[RESOLVED] Login script problem, after switching hosts

aspekt9

We've had a problem migrating our site over to this new host. A specific login script we had created for some reason isn't quite working now. It has been unchanged since it was working on the other host. It seems like it's not returning any errors but I believe all error displaying is on. The specific line we see it occurring at is a line we call a function to prepare the login information. We've got an or die("didnt work"); line to test it out and thats the only error we get. Nothing else, no syntax or anything. It occurs in userClass.php in our _include/classes/ directory. And at this point we're completely lost:

userClass.php:

<?php
error_reporting("E_ALL");
class UserClass {

private $email;
private $user;
private $password;


function __construct() {
	mysql_select_db("boozards_userinfo") or die("db select error");
}

function userLogin($iemail, $ipassword, $iuser) {
	self::prepareData($iemail, $ipassword, $iuser) or die("didnt work");
	if (get_magic_quotes_gpc()) {
	    $email = stripslashes($this->email);
	    $password = stripslashes($this->password);
	} else {
	    $email = $this->email;
	    $password = $this->password;
	}
	$hashedpass = md5($password);
	$stmt = sprintf("SELECT email,password,user FROM ".TABLE_USERMAIN." WHERE email='%s' AND password='%s'",
	    mysql_real_escape_string($email),
	    mysql_real_escape_string($hashedpass));
	$pstmt = mysql_query($stmt) or die(mysql_error());
	if (mysql_num_rows($pstmt) > 0) {
	    $get_username = mysql_fetch_row($pstmt) or die("error".mysql_error());
	    $_SESSION['username'] = $get_username[2];
	    $_SESSION['email'] = $email;
	    $_SESSION['hash'] = md5($email);
	    return true;
	} else {
	    return false;
	}
}

function createUser($iemail, $ipassword, $iuser, $displayname, $bday, $name,$city,$state) {
	self::prepareData($iemail, $ipassword, $iuser);
	if (get_magic_quotes_gpc()) {
	    $email = stripslashes($this->email);
	    $password = stripslashes($this->password);
	    $user = stripslashes($this->user);
	} else {
	    $email = $this->email;
	    $password = $this->password;
	    $user = $this->user;
	}

    $hashedpass = md5($password);
    $stmt = sprintf("INSERT INTO ".TABLE_USERMAIN."(email,password,user) VALUES('%s','%s','%s')",
		mysql_real_escape_string($email),
		mysql_real_escape_string($hashedpass),
		mysql_real_escape_string($user),
		mysql_real_escape_String($actiationcode));
    $pstmt = mysql_query($stmt) or die("error: ".$stmt."<BR>".mysql_error());
    $stmt_ui = sprintf("INSERT INTO userInfo(user,displayName,displayPicture,birthday,name,city,state) VALUES('%s','%s','http://www.boozards.com/_images/default.jpg','%s','%s','%s','%s')",
		mysql_real_escape_string($user),
		mysql_real_escape_string($displayname),
		mysql_real_escape_string($bday),
		mysql_real_escape_string($name),
		mysql_real_escape_string($city),
		mysql_real_escape_string($state));
    mysql_query($stmt_ui);
    $stmt_comment = sprintf("CREATE TABLE %s_comments(
		commentId INT(250) AUTO_INCREMENT PRIMARY KEY,
		comment VARCHAR(1000) NOT NULL,
		friend VARCHAR(250) NOT NULL, 
		dated VARCHAR(250) NOT NULL, 
		picture VARCHAR(250), 
		beenRead BOOL,
		board2Board bigint(250) NOT NULL)",
			mysql_real_escape_string($user));
    $stmt_commentK = sprintf("CREATE INDEX ind_1 ON %s_comments(
		picture,
		beenRead)",
			mysql_real_escape_string($user));
    $stmt_pinvites = sprintf("CREATE TABLE %s_invites(
		partyId INT(250) NOT NULL PRIMARY KEY, 
		type VARCHAR(250) NOT NULL, 
		beenRead BOOL)", 
			mysql_real_escape_string($user));
    $stmt_pinvitesK = sprintf("CREATE INDEX ind_1 ON %s_invites(
		partyId,
		beenRead)",
			mysql_real_escape_string($user));
    mysql_query($stmt_comment);
    mysql_query($stmt_commentK);
    mysql_query($stmt_pinvites);
    mysql_query($stmt_pinitesK);
    $stmt_friends = sprintf("CREATE TABLE %s_friends(
		friend VARCHAR(250)NOT NULL,
		position INTEGER,
		type INTEGER NOT NULL, beenRead BOOL, dated VARCHAR(250))",
			mysql_real_escape_string($user));
    $stmt_friendsK = sprintf("CREATE INDEX ind_1 ON %s_friends(
		type,
		position,beenRead)",
			mysql_real_escape_string($user));
    mysql_query($stmt_friends);
    mysql_query($stmt_friendsK);
    $stmt_pictures = sprintf("CREATE TABLE %s_pictures(
		picture VARCHAR(250) NOT NULL,
		caption VARCHAR(250))",
			mysql_real_escape_string($user));
    $stmt_picturesK = sprintf("CREATE INDEX ind_1 ON %s_pictures(
		picture)",
		    mysql_real_escape_string($user));
    mysql_query($stmt_pictures);
    mysql_query($stmt_picturesK);
    $picture_dir = $user."/pictures";
    $picture_thumb_dir = $picture_dir."/tn";
    mkdir($user, 0775);
    mkdir($picture_dir, 0775);
    mkdir($picture_thumb_dir, 0775);
    copy("copyindex.php", $user."/index.php");
    return "pass";
}


