Solved

Problem to get function

Posted on 2016-08-17
52
83 Views
Last Modified: 2016-08-22
Hi,
I can not find out the details of the function called 'session_is_registered' within the relevant PHP files. Where can I find it out?
  global $valid_user;
  if (session_is_registered("valid_user"))
  {
      ...

Open in new window

0
Comment
Question by:HuaMinChen
  • 18
  • 15
  • 11
  • +2
52 Comments
 
LVL 21

Expert Comment

by:Kim Walker
ID: 41760489
session_is_registered is an obsolete function. What version of PHP are you using?
1
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41760492
It is PHP 5.2
0
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41760502
Hi,
Thanks. I get no value by last line below, to the variable, while on the screen, I already put the relevant user name and password. Why?
require_once("login_fns.php");
require_once("..\lib\db_fns.php");

ob_start();
session_start();

if ($username && $passwd)
// they have just tried logging in
{
    if (login($username, $passwd))
    {
      // if they are in the database register the user id
      $valid_user = $username;
      session_register("valid_user");
	  $conn = df_conn();
	  $sql="select top 1 principal from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $pri=$qry[principal];
      session_register("pri");
	  $sql="select top 1 territory from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $g_area=$qry[territory];
	  session_register("g_area");
	  $g_multiarea = str_replace(",", chr(13), $g_area);
	  session_register("g_multiarea");
    }  
    else
    {
      // unsuccessful login
      do_html_header("Problem:");
      echo "You could not be logged in. 
            You must be logged in to view this page.";
      do_html_url("login.php", "Login");
      do_html_footer();
      exit;
    }      
}

check_valid_user();

...
function check_valid_user()
// see if somebody is logged in and notify them if not
{
  global $valid_user;
  if (session_is_registered("valid_user"))
  ...
     echo $valid_user . " <br>";

Open in new window

0
 
LVL 3

Expert Comment

by:Donna
ID: 41760524
Is 'valid_user' a variable?

try  if(session_is_registered('$valid_user') )
...

And what "type" is $valid_user? ... Needs to be a string...  (bool won't work) Is it a STring?

we can't tell from your code, because I don't see what makes "valid_user" ...need more code.
0
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41760527
Definitely the same codes do work fine on one other server (there was only a change to the server, from one Win 2008 server to another Win 2008 server, currently).

I still get the same by putting

  if (session_is_registered("$valid_user"))

Open in new window

 
I do not know why I get no value to such variable.
0
 
LVL 51

Expert Comment

by:Julian Hansen
ID: 41760647
Put the following on line 13

echo "DEBUG: Valid User = {$valud_user}<br/>";

Open in new window


Do you see the above line displayed when you browse / login to the page
0
 
LVL 51

Expert Comment

by:Julian Hansen
ID: 41760649
Also are you sure you are using 5.2? As Kim pointed out session_is_registered has been deprecated and removed as of 5.4
0
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41760667
Many thanks Julian.

I put your line to be after line 13 like

require_once("login_fns.php");
require_once("..\lib\db_fns.php");

ob_start();
session_start();

if ($username && $passwd)
// they have just tried logging in
{
    if (login($username, $passwd))
    {
      // if they are in the database register the user id
      $valid_user = $username;
      echo "DEBUG: Valid User = {$valud_user}<br/>";
      session_register("valid_user");
...

Open in new window


but it does not echo the line.

Yes, this is by PHP 5.2.

It is not OK even if I've put this line

...
if (!empty($username) && !empty($passwd))
...

Open in new window

0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 41760813
@HuaMinChen, there are many good examples of "login" code (which is called PHP client authentication ) by the professionals.  You can find these all over the internet; you do not have to try to invent your own!  I happen to know that we have a good article here at E-E, complete with tested and working code examples.  An easy way to move forward might be to get rid of all the code you have that is not working now, and just copy the examples from this article.
https://www.experts-exchange.com/articles/2391/PHP-Client-Registration-Login-Logout-and-Easy-Access-Control.html

Here are some additional things I recommend to help you get started.

