[RESOLVED] After a server move - Login not working

StevenJ

Hi,

My host has just moved servers (without me knowing), anyway - I have a login page, but I can no longer log into my admin area I created.

I know that the MySQL database works, becuase I have a news page which displays results from the database.

Also, if a login attempt fails, I record details of the strings entered in the text fields. If I type bogus logon details in, I can see that an entry is recorded in the MySQL tables (I check this by using phpAdmin that is installed on the server by the host).

however, if I try and login with the correct logon information, it doesn't record my logon attempt, but -it directs me to the logon denied page anyway?

is there any global variable that I may be relying upon that has been changed?

The basic logon script was created with dreamweaver - but the php addapted to suit my needs. However, this works on my home test installation but not on the live web?

Any ideas please?

regards

Rodney_H_

It sounds like a global thing. You are probably trying to use: $username and $password, but you may need to use either the $GET['username'] or $POST['username'] syntax (depending on what method used on the form) with register globals off.

EDIT:

Do you want to show the code? Usually helps...

Also: have you tried to echo() the values of the variables before checking them against your db?

StevenJ

<?php require_once('Connections/db_con.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
  $GLOBALS['PrevUrl'] = $accesscheck;
  session_register('PrevUrl');
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=md5($_POST['password']);
  $email = $_POST['email'];
  $ip = $_SERVER['REMOTE_ADDR'] ;
//  $timeanddate = date("D jS M Y") ;
  $timeanddate = date("G:i:s D jS M Y") ;

  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "admin.php";
  $MM_redirectLoginFailed = "accessdenied.html";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_db_con, $db_con);

  $LoginRS__query=sprintf("SELECT user, password FROM users WHERE email='%s' AND user='%s' AND password='%s'",
    get_magic_quotes_gpc() ? $email : addslashes($email),
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername),
    get_magic_quotes_gpc() ? $password : addslashes($password)); 

  $LoginRS = mysql_query($LoginRS__query, $db_con) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";

//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;	      

//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");

if (isset($_SESSION['PrevUrl']) && false) {
  $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
}
header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
		//echo $ip . "<br /> " ;
		//echo $timeanddate . "<br /> " ;
		//echo $_POST['username'] . "<br /> " ;
		//echo $_POST['password'] . "<br /> " ;
		//echo $email . "<br /> " ;
      $insertSQL = sprintf("INSERT INTO failed_logins (ip, timeanddate, logonname, password, email) VALUES ('%s', '%s', '%s', '%s', '%s')",
						$ip, $timeanddate, $_POST['username'], $_POST['password'], $_POST['email'] ); 
		//echo $insertSQL . "<br /><br />" ;
	  mysql_select_db($database_db_con, $db_con);
	  $Result1 = mysql_query($insertSQL, $db_con) or die(mysql_error());

header("Location: ". $MM_redirectLoginFailed );

  }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>eightseven.net :: administration login</title>

<link rel="shortcut icon" href="http://www.eightseven.net/favicon.ico">
<meta name="MSSmartTagsPreventParsing" content="TRUE" />
<meta name="Description" content="British Rail Class 87 Locomotives, Photographs, Status, News and Class Happenings" />
<meta name="Abstract" content="British Rail Class 87 Locomotives, Photographs, Status, News and Class Happenings" />
<meta name="Robots" content="all" />
<meta name="Distribution" content="Global" />
<meta name="Revisit-After" content="5 days" />
<meta name="Rating" content="General" />

<link href="css/nav.css" rel="stylesheet" type="text/css" />
<link href="css/styles.css" rel="stylesheet" type="text/css" />
</head>

<body>
<div id="holder">
<a href="index.php"><img src="graphics/banner.png" alt="eightseven .net" border="0" title="British Rail Class 87 :: eightseven.net" /></a>
<div id="navcontainer"><ul>
<li><a href="index.php">home</a></li><li><a href="about.php">about</a></li><li><a href="news.php">news</a></li><li><a href="gallerytop.php">gallery</a></li><li><a href="links.php">links</a></li><li><a href="contact.php">contact</a></li><li><a href="#photo.html">photography</a></li>
</ul></div>
<div id="full_box">

