Hi guys, first post on here.
My problem is with sessions. I have a site that users log in to, to recover pdf files and send messages etc. All very basic. It has been running great for almost 2 years. I have made modifications here and there to the interface throughout that time with out issue.
This past week the hosting service rolled out some upgrades with Vdeck and their servers. Other than an issue with email passwords, all was resolved.
This weekend I made some changes to my site on my testing server (my home pc). The changes were to the user table on mysql, I added a table and echoed some references to these changes on the main login home page.
Everything worked great on the testing server.
OK, I accidentally 'put' the entire site up on the live server instead of just the changes.
I browsed my website and none of the functions worked. The first issue was talking to the database. The server name had changed since the upgrade so I had to go back in and change it from "localhost" as it was to "new server". That fixed the connectivity issue.
First question: when an upgrade like this exists, do they change parts of your website for you?
My sessions however do not work. I checked with the host and it says to add:
session_save_path("your home directory path"/cgi-bin/tmp);
To each page. I did and nothing works. The database is connecting and working fine. The main page after login is however blank, as are all of the pages related to user login.
What can I do to narrow down the problem? What could the hosting service have changed?
Here is what is on all of the pages used for members:
session_save_path(pathto/public_html/cgi-bin/tmp);
session_start();
$username = $SESSION['valid_user'];
$accountid = $SESSION['accountID'];
$lastlogin = $SESSION['lastlogin'];
$date = $SESSION['date'];
$loginFailed = "../loginerror.php";
if (isset($_SESSION['valid_user']));
else {
header("Location: ". $loginFailed );
}
Here is the actual login code:
session_start();
if (isset($POST['username'])&& isset($POST['password']))
{
$username=$POST['username'];
$password=$POST['password'];
$loginSuccess = "../portal/home.php";
$loginFailed = "../loginerror.php";
$db_conn = mysql_connect('server', 'user', 'password');
mysql_select_db('database', $db_conn);
$customerInfo = "SELECT users.accountid, users.username, users.firstname, users.lastname, companyname, address1, address2, citytown, stateprovince, zippostcode, telephone1, fax, email1, bookkeeper, accountant, startdate FROM customers, users WHERE users.accountid = customers.accountid AND users.username = '".$username."'";
$custResult = mysql_query($customerInfo);
$total = mysql_num_rows($custResult);
for ($i=0; $i <$total; $i++)
$custDetail = mysql_fetch_array($custResult);
$query = 'select * from users '."where username='$username' "." and password='$password'";
$result = mysql_query($query, $db_conn);
if (mysql_num_rows($result) >0 )
{
// if they are in the database register the user id
$accountid = $custDetail['accountid'];
$date = date('F j, Y, g:i a T');
//Query to retrieve users last "this login"
$query1 = "SELECT thislogin FROM users WHERE username = '$username'";
$result1 = mysql_query($query1, $db_conn);
$updateLogin = mysql_fetch_array($result1);
$update = $updateLogin['thislogin'];
//Query to update users last login
$query2 = "UPDATE users SET lastlogin = '$update' where username ='$username' ";
$result2 = mysql_query($query2, $db_conn);
//Query to Update users current login
$query3 = "UPDATE users SET thislogin = '$date' where username='$username' ";
$result3 = mysql_query($query3, $db_conn);
//Query to retrieve last login
$query4 = "SELECT lastlogin FROM users where username = '$username'";
$result4 = mysql_query($query4, $db_conn);
$last = mysql_fetch_array($result4);
$lastlogin = $last['lastlogin'];
$_SESSION['valid_user'] = $username;
$_SESSION['accountID'] = $accountid;
$_SESSION['lastlogin'] = $lastlogin;
$_SESSION['date'] = $date;
if (isset($_SESSION['valid_user']) && false) {
$loginSuccess = $_SESSION['valid_user'];
}
header("Location: " . $loginSuccess );
}
else {
header("Location: ". $loginFailed );
}
}
Have you guys any idea of what they could have changed that I inadvertantly undid when putting my whole site up? Any guidance would be appreciated.
