Solved

php admin login issue

Posted on 2014-02-20
22
703 Views
Last Modified: 2014-02-21
I have recently took over a website from a previous developer who is not contactable. Since moving the website across the admin login for the website is not working. See link below...

http://www.themarblestore.co.uk/admin/

I have turned on php errors and I am getting the following:

Error 1:

Notice: Undefined index: HTTP_REFERER in /home/marblest/public_html/phplibs/class.Utility.php on line 335

Open in new window


Related lines of code:

function getRequestedURL(){
		return $_SERVER['HTTP_REFERER'];
	}

Open in new window


Error 2:

Notice: Undefined property: SessionHandler::$userLogged in /home/marblest/public_html/phplibs/class.UserManager.php on line 120

Open in new window


Related lines of code:

public function isLoggedIn($userType = 0) {
		/*echo '<pre>';
		print_r($this->SessionHandler);
		echo '</pre>';*/
		//exit();
		if ($this->SessionHandler->userLogged === true)
			return true;
		else
			return false;
	
	}

Open in new window


Error 3:

Notice: Undefined property: SessionHandler::$userLogged in /home/marblest/public_html/phplibs/class.SystemUserManager.php on line 55

Open in new window


Related lines of code:

public function isLoggedIn($userType = 0) {
		
		switch ($userType) {
			case 0 :
				if (($this->SessionHandler->userLogged === true) && ($this->SessionHandler->userType == $userType)) {
					return true;
				} else {
					return false;
				}
				break;
			
			case 1 :
				if (($this->SessionHandler->userLoggedAdmin === true) && ($this->SessionHandler->userTypeAdmin == $userType)) {
					return true;
				} else {
					return false;
				}
				break;
		
		}

Open in new window


Not sure if these error notices are related with why the login is not working. Any idea what might be the problem.

This website is based on http://www.smarty.net
0
Comment
Question by:petewinter
  • 9
  • 8
  • 3
  • +1
22 Comments
 
LVL 51

Assisted Solution

by:Julian Hansen
Julian Hansen earned 350 total points
Comment Utility
HTTP_REFERER is not guaranteed to be set

change this line

return $_SERVER['HTTP_REFERER'];

Open in new window

to
return isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_SERVER'] : '';

Open in new window


The other errors are related to your session manager - we would need to see more code.

One thing you can do is a var_dump or print_r of $this->SessionHandler

Otherwise we would need to see the code where the session is initialised to work out the cause of the problem. Can you post the usermanager.php file
0
 

Author Comment

by:petewinter
Comment Utility
julianH - thanks for the reply.

I changed the HTTP_REFERER line as suggested, then got this error when trying to login...

Warning: Cannot modify header information - headers already sent by (output started at /home/marblest/public_html/phplibs/class.Utility.php:335) in /home/marblest/public_html/phplibs/class.Utility.php on line 114

Open in new window


Lines around 114 is...

public function redirectPage($page) {
		header ( "Location: $page" );
		return "Welcome!";
		die ();
	}

Open in new window


What is wrong?

Will post separately on the other comments in a min.
0
 

Author Comment

by:petewinter
Comment Utility
class.UserManager.php code below:

<?php

session_save_path('/home/marblest/tmp');

class UserManager extends User {
	
	private $dbAccess;
	private $table = 'login';
	private $tablerequest = 'request';
	public $SessionHandler;
	private $returnVal = array ();
	
	public function __construct(mySqlDB $dbAccess) {
		$this->dbAccess = $dbAccess;
		$this->SessionHandler = new SessionHandler ( );
	}
	
	public function UpdateUsers($insArr, $record_id) {
		$this->dbAccess->queryUpdate ( $this->table, $insArr, true, "userID = " . $record_id );
	}
	
	public function __set($var, $val) {
		$flds = array ('userID' => 'userID', 'userName' => 'userName', 'userType' => 'userType', 'confirmation' => 'confirmation', 'fullName' => 'fullName', 'email' => 'email', 'telephone' => 'telephone' );
		$result = $this->dbAccess->querySelect ( $this->table, $flds, false, "A", $var . " = '" . $this->dbAccess->mySQLSafe ( $val ) . "' LIMIT 0,1" );
		
		if ($result) {
			$this->returnVal = $this->dbAccess->getResultSet ( $result, $flds );
		} else {
			$this->returnVal = array ();
		}
	
