Does this old code work today?

bluns

Hey guys,

I purchased a script back in 2002. I was wanting to put it to use, but does not seem to work 🙁 When you want to create an account the link goes to
login.php3?submit=Signup . This should supposibly include the file html/signup.html

But instead it stays with the default login page.

Any ideas why? I am thinking that maybe it requires register globals or something?

 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
	<title>Login Page</title>
</head>
<style type="text/css">
<!--
table {  font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt}
-->
</style>
<SCRIPT LANGUAGE="JavaScript">
<!-- Original: wsabstract.com -->

<!-- This script and many more are available free online at -->
<!-- The JavaScript Source!! http://javascript.internet.com -->

<!-- Begin
function checkrequired(which) 
{
var pass=true;
if (document.images) 
	{
	for (i=0;i<which.length;i++) 
		{
		var tempobj=which.elements[i];
		if (tempobj.name.substring(0,8)=="required") 
			{
			if (((tempobj.type=="text"||tempobj.type=="textarea"||tempobj.type=="password")&&	tempobj.value=='')||(tempobj.type.toString().charAt(0)=="s"&&
			tempobj.selectedIndex==0)) 
				{
				pass=false;
				break;
		        }
		    }
		 }
	}
if (!pass) 
	{
	shortFieldName=tempobj.name.substring(9,30).toUpperCase();
	alert("Please make sure the "+shortFieldName+" field was properly completed.");
	return false;
	}
<!-- check password
pw1 = which.required_password1.value;
pw2 = which.required_password2.value;
if (pw1 != pw2) 
	{
	alert ("\nYou did not enter the same new password twice. Please re-enter your password.")
	return false;
	}
<!-- Check email -->
if (which.required_email) 
	{
				invalidChars = " /:,;"
			var email = which.required_email.value
			if (email == "") {						// cannot be empty
				alert("\nYou did not enter your email address.")
				return false
			}
			for (i=0; i<invalidChars.length; i++) {	// does it contain any invalid characters?
				badChar = invalidChars.charAt(i)
				if (email.indexOf(badChar,0) > -1) {
					alert("\nYour email address contains invalid characters. Please check it and correct it.")
					return false
				}
			}
			atPos = email.indexOf("@",1)			// there must be one "@" symbol
			if (atPos == -1) {
				alert("\nYour email address must contain one, but only one, @ character.")
				return false
			}
			if (email.indexOf("@",atPos+1) != -1) {	// and only one "@" symbol
				alert("\nYour email address must contain one, but only one, @ character.")				
				return false
			}
			periodPos = email.indexOf(".",atPos)
			if (periodPos == -1) {					// and at least one "." after the "@"
				alert("\nYour email address must contain at least one . character.")				
				return false
			}
			if (periodPos+3 > email.length)	{		// must be at least 2 characters after the "."
				alert("\nYour email address must contain at least 2 (two) characters after the . (dot).")				
				return false
			}
			return true
		}
}
//  End -->
</script>
<body bgcolor="#FFFBF0" background="images/blue_line.gif">
<br><br><br><br>

<?php
include "config_base.inc";
include "config.inc";
require "sessions.inc";

function createSession($user) 
	{
	$mysesh=new Session(0,$user,$error);
	$key=$mysesh->seshid;
	return $key;
	}

switch ($submit) { 
// Login section

case 'Login':

// Test to see if user is logged in already.
// first clean up sessions by creating dummy session which will invoke CleanUp function

createSession("dummy");

$sql = "select userid from sessions where userid = '$required_username' ";
$result = mysql_query($sql,$conID);
$numrows = mysql_num_rows($result);
if ($numrows) { 
	include "html/multiple_login.html";
	break;
	}

