user.php does not allow login... what is wrong with the code?

rdoylelmt

Just a beginner with PHP... recently uploaded a CMS (phpWebsite) and users are unable to login.

It does allow registration, and will send a password to the user's email, and the user can enter the sent password and change it, but in the end... the user is unable to login (as evidenced by guest status in the side block)... after trying to login only a blank page appears.

My website is on a host server:

Operating system Linux
Kernel version: 2.4.9-34
Apache version 1.3.26 (Unix)
PERL version 5.006001
PHP version 4.2.2
MySQL version 3.23.45

I have saved the user.php as an html page which is viewable at www.amtaga.org/user.htm .

I have read the support forums available at phpWebsite and have been unable to resolve this, and my basic PHP book (PHP and MySQL fo Dummies) does not offer this degree of troubleshooting.

So I am seeking assistance here and am hoping that someone who knows PHP 4.2.2 can spot the trouble and offer a solution.

Thank you in advance and the one who would help find a solution, should know that this 900 member volunteer state organization's members will be empowered to having a secure area on the web as a result of your selfless kindness!

Thank you,
Robb Doyle
rdoylelmt@yahoo.com

nightowl

I guess you cannot expect somebody to browse through all that code without you first narrowing it down to the main problem...

rdoylelmt

Originally posted by nightowl
I guess you cannot expect somebody to browse through all that code without you first narrowing it down to the main problem...

Admittedly that is a lot of code, and being a "newbie" I can only guess what to narrow it down to. And if I do venture a guess and post only a small section, how would I know being a "newbie" that it indeed is the main problem.

However I will gladly :-) give it a try by posting this section:

function login($uname, $pass)
{
global $setinfo;
include("config.php");
if ($user_dblocation)
{
@mysql_select_db("$user_dbname") or die ("Unable to select database");
$result = mysql_query("select pass, uid, storynum, umode, uorder, thold, noscore, ublockon, theme, commentmax
FROM " . $table_prefix."users where strcmp(uname,'$uname')=0");
@mysql_select_db("$dbname") or die ("Unable to select database");
}
else
{
$result = mysql_query("select pass, uid, storynum, umode, uorder, thold, noscore, ublockon, theme, commentmax, conversionflag FROM " . $table_prefix."users where strcmp(uname,'$uname')=0");
}

if($result && mysql_num_rows($result)==1)
{
	$setinfo = mysql_fetch_array($result);
	$dbpass = $setinfo[pass];

	$tmppass = ($setinfo[conversionflag]==0) ? crypt($pass, substr($dbpass,0,2)) : md5($pass);
	$updatepass = ($setinfo[conversionflag]==0) ? 1 : 0;

	if (strcmp($dbpass, $tmppass))
		{
		html_header_location("user.php?stop=1");
            	return;
           		}

	$pass=md5($pass);

	// if needed convert old password to the new md5() based system
	if ($updatepass) {
		if ($user_dblocation)
		{
		@mysql_select_db("$user_dbname") or die ("Unable to select database");
		mysql_query("update " . $table_prefix."users set pass='$pass', conversionflag='1' where strcmp(uname,'$uname')=0");
		@mysql_select_db("$dbname") or die ("Unable to select database");
		}
		else
		{
		mysql_query("update " . $table_prefix."users set pass='$pass', conversionflag='1' where strcmp(uname,'$uname')=0");
		}

	}	

	docookie($setinfo[uid], $uname, $pass, $setinfo[storynum], $setinfo[umode], $setinfo[uorder], $setinfo[thold], $setinfo[noscore], $setinfo[ublockon], $setinfo[theme], $setinfo[commentmax]);
		html_header_location("user.php?op=userinfo&bypass=1&uname=$uname");
}
else html_header_location("user.php?stop=1");

Thank you for your consideration,
Robb