First, get some foundation in how PHP works.  Good quality learning resources are identified in this article.
https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html

Second, get in the habit of using php.net.  All of the PHP functions are documented in the online man pages.  When you're not 100% certain  how a function works, what its inputs must be, what output is expected, whether there is a change-log, etc., you can look it up.  I have a lot of experience with PHP and I never try to write code without having a window open to the free online reference materials at php.net.  At a glance, you can see so many things, just by checking the man page.  For example, you can see a prominent red warning block on this page!
http://php.net/manual/en/function.session-is-registered.php

Third, keep your software up-to-date.  PHP has a change log and a news archive.  If you read these things, and all PHP developers must read these things, you will see that PHP 5.2 became out-of-date in 2010.  What is the current version?  Check the "Download" links in the upper right-hand corner of the PHP home page.  I would say you probably want to get to PHP 5.6.24 at once.  Don't worry about the cost - PHP is open source, all free to download and install.

Fourth, learn how to isolate coding issues.  The SSCCE will save you a lot of time and effort.  It teaches how to ask technical questions, and this is something that you must know, whether you're asking in an online forum like E-E, or just asking yourself as you debug a piece of software.  

Those may seem like simple things, but they are all things that we had to learn when we were new to programming.  The sooner you get into those concepts, the faster you will make progress with your programming projects.

Best of luck, ~Ray
1
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 41760815
To the question posed by this link...
<?php


// ALWAYS USE THE HIGHEST POSSIBLE ERROR REPORTING LEVEL
// SO YOU CAN FIND AND CORRECT THE ERRORS, NOT JUST HIDE THEM
error_reporting(E_ALL);


require_once("login_fns.php");
require_once("..\lib\db_fns.php");

ob_start();
session_start();


// BEFORE USING THE VARIABLES, SEE WHAT THEY CONTAIN 
// SO YOU CAN KNOW WHAT THE if() SHOULD DO
var_dump($username, $passwd);


if ($username && $passwd)
// they have just tried logging in
{
    if (login($username, $passwd))
    {
      // if they are in the database register the user id
      $valid_user = $username;
      
      
      echo "DEBUG: Valid User = {$valid_user}<br/>"; // CORRECT SPELLING
   // echo "DEBUG: Valid User = {$valud_user}<br/>"; 
   
   
   // session_register("valid_user"); // OBSOLETE - DO NOT USE - REQUIRES REMEDIATION - LEARN ABOUT PHP SESSIONS
...

Open in new window

1
 
LVL 51

Expert Comment

by:Julian Hansen
ID: 41760863
Sounds like the code is generating an error but not displaying it.

Refer to Ray's comment above - specifically with respect to adding line 6 of his code
error_reporting(E_ALL);

Open in new window

Report any errors you are getting.
1
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 41760952
Afterthought... This might help you understand how to use the PHP session.
https://www.experts-exchange.com/articles/11909/PHP-Sessions-Simpler-Than-You-May-Think.html
1
 
LVL 21

Expert Comment

by:Kim Walker
ID: 41761868
@Julian, there is a typo in your debug code. It should be $valid_user instead of $valud_user
echo "DEBUG: Valid User = {$valid_user}<br/>";

Open in new window

@HuaMinChin, please replace line 13 with the above code.
0
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41761881
Many thanks to all.
Ray/Julian,
I tried to show the error and got that username is not defined (but everything was fine previously to run these codes), here I've further got this (after I tried to declare both variables)

Parse error: syntax error, unexpected T_VAR in D:\edi\Zim_GlobalDA\adm\login_menu.php on line 6

Open in new window


while 6th line is starting at
var $username;
var $passwd;

Open in new window


Any advice?

Kim,
Can you please help?
0
 
LVL 21

Expert Comment

by:Kim Walker
ID: 41761903
Variables in PHP are not declared, they are initialized by assigning them a value. If you wish to initialize the $username and $passwd variables, simply assign an empty string to them. var is not a statement in PHP.
$username = '';
$passwd = '';

