hi
got up this morning and some of my php files have stopped working i get this error
warning unknown your script possibly relies on a session side-effect which exisisted until php 4.23
what do i need to do to make these scripts work again
thanks
Hi
i have tried the above code changes, but it does not work ,
if i echo $username i get my database name not the username.
so sessions do not work anymore.
this is the class/login_class.php file
class login_class
{
var $mysql;
var $is_logged=false;
var $err_msg;
var $message;
var $content;
function login_class()
{
$this->mysql=new mysql_manager('');
}
function logout()
{
session_start();
session_unset();
session_destroy();
}
function alter_table($table,$db)
{
$tableFields = mysql_list_fields($db, $table);
$columns = mysql_num_fields($tableFields);
for ($i = 0; $i < $columns; $i++) {
$field_array[] = mysql_field_name($tableFields, $i);
}
if (!in_array(‘user_code’, $field_array)) {
mysql_query("ALTER TABLE `users_tbl` ADD COLUMN `user_code` VARCHAR(45) NOT NULL AFTER `date_last`,
ADD COLUMN `approved` INTEGER UNSIGNED NOT NULL AFTER `user_code`;");
}
}
function create_table($table, $db)
{
if(!$this->table_exists($table,$db)){
$query='CREATE TABLE IF NOT EXISTS ' . 'users_tbl (
ID int(11) NOT NULL auto_increment,
username varchar(50) NOT NULL,
user_password varchar(50) NOT NULL,
user_type varchar(20) NOT NULL,
email varchar(255) NOT NULL,
date_first varchar(18) NOT NULL,
date_last varchar(18) NOT NULL,
user_code varchar(18) NOT NULL,
approved INTEGER UNSIGNED NOT NULL,
PRIMARY KEY (id)
)';
if(!$this->mysql->query($query)){
echo $this->mysql->errorMsg;
exit;
}
}
else{
$this->alter_table($table,$db);
}
}
function user_code()
{
$length = 8;
//string of all possible characters to go into the new password
$codeRandomString = "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz0123456789";
//initialize the new password string
$user_code = "";
//seed the random function
srand();
//go through to generate a random password.
for($x=0; $x < $length; $x++)
{
$user_code .= substr($codeRandomString,rand(0,62),1);
}
return $user_code;
}
function table_exists ($table, $db) {
$tables = mysql_list_tables ($db);
while (list ($temp) = mysql_fetch_array ($tables)) {
if ($temp == $table) {
return TRUE;
}
}
return FALSE;
}
function confirm($user_code)
{
$validCount = 0;
$query = "SELECT approved FROM `users_tbl` WHERE user_code='$user_code'";
$result = $this->mysql->get_row($query);
$validCount = $this->mysql->num_rows($query);
if($result['approved'] == 1) {$this->err_msg = "You have already confirmed this comment.<br/>";
return false;}
if($validCount == 0){ $this->err_msg = "Your confirmation user code is invalid .<br/>";
return false;}
$query = "UPDATE `users_tbl` SET approved = 1 WHERE user_code='$user_code'";
if(!$this->mysql->insertQuery($query)){
$this->err_msg=$this->mysql->errorMsg;
$_SESSION['image_value']='';
return false;
}
else
{
return true;
}
}
function login()
{
if($_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['Submit'])) {
session_start();
ob_start();
$this->create_table('users_tbl',$this->mysql->m_db_name);
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
//$mypassword = mysql_real_escape_string($mypassword);
$encrypted_password=md5($mypassword);
$sql="SELECT * FROM users_tbl WHERE username='$myusername' and user_password='$encrypted_password' and approved=1";
$this->message=$sql;
$rows=$this->mysql->executeQuery($sql);
if($rows==1){
$this->is_logged=true;
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION["myusername"]=$myusername;
$_SESSION["mypassword"]=$mypassword;
$myusername = $_SESSION['myusername'];
$_SESSION["islogged"]=$this->is_logged;
//header("location:admin/admin_page.php");
}
else {
$_SESSION["islogged"]=$this->is_logged;
//echo "Wrong Username or Password";
}
ob_end_flush();
}
}
function new_pwd() {
$chars = "abchefghjkmnpqrstuvwxyz0123456789";
srand((double)microtime()*1000000);
$i = 0;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pwd = $pwd . $tmp;
$i++;
}
return $pwd;
}
function do_forgot_psw()
{
global $site_name,$site_url,$admin_email;