<table width="100%" align="center" cellpadding="2" cellspacing="2">
    <tr bgcolor="#FFFFFF"> 
      <td><form ACTION="<?php echo $loginFormAction; ?>" name="form-1" id="form-1" method="POST">
          <table width="100%" height="100%" border="0" cellpadding="1" cellspacing="0" bordercolor="#333333" bgcolor="#FFFFFF">
            <tr bgcolor="#FFFFFF">
              <td width="25%" height="79" valign="bottom" bordercolor="#FFFFFF">&nbsp;</td>
              <td width="75%" valign="middle" bordercolor="#FFFFFF">Please Supply <strong>logon</strong> 
                credentials</td>
            </tr>
            <tr bgcolor="#FFFFFF"> 
              <td height="24" valign="bottom" bordercolor="#FFFFFF"> <div align="right">Username&nbsp;</div></td>
              <td valign="bottom" bordercolor="#FFFFFF"> <input name="username" type="text" id="username" size="20" /></td>
            </tr>
            <tr bordercolor="#FFFFFF" bgcolor="#FFFFFF"> 
              <td valign="bottom"> <div align="right">Password&nbsp; </div>
              <td valign="top"> <input name="password" type="password" id="password2" size="20" /></tr>
            <tr bordercolor="#FFFFFF" bgcolor="#FFFFFF">
              <td valign="bottom"><div align="right">email&nbsp;</div></td>
              <td height="16" valign="top"><input name="email" type="text" id="email" size="30" /></td>
            </tr>
            <tr bordercolor="#FFFFFF" bgcolor="#FFFFFF"> 
              <td width="92">&nbsp;</td>
              <td height="100" valign="middle"> <input name="login" type="submit" value="Submit" /> 
              </td>
            </tr>
          </table>
    </form> 
      </td>
    </tr>

</table>

</div>
<div id="footer"><strong>&copy; eightseven.net </strong></div>
</div>
</body>
</html>

StevenJ

administration page

<?php
//initialize the session
session_start();

// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  session_unregister('MM_Username');
  session_unregister('MM_UserGroup');

  $logoutGoTo = "index.php";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>
<?php

$MM_authorizedUsers = "adminOnly";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "accessdenied.html";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   

  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>eightseven.net :: administration console</title>

<link rel="shortcut icon" href="http://www.eightseven.net/favicon.ico">
<meta name="MSSmartTagsPreventParsing" content="TRUE" />
<meta name="Description" content="British Rail Class 87 Locomotives, Photographs, Status, News and Class Happenings" />
<meta name="Abstract" content="British Rail Class 87 Locomotives, Photographs, Status, News and Class Happenings" />
<meta name="Robots" content="all" />
<meta name="Distribution" content="Global" />
<meta name="Revisit-After" content="5 days" />
<meta name="Rating" content="General" />

<link href="css/nav.css" rel="stylesheet" type="text/css" />
<link href="css/styles.css" rel="stylesheet" type="text/css" />
</head>

<body>
<div id="holder">
<a href="index.php"><img src="graphics/banner.png" alt="eightseven .net" border="0" title="British Rail Class 87 :: eightseven.net" /></a>
<div id="navcontainer"><ul>
<li><a href="index.php">home</a></li><li><a href="about.php">about</a></li><li><a href="news.php">news</a></li><li><a href="gallerytop.php">gallery</a></li><li><a href="links.php">links</a></li><li><a href="contact.php">contact</a></li><li><a href="#photo.html">photography</a></li>
</ul></div>
<div id="full_box">
  <table border="0" cellpadding="1" cellspacing="0" bordercolor="#000000" bgcolor="#FFFFFF">
  <tr bordercolor="#FFFFFF" bgcolor="#FFFFFF">
    <td width="69">&nbsp;</td> 
              <td width="601">Submit File For Loco Data</td>
              <td width="601">&nbsp;</td>
      </tr>
            <tr bordercolor="#FFFFFF" bgcolor="#FFFFFF">
              <td>&nbsp;</td> 
              <td><form method="post" action="execsv.php" enctype="multipart/form-data" name="form1" id="form1">
&nbsp;&nbsp;
    <input type="file" name="inputfile2" enctype="multipart/form-data" />
    <input name="Browse2" type="submit" id="Browse" value="Upload File" />
              </form></td>
              <td><a href="insertnews.php">Insert A News Item</a>  </td>
            </tr>
            <tr bordercolor="#FFFFFF" bgcolor="#FFFFFF">
              <td height="30">&nbsp;</td> 
              <td>Submit File For Gallery</td>
              <td><a href="adminnews.php">UPDATE an News Item</a></td>
           </tr>
            <tr bordercolor="#FFFFFF" bgcolor="#FFFFFF">
              <td>&nbsp;</td> 
              <td><form method="post" action="Connections/importimages.php" enctype="multipart/form-data" name="form2" id="form2">
&nbsp;&nbsp;
    <input type="file" name="inputfile_img" enctype="multipart/form-data" />
    <input name="Browse3" type="submit" id="Browse3" value="Upload File" />
              </form></td>
              <td><a href="editloco.php">Update a Locomotive Entry </a></td>
            </tr>
            <tr bordercolor="#FFFFFF" bgcolor="#FFFFFF">
              <td>&nbsp;</td> 
              <td>Submit File For Loco Allocations</td>
              <td>&nbsp;</td>
            </tr>
            <tr bordercolor="#FFFFFF" bgcolor="#FFFFFF">
              <td>&nbsp;</td> 
              <td><form method="post" action="Connections/execsv-gen.php" enctype="multipart/form-data" name="form3" id="form3">
&nbsp;&nbsp;
    <input type="file" name="inputfile" enctype="multipart/form-data" />
    <input name="Browse" type="submit" id="Browse4" value="Upload File" />
              </form></td>
              <td><a href="uploadgalleryimage.php">Upload Image for Gallery</a></td>