Open in new window

However, if you are getting an error that $username is not defined, then your required files are failing to initialize that variable.
1
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41761933
Sorry, here is login.php
<?
//Author:jack
//Date:30/03/09
 require_once("login_fns.php");

 do_html_header("Login");

 display_site_info(); 
 display_login_form();

 do_html_footer();
?>

Open in new window


here is login_menu.php
<?
//Author:jack	Desc:Login validation program
//Created Date: 15/04/09  Modified Date: 15:08 30/11/10
require_once("login_fns.php");
require_once("..\lib\db_fns.php");
//$username='';
//$passwd='';

ob_start();
session_start();
error_reporting(E_ALL);
if ($username && $passwd)
// they have just tried logging in
{
      echo "DEBUG: iiiValid User = {$username}<br/>";
    if (login($username, $passwd))
    {
      echo "DEBUG: dddValid User = jjj<br/>";
      // if they are in the database register the user id
      $valid_user = $username;
      echo "DEBUG: Valid User = {$valid_user}<br/>";
      session_register("valid_user");
	  $conn = df_conn();
	  $sql="select top 1 principal from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $pri=$qry[principal];
      session_register("pri");
	  $sql="select top 1 territory from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $g_area=$qry[territory];
	  session_register("g_area");
	  $g_multiarea = str_replace(",", chr(13), $g_area);
	  session_register("g_multiarea");
    }  
    else
    {
      // unsuccessful login
      do_html_header("Problem:");
      echo "You could not be logged in. 
            You must be logged in to view this page.";
      do_html_url("login.php", "Login");
      do_html_footer();
      exit;
    }      
}

check_valid_user();
setcookie("username", $username);
?>

<head>
<title>Zimnet A4 Menu</title>
</head>
<link rel="stylesheet" href="../styles.css" type="text/css">
<body style="background-color:white;">

<table width="100%"  border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
  <tr> 
    <td height="21" bgcolor="#495e83"></td>
    <td height="21" bgcolor="#495e83"></td>
  </tr>
  <tr> 
    <td height="120" align="left" valign="middle" bgcolor="#FFFFFF"> <img alt="" src="../images/company_name.gif" width="368" height="110"> 
    </td>
    <td align="right" width="287"><img alt="" src="../images/header_graphic.jpg" width="287" height="119"></td>
  </tr>
  <tr> 
    <td height="35" valign="middle" bgcolor="#495e83"> &nbsp; &nbsp; &nbsp; </td>
    <td bgcolor="#495e83"></td>
  </tr>
  <tr>
    <td height="1"><img alt="" src="../images/spacer.gif" width="1" height="1"></td>
    <td height="1"><img alt="" src="../images/spacer.gif" width="1" height="1"></td>
  </tr>
  <tr background="../images/links_bot_fill.gif">
    <td height="30">&nbsp;</td>
    <td>&nbsp;</td>
  </tr>
</table>

<img src="../images/RightImage1570.jpg" alt="" name="zimpic1" width="112" height="533" align="right">
<script language="JavaScript" src="zam.js"></script>
<?
  $conn = df_conn();
  $sql="select top 10000 * from user_role where username='$username'";
  $rst = odbc_exec($conn,$sql);
  $qry = odbc_fetch_array($rst);
  echo "<script language=\"JavaScript\" src=\"zam_items_das.js\"></script>";
  
 if ($qry['role_code']=="DAS")  {
 echo "<script language=\"JavaScript\" src=\"zam_items_das.js\"></script>";
 }
 else if ($qry['role_code']=="DPC")
 {
 echo "<script language=\"JavaScript\" src=\"zam_items_dpc.js\"></script>";
 }
 else if ($qry['role_code']=="ACS")
 {
 echo "<script language=\"JavaScript\" src=\"zam_items_ACS.js\"></script>";
 }
  else if ($qry['role_code']=="ACP")
 {
 echo "<script language=\"JavaScript\" src=\"zam_items_ACP.js\"></script>";
 }
  else if ($qry['role_code']=="ACX")
 {
 echo "<script language=\"JavaScript\" src=\"zam_items_ACX.js\"></script>";
 }
 else if ($qry['role_code']=="ADM")
 echo "<script language=\"JavaScript\" src=\"zam_items_adm.js\"></script>";
?>
<table cellpadding="50" cellspacing="0" border="8" width="80%" style="background-color:white;position:absolute;top:180px;left:80px;">
<tr>
	<td>
	<script language="JavaScript">

	<!--//
		new tree (TREE_ITEMS, TREE_TPL);

	//-->
	</script>
	</td>
</tr>
</table>


<?