	}
	
	public function __get($var) {
		if (isset ( $var )) {
			if (isset ( $this->returnVal [0] [$var] )) {
				return $this->returnVal [0] [$var];
			} else {
				return false;
			}
		} else {
			return FALSE;
		}
	}
	
	public function AddUsers($insArr, &$insert_id = NULL) {
		$this->dbAccess->queryUpdate ( $this->table, $insArr, false, '', $insert_id );
	}
	
	public function RemoveUsers($id) {
		$this->dbAccess->queryDelete ( $this->table, 'userID = ' . $id );
	}
	
	public function AddRequestCode($insArr, &$insert_id = NULL) {
		$this->dbAccess->queryDelete ( $this->tablerequest, 'username = "' . $insArr['username'] .'"' );
		$this->dbAccess->queryUpdate ( $this->tablerequest, $insArr, false, '', $insert_id );
	}
	
	public function isChangeCodeValid($code, $user){
		$res = $this->dbAccess->countNumRec ( $this->tablerequest, "id", "code='" . $code . "' AND username = '" . $user . "'" );
		
		if($res>0)
		return true;
		else
		return false;
	}
		
	public function checkUser($eMail = '', $psWord = '', $type = 0) {
		if ((isset ( $eMail ) && $eMail != '') && (isset ( $psWord ) && $psWord != '')) {
			$res = $this->dbAccess->countNumRec ( $this->table, "id", "username='" . $eMail . "' AND password = '" . $psWord . "'" );
			if ($res > 0) {
			
				$flds = array ('id' => 'id', 'username' => 'username', 'firstname' => 'firstname', 'lastname' => 'lastname', 'email' => 'email' );
				$result = $this->dbAccess->querySelect ( $this->table, $flds, false, "A", "username = '" . $eMail . "'" );
				
				if ($result) {
					$dataSet = $this->dbAccess->getResultSet ( $result, $flds );
					return $dataSet;
				} else {
					return false;
				}
			} else
				return false;
		
		} else {
			return false;
		}
	
	}
	
	public function getUserDetailsFromUser($username = '', $email = ''){
		$flds = array ('id' => 'id', 'username' => 'username', 'firstname' => 'firstname', 'lastname' => 'lastname', 'email' => 'email' );
		if($username != '')
		$result = $this->dbAccess->querySelect ( $this->table, $flds, false, "A", "username = '" . $username . "'" );
		if($email != '')
		$result = $this->dbAccess->querySelect ( $this->table, $flds, false, "A", "email = '" . $email . "'" );
		
		if ($result) {
			$dataSet = $this->dbAccess->getResultSet ( $result, $flds );
			return $dataSet;
		} else {
			return false;
		}
	}
	
	public function getUserDetails($userid){
		$flds = array ('id' => 'id', 'username' => 'username', 'firstname' => 'firstname', 'lastname' => 'lastname', 'email' => 'email' );
		$result = $this->dbAccess->querySelect ( $this->table, $flds, false, "A", "id = '" . $userid . "'" );
		
		if ($result) {
			$dataSet = $this->dbAccess->getResultSet ( $result, $flds );
			return $dataSet;
		} else {
			return false;
		}
	}
	
	public function isLoggedIn($userType = 0) {
		/*echo '<pre>';
		print_r($this->SessionHandler);
		echo '</pre>';*/
		//exit();
		if ($this->SessionHandler->userLogged === true)
			return true;
		else
			return false;
	
	}
	
	public function loginUser($userDataArr) {
		
		if ($userDataArr) {
/*			$childArrayTmp = array ();
			for($child = 1; $child <= count ( $userDataArr [1] ); $child ++) {
				if (trim ( $userDataArr [1] ['admission_no' . $child] ) != '') {
					$hash = base64_encode ( $userDataArr [1] ['admission_no' . $child] );
					//echo $userDataArr [1] ['admission_no' . $child].'<br>';
					$childArrayTmp [] = $hash;
				}
			}*/
			
