Link to home
Start Free TrialLog in
Avatar of pchantanusart
pchantanusart

asked on

PHP login page isn't working after the migration

I had to migrate one of the PHP and Mysql application to a new server. I got everything working just fine. Successfully tested the standard php function/page along with the Mysql database restored and tested the DB connection. I successfully restored the php codes with all sub-directories (/var/www/html) on the new server however I could not log into the application. It keep repeating the login screen over and over. I'm not sure whether it has something to do with the syntax or function in the php login page or not. I also attached the login page as well.
<?php

	ob_start();

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//	Login Check

	if ($submit == 'Login'){

		if (empty($_POST['username'])) {
			$u = FALSE;
			$message .= '<p>You forgot to enter your username!</p>';
		} else
			$u = $_POST['username'];

		if (empty($_POST['password'])) {
			$p = FALSE;
			$message .= '<p>You forgot to enter your password!</p>';
		} else
			$p = $_POST['password'];

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//	End of Login Check

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//	If Login Check is pass it will get the corresponding user and password from the database

		if ($u && $p) {

			include "./mysql_connect.php";

			$query = "SELECT user_id, fname, lname, status, user_level, timestamp FROM user_table WHERE username='$u' AND password=PASSWORD('$p')";
			$result = mysql_query ($query);
			$row = mysql_fetch_array ($result);

			include "./closedb.php";

			if ($row) {

				putenv("TZ=US/Pacific");

				$log_datetime = date("Y-m-d")." ".date("H:i:s");

				session_start();

				$_SESSION['user_id'] = $row[user_id];
				$_SESSION['fname'] = $row[fname];
				$_SESSION['lname'] = $row[lname];
				$_SESSION['status'] = $row[status];
				$_SESSION['user_level'] = $row[user_level];

				include "./mysql_connect.php";

				if ($row[timestamp] != null){
					$sql = "UPDATE user_table SET lastlogin = '".$row[timestamp]."' WHERE user_id = ".$row[user_id];
					mysql_query($sql) or die("MySQL Error: ".mysql_error());
				}

				$sql = "UPDATE user_table SET timestamp = '".$log_datetime."' WHERE user_id = ".$row[user_id];
				mysql_query($sql) or die("MySQL Error: ".mysql_error());

				include "./closedb.php";

				ob_end_clean();

				header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/main.php");

				exit();

			} else
				$message = '<p>The username and password entered do not match those on file.</p>';
		}

		include "./header.php";

		echo "\n<td>\n";

		// Print the error message if there is one.
		if (isset($message))
			echo '<font color="red">', $message, '</font>';

		echo "\n</td>\n";

		include "./footer.php";

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//	End of getting the user name and password from the database

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//	User login Form

	} else {

		include "./header.php";

		echo "\n<td align=\"center\" width=\"100%\">\n";
		echo "<table align=\"center\">\n";
		echo "<tr><td><img src=\"./images/logo_ABC_Solutions_02.jpg\" alt=\"ABC Logo\" width=\"300\" border=\"0\"></td>\n";
		echo "<td align=\"center\"><img src=\"./images/Mobile=.jpg\" alt=\"MIS\" width=\"125\" border=\"0\"></td></tr>\n";
		echo "</table>\n";
		echo "<form method=\"post\" action=\"./index.php\">";
		echo "<table align=\"center\" border=\"1\">";
		echo "<caption><em>ABC MIS Login Page</em></caption>";
		echo "<tr><td align=\"right\">Username:</td><td><input type=\"text\" name=\"username\"></td></tr>";
		echo "<tr><td align=\"right\">Password:</td><td><input type=\"password\" name=\"password\"></td></tr>";
		echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\"Login\"><br/></td></tr>";
		echo "</table>";
		echo "</form>";

		echo "<table align=\"center\" border=\"0\">";
		echo "<tr><td align=\"center\"><a href=\"./register.php\">New User</a></td></tr>";
		echo "</table>";

		echo "\n</td>\n";

		include "./footer.php";

		ob_end_flush();
	}

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//	End of User Login Form

?>

Open in new window

Avatar of hielo
hielo
Flag of Wallis and Futuna image

try chaning:

if ($submit == 'Login')

to:
if ($_POST['submit'] == 'Login')


ALSO, instead of:

			include "./mysql_connect.php";

			$query = "SELECT user_id, fname, lname, status, user_level, timestamp FROM user_table WHERE username='$u' AND password=PASSWORD('$p')";


use:

if ($submit == 'Login')

to:

if ($_POST['submit'] == 'Login')

ALSO, instead of:

			include "./mysql_connect.php";
$u=mysql_real_escape_string($u);
$p=mysql_real_escape_string($p);

			$query = "SELECT user_id, fname, lname, status, user_level, timestamp FROM user_table WHERE username='$u' AND password=PASSWORD('$p')";

Open in new window

SOLUTION
Avatar of hielo
hielo
Flag of Wallis and Futuna image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I wonder if there is a configuration element that is different between the two sites.  Have you compared the output of phpinfo() carefully?

This article has the general design pattern for PHP client authentication.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
Avatar of pchantanusart
pchantanusart

ASKER

Heilo .. Thanks! ... I modified the code to reflect what you suggested to me and I was able to login now however some website function doesn't seem to display the output/report/data. Do I need to update your suggested syntax to all of those pages as well? BTW, can you briefly describe why the original syntax wasn't working just for my information?
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Ray .. Thanks for your input as well. There is some server hardware issue so I could not compare the setting with the old server
If you use phpinfo() you should be able to see whether register_globals is set or not.  That is what I would be looking for in the comparison of the two server settings.
Heilo ... thank you very much your thorought explanation.  You're exactly right ... it was the little setting "register_globals" that was set to 'OFF' (by default) on the new server. After I flipped that setting to ON and restart the apache server afterwards. Everything is working now .... Once again thanks for your help!
Now that you have turned register_globals ON, drop what you are doing and READ THE ARTICLE.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_7317-Register-Globals-a-bad-idea-from-day-one.html

You really want register_globals OFF.  When it is on, it puts your site at grave risk.  Register_globals is at best a short term solution.  Your site will fail and never work again at some point in the near future if you rely on register_globals.