echo "<div class=\"loginas\">";
echo "<p>Welcome <br>$valid_user<br>($g_area)</p>";
echo "<div>";
ob_end_flush();
?>

Open in new window


I do not know why I get this
6r.png
after having put correct login and password on 1st login PHP page, while the same set of PHP codes does work fine on one other server.
0
 
LVL 21

Assisted Solution

by:Kim Walker
Kim Walker earned 250 total points
ID: 41761981
The issue is probably in the required file, login_fns.php. It could also be in ..\lib\db_fns.php but that looks like a database connection script. Somewhere before line 12, the variables $username and $passwd should be initialized with legitimate values. There's nothing in the code you've provided that does this unless it is part of those two required files.
0
 
LVL 51

Assisted Solution

by:Julian Hansen
Julian Hansen earned 250 total points
ID: 41761991
Line 12
if ($username && $passwd)

Open in new window

Variables are not defined in the logon_menu.php file - so probably defined in an included file - although the error message is saying they are not defined at all.

As Kim says - need to see login_fns.php
0
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41762020
Many thanks to all.

Here is login_fns
<?
//Author:jack
//Date:30/03/09
  require_once("user_auth_fns.php");
  require_once("output_fns.php");
  require_once("..\lib\db_fns.php");
?>

Open in new window


db_fns.php
<?
//Author:jack
//Create Date: 11:11 30/03/09
//Modified Date: 12:12 13/09/10
//function df_conn()
//function runStoredProc($sql)
function df_conn()
{
   $result = @odbc_pconnect("dns", "user", "password"); 
   if (!$result)
   {  echo 'Cannot connect to database.';
      return false;
	}
   return $result;
}

function runStoredProc($sql){ 

  $val = array();
  $con = df_conn();
  $rs = odbc_exec($con, $sql);

    while ( $row = odbc_fetch_array($rs) ){
        array_push($val,$row);
  }
  odbc_free_result ( $rs );
  odbc_close( $con );
  return $val;
} 

?>

Open in new window


user_auth_fns.php
<?
//Author:jack
//Created Date:30/03/09  Modified Date:16:59 08/07/09
require_once("..\lib\define_cons.php");
require_once("..\lib\db_fns.php");
require_once("..\adm\output_fns.php");

function check_ups($prgId,$username)
// see if somebody is logged in and notify them if not
{  $conn = df_conn();
if (!$conn)
    return "Could not connect to database";
	
$sql="select top 1 record_create,record_query,record_update,record_delete from userProgramSecurities ups where 
program_id='$prgId' and username='$username'";
$rst = odbc_exec($conn,$sql);	
$qry = odbc_fetch_array($rst);
$ups["create"]=$qry["record_create"];
$ups["query"]=$qry["record_query"];
$ups["update"]=$qry["record_update"];
$ups["delete"]=$qry["record_delete"];
return $ups;
}

function register($username, $email, $password)
// register new person with db
// return true or error message
{
 // connect to db
      $conn = df_conn();
  if (!$conn)
    return "Could not connect to database server - please try later.";

  // check if username is unique 
  $result = mysql_query("select * from user where username='$username'"); 
  if (!$result)
     return "Could not execute query";
  if (mysql_num_rows($result)>0) 
     return "That username is taken - go back and choose another one.";

  // if ok, put in db
  $result = mysql_query("insert into user values 
                         ('$username', password('$password'), '$email')");
  if (!$result)
    return "Could not register you  in database - please try again later.";

  return true;
}
 
function login($username, $password)
// check username and password with db
// if yes, return true
// else return false
{
  // connect to db
  $conn = df_conn();
  if (!$conn)
    return 0;

