SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Zealot
    Join Date
    Aug 2002
    Posts
    142
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    php 4.3 session problems?

    not sure if this is the reason why my buddie's site is having problems... but his host upgraded to php 4.3 and since, he can't log into an area of the site i built for him.

    NORMALLY, if you enter 'bad' credentials, at either the 'admin' or 'client' area(s) you get kicked out and given the "Access Denied" verbage (try it here: www.chrisrollins.com/admin/ ), but ever since the host changed to 4.3 the nothing hapens on valid NOR invalid input (invalid and valid username & pw input also just refreshes the same login page --whereas before, you'd get into the /admin/index.php page, or /client/index.php, etc) .

    I've checked the dbase, and it has the same acct info-- so we haven't been cracked (and new accts that I've made to test) and the dbase calls work b/c the site has 'active' content on most pages, ---but not the Access Control stuff--- has there been a session variable change or something in 4.3?




    Code:
     <?php // ac.php
    include("common.php");
    include("db.php");
    session_start();
    session_register("uid");
    session_register("pwd");
    if(!isset($uid)) {
      ?>
      <html>
      <head>
      <title>ac.php</title>
      <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"></head>
      <body>
      <h1> Login Required </h1>
      
    <p>&nbsp;</p>
      <p><form method="post" action="<?=$PHP_SELF?>">
    	User ID: <input type="text" name="uid" size="20"><br>
    	Password: <input type="password" name="pwd" SIZE="20"><br>
    	<input type="submit" value="Log in">
      </form></p>
      </body>
      </html>
      <?php
      exit;
    }
    //user
    dbConnect("<dbname>");
    $sql1 = "SELECT * FROM users WHERE 
    		LOGIN = '$uid' AND PW = '$pwd' AND ACTIVE=1";
    $result1= mysql_query($sql1);
    $hits = mysql_num_rows($result1);
    if ($hits == 1) {
    $username = mysql_result($result1,0,"NAME");
    $userid = mysql_result($result1,0,"ID");
    $usertype = mysql_result($result1,0,"TYPE");  
    }
    
    if ($hits != 1) {
       
      session_unregister("uid");
      session_unregister("pwd");
    ?>
      <html>
      <head>
      <title> Access Denied </title>
      </head>
      <body>
      <h1> Access Denied </h1>
      <p>Your user ID or password is incorrect, or you are not a
    	 registered user on this site. To try logging in again, click
    	 <a href="<?=$PHP_SELF?>">here</a>. </p>
      </body>
      </html>
      <?php
      exit;
      }
      
      
      function typecheck($area="") {
     global $usertype;
    		
    	if ($area != $usertype) {
     
      session_unregister("uid");
      session_unregister("pwd");
      ?>
      <html>
      <head>
      <title> Access Denied </title>
      </head>
      <body>
      <h1> Access Denied because of account type </h1>
      <p>Your account is of type that is not authorized for this section of 
      the site.  If you feel you reached this note in error, try logging in again
    	 <a href="<home-page-URL><A href='http://">here">here</a> to return to the login page. </p>
      </body>
      </html>
      <?php
     
      exit;
    		
    }
     
    }
    ?>

  2. #2
    Ceci n'est pas Zoef Zoef's Avatar
    Join Date
    Nov 2002
    Location
    Malta
    Posts
    1,111
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Could 'register_globals' be off? In that case you should be using variables like $_SESSION['uid'].

    More information here: http://www.sitepoint.com/article/758

    Rik
    English tea - Italian coffee - Maltese wine - Belgian beer - French Cognac

  3. #3
    SitePoint Zealot
    Join Date
    Aug 2002
    Posts
    142
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    phpinfo() says:

    register_globals On

    i'll check out that article now...

    thanks!

  4. #4
    Ceci n'est pas Zoef Zoef's Avatar
    Join Date
    Nov 2002
    Location
    Malta
    Posts
    1,111
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Mmmm, guess that's not the problem then...
    English tea - Italian coffee - Maltese wine - Belgian beer - French Cognac

  5. #5
    SitePoint Zealot
    Join Date
    Aug 2002
    Posts
    142
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Zoef
    Mmmm, guess that's not the problem then...
    i used this method, and it seemed to work:

    PHP Code:
     
    session_start
    (); 
    include(
    "db.php" ); 
     
    $uid=$_SESSION['uid']; 
    if(
    $uid=="" ) { 
        
    $uid=$_POST['uid']; 

     
    $pwd=$_SESSION['pwd']; 
    if(
    $pwd=="" ) { 
        
    $pwd=$_POST['pwd']; 

     
    $thispage=$PHP_SELF
    if(
    $thispage=="" ) { 
        
    $thispage=$_SERVER['PHP_SELF']; 

    if(!isset(
    $uid)) { .... beging html to prompt user for cred and check against dbase...
     
    $_SESSION['uid']=$uid
    $_SESSION['pwd']=$pwd
    and it works


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •