Authentication

Shauna

I have a script that I've been using sucessfully using PHP 4.2.? but after changing servers to PHP 4.22 the authentication no longer works. Now, the script will no longer execute the "else" statement. It will redirect me to a bad password message if I do not sucessfully log in, but if I do have authentication it just takes me back to the login screen again.

Help!!!

<?php

include "include_fns.php";
session_register("auth_user");

if (!check_auth_user()) {
?>
<FORM ACTION="login.php" METHOD=POST>
<TABLE BORDER=0>
<TR>
<TD>Username</TD>
<TD><INPUT SIZE=16 NAME="username"></TD>
</TR>
<TR>
<TD>Password</TD>
<TD><INPUT SIZE=16 TYPE="password" NAME="password"></TD>
</TR>
</TABLE>
<INPUT TYPE=SUBMIT VALUE="Log in">
</FORM>

<?php
}
else {
$conn = db_connect();

$w = get_writer_record($auth_user);

print "Welcome, ".$w[full_name];
print " (<A HREF=\"logout.php\">Logout</A>)";
print "<p>";

$sql = "select * from ocuca_cars where collector = '$auth_user' ".
"order by created desc";
$result = mysql_query($sql, $conn);

print "<b>";
print "You currently have ";
print mysql_num_rows($result);
print " repossessions in our database. </b><br> ";
print "<b>";
print "Would you like to add another? ";
print " (<A HREF=\"addstory.shtml\">Add new</A>)";
print "</b><br><br>";

if (mysql_num_rows($result)) {
print "<TABLE>";
print "<TR><TH>Car Type</TH><TH>CU</TH>";
print "<TH>Added</TH><TH>Last modified</TH></TR>";
while ($qry = mysql_fetch_array($result)) {
print "<TR>";
print "<TD>";
print $qry[year];
print " ";
print $qry[model];
print " ";
print $qry[make];
print "</TD>";
print "<TD>";
print $qry[cu];
print "</TD>";
print "<TD>";
print date("M d, H:i", $qry[created]);
print "</TD>";
print "<TD>";
print date("M d, H:i", $qry[modified]);
print "</TD>";
print "<TD>";
if ($qry[published])
print "[Published ".date("M d, H:i", $qry[published])."]";
else {
print "[<A HREF=\"addcar.php?car=".$qry[id]."\">edit</A>] ";
print "[<A HREF=\"content.php?id=".$qry[id]."\">view</A>] ";
print "[<A HREF=\"delete_car.php?car=".$qry[id]."\">delete</A>] ";
}
print "</TD>";
print "</TR>";
}
print "</TABLE>";
}

}
?>

<?php

include "include_fns.php";

if ( (!$username) || (!$password) ) {
print "You must enter your username and password to proceed";
exit;
}

if (login($username, $password)) {
$auth_user = $username;
session_register("auth_user");
header("Location: $HTTP_REFERER");
}
else {
print "The password you entered is incorrect";
exit;
}

PhaZZed

If that code is from zend.com then email the ppl there.

Shauna

No it's not from Zend. It's actually been modeled after some code in a "learning php and mySQL" book.

Thanks though.