  // check if username is unique

$sql="select top 10000 * from user_acct where username='$username' and passwd = '$password'";
$rst = odbc_exec($conn,$sql);
$num_rows = odbc_num_rows($rst); 

 if (!$rst)
     return 0;
  
  if ($num_rows>0)
     return 1;
  else 
     return 0; 
}

function check_valid_user()
// see if somebody is logged in and notify them if not
{
  global $valid_user;
  if (session_is_registered("valid_user"))
  {
      //echo "Logged in as $valid_user.<br>";
      //for checking only
  }
  else
  {
     // they are not logged in 
     do_html_heading("You must be logged in to view this page.");
     echo $valid_user . " <br>";
     echo "You are not logged in. <br>";
	 echo "<br><a href=\"../adm/login.php\">Login</a><br>";
     do_html_footer();
     exit;
  }  
}

function change_password($username, $old_password, $new_password)
// change password for username/old_password to new_password
// return true or false
{
  // if the old password is right 
  // change their password to new_password and return true
  // else return false
  if (login($username, $old_password))
  {
    if (!($db = df_conn()))
      return false;
$rst = odbc_exec($db,"update user_acct
                            set passwd = '$new_password'
                            where username = '$username'");
    if (!$rst)
      return false;  // not changed
    else
      return true;  // changed successfully
  }
  else
    return false; // old password was wrong
}

function get_random_word($min_length, $max_length)
// grab a random word from dictionary between the two lengths
// and return it
{
   // generate a random word
  $word = "";
  $dictionary = "/usr/dict/words";  // the ispell dictionary
  $fp = fopen($dictionary, "r");
  $size = filesize($dictionary);

  // go to a random location in dictionary
  srand ((double) microtime() * 1000000);
  $rand_location = rand(0, $size);
  fseek($fp, $rand_location);

  // get the next whole word of the right length in the file
  while (strlen($word)< $min_length || strlen($word)>$max_length) 
  {  
     if (feof($fp))   
        fseek($fp, 0);        // if at end, go to start
     $word = fgets($fp, 80);  // skip first word as it could be partial
     $word = fgets($fp, 80);  // the potential password
  };
  $word=trim($word); // trim the trailing \n from fgets
  return $word;  
}

function reset_password($username)
// set password for username to a random value
// return the new password or false on failure
{ 
  // get a random dictionary word b/w 6 and 13 chars in length
  $new_password = get_random_word(6, 13);
 
  // add a number  between 0 and 999 to it
  // to make it a slightly better password
  srand ((double) microtime() * 1000000);
  $rand_number = rand(0, 999); 
  $new_password .= $rand_number;
 
  // set user's password to this in database or return false
  if (!($conn = df_conn()))
        return false;
  $result = mysql_query( "update user
                          set passwd = password('$new_password')
                          where username = '$username'");
  if (!$result)
    return false;  // not changed
  else
    return $new_password;  // changed successfully  
}

function notify_password($username, $password)
// notify the user that their password has been changed
{
    if (!($conn = df_conn()))
      return false;
    $result = mysql_query("select email from user
                            where username='$username'");
    if (!$result)
      return false;  // not changed
    else if (mysql_num_rows($result)==0)
      return false; // username not in db
    else
    {
      $email = mysql_result($result, 0, "email");
      $from = "From: support@phpbookmark \r\n";
      $mesg = "Your PHPBookmark password has been changed to $password \r\n"
              ."Please change it next time you log in. \r\n";
      if (mail($email, "PHPBookmark login information", $mesg, $from))
        return true;      
      else
        return false;     
    }
} 

?>

Open in new window

Kim/Julian,
Do you mean the problem is due to invalid user already validated against the database?
0
 
LVL 51

Expert Comment

by:Julian Hansen
ID: 41762065
No - the $username is not defined - you are using $username but it has not been defined anywhere - that is what the script is saying.
Not sure how it works elsewhere - I can't see anything in the scripts you have provided where $username is being defined.
0
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41762072
Very sorry, where should I define it properly?

And Julian, I can further give you relevant httpd.conf file, that is from the other server (inside which, the same set of PHP files are working fine). Inside that httpd.conf, I do not see any declaration to the directory alias, like what we did, to recent httpd.conf, that resides on the current server.
0
 
LVL 51

Expert Comment

by:Julian Hansen
ID: 41763425
I don't understand - you say this code works elsewhere - I don't see how this is possible if $username is not being initialised. Somewhere in code you have not shown us $username is being set - although the error you are showing us says that is not - so we have a contradiction.

Are you sure you have the entire codebase from the working server setup on the new server?

The httpd.conf file has no bearing on this issue - this is a PHP issue where a variable is being used without having been defined. You need to find, in the working code, where that is - we can tell you that based on what we have been given.
0
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41763436
Can this be a path issue, that I suspect one PHP file (that declares the variable) is not executed, due to that it 'cannot see' relevant PHP file?