      </tr>
      <tr bordercolor="#FFFFFF" bgcolor="#FFFFFF">
        <td height="26">&nbsp;</td> 
        <td>Duplicate / Back Up News Table</td>
        <td><a href="failed.php">Show Failed Login Attempts</a></td>
      </tr>
      <tr bordercolor="#FFFFFF" bgcolor="#FFFFFF">
        <td>&nbsp;</td> 
          <td><form method="post" action="Connections/duplicate_news.php" name="form4" id="form4">
&nbsp;&nbsp;
    <input name="back_up" type="Submit" value="Back UP News" />
              </form></td>
              <td><a href="<?php echo $logoutAction ?>">Leave the Admin Pages</a> </td>

      </tr>
        <tr bordercolor="#FFFFFF" bgcolor="#FFFFFF">
          <td height="30">&nbsp;</td>
          <td>&nbsp;</td>
          <td><a href="uploadgalleryimage.php">Insert an image into the gallery. </a></td>
      </tr>
  </table>
</div>
<div id="footer"><strong>&copy; eightseven.net </strong></div>
</div>
</body>
</html>

that is the code. As you can see, I do use $_POST.

StevenJ

HI,

have done a little more de-bugging,

and have come up with the following.

on the login page, there is the following code:

    $GLOBALS['MM_Username'] = $loginUsername;

I know very little about sessions, but I believe that this session variable should then be available in any page where I have started a session? and kept a session maintained?

anyhow, I post the form from the page that contains the above php and on the form action takes me to a very basic page that contains only:

session_start();

echo $_SESSION['MM_Username'] ;
echo   "<br />" ;

now, on my home machine, it prints out the value entered for $loginUsername

where as on the host it doesn't print it out. So, Seesion variables are being lost? I think?

can anyone help?

StevenJ

on the form page which I submit with the required fields, I have just changed the

$GLOBALS.......

$_SESSION.....

and the login now works? is that normal?

what could cause that?

come on - someone must know something........

thanks

Steven

Weedpacket

Yes. That's normal. Like almost every other variable, $GLOBALS is destroyed and its memory freed when the script ends. The exception is $SESSION. So if you want a value to live on past the end of the script it has to go into $SESSION.

The $GLOBALS array is not the $_SESSION array.

StevenJ

I used session_register to register the globals though too.

The funny thing is that the code was created by using the dreamweaver "Create Login Page" ....and it used to work?

Weedpacket

session_register() won't work if register_globals is turned off. Current modern practice is to manipulate session data exclusively through the $_SESSION array, and not session_register() (and certainly not to use both at the same time). session_register has been effectively deprecated since PHP4.1 and register_globals since PHP4.2 and are only retained for the benefit of people who are still using PHP4.0.x.

As for Dreamweaver's idea of PHP code .... I've seen it. It's pretty clear that Macromedia would prefer you used ColdFusion.....

StevenJ

many thanks for all the help and explaination,

regards