Solved

PHP login page isn't working after the migration

Posted on 2011-09-14
10
567 Views
Last Modified: 2012-08-14
I had to migrate one of the PHP and Mysql application to a new server. I got everything working just fine. Successfully tested the standard php function/page along with the Mysql database restored and tested the DB connection. I successfully restored the php codes with all sub-directories (/var/www/html) on the new server however I could not log into the application. It keep repeating the login screen over and over. I'm not sure whether it has something to do with the syntax or function in the php login page or not. I also attached the login page as well.
<?php

	ob_start();

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//	Login Check

	if ($submit == 'Login'){

		if (empty($_POST['username'])) {
			$u = FALSE;
			$message .= '<p>You forgot to enter your username!</p>';
		} else
			$u = $_POST['username'];

		if (empty($_POST['password'])) {
			$p = FALSE;
			$message .= '<p>You forgot to enter your password!</p>';
		} else
			$p = $_POST['password'];

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//	End of Login Check

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//	If Login Check is pass it will get the corresponding user and password from the database

		if ($u && $p) {

			include "./mysql_connect.php";

			$query = "SELECT user_id, fname, lname, status, user_level, timestamp FROM user_table WHERE username='$u' AND password=PASSWORD('$p')";
			$result = mysql_query ($query);
			$row = mysql_fetch_array ($result);

			include "./closedb.php";

			if ($row) {

				putenv("TZ=US/Pacific");

				$log_datetime = date("Y-m-d")." ".date("H:i:s");

				session_start();

				$_SESSION['user_id'] = $row[user_id];
				$_SESSION['fname'] = $row[fname];
				$_SESSION['lname'] = $row[lname];
				$_SESSION['status'] = $row[status];
				$_SESSION['user_level'] = $row[user_level];

				include "./mysql_connect.php";

				if ($row[timestamp] != null){
					$sql = "UPDATE user_table SET lastlogin = '".$row[timestamp]."' WHERE user_id = ".$row[user_id];
					mysql_query($sql) or die("MySQL Error: ".mysql_error());
				}

				$sql = "UPDATE user_table SET timestamp = '".$log_datetime."' WHERE user_id = ".$row[user_id];
				mysql_query($sql) or die("MySQL Error: ".mysql_error());

				include "./closedb.php";

				ob_end_clean();

				header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/main.php");

				exit();

			} else
				$message = '<p>The username and password entered do not match those on file.</p>';
		}

		include "./header.php";

		echo "\n<td>\n";

		// Print the error message if there is one.
		if (isset($message))
			echo '<font color="red">', $message, '</font>';

		echo "\n</td>\n";

		include "./footer.php";

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//	End of getting the user name and password from the database

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//	User login Form

	} else {

		include "./header.php";

		echo "\n<td align=\"center\" width=\"100%\">\n";
		echo "<table align=\"center\">\n";
		echo "<tr><td><img src=\"./images/logo_ABC_Solutions_02.jpg\" alt=\"ABC Logo\" width=\"300\" border=\"0\"></td>\n";
		echo "<td align=\"center\"><img src=\"./images/Mobile=.jpg\" alt=\"MIS\" width=\"125\" border=\"0\"></td></tr>\n";
		echo "</table>\n";
		echo "<form method=\"post\" action=\"./index.php\">";
		echo "<table align=\"center\" border=\"1\">";
		echo "<caption><em>ABC MIS Login Page</em></caption>";
		echo "<tr><td align=\"right\">Username:</td><td><input type=\"text\" name=\"username\"></td></tr>";
		echo "<tr><td align=\"right\">Password:</td><td><input type=\"password\" name=\"password\"></td></tr>";
		echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\"Login\"><br/></td></tr>";
		echo "</table>";
		echo "</form>";

		echo "<table align=\"center\" border=\"0\">";
		echo "<tr><td align=\"center\"><a href=\"./register.php\">New User</a></td></tr>";
		echo "</table>";

		echo "\n</td>\n";

		include "./footer.php";

		ob_end_flush();
	}

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//	End of User Login Form

?>

Open in new window

0
Comment
Question by:pchantanusart
  • 4
  • 3
  • 3
10 Comments
 
LVL 82

Expert Comment

by:hielo
Comment Utility
try chaning:

if ($submit == 'Login')

to:
if ($_POST['submit'] == 'Login')


ALSO, instead of:

			include "./mysql_connect.php";

			$query = "SELECT user_id, fname, lname, status, user_level, timestamp FROM user_table WHERE username='$u' AND password=PASSWORD('$p')";


use:

if ($submit == 'Login')

to:

if ($_POST['submit'] == 'Login')

ALSO, instead of:

			include "./mysql_connect.php";
$u=mysql_real_escape_string($u);
$p=mysql_real_escape_string($p);

			$query = "SELECT user_id, fname, lname, status, user_level, timestamp FROM user_table WHERE username='$u' AND password=PASSWORD('$p')";

Open in new window

0
 
LVL 82

Assisted Solution

by:hielo
hielo earned 500 total points
Comment Utility
>>try chaning:
I meant to write "changing"
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
I wonder if there is a configuration element that is different between the two sites.  Have you compared the output of phpinfo() carefully?

This article has the general design pattern for PHP client authentication.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
0
 

Author Comment

by:pchantanusart
Comment Utility
Heilo .. Thanks! ... I modified the code to reflect what you suggested to me and I was able to login now however some website function doesn't seem to display the output/report/data. Do I need to update your suggested syntax to all of those pages as well? BTW, can you briefly describe why the original syntax wasn't working just for my information?
0
 
LVL 82

Accepted Solution

by:
hielo earned 500 total points
Comment Utility
If you look at your original post, BEFORE line 8 you can clearly see that there is NO variable named submit?

Then all of a sudden on line 8 you are checking to see if some variable (in the case $submit) that has never existed equals "Login"?  Doesn't it seem "strange" to you?

Chances are that in your OLD server your php.ini file had:
register_globals=On

which has the effect of "automatically" "scanning" the $_POST and $_GET (among others) arrays and "auto creating" variables for you. In other words, if you submit a form via POST and it contained a field with name="usernaname" and you typed "Jonny", then when register_globals=On, then by the time your script begins executing, there is already some variable named $username and its value will be "Johnny".  

IN other words, this:
$_POST['username']="Johnny";

was automatically "transformed" to:
$username="Johnny";

That's why in the original script  if($submit=='Login'){...} worked.

For security reasons, this "autocreation" of variables has been disabled by default a few versions back.

This means that you should no longer depend on these "auto-created" variables and instead you should explicitly use the $_POST array (or whatever is the source of the variable) to extract your values (like I did).
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
0
 

Author Comment

by:pchantanusart
Comment Utility
Ray .. Thanks for your input as well. There is some server hardware issue so I could not compare the setting with the old server
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
If you use phpinfo() you should be able to see whether register_globals is set or not.  That is what I would be looking for in the comparison of the two server settings.
0
 

Author Comment

by:pchantanusart
Comment Utility
Heilo ... thank you very much your thorought explanation.  You're exactly right ... it was the little setting "register_globals" that was set to 'OFF' (by default) on the new server. After I flipped that setting to ON and restart the apache server afterwards. Everything is working now .... Once again thanks for your help!
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Now that you have turned register_globals ON, drop what you are doing and READ THE ARTICLE.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_7317-Register-Globals-a-bad-idea-from-day-one.html

You really want register_globals OFF.  When it is on, it puts your site at grave risk.  Register_globals is at best a short term solution.  Your site will fail and never work again at some point in the near future if you rely on register_globals.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
This article discusses how to create an extensible mechanism for linked drop downs.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now