[RESOLVED] Code works on local machine but not server

Arenlor

There are two things that I've noticed acting up, the first is the login page keeps having the page it goes to (the edit page) redirect it back to the login page even though there is nothing wrong with the variables that are set. I have set up a test user for this and you can try it out. The username is 'test' and password is 'test' also, without the quotes, of course. As you can see, not a case sensitive username. The site is http://arenblogs.com/
login.php:

<?php error_reporting(0);
$user = $_POST['username'];
$pass = $_POST['password'];
$user = strtolower($user);
if(($user != '' && $pass != '') && ($user != 'username' && $pass != 'password')){
    require_once("conn.php");
    $gold = "select username,password from blogs where username='$user' and password=SHA1('$pass')";
    $log = mysql_query($gold);
    $logum = mysql_num_rows($log);
    $blog = md5($user);
    if($logum == 1){
        setcookie("EDITORADMIN",1,time()+1800);
        setcookie("EDITOR",$blog,time()+1800);
        header("Location: http://localhost/blogs/".$user."/edit.php");}}?>
<?php require_once("head.txt");?>
<p>Please login below, if you don't have a login please <a href="register.php" title="register">register</a>.</p>
<form action="login.php" method="post"><fieldset><input type="text" name="username" value="username" ><input type="password" name="password" value="password"><input type="submit" value="Login"></fieldset></form>
<?php require_once("body.txt");?>

edit.php:

<?php require_once("conn.php");
$logged = $_COOKIE['EDITORADMIN'];
$user = $_COOKIE['EDITOR'];
$path = $_SERVER['REQUEST_URI'];
list($b, $blog) = split('[/]', $path);
$blog = strtolower($blog);
if(md5($blog) != $user){
    header("Location: ../login.php");}
else if($logged != 1){
    require_once("head.txt");
    echo '<p>Sorry, but you need to login from our site. <a href="http://arenblogs.com/login.php">http://arenblogs.com/login.php</a></p>';}
else{
    require_once("head.txt");
    $form = $_POST['form'];
    if($form == 'post'){
        $bl = "SELECT blog_num FROM blogs WHERE username='$blog'";
        $lb = mysql_query($bl);
        $bln = mysql_fetch_array($lb);
        $num = $bln[0];
        $title = $_POST['titlep'];
        $data = $_POST['datap'];
        $blog = "INSERT INTO posts VALUES(NULL,'$num',NOW(),'$title','$data')";
        $golb = mysql_query($blog);
        echo '<p>You may check on your blog <a href="index.php">here</a>.</p>';}
    else if($form == 'edit'){
        $del = $_POST['del'];
        if($del == ''){
            $num = $_POST['numm'];
            $data = $_POST['datae'];
            $title = $_POST['titlee'];
            $sar = "UPDATE posts SET post_title = '$title', post_data= '$data' WHERE post_num = '$num'";
            $ras = mysql_query($sar);}
        else{
            $num = $_POST['numm'];
            if($del == $num){
            $bye = "DELETE FROM posts WHERE post_num =$del";
            $eyb = mysql_query($bye);}}
        echo '<p>You may check on your blog <a href="index.php">here</a>.</p>';}
    else{
        echo '<form action="edit.php" method="post"><fieldset><input type="hidden" value="post" name="form"><input type="text" name="titlep" value="Post Title"></fieldset><fieldset><textarea name="datap" cols="50" rows="6">Your post here.</textarea></fieldset><fieldset><input type="submit" value="Post"></fieldset></form>';
        $getenum = "select posts.post_num,posts.post_title from blogs,posts where blogs.username = '$blog' and blogs.blog_num = posts.blog_num order by post_num desc";
        $enumget = mysql_query($getenum);
        $nume = mysql_num_rows($enumget);
        echo '<form action="edit.php" method="post"><fieldset><select name="enum">';
        for($i = 0; $i < $nume; $i++){
            $en = mysql_fetch_array($enumget);
            echo '<option value="'.$en[0].'">'.$en[1].'</option>';}
        echo '</select><input type="submit" value="select"></fieldset></form>';
        $enum = $_POST['enum'];
       if($enum == ''){
            $getnew = "select posts.post_num from blogs,posts where blogs.username = '$blog' and blogs.blog_num = posts.blog_num order by post_num desc limit 1";
            $newget = mysql_query($getnew);
            $enum = mysql_fetch_array($newget);
            $enum = $enum[0];}
        $getcur = "select * from blogs,posts where blogs.username = '$blog' and blogs.blog_num = posts.blog_num and posts.post_num =$enum";
        $curget = mysql_query($getcur);
        $rec = mysql_fetch_array($curget);
        echo '<form action="edit.php" method="post"><fieldset><input type="hidden" value="edit" name="form"><input type="hidden" value="'.$enum.'" name="numm"><input type="text" value="'.$rec[9].'" name="titlee"></fieldset><fieldset><textarea name="datae" cols="50" rows="6">'.$rec[10].'</textarea></fieldset><fieldset>Delete <input type="checkbox" name="del" value="'.$enum.'"><input type="submit" value="Edit"></fieldset></form>';
}}?>
<?php require_once("body.txt");?>