if($_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['Submit'])) {
$myusername=$_POST[username];
$email=$_POST[email];
$query="SELECT * FROM users_tbl WHERE username= '$myusername' and email = '$email'";
if($this->mysql->num_rows($query)>0){
$new_psw=$this->new_pwd();
$encr_pwd=md5($new_psw);
$query="UPDATE users_tbl SET user_password= '$encr_pwd' WHERE username= '$myusername' and email = '$email'";
if(!$this->mysql->insertQuery($query)){
$this->err_msg=$this->mysql->errorMsg;
return false;
}
}
else {
$this->err_msg="Username or email not in the databese";
return false;
}
$subject='Your new password at '.$site_name;
$message= '
<html>
<head>
</head>
<body>
<center><h3>Your '.$site_name.' Details</h3></center>
<p>Here Your new details at '.$site_name.'</p>
<table>
<tr>
<td>Username</td><td>'.$username.'</td>
</tr>
<tr>
<td>Password</td><td>'.$new_psw.'</td>
</tr>
</table>
<p>This is an autogenerated email,do not respond,please.</p>
</body>
</html>
';
$this->send_email($email,$subject,$message,$admin_email);
return true;
}
}
function do_register(){
session_start();
global $length_name,$length_password,$time_zone,$site_url,$admin_email;
if($_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['Submit'])) {
$password=$_POST[password];
$user_name=$_POST[name];
$email=$_POST[email];
$password2= $_POST[password2];
$ver_code=md5($_POST['ver_code']);
//check if name is empty with php if javascript is disabled
if
(isset($_POST['name'])&& $this->is_empty($_POST['name']))
{
$this->err_msg= "the name is empty";
$_SESSION['image_value']='';
return false;
}
//check if password is empty with php if javascript is disabled
if
(isset($_POST['password'])&& $this->is_empty($_POST['password']))
{
$this->err_msg= "The password is empty";
$_SESSION['image_value']='';
return false;
}
//check if email address is valid
if($this->is_empty($_POST['email'])or !$this->validEmail($_POST['email']))
{
$this->err_msg= "the email is empty or invalid";
$_SESSION['image_value']='';
return false;
}
if($password!=$password2){
$this->err_msg="The password doesn't match,pay attention when you retype the password!";
$_SESSION['image_value']='';
return false;
}
if($ver_code != $_SESSION['image_value']){
$this->err_msg= "The verification code doesn't match,
Please try again";
$_SESSION['image_value']='';
return false;
}
$user_name= substr($user_name,0,$length_name);
$user_name= $this->escape_slash($user_name);
$password= substr($password,0,$length_password);
$password= $this->escape_slash($password);
$encr_password=md5($password);
$today=$this->today($time_zone);
$user_code=$this->user_code();
if($this->exist('username',$username)){
$this->err_msg="Username already taken!";
$_SESSION['image_value']='';
return false;
}
if($this->exist('user_password',$password)){
$this->err_msg="Password already taken!";
$_SESSION['image_value']='';
return false;
}
if($this->exist('email',$email)){
$this->err_msg="Email already exists for this user!";
$_SESSION['image_value']='';
return false;
}
//Every fields is OK then register a new user
$query="INSERT INTO users_tbl ( username, user_password, user_type, date_first, email, user_code, approved) VALUES
( '$user_name', '$encr_password', '$user_type', '$today', '$email', '$user_code', 0)";
if(!$this->mysql->insertQuery($query)){
$this->err_msg=$this->mysql->errorMsg;
$_SESSION['image_value']='';
return false;
}
$query1="INSERT INTO tickets ( username, card) VALUES
( '$user_name', 0)";
if(!$this->mysql->insertQuery($query1)){
$this->err_msg=$this->mysql->errorMsg;
$_SESSION['image_value']='';
return false;
}
$subject='Your registration at '.$site_url;
$message = '
<html>
<head>
<title>Your Registration</title>
</head>
<body>
<center><h3>Your Registration</h3></center>
<p>Your registration at '.$site_url.' was successful</p>
<table>
<tr>
<td>Username</td><td>'.$user_name.'</td>
</tr>
<tr>
<td>Password</td><td>'.$password.'</td>
</tr>
<tr>
<td>user code</td><td>'.$user_code.'</td>
</tr>
</table>
<p> To activate your registration please, click on this link.<br>
'.$site_url.'/login.php?action=confirm_register&user_action='.$user_code.'