Within other server (that works fine by the same set of PHP programs), I cannot see the alias to refer to the directory.
0
 
LVL 51

Expert Comment

by:Julian Hansen
ID: 41763443
You need to look at each PHP file from the landing page up. You need to check at where there is a
require
or
require_once
or
include

That the specified file is available.

You need to check in your PHP files for an Autoload function which if exists will indicate where other class files might be found.

What I would do is run a file search on the working server for the string "$username".  How you do this depends on the tools at your disposal.

My editor has a function to search for text across files. I open the search window, enter the text I am looking for, enter the root folder to start in and specify the type of files to search in.

It returns a list of matches - showing the line and the file the match was made - double clicking the line opens the file at the correct location. This is how I would trace where that $username is being initialised.
1
 
LVL 21

Assisted Solution

by:Kim Walker
Kim Walker earned 250 total points
ID: 41764032
In login_menu.php, replace lines 1-13 with the following:
<?php
error_reporting(E_ALL);
ini_set('display_errors','on');
//Author:jack	Desc:Login validation program
//Created Date: 15/04/09  Modified Date: 15:08 30/11/10
require_once("login_fns.php");
require_once("..\lib\db_fns.php");
//$username='';
//$passwd='';

ob_start();
session_start();
if ($username && $passwd)
// they have just tried logging in

Open in new window

I have moved error_reporting to line 2 and inserted a new statement at line 3. After editing the file, please post any errors that appear when the page is loaded.

Regarding the database connection, is the ODBC driver configured to connect to the same database as on the server that works and is the database source name the same as on the server that works?
0
 
LVL 51

Expert Comment

by:Julian Hansen
ID: 41764111
@Kim is the page not producing key errors already - the undefined variable name visible in this post seems quite clear - $username is not defined - or am I missing something?
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 21

Expert Comment

by:Kim Walker
ID: 41764550
Good point Julian. The ini_set statement is probably not necessary.

However, the error_reporting flag was being set after the two files were included. So I was wondering if an error was being generated during those includes. login_fns.php has other nested includes including user_auth_fns.php which has other nested includes. We don't know how deep the nested includes go. One of those could be the one that defines the missing variables.
0
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41764733
Many thanks to all.
I declare them like

<?
//...
//...
 global $username, $passwd;
 $username='';
 $passwd='';

Open in new window

within login.php, but I still get

Notice: Undefined variable: username in D:\edi\Zim_GlobalDA\adm\login_menu.php on line 11
0
 
LVL 21

Expert Comment

by:Kim Walker
ID: 41764747
What is the result when you move your error_reporting statement to the top as I suggested?
0
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41764761
It is the current result (with error in above), as I already put these

<?
//...
//...
error_reporting(E_ALL);
ini_set('display_errors','on');
require_once("login_fns.php");
require_once("..\lib\db_fns.php");

ob_start();
session_start();
if ($username && $passwd)
...

Open in new window

0
 
LVL 21

Expert Comment

by:Kim Walker
ID: 41764777
I don't see the following in your code immediately above.
<?
//...
//...
 global $username, $passwd;
 $username='';
 $passwd='';

Open in new window

If these three lines (4-6) were in your code, the line that produced the error should be line 14. Please post your entire code up to the line that throws the error and the entire error message.

Additionally, you say this code has worked on other servers. There could be a configuration difference between the servers such that the new server does not automatically invoke PHP with the generic <?. Try changing the very first line to
<?php

Open in new window

0
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41764779
This is login_menu.php
<?
//...
//...
error_reporting(E_ALL);
ini_set('display_errors','on');
require_once("login_fns.php");
require_once("..\lib\db_fns.php");

ob_start();
session_start();
if ($username && $passwd)
// they have just tried logging in
{

Open in new window

0
 
LVL 21

Expert Comment

by:Kim Walker
ID: 41764791
In one of your previous comments you said you have the following in login.php.
global $username, $passwd;
$username='';
$passwd='';

Open in new window

But login.php is not one of the required include files, is it? How does it relate to login_menu.php?
0
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41764792
Because originally, it would call login.php first, and then further go to login_menu.php.
0
 
LVL 21

Assisted Solution

by:Kim Walker
Kim Walker earned 250 total points
ID: 41764808
PHP global variables die with the completed execution of the page load. So $username and $passwd do not carry over from login.php to login_menu.php.