function prepareData($iemail, $ipassword, $iuser) {
	$this->email = trim(strtolower(htmlspecialchars($iemail)));
	$this->user = trim(strtolower(htmlspecialchars($iuser)));
	$this->password = trim(htmlspecialchars($ipassword));
}

function logoutUser() {
	$_SESSION = array();
}

function checkAvailability($var, $type) {
	$stmt_chk = sprintf("SELECT ".$type." FROM loginInfo WHERE ".$type."='%s'",
    mysql_real_escape_string($var));
	if (mysql_num_rows(mysql_query($stmt_chk))>0) {
		return true;
	} else {
		return false;
	}
}
}
?>

users.php:

<?php   

error_reporting("E_ALL");
require("_include/classes/UserClass.php");  

include 'header.php'; 
require("_include/english.php");  

require_once("_include/classes/TemplateClass.php"); 

$users = new UserClass();  

global $LANG01;    

/*  

** Creates a user and inserts them into mysql
*/
if (isset($_GET['do']) && (($_GET['do']) == 'create')) {
      $regform = new Page("_layout/register.thtml");
      $dispname = (isset($_POST['dispname'])) ? $_POST['dispname'] : '';
      $password = (isset($_POST['password'])) ? $_POST['password'] : '';
      $confpassword = (isset($_POST['confpassword'])) ? $_POST['confpassword'] : '';
      $name = (isset($_POST['name'])) ? $_POST['name'] : '';
      $city = (isset($_POST['city'])) ? $_POST['city'] : '';
      $state = (isset($_POST['state'])) ? $_POST['state'] : '';
      $email = (isset($_POST['email'])) ? $_POST['email'] : '';
      $user = (isset($_POST['user'])) ? $_POST['user'] : '';
	  $month = (isset($_POST['month'])) ? $_POST['month'] : '';
	  $day = (isset($_POST['day'])) ? $_POST['day'] : '';
	  $year = (isset($_POST['year'])) ? $_POST['year'] : '';
	  $bday = $month.'-'.$day.'-'.$year;
      $msg = '';
		if (!empty($dispname)) {
			if (strlen($dispname) > 20) {
				$msg .= $LANG01[1] . '<br />';
			}
		} else {
			$msg .= $LANG01[2] . '<br />';
		}
		if (!empty($password)) {
			if (strlen($password) < 6)            {
				$msg .= $LANG01[3] . '<br />';
			}
		} else {
			$msg .= $LANG01[4] . '<br />'; 
		}
		if (!empty($confpassword)) {
			if (($password) != ($confpassword)) {
				$msg .= $LANG01[5] . '<br />';
			}
		} else {
			$msg .= $LANG01[6] . '<br />';
		}
		if (empty($name)) {
			$msg .= $LANG01[8] . '<br />';
		}
		if (empty($city)) {
			$msg .= $LANG01[9] . '<br />';
		}
		if (empty($state)) {
			$msg .= $LANG01[10] . '<br />';
		}
		if (!empty($email)) {
			if (!preg_match('/[a-zA-Z0-9_.]/i', $email)) {
				$msg .= $LANG01[19] . '<br />';
			} 
		} else {
			$msg .= $LANG01[7] . '<br />';
		} 
		if (!empty($user)) { 
			if (!preg_match('/[a-zA-Z0-9_]/i', $user)) {
				$msg .= $LANG01[13] . '<br />';
			}
			if (is_numeric($user[0]))	{
				$msg .= $LANG01[15] . '<br />';
			}
		} else {
			$msg .= $LANG01[14] . '<br />';
		}