if it does not work,copy it and paste it in your browser,when you have done it your registration will be coplete,and you will be able to login.
Thank you for registering at '.$site_url.'.
<p>This is an autogenerated email,do not respond,please.</p>
</body>
</html>
';
$this->send_email($email,$subject,$message,$admin_email);
$this->err_msg=" Your registration was successful.You should receive an email shortly. Click on the link on the email to confirm your registration and then you 'll be able to login.<br>Thanks for registering with us ";
return true;
}
}
function send_email($address_to,$subject,$message,$from)
{
$to=$address_to;
//$to = 'jp50@maniacomputer.com' . ', '; // note the comma
//$to .= 'admin@maniacomputer.com';
// subject
$subject = $subject;
// message
// To send HTML mail, the Content-type header must be set
$headers = 'MIME-Version: 1.0' . "\\r\
";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\\r\
";
// Additional headers
$headers .= 'To: '.$address_to.'' . "\\r\
";
$headers .= 'From: '.$from.'' . "\\r\
";
//$headers .= 'Cc: birthdayarchive@example.com' . "\\r\
";
//$headers .= 'Bcc: birthdaycheck@example.com' . "\\r\
";
// Mail it
mail($to, $subject, $message, $headers);
}
function login_form($process_form)
{
$form_template=file_get_contents('template/login.tpl.php');
$form_template=str_replace('msg',$this->err_msg,$form_template);
$output=$form_template;
return $output;
}
function forgot_psw__form()
{
$form_template=file_get_contents('template/forgot_password.tpl.php');
$form_template=str_replace('msg',$this->err_msg,$form_template);
$output=$form_template;
return $output;
}
function register_form()
{
global $site_url,$folder;
$form_template=file_get_contents('template/register.tpl.php');
// $form_template=str_replace('{process_form}',$process_form,$form_template);
$form_template=str_replace('msg',$this->err_msg,$form_template);
$form_template=str_replace('_page',$page,$form_template);
$form_template=str_replace('_image','class/verif_image.php',$form_template);
$form_template=str_replace('_javascript',$site_url.$folder.'/js/js_functions.js ',$form_template);
//$form_template=str_replace('_name',$_SESSION['name'],$form_template);
//$form_template=str_replace('_email',$_SESSION['email'],$form_template);
//$form_template=str_replace('_url',$_SESSION['url'],$form_template);
$output=$form_template;
return $output;
//$form_template=str_replace('_page',$page,$form_template);
$output=$form_template;
return $output;
}
function page_content($template){
global $site_url;
$content=file_get_contents('template/'.$template.'');
$content=str_replace('{message}',$this->err_msg,$content);
$this->content=$content;
return $content;
}
function redirect($url,$time,$template)
{
global $site_url;
$redirect_template=file_get_contents('template/'.$template.'');
$this->content=$redirect_template;
// $form_template=str_replace('{process_form}',$process_form,$form_template);
$redirect_template=str_replace('web',$url,$redirect_template);
$this->content=$redirect_template;
$redirect_template=str_replace('time',$time,$redirect_template);
$this->content=$redirect_template;
$redirect_template=str_replace('url',$site_url,$redirect_template);
//$form_template=str_replace('_page',$page,$form_template);
$this->content=$redirect_template;
$output=$redirect_template;
return $output;
}
function left_nav()
{
$islogged = $_SESSION['islogged'];
if (!empty($islogged)) {
$msg1='Logged in '.$_SESSION['myusername'];
