Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

Server upgrade from 4 to 4.4.9 w/MySQL Unable to log into my site now

authentication mysql

  • Please log in to reply
2 replies to this topic

#1 anglina

anglina

    CC Resident

  • Just Joined
  • PipPipPipPip
  • 75 posts

Posted 06 February 2010 - 09:32 AM

A friend of mine has been having a PHP/MySQL Problem. This exhausted my limited PHP/MySQL knowledge. Does anyone have any idea why the login is now broken?

Thank you for a taking a moment to look at my question.

I am hosting a small website on Powweb and in the last couple of days it has started to upgrade PHP 4 to PHP 4.4.9. Additionally, they added the PDO MySQL extension.

I am no expert and i am puzzled. Up until a couple of days ago, everything was working no problem. Now the site will not let anyone login to it.

What is has pushed me to this script is the fact that when either a user or administrator logs in and misses authentication, the "Login Failed" error appears. If the authentication is good, a registered member will see the login page again but the admin will get the index.php page.

I have narrowed the problem to the login.php script as people can search the mySQL database the site utilizes and get responses.

Please look at the login page

Below is the php script....

<?php 
require_once("includes/conn.php");
if (isset($_SESSION['loggedin']))
header("Location:contribute.php");

$error='';
if (isset($_POST['Submit'])){
//validate username/password
if (isset($_POST['AdminLogin']))
$tbl='admins';
else
$tbl='submitters';

$sql="SELECT * FROM ".$tbl." WHERE alias='".myAddSlashes($_POST['Username'])."' AND password=".myPassword(myAddSlashes($_POST['Password']));

$result=mysql_query($sql) or die(mysql_error().'<br/>'.$sql);
if (!$row=mysql_fetch_array($result))
$error='<p style="color:#FF0000">Login failed! Try again.</p>';
else {
//set up session values after login
$_SESSION['username']=$row['alias'];
$_SESSION['loggedin']=true;
$_SESSION['logintype']=$tbl;
if (isset($_POST['AdminLogin'])) {
$_SESSION['uid']=$row['adminid'];
header("Location:admin.php");
}
else {
$_SESSION['uid']=$row['submitterid'];
header("Location:contribute.php");
}
}
}

?>




I believe the error is in the section below, but i cannot put my finger on it...


	$sql="SELECT * FROM ".$tbl." WHERE alias='".myAddSlashes($_POST['Username'])."' AND password=".myPassword(myAddSlashes($_POST['Password']));

$result=mysql_query($sql) or die(mysql_error().'<br/>'.$sql);




  • 0

#2 Orjan

Orjan

    CC Mentor

  • Moderator
  • 2918 posts
  • Location:Karlstad, Sweden
  • Programming Language:C, Java, C++, C#, PHP, JavaScript, Pascal
  • Learning:Java, C#

Posted 06 February 2010 - 01:25 PM

Hmm, the PDO addon shoudn't do a thing to this. hm. PHP 4.4.9 is pretty outdated as well, sure they don't have a PHP 5 to use and change your code (if necessary) to that directly?
  • 0

I'm a System developer at XLENT Consultant Group mainly working with SugarCRM.
Please DO NOT send mail or PM to me with programming questions, post them in the appropriate forum instead, where I and others can answer you.


#3 Feral

Feral

    CC Addict

  • Just Joined
  • PipPipPipPipPip
  • 158 posts

Posted 07 February 2010 - 12:41 AM

Hmm, the PDO addon shoudn't do a thing to this. hm. PHP 4.4.9 is pretty outdated as well, sure they don't have a PHP 5 to use and change your code (if necessary) to that directly?


Powweb has both php 4 and 5 running, they are currently upgrading php 4 to 4.4.9 and php 5 to 5.2.12.

From the control panel you can freely switch between 4 and 5.

I don't see anything blaringly wrong with your code, but I also don't know what the functions mypassword and myaddslashes do. So my first suggestion would be (other then trying php5) to try the script without the myaddslashes function as i'm guessing the the mypassword function would be required.

An aside:
(warning unsolicited advice below, if you don't want it please just don't read it)


For a number of reasons you should not do "SELECT *", you should only grab the fields that are actually needed and add LIMIT 1.
  • 0





Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download