			$this->SessionHandler->userid = $userDataArr [0] ['id'];
			$this->SessionHandler->username = $userDataArr [0] ['username'];
			$this->SessionHandler->firstname = $userDataArr [0] ['firstname'];
			$this->SessionHandler->lastname = $userDataArr [0] ['lastname'];
			$this->SessionHandler->email = $userDataArr [0] ['email'];
			$this->SessionHandler->userLogged = true;
			return true;
		}
	}
	
	public function logoutUser() {
		$this->SessionHandler->un_set ( "userid" );
		$this->SessionHandler->un_set ( "username" );
		$this->SessionHandler->un_set ( "firstname" );
		$this->SessionHandler->un_set ( "lastname" );
		$this->SessionHandler->un_set ( "email" );
		$this->SessionHandler->un_set ( "userLogged" );
	}
	
	public function UpdatePassword($insArr, $username = null, $oldpassword = null) {
		$flds = array ('id' => 'id');
		
		$result = $this->dbAccess->querySelect ( $this->table, $flds, false, "A", "username = '".$username . "' AND password = '". $oldpassword ."'");	
		if ($result) {
			$this->dbAccess->queryUpdate ( $this->table, $insArr, true, "username = '".$username . "' AND password = '". $oldpassword ."'" );
			return 'Update Completed!';
		} else {
			return 'Wrong old Password!';
		}
	}
	
	public function setNewPassword($username, $newpassword){
		$flds = array ('password' => $newpassword);
		$this->dbAccess->queryUpdate ( $this->table, $flds, true, "username = '".$username . "'" );
	}
	
	public function ManualQuery($qry){
		echo $qry; exit;
		$recordSet = $this->dbAccess->queryManual ( $qry );
		return $recordSet;
	}
}

Open in new window


Sorry, but can you supply the exact code for the below as my php knowledge is limited.

One thing you can do is a var_dump or print_r of $this->SessionHandler

Tried this:

print_r $this->SessionHandler;

but not sure if correct?
0
 
LVL 51

Assisted Solution

by:Julian Hansen
Julian Hansen earned 350 total points
Comment Utility
On first post - the warning is saying that something was sent to the screen prior to sending of header information.

The offending line is here /home/marblest/public_html/phplibs/class.Utility.php:335

Not in the code you posted. The code posted is where the attempt to send header information is done. To see where the issue is (and it could just be a space at the end of a script) we need to see the above file.

print_r works like this
print_r($this->SessionHandler)

Open in new window


I usually create a function in my code (globally accessible) like this

function fnDump(&$obj)
{
  echo "<pre>";
  print_r($obj);
  echo "</pre>";
}

Open in new window


And call it like so
fnDump($this->SessionHandler);

Open in new window

It creates nicely formatted output.

Will respond to second post separately.
0
 
LVL 51

Assisted Solution

by:Julian Hansen
Julian Hansen earned 350 total points
Comment Utility
Second post:

I suspect that this code had some warnings that were just being supressed - moving the site has basically exposed what was always there.

The isLoggedIn function is flawed in that it is checking the value of userLogged which is only set after a login - it does not exist before - hence the warning.

Try changing the function to this

public function isLoggedIn($userType = 0) {
    return (!empty($this->SessionHandler->userLogged) && $this->SessionHandler->userLogged === true);
}

Open in new window

This code first checks if the userLogged property exists and is true before it returns true.
0
 
LVL 51

Expert Comment

by:Julian Hansen
Comment Utility
You will need to make a similar modification to the isLoggedIn here

/home/marblest/public_html/phplibs/class.SystemUserManager.php
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 150 total points
Comment Utility
Let's look at error #1 more closely.  It's not HTTP_REFERER any more; here is the message set:

<br />
<b>Notice</b>:  Undefined index: HTTP_SERVER in <b>/home/marblest/public_html/phplibs/class.Utility.php</b> on line <b>335</b><br />
<br />
<b>Notice</b>:  Undefined property: SessionHandler::$userLogged in <b>/home/marblest/public_html/phplibs/class.UserManager.php</b> on line <b>123</b><br />
<br />
<b>Notice</b>:  Undefined property: SessionHandler::$userLogged in <b>/home/marblest/public_html/phplibs/class.SystemUserManager.php</b> on line <b>55</b><br />


Suggest you roll back any changes you've made to the programming, since that one is obviously wrong.  Before you make any program changes to the PHP, check the error reporting settings on the new server.  You almost certainly want to try this:

error_reporting(E_ALL ^E_STRICT ^E_NOTICE ^E_DEPRECATED)

PHP Notices are not error messages; the arise from conditions considered by the authors of PHP to be "unimportant" and they are suppressed in the default installation settings.  So a reference to an undefined variable results in a silent assignment of NULL, FALSE, zero or the empty string.  This lets noobs fumble along and maybe get something running in PHP without having to have any understanding of the principles of computer science or the basics of programming.  The programmer who is now "not contactable" may have been relying on the suppression of PHP Notice messages.  It's a common mistake among novice PHP programmers.