The second issue (which may be tied to the first) is that it's failing to pull the posts from the database. This is shown on the user's index page, http://arenblogs.com/test/
index.php:

<?php require_once("head.txt");
require_once("conn.php");
list($b, $blog) = split('[/]', $_SERVER['REQUEST_URI']);
$blog = strtolower($blog);
$id = $_GET['id'];
if($id == ''){
    $gedit = "select posts.post_num from blogs,posts where blogs.username = '$blog' and blogs.blog_num = posts.blog_num order by post_num desc limit 1";
    $getid = mysql_query($gedit);
    $di = mysql_fetch_array($getid);
    $id = $di[0];}
$chkid = "select posts.post_num from blogs,posts where blogs.username = '$blog' and blogs.blog_num = posts.blog_num";
$idchk = mysql_query($chkid);
$numchk = mysql_num_rows($idchk);
if($id > $numchk || $id <= 0){
    $gedit = "select posts.post_num from blogs,posts where blogs.username = '$blog' and blogs.blog_num = posts.blog_num order by post_num desc limit 1";
    $getid = mysql_query($gedit);
    $di = mysql_fetch_array($getid);
    $id = $di[0];}
$posts = "select * from blogs,posts where blogs.username = '$blog' and blogs.blog_num = posts.blog_num order by post_num desc limit 10";
$stsop = mysql_query($posts);
$tot = mysql_num_rows($stsop);
$top = mysql_fetch_array($stsop);
$lnk = mysql_query($posts);
echo '<h1>'.$top[3].'</h1><h2>'.$top[4].'</h2><table><tr><td width="200px">';
for($i = 0; $i < $tot; $i++){
    $arr = mysql_fetch_array($lnk);
    echo '<p><a href="index.php?id='.$arr[6].'">'.$arr[9].'</a></p>';}
echo '<p class="inner"><a href="all.php">View all</a></p>';
$pdata = "select posts.post_data from blogs,posts where blogs.username = '$blog' and blogs.blog_num = posts.blog_num and posts.post_num = '$id'";
$datap = mysql_query($pdata);
$dt = mysql_fetch_array($datap);
echo '</td><td class="blog"><p class="blog">'.$dt[0].'</p></td></tr></table>';?>
<?php require_once("body.txt"); ?>

For reference here is my database.

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
CREATE TABLE `blogs` (
  `blog_num` int(10) unsigned NOT NULL auto_increment,
  `username` varchar(32) NOT NULL default '',
  `password` varchar(40) NOT NULL default '',
  `blog_name` varchar(32) NOT NULL default '',
  `blog_descript` text NOT NULL,
  `email` text NOT NULL,
  PRIMARY KEY  (`blog_num`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;
INSERT INTO `blogs` VALUES(1, 'arenlor', 'f65bbae04b4cb01dbb75ec26ab6ef1da787d067f', 'Of Stormy Nights and Good Tea', 'A blog that''s as ecliptic as it''s creator. This is the personal blog of ArenBlogs'' owner, Arenlor.', 'admin@arenblogs.com');
INSERT INTO `blogs` VALUES(2, 'test', 'a94a8fe5ccb19ba61c4c0873d391e987982fbbd3', 'Test', 'Test', 'test@test.org');
CREATE TABLE `posts` (
  `post_num` bigint(20) unsigned NOT NULL auto_increment,
  `blog_num` int(11) NOT NULL default '0',
  `post_date` datetime NOT NULL default '0000-00-00 00:00:00',
  `post_title` text NOT NULL,
  `post_data` longtext NOT NULL,
  PRIMARY KEY  (`post_num`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=5 ;
INSERT INTO `posts` VALUES(1, 1, '2007-04-19 00:06:17', 'Introduction', 'I''m the 18 year old webmaster of this site. I mainly webmaster and help out troubled teens online. I build all my sites by hand, don''t trust tools to help me with anything other than spell checking (and they mess up on that often enough.)');
INSERT INTO `posts` VALUES(2, 1, '2007-04-21 08:05:06', 'Why I disappear', 'Anyone who knows me knows that I disappear every so often, it''s not because I don''t care, it''s because I need to get away for a few that''s all. So don''t let it bother you or worry you if I don''t show up for a while.</p><p class="blog">In other news, I''ve been able to laugh now for a few days, which didn''t use to be happening. I like being able to use HTML in my blog, so I do.');
INSERT INTO `posts` VALUES(3, 2, '2007-12-01 12:22:38', 'Example Post', 'This is an example post, delete or edit.');
INSERT INTO `posts