PHP session variables, however, live as long as the session is active, carrying over from one page to the next. In order to store a variable as a session variable, you would need to store them in the $_SESSION superglobal variables.
$_SESSION["username"]='';
$_SESSION["passwd"]='';

Open in new window

Then in login_menu.php, you would need to access them from the $_SESSION superglobals.
<?php
//...
//...
error_reporting(E_ALL);
ini_set('display_errors','on');
require_once("login_fns.php");
require_once("..\lib\db_fns.php");

ob_start();
session_start();
if (isset($_SESSION["username"]) && isset($_SESSION["passwd"]) )
// they have just tried logging in
{

Open in new window

In keeping with the subject of this thread, the obsolete alternative would be to register the session variables in login.php.
$username='';
$passwd='';
session_register("username","passwd");

Open in new window

Then you would use session_is_registered to check for them.
<?php
//...
//...
error_reporting(E_ALL);
ini_set('display_errors','on');
require_once("login_fns.php");
require_once("..\lib\db_fns.php");

ob_start();
session_start();
if (session_is_registered("username") && session_is_registered("passwd") )
// they have just tried logging in
{

Open in new window

Please note that this method is NOT recommended and will no longer work as of PHP 5.3.x.

Also please note that initializing these variables with an empty string will cause the login_menu.php script, as it is, to always respond as if a valid user has logged in. The proper procedure would be to initialize the username and passwd variable with actual authenticated values.

Technically, this question has veered way off course. The original question was where to find the details on the session_is_registered function. That question was answered on my first comment. This question should have been closed long ago. If you have further questions, please open a new question.
0
 
LVL 51

Expert Comment

by:Julian Hansen
ID: 41764818
Something does not make sense here. We were told that this is code ported from another server - where it works - but I don't see how it can work if those variables are not declared. Simply declaring them in the code is not the solution - especially in the way it has been done - if they are not being initialised anywhere already and then declaring them as empty then the if statement is never going to do anything useful.

I feel we are missing an important piece of the puzzle here.
0
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41764827
Many many thanks Kim.
I have
login.php
<?
//...
//...
 global $username, $passwd;
 $username='';
 $passwd='';
 session_register("username","passwd");
...

Open in new window

login_menu.php
<?
//Author:jack	Desc:Login validation program
//Created Date: 15/04/09  Modified Date: 15:08 30/11/10
error_reporting(E_ALL);
ini_set('display_errors','on');
require_once("login_fns.php");
require_once("..\lib\db_fns.php");

ob_start();
session_start();
//if ($username && $passwd)
if (session_is_registered("username") && session_is_registered("passwd") )
// they have just tried logging in
{
    if (login($username, $passwd))
    {
      // if they are in the database register the user id
      $valid_user = $username;
      session_register("valid_user");
	  $conn = df_conn();
	  $sql="select top 1 principal from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $pri=$qry[principal];
      session_register("pri");
	  $sql="select top 1 territory from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $g_area=$qry[territory];
	  session_register("g_area");
	  $g_multiarea = str_replace(",", chr(13), $g_area);
	  session_register("g_multiarea");
    }  
    else
    {
      // unsuccessful login
      do_html_header("Problem:");
      echo "You could not be logged in. 
            You must be logged in to view this page.";
      do_html_url("login.php", "Login");
      do_html_footer();
      exit;
    }      
}

Open in new window


but I still get
6t.png
Julian,
I copy the whole folder and do not know why it functions like this. Previously, I said that within other server (inside which the set of PHP files work fine), the httpd.conf file is not having any declaration of Alias directory. Any advice to this?
0
 
LVL 3

Expert Comment

by:Donna
ID: 41764859
Oh my gosh! I don't want to be rude, but nothing is clicking with you! You posted a picture of the page with the error, and IT SAYS RIGHT THERE, UNDECLARED VARIABLE "username" IN login_menu.php ON LINE 12!!!!!!!

