';
require ('editor_content.php');
}
else
{
// visitor's name and password combination are not correct
echo '<h1>We cant log you in.</h1>';
echo 'You are not authorized to use the control panels. <a href="'.$absolute.'index.php">TRY AGAIN.</a>';
}
}
} else {
require ('editor_content.php');
}
?>
Any ideas?
thanks again!
-S
|
November 2nd, 2012, 04:38 AM
|
|
|
|
More info
Requinix, it's basically a login form. After the username and password are entered, the viewer clicks "login" and the query is run. Unfortunately, after the viewer clicks "login" the username and password fields are cleared and nothing happens on the page . . . the user isn't logged in and no errors are thrown.
You can see the page here
thanks for the help!
|
November 2nd, 2012, 04:39 AM
|
|
|
|
Dollars to donuts you're correct. Bet register_globals is being used, which should not be and is off by default in PHP 5 as it's a security hole. As is mucb of the rest of this.
__________________
I ♥ ManiacDan & requinix
This is a sig, and not necessarily a comment on the OP:
Please don't be a help vampire!
|
November 2nd, 2012, 04:58 AM
|
|
|
|
thanks ptr2void
OK, I adjusted the PHP5.ini file to this:
Code:
register_globals = On
and the code still doesn't work.
This isn't a high security CMS, as it's just a password protected video. I don't think the competition is going to try and break in to see the video.
Basically I just need this to work.
Can you think of anything else I might be overlooking?
thanks!
Last edited by lelales : November 2nd, 2012 at 05:03 AM.
Reason: typo
|
November 2nd, 2012, 05:07 AM
|
|
|
|
php_info.php
OK, I checked "php_info.php" on my server and "register_globals" is off even though I turned it on in the PHP5.ini file.
I'll have to call the host and see if I can turn it on.
thanks 
-S
|
November 2nd, 2012, 05:08 AM
|
 |
pollyanna
|
|
Join Date: Jul 2012
Location: Germany
|
|
Hi,
Quote: | Originally Posted by lelales This isn't a high security CMS |
Famous last words ...
This register_globals "feature" allows users to inject any variable into your code, which can have severe consequences. I mean, if some script kiddie manages to steal and delete your database and capture your server, I guess this is a problem.
So stop fumbling with register_globals and actually fix the problem. $HTTP_SESSION_VARS is also obsolete (I'm not sure if it even exists in concurrent PHP versions).
By the way, I'm absolutely certain that your host will not turn on register_globals.
Last edited by Jacques1 : November 2nd, 2012 at 05:10 AM.
|
November 2nd, 2012, 05:15 AM
|
|
|
|
Hey Jacques1
Thanks for the reply. Can you advise me on how to go about this without Register_globals being on?
Also, what should I use instead of $HTTP_SESSION_VARS
Is there an easy fix, or do I have to code up this page from scratch?
-S
|
November 2nd, 2012, 05:20 AM
|
|
pollyanna
|
|
Join Date: Jul 2012
Location: Germany
|
|
Quote: | Originally Posted by lelales Thanks for the reply. Can you advise me on how to go about this without Register_globals being on? |
You have to actually fetch the values from $_POST and $_GET respectively.
For example, if you want $username to contain the user name sent with the form, you have to write
PHP Code:
$username = $_POST['username'];
(assuming it's sent via POST)
Quote: | Originally Posted by lelales Also, what should I use instead of $HTTP_SESSION_VARS |
$_SESSION (see the PHP manual at php.net)
Quote: | Originally Posted by lelales Is there an easy fix, or do I have to code up this page from scratch? |
You won't have to rewrite the whole code, but it could still be a lot of work to find the deprecated features and functions and replace them.
But I see that the code is missing even basic security like escaping database values. So it will be a lot of work to get this website up and running.
I fear your genius friend wasn't that genius when writing the code. 
Last edited by Jacques1 : November 2nd, 2012 at 05:25 AM.
|
November 2nd, 2012, 05:37 AM
|
|
|
|
thanks everyone
It is now working with register_globals turned off.
Thanks so much for the help.
I'll look into better security in the future as this project is due on Monday.
thanks again!!
|
Developer Shed Advertisers and Affiliates
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate This Thread |
 Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