	if ($users->checkAvailability($user, "user")) {  
			$msg .= $LANG01[17] . '<br />';       
	}

	if ($users->checkAvailability($email, "email")) {
			$msg .= $LANG01[18] . '<br />';
	}
	if (empty($msg)) {
		$users->createUser($email,$password,$user,$dispname,$bday,$name,$city,$state);
		$msg .= $LANG01[16] . '<br />'; 
	}      

	$regform->replace_tags(array("errormsg" => "$msg", "profile" => "$dispname", "name" => "$name", "city" => "$city")); 
	$regform->output();
}      if (isset($_REQUEST['mode']))    { 
	$mode = $_REQUEST['mode'];  

 }  else    {  

	$mode = '';    

}   

 switch ($mode)    {
	case 'new':   $regform = new Page("_layout/register.thtml"); 
	$regform->replace_tags(array("errormsg" => "$msg", "profile" => "", "name" => "", "city" => ""));  

	$regform->output(); 
	break;   

} 

/*  

** Logs-in a user to their account and creates login session
*/
if (isset($_GET['do']) && (($_GET['do']) == 'login')) {  

	if ($users->userLogin($email, $password, $user))  { 
		$forward_address = "network.php";
		if (isset($_SESSION['url']))  {  

			$forward_address = $_SESSION['url']; 
			unset($_SESSION['url']);  

		}  

		echo '<meta http-equiv="refresh" content="0;URL='.$forward_address.'">';  

	}  else  {  

		//echo '<meta http-equiv="refresh" content="0;URL=pleaselogin.php?error=failedlogin&saveusername=".$username">';
	}  

} 

/*  

**Logs a user out of their account and clears session
*/
if (isset($_GET['do']) && (($_GET['do']) == 'logout')) {  

	UserClass::logoutUser();  

	echo "successfully logged you out. <a href='/'>Home</a>";  

} 
//same thing as in index.php
//include 'blocks.php';
?>

Everytime, we just receive the didnt work error.

Horizon88

    function userLogin($iemail, $ipassword, $iuser) {
        self::prepareData($iemail, $ipassword, $iuser) or die("didnt work");

Try returning those variables in the error to ensure they're being set up properly. Also, perhaps browse through the new host's php.ini file to see if there are any differences in settings that would cause something to break.

halojoy

aspekt9 wrote:
The specific line we see it occurring at is a line we call a function to prepare the login information.
We've got an or die("didnt work"); line to test it out and thats the only error we get.

Everytime, we just receive the didnt work error.

The function prepare
does not have to be checked for a return value.
So, I suggest you remove the or die("didnt work")
If you have same function call elsewhere, do the same with those.

Change to this:

    function __construct() {
        mysql_select_db("boozards_userinfo") or die("db select error");
    }

function userLogin($iemail, $ipassword, $iuser) {
    self::prepareData($iemail, $ipassword, $iuser);

Regards
🙂

aspekt9

We used the or die to find exactly where the problem was occurring. If we remove it, it just shows the blank page and doesn't forward to where it should. Which tells us it still isn't working properly.

troybtj

In this section:

if (isset($_GET['do']) && (($_GET['do']) == 'login')) {  

    if ($users->userLogin($email, $password, $user))  {

Try echoing the values of email, password, user, then do the same at the top of the userLogin function in the class to see if something is missing or oddly formatted, you should see the same info twice.

You are already checking for magic_quotes, is there a way you can compare the php.ini files between the two hosts for some other change?