You might also want to check the output of phpinfo() on both the old server and the new server.  If these are not congruent, line-for-line, you want to find out why and to what extent the application relies on the differing configuration settings.  This is a big task, but it's a necessary one for a server migration.  Sadly, PHP has about a million configuration variables.

Were there any files or data bases on the old server?  Did they get migrated correctly?  A missing user-id could be an artifact of a mistake in data base migration.  You can use phpMyAdmin (free, open source) on both the old server and the new server to examine and compare the data base structure and contents.  Almost any hosting control panel or FTP client will let you examine the file systems.

You might also want to check meetup.com or similar sites to see if there is a PHP user group near you.  Our general advice may be helpful, but it might be better if you can get an experienced PHP programmer to look at the site.  An experienced programmer would be able to add diagnostics and data visualization to the output of the PHP scripts, and with something like that you could get the solutions very quickly.
0
 

Author Comment

by:petewinter
Comment Utility
Hi julianH - Reply No. 39873052

I added your code below at the bottom of the class.Utility.php file

function fnDump(&$obj)
{
  echo "<pre>";
  print_r($obj);
  echo "</pre>";
}

fnDump($this->SessionHandler);

Open in new window


and got this error:

Fatal error: Using $this when not in object context in /home/marblest/public_html/phplibs/class.Utility.php on line 346

What does that mean?
0
 

Author Comment

by:petewinter
Comment Utility
julianH - In reply to 39873070 & 39873076 - Thanks that has removed the notice error, but the login is still not working so must be a fault some where else.

I get the below errors which are mentioned earlier:

Notice: Undefined index: HTTP_SERVER in /home/marblest/public_html/phplibs/class.Utility.php on line 335

Warning: Cannot modify header information - headers already sent by (output started at /home/marblest/public_html/phplibs/class.Utility.php:335) in /home/marblest/public_html/phplibs/class.Utility.php on line 114

Open in new window

0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 150 total points
Comment Utility
Please refer back to this:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_28369579.html#a39872968

Try removing the change you put into place there.  HTTP_SERVER isn't a thing.

I also think you could get better results if you just suppress the Notice messages.  It's not what I would do for the long term, but it's what a lot of PHP programmers have unwittingly done, by just using the default settings for error_reporting().  Undefined variables trigger Notice messages.  Notice messages are browser output.  Headers to set cookies or redirect the client browser must come first and be complete before any browser output at all (even including invisible whitespace).  It follows that the Notice message is causing the run-time failure.  That's why you might want to suppress it, if you couldn't program around it right now.

Some of the background information you need is available in this article:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/A_11271-Understanding-Client-Server-Protocols-and-Web-Applications.html
0
 

Author Comment

by:petewinter
Comment Utility
One another question. I am trying to compare against the old server which uses plesk, but I am not sure how to preview the site as the domain no longer points there.

My server has cpanel and I can preview the address with the ip address and the account name like below...

http://46.32.231.136/~themarbl/

Can you do something similar on plesk?
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:petewinter
Comment Utility
Ray - Thanks for the reply and info.

This is the php set up to the live website on my server: http://www.themarblestore.co.uk/phpinfo.php

I can also add the same phpinfo file to the previous server too, but don't know how to preview it as per my last reply.

I do agree the notices are probably unrelated to why the login is not working. Just trying to find what is causing the probably. I assume it is a difference between server set ups as you mentioned.
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 150 total points
Comment Utility
I'm able to get the same error reporting (24567) that your phpinfo() reports with this:
<?php // temp_error.php
error_reporting(E_ALL ^E_NOTICE ^E_DEPRECATED);
phpinfo();

Open in new window

PHP has made some changes to the error reporting settings at release 5.4.  But unless you deliberately change the error reporting, it looks like it should not affect your scripts (silent Notices)
http://php.net/manual/en/function.error-reporting.php
http://php.net/manual/en/errorfunc.configuration.php#ini.error-reporting