}
echo'<div class="left_nav">
<table style="width: 200px">
<tr>
<td style="background-color:gray"> '.$msg1.'</td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td> <a href=http:///www.google.com>Google</a></td>
</tr>
<tr>
<td style="background-color:gray"> <a href=http://www.maniacomputer.com>ManiaComputer</a></td>
</tr>
<tr>
<td style="color:red"> '.$this->message.'</td>
</tr>
</table>
</div>';
}
function footer()
{
echo' <div class="foot">
</div>
</body>
</html>';}
function escape_slash($string)
{
if (!get_magic_quotes_gpc()) {
$string = addslashes($string);
}
return $string;
}
function is_empty($string) {
if($string == "") {
return TRUE;
} else {
return FALSE;
}
}
function validEmail($email)
{
$isValid = true;
$atIndex = strrpos($email, "@");
if($email==""){
$isValid=true ;
}
else{
if (is_bool($atIndex) && !$atIndex)
{
$isValid = false;
}
else
{
$domain = substr($email, $atIndex+1);
$local = substr($email, 0, $atIndex);
$localLen = strlen($local);
$domainLen = strlen($domain);
if ($localLen < 1 || $localLen > 64)
{
// local part length exceeded
$isValid = false;
}
else if ($domainLen < 1 || $domainLen > 255)
{
// domain part length exceeded
$isValid = false;
}
else if ($local[0] == '.' || $local[$localLen-1] == '.')
{
// local part starts or ends with '.'
$isValid = false;
}
else if (preg_match('/\\\\.\\\\./', $local))
{
// local part has two consecutive dots
$isValid = false;
}
else if (!preg_match('/^[A-Za-z0-9\\\\-\\\\.]+$/', $domain))
{
// character not valid in domain part
$isValid = false;
}
else if (preg_match('/\\\\.\\\\./', $domain))
{
// domain part has two consecutive dots
$isValid = false;
}
else if
(!preg_match('/^(\\\\\\\\.|[A-Za-z0-9!#%&`_=\\\\/$\\'*+?^{}|~.-])+$/',
str_replace("\\\\\\\\","",$local)))
{
// character not valid in local part unless
// local part is quoted
if (!preg_match('/^"(\\\\\\\\"|[^"])+"$/',
str_replace("\\\\\\\\","",$local)))
{
$isValid = false;
}
}
// if ($isValid && !(checkdnsrr($domain,"MX") ||
// checkdnsrr($domain,"A")))
// {
// domain not found in DNS
// $isValid = false;
// }
}
}
return $isValid;
}
function today($time_zone)
{
$zone=3600*$time_zone;
$today=gmdate("d-m-Y ", time() + $zone);
return $today;
}
function exist($field,$data){
$query="SELECT * FROM users_tbl WHERE ".$field."='$data'";
if($this->mysql->num_rows($query)>0){
return true;
}
else{
return false;
}
}
}
Hi
thank’s for all your help i have tried debugging
and get these errors.
Notice: Undefined variable: username in /home/directo/public_html/bingo/dataLayer.php on line 21
i get the same error for ID varaiable and senderpay
how do i have to change the code to make it work,
And if possible, please copy and paste your code here so that it is easier to analyze further.
Additionally why don’t you put the following at the top:
error_reporting(E_ALL);
ini_set('display_errors', true);
Which will help you a lot while debugging.
Thanks
Thank you for providing that additional info, now it’s easier to see where the issues lie.
First though, the ‘$username’ within the SQL query really should be changed to ‘%s’ so that the sprintf will work as expected.
$query = sprintf("SELECT * FROM users_tbl where username ='%s' and approved = 1 ",
mysql_real_escape_string($username));
The $username variable is not defined before the above piece of code. Without knowing more about the require and include parts it was possible that in there it was being defined, but now it’s clear that it’s not.