If $username is not assigned a variable somewhere before that point in the code IT WILL NOT WORK! Why are you spinning your head in circles and not listening to anyone?

we don't have all your files, I told you that in the beginning. So you either need to give someone your files, or YOU need to go find where $username gets assigned the actual name, and find out why that's not working yourself. And that's it. You have been told the answer so many times, but it seems to be over your head.
0
 
LVL 51

Assisted Solution

by:Julian Hansen
Julian Hansen earned 250 total points
ID: 41764862
The alias directory is there only so that Apache knows where to find your code - if you install it under the ServerRoot (also defined in your httpd.conf) - then it does not need an alias folder.

However, that is beside the point - the server is finding your code and running the page - so the alias is not in play as a potential cause of the problem.

I say again - if it works on the other server and not on the new one then I suspect something is missing.

Did you try the global search on the working server I recommended above?
0
 
LVL 3

Expert Comment

by:Donna
ID: 41764863
This expert suggested creating a Gigs project.
Why don't you create a project and let someone help you... ?
1
 
LVL 3

Expert Comment

by:Donna
ID: 41764864
...not me...maybe Julian...
0
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41764877
Thanks all.

Julian,
Which Editor are you talking about to search for whatever string, to all files within given folder?
0
 
LVL 51

Expert Comment

by:Julian Hansen
ID: 41764945
I use Notepad++ but there are many out there.
0
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41765061
Kim/Julian,
1. It firstly goes to login.php and then login_menu.php
2. Now I have already declared both username and passwd and have already registered them to session, per the way from Kim
3. Why can't I get the relevant value, within login_menu.php, as variables - username and passwd should hold the relevant values, as passed from login.php web-page?
0
 
LVL 51

Assisted Solution

by:Julian Hansen
Julian Hansen earned 250 total points
ID: 41765082
What version of PHP are you using - still 5.2 or did you upgrade?
0
 
LVL 51

Expert Comment

by:Julian Hansen
ID: 41765084
Having looked at the source - there is quite a bit that would need to be done to debug this. I also recommend opening a Gig for this.
1
 
LVL 21

Expert Comment

by:Kim Walker
ID: 41765348
This entire thread is off-topic. The question that was asked was answered long ago.

In your last screen capture, there is no error. We have eliminated the error. Now the issue is that it doesn't recognize the login. This is an entirely different subject yet again. Please post a new question. Close this question and start a new question.

As I said in my last post, $username and $passwd cannot reference the variables from the login.php page. The variables from login.php can only be referenced from the $_SESSION superglobal.

And I agree with Julian. I can't see any possibility that this code worked on a different server.
0
 
LVL 51

Expert Comment

by:Julian Hansen
ID: 41765373
I think the problem "went away" because he added two lines (lines 5 and 6) in first snippet of this post - which only clouds the issue because it means the code base is now different from the "working" server. All this does is covering up the problem.
0
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41765469
Julian,
I'm still using 5.2 PHP version.
0
 
LVL 51

Accepted Solution

by:
Julian Hansen earned 250 total points
ID: 41765928
Ok I am pretty sure I know what the problem is.

You are using an old version of PHP which was a distraction. I think your "working" version has REGISTER GLOBALS turned on (http://php.net/manual/en/security.globals.php) - in your php.ini file you need to look for the register_globals setting and turn that on.

NB: Dependence on register globals is not advised - the above suggestion is only to get your code working it is strongly suggested that you migrate your code off dependence on register globals.
2
 
LVL 3

Expert Comment

by:Donna
ID: 41766267
Good job...don't think I would have ever got that...being deprecated code and all...I hope he appreciates all your patience and persistence.
0
 
LVL 10

Author Comment

by:HuaMinChen
ID: 41766277
Donna,
I appreciate you as well! Take care!
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

I've been asked to discuss some of the UX activities that I'm using with my team. Here I will share some details about how we approach UX projects.
Boost your ability to deliver ambitious and competitive web apps by choosing the right JavaScript framework to best suit your project’s needs.
The purpose of this video is to demonstrate how to prevent comment spam on a WordPress Website. This will be demonstrated using a Windows 8 PC. Plugin Akismet will be used. Go to your WordPress login page. This will look like the following: myw…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now