Overall, I think you might want to use phpMyAdmin to look at the data base and be sure that it's working the way you want.
0
 
LVL 51

Assisted Solution

by:Julian Hansen
Julian Hansen earned 350 total points
Comment Utility
The use of the fnDump function must be at the point you want to dump information - so you put the fnDump($this->SessionHandler) in the function where SessionHandler is used

For the rest I need to see
/home/marblest/public_html/phplibs/class.Utility.php
0
 
LVL 51

Assisted Solution

by:Julian Hansen
Julian Hansen earned 350 total points
Comment Utility
To setup your old server basically give us the IP of the old server and the domain name. We can then access it by adding a host entry locally.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
http://www.smarty.net/  Smarty is a template 'compiler' and all the page code is stored in a database.  It is the most convoluted *#@&^!%^ I have ever encountered and I always refuse to work on sites that use it.
0
 

Author Comment

by:petewinter
Comment Utility
julianH - The old servers ip is 213.246.109.55 and the domain was themarblestore.co.uk , but it's not point there anymore so is there a temporary URL I can use?

Dave Baldwin - I'm glad I helped you get that off your chest, but that's not much use to me! :) I have just took over this website and did not pick the system. However I do agree.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
I told you that not to make myself feel good but as warning to you.  Someone must know how to make Smarty work but I don't.  And I do have it installed on a test site here.  

On the one Smarty site I was hired to work on, the page code was all in the database so we had to edit the database to change anything.  I know that's not the way it is supposed to work but I was only there for about two hours and never had time to find the 'front door' to edit and 're-compile' the site.  Xoops is also like that as is NetObjects Fusion.
0
 
LVL 51

Assisted Solution

by:Julian Hansen
Julian Hansen earned 350 total points
Comment Utility
is there a temporary URL I can use?
You can do this by adding a hosts entry on your local machine to point to the old location.

On Windows you would do the following
Open the following file

C:\Windows\System32\drivers\etc\hosts

Add the following line to the file
213.246.109.55 www.themarblestore.co.uk

Open in new window


Now when you browse to www.themarblestore.co.uk you should see the old site. Obviously this will prevent you from getting to the live site while the entry is in hosts - but to deactivate it put a # in front of the IP like so
#213.246.109.55 www.themarblestore.co.uk

Open in new window

Save and you will be able to browse to the old site.

I had already done this but did not know what the path to your phpinfo script was on the old server - so was unable to compare configurations.
0
 

Author Comment

by:petewinter
Comment Utility
julianH - Thanks, but the domain is unready pointing the new site on my server.

The ip address 213.246.109.55 is the old server. So I am trying to view this site. How would I view the this site?
0
 
LVL 51

Accepted Solution

by:
Julian Hansen earned 350 total points
Comment Utility
@peter - the hosts file on your local machine allows you to override where the domain is pointing to.

If you want to get to a site on an old server (i.e. not where the domain is pointing to currently) then my previous post is how you do it.

However we seem to have got sidetracked here - the only reason for needing to access the other server was because of a suggestion by another expert to do a side by side comparrison of the PHP configuration on each.

Rather lets go back to my last request which was

Can you post the source for this file

/home/marblest/public_html/phplibs/class.Utility.php
0
 

Author Closing Comment

by:petewinter
Comment Utility
Thanks for all your advice. I found and paid a php developer to look into this error for me and changed as below...

class.UserManager.php

Before...

public function isLoggedIn($userType = 0)
{
return (!empty($_SESSION['userLogged']) && $_SESSION['userLogged'] === true);
// return (!empty($this->SessionHandler->userLogged) && $this->SessionHandler->userLogged === true);
}

After...

public function loginUser($userDataArr) {

if ($userDataArr) {
/* $childArrayTmp = array ();
for($child = 1; $child <= count ( $userDataArr [1] ); $child ++) {
if (trim ( $userDataArr [1] ['admission_no' . $child] ) != '') {
$hash = base64_encode ( $userDataArr [1] ['admission_no' . $child] );
//echo $userDataArr [1] ['admission_no' . $child].'un_set ( "userLogged" );
}

I think the changes were down to different versions of php on the two servers.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Read about why website design really matters in today's demanding market.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
This tutorial walks through the best practices in adding a local business to Google Maps including how to properly search for duplicates, marker placement, and inputing business details. Login to your Google Account, then search for "Google Mapmakerā€¦

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now