The above piece of code is assuming that $_SESSION[‘username’] variables are automatically accessible with $username
That is not the case anymore - you now need to explicitly use $_SESSION[‘username’] - even if it just means doing the following:
$username = $_SESSION['username'];
Here are the updates that you should do:
$query = sprintf('SELECT * FROM users_tbl where username ="%s" and approved = 1',
mysql_real_escape_string($_SESSION['username']));
$senderpay is a pre-existing bug, and does not belong where it it first used. It should be updated to:
$query1 = sprintf('SELECT * FROM investment where username = "%s" and paid = 1",
mysql_real_escape_string($username));
and with $ID, you use a conditional block that defines it, but if that condition is not true it won’t exist for when it’s used later. Always define default values for variables before such conditions occur. Is 0 a suitable default value for the $ID variable?
$ID = 0;
while ($row = mysql_fetch_assoc($result)) {
$username= $row['username'];
$ID= $row['ID'];
}
You need to look for variables that are used, but have no apparent origin.
For example, the variable $user_type
Break the script into individual self contained elements, then implement one at a time until it fails or errors.
Debugging is an essential skill to learn as a developer, why not start on something small like this.
Test the session
Test the query
Test the result set
Test the variable extraction/assignment
Test the output
Are you using session_register() in your code? This method is not advised and you should instead use $_SESSION. See here.
Hi
here is the php page that gives me the error
<?php
session_start();
if(!$_SESSION['islogged'] ){
header('Location:login.php');}
include 'class/login_class.php';
require_once 'class/mysql_manager.php';
require 'config.php';
//usersonline////////////////////////////////////
//username/////////////////////////////////////
$query = sprintf("SELECT * FROM users_tbl where username ='$username'and approved = 1 ",
mysql_real_escape_string($username));
$result = mysql_query($query);
// Check result
// This shows the actual query sent to MySQL, and the error. Useful for debugging.
if (!$result) {
$message = 'Invalid query: ' . mysql_error() . "\
";
$message .= 'Whole query: ' . $query;
die($message);
}
while ($row = mysql_fetch_assoc($result)) {
$username= $row['username'];
$ID= $row['ID'];
}
// Perform Query
$result = mysql_query($query);
$returnVars = array();
$returnVars['username'] = "$username";
$returnVars['ID'] = "$ID";
$returnString = http_build_query($returnVars);
echo $returnString;
$query1 = sprintf("SELECT * FROM investment where username ='$username'and paid = 1 ",
mysql_real_escape_string($senderpay));
$result = mysql_query($query1);
// Check result
// This shows the actual query sent to MySQL, and the error. Useful for debugging.
if (!$result) {
$message = 'Invalid query: ' . mysql_error() . "\
";
$message .= 'Whole query: ' . $query1;
die($message);
}
while ($row = mysql_fetch_assoc($result)) {
$senderpay= $row['senderpay'];
}
// Perform Query
$result = mysql_query($query1);
$returnVars = array();
$returnVars['senderpay'] = "$senderpay";
$returnVars['senderpay'] = "$senderpay";
$returnString = http_build_query($returnVars);
//send variables back to Flash
echo "&senderpay=".urlencode($senderpay);
?>
Can you investigate further in your php files that which deprecated functions you are using? Also please check with your host that did they upgrade the PHP version on the server
Quick search on google found this.
The problem seems to occur when register_globals is off, and you use a global variable with the same name as a session variable. The fix for this is discussed on the page.
Hi
y
my hosting company has upgraded php version, what do i need to do to make the script work
There is nothing obviously wrong in the code that you posted there, apart from “$senderpay” being better off as just $senderpay
What you’re looking for is where you have information in a session, but you access it via a normal variable.
This would have worked before:
if (!empty($_SESSION['islogged'])) {
echo $islogged;
}
This is how it now needs to be done.
if (!empty($_SESSION['islogged'])) {
$islogged = $_SESSION['islogged'];
echo $islogged;
}
or
$islogged = $_SESSION['islogged'];
if (!empty($islogged)) {
echo $islogged;
}
You may need to investigate the included and required files from your script.