$sql_select = "select username,password,visits,wins from user where username = '$required_username'";

if($result = mysql_query ($sql_select,$conID)) 
	{
	$row = mysql_fetch_array($result);
	$passwd = $row['password'];
	$user = $row['username'];
	$visits = $row['visits'];
	$wins = $row['wins'];
	$visits_now = $visits + 1;
	if( $passwd == $required_password ) 
		{
		$seshid = createSession($user);
		$sql_update = "update user set visits='$visits_now' where username='$user'";
		$result = mysql_query ($sql_update,$conID);
		include "welcome.php3";
		break; 
		}
	}
	include "html/login_error.html";
break;

//Signup section
case 'Signup':

include "html/signup.html";

break;

// Register section
case 'Register': 
// Is username already on file?
	$sql_select = "select username from user where username = '$required_username'";

if ($result = mysql_query ($sql_select,$conID)) 
{ 	$row = mysql_fetch_array($result);
	$dbuser = $row["username"]; 
	if($dbuser  == $required_username) 
	{
	include "html/username_taken.html";
	break; 
	}
} 

// Is email already on file
	$sql_select = "select email from user where email = '$required_email'";

if ($result = mysql_query ($sql_select,$conID)) 
{	$row = mysql_fetch_array($result);
	$dbemail = $row["email"]; 
	if($dbemail == $required_email) 
	{   
	include "html/email_taken.html";
	break; 
	}
}

// Insert new user data
	$sql_insert = "insert into user (username,password,email) values ('$required_username','$required_password1','$required_email')";

if ($result = mysql_query ($sql_insert,$conID) )
{
		$seshid=createSession($required_username);
		$user = $required_username;
		$wins = 0;
		include "welcome.php3";
} 

// send welcome email to user and notify webmaster

    include "html/welcome.txt";
    mail($required_email,"Welcome",$email_text,"From: $from_address");	

    include "html/notify.txt";
    mail($from_address,"A new player has signed",$notify_txt);	

break;

case 'Remind';
// Email password section

include "html/remind.html";

break;

case 'Email';

// lookup password and email it to email address.

$sql_select = "select username,password,email from user where email = '$email'";

$result = mysql_query ($sql_select,$conID);
if($result = mysql_query ($sql_select,$conID)) 
	{
	$row = mysql_fetch_array($result);
	$passwd = $row['password'];
	$user = $row['username'];
	$emaildb = $row['email'];
	if ($emaildb == $email) {

	$from = 'From: '.$from_address;
	$to = $email;
	$subject = 'Password;
	$data = 
"Hello,

You requested a reminder of your password:

Username: $user
Password: $passwd

If you have any further difficulties, please contact <mailto:$from_address>.

To visit our site now, click here: $game_URL

We appreciate your support and hope you enjoy the game.";

	mail($to, $subject, $data, $from);

	?>
	<div align='center'><font face='Verdana,Arial,sans-serif' size='2'>
	<p>Success! Your password has been sent to the email address on file</p></font></div>
	<?php break; }

else {?>
	<div align=center><font face=Verdana size=2>I\'m sorry, that email address is not on file
	<p>Please <a href='javascript:history.back()'>click here</a> to return.</font></div> 
	<?php }
	}

break;

default:
//default section - no submit parameter passed

include "html/default.html";

break;

} ?>

</body>
</html>

Weedpacket

Yes, register_globals is at fault. Even in 2002 relying on register_globals was deprecated.

bluns

Thanks for that weedpacket! Could you give me an example how to recode part of it so I can fix the rest of the script? I dont want to turn Register Globals on.

Cheers 🙂

halojoy

you can add $GET and $POST lines
that get those values.
But may be a lot of searching and trial and errors, before you have added this way to get values in all your php pages which are used in this script.

to get a value for $submit

switch ($submit) { 
// Login section

case 'Login':

// Test to see if user is logged in already.
// first clean up sessions by creating dummy session which will invoke CleanUp function

use this re-writing


// Added line to read value of $_GET['submit'] in the URL: .....page.php3?submit=Login
$submit = $_GET['submit'];

switch ($submit) { 
// Login section

case 'Login':

// Test to see if user is logged in already.
// first clean up sessions by creating dummy session which will invoke CleanUp function