Are apache and php the same versions on the two hosts?

Has the document/web root changed and an assumption is made outside of these files that would effect it?

aspekt9

We've narrowed it down and traced it all the way back to the login function in users.php. It's not getting the variables from POST and we have no idea why. When we separate the code and make test files, everything is posting correctly.

halojoy

hi
try this:
I have made 2 changes.

error_reporting( E_ALL ); ( without quotes )
in users.php and in UserClass.php
replaced, in two places the
self :: prepareData($iemail, $ipassword, $iuser)
with the statements in that function.
I dont like the use of self :: here .......

(If still not work, I could consider try making these public:
public $email; public $user; public $password;
But this do not think is no problem. So dont try this option.
It is probably a blind shot in the dark.)

<?php

error_reporting( E_ALL );

require("_include/classes/UserClass.php");  

include 'header.php';
require("_include/english.php");  

require_once("_include/classes/TemplateClass.php");

$users = new UserClass();  

global $LANG01;

<?php
error_reporting( E_ALL );

class UserClass {

private $email;
private $user;
private $password;

function __construct() {
    mysql_select_db("boozards_userinfo") or die("db select error");
}

function userLogin($iemail, $ipassword, $iuser) {
//// 
        $this->email = trim(strtolower(htmlspecialchars($iemail)));
        $this->user = trim(strtolower(htmlspecialchars($iuser)));
        $this->password = trim(htmlspecialchars($ipassword));
////
        if (get_magic_quotes_gpc()) {
            $email = stripslashes($this->email);
            $password = stripslashes($this->password);
        } else {
            $email = $this->email;
            $password = $this->password;
        }
        $hashedpass = md5($password);
        $stmt = sprintf("SELECT email,password,user FROM ".TABLE_USERMAIN." WHERE email='%s' AND password='%s'",
            mysql_real_escape_string($email),
            mysql_real_escape_string($hashedpass));
        $pstmt = mysql_query($stmt) or die(mysql_error());
        if (mysql_num_rows($pstmt) > 0) {
            $get_username = mysql_fetch_row($pstmt) or die("error".mysql_error());
            $_SESSION['username'] = $get_username[2];
            $_SESSION['email'] = $email;
            $_SESSION['hash'] = md5($email);
            return true;
        } else {
            return false;
        }
    }

function createUser($iemail, $ipassword, $iuser, $displayname, $bday, $name,$city,$state) {
//// 
        $this->email = trim(strtolower(htmlspecialchars($iemail)));
        $this->user = trim(strtolower(htmlspecialchars($iuser)));
        $this->password = trim(htmlspecialchars($ipassword));
////
        if (get_magic_quotes_gpc()) {
            $email = stripslashes($this->email);
            $password = stripslashes($this->password);
            $user = stripslashes($this->user);
        } else {
            $email = $this->email;
            $password = $this->password;
            $user = $this->user;
        }

    $hashedpass = md5($password);
    $stmt = sprintf("INSERT INTO ".TABLE_USERMAIN."(email,password,user) VALUES('%s','%s','%s')",
        mysql_real_escape_string($email),
        mysql_real_escape_string($hashedpass),
        mysql_real_escape_string($user),
        mysql_real_escape_String($actiationcode));
    $pstmt = mysql_query($stmt) or die("error: ".$stmt."<BR>".mysql_error());
    $stmt_ui = sprintf("INSERT INTO userInfo(user,displayName,displayPicture,birthday,name,city,state) VALUES('%s','%s','http://www.boozards.com/_images/default.jpg','%s','%s','%s','%s')",
        mysql_real_escape_string($user),
        mysql_real_escape_string($displayname),
        mysql_real_escape_string($bday),
        mysql_real_escape_string($name),
        mysql_real_escape_string($city),
        mysql_real_escape_string($state));
    mysql_query($stmt_ui);
    $stmt_comment = sprintf("CREATE TABLE %s_comments(
        commentId INT(250) AUTO_INCREMENT PRIMARY KEY,
        comment VARCHAR(1000) NOT NULL,
        friend VARCHAR(250) NOT NULL,
        dated VARCHAR(250) NOT NULL,
        picture VARCHAR(250),
        beenRead BOOL,
        board2Board bigint(250) NOT NULL)",
            mysql_real_escape_string($user));
    $stmt_commentK = sprintf("CREATE INDEX ind_1 ON %s_comments(
        picture,
        beenRead)",
            mysql_real_escape_string($user));
    $stmt_pinvites = sprintf("CREATE TABLE %s_invites(
        partyId INT(250) NOT NULL PRIMARY KEY,
        type VARCHAR(250) NOT NULL,
        beenRead BOOL)",
            mysql_real_escape_string($user));
    $stmt_pinvitesK = sprintf("CREATE INDEX ind_1 ON %s_invites(
        partyId,
        beenRead)",
            mysql_real_escape_string($user));
    mysql_query($stmt_comment);
    mysql_query($stmt_commentK);
    mysql_query($stmt_pinvites);
    mysql_query($stmt_pinitesK);
    $stmt_friends = sprintf("CREATE TABLE %s_friends(
        friend VARCHAR(250)NOT NULL,
        position INTEGER,
        type INTEGER NOT NULL, beenRead BOOL, dated VARCHAR(250))",
            mysql_real_escape_string($user));
    $stmt_friendsK = sprintf("CREATE INDEX ind_1 ON %s_friends(
        type,
        position,beenRead)",
            mysql_real_escape_string($user));
    mysql_query($stmt_friends);
    mysql_query($stmt_friendsK);
    $stmt_pictures = sprintf("CREATE TABLE %s_pictures(
        picture VARCHAR(250) NOT NULL,
        caption VARCHAR(250))",
            mysql_real_escape_string($user));
    $stmt_picturesK = sprintf("CREATE INDEX ind_1 ON %s_pictures(
        picture)",
            mysql_real_escape_string($user));
    mysql_query($stmt_pictures);
    mysql_query($stmt_picturesK);
    $picture_dir = $user."/pictures";
    $picture_thumb_dir = $picture_dir."/tn";
    mkdir($user, 0775);
    mkdir($picture_dir, 0775);
    mkdir($picture_thumb_dir, 0775);
    copy("copyindex.php", $user."/index.php");
    return "pass";
}


function prepareData($iemail, $ipassword, $iuser) {
    $this->email = trim(strtolower(htmlspecialchars($iemail)));
    $this->user = trim(strtolower(htmlspecialchars($iuser)));
    $this->password = trim(htmlspecialchars($ipassword));
}

function logoutUser() {
    $_SESSION = array();
}

function checkAvailability($var, $type) {
    $stmt_chk = sprintf("SELECT ".$type." FROM loginInfo WHERE ".$type."='%s'",
    mysql_real_escape_string($var));
    if (mysql_num_rows(mysql_query($stmt_chk))>0) {
        return true;
    } else {
        return false;
    }
}
}
?>

aspekt9

Thanks for all the help guys. I actually just figured it out:

if (isset($_GET['do']) && (($_GET['do']) == 'create')) {
      $regform = new Page("_layout/register.thtml");
      $dispname = (isset($_POST['dispname'])) ? $_POST['dispname'] : '';
      $password = (isset($_POST['password'])) ? $_POST['password'] : '';
      $confpassword = (isset($_POST['confpassword'])) ? $_POST['confpassword'] : '';
      $name = (isset($_POST['name'])) ? $_POST['name'] : '';
      $city = (isset($_POST['city'])) ? $_POST['city'] : '';
      $state = (isset($_POST['state'])) ? $_POST['state'] : '';
      $email = (isset($_POST['email'])) ? $_POST['email'] : '';
      $user = (isset($_POST['user'])) ? $_POST['user'] : '';
      $month = (isset($_POST['month'])) ? $_POST['month'] : '';
      $day = (isset($_POST['day'])) ? $_POST['day'] : '';
      $year = (isset($_POST['year'])) ? $_POST['year'] : '';
      $bday = $month.'-'.$day.'-'.$year;
      $msg = '';

All the variables were only being stored when the user was creating an account:

if (isset($_GET['do']) && (($_GET['do']) == 'create')) {

So I moved the variables required by the other if statements outside of that if statement and all is working well 🙂.

bradgrafelman

Don't forget to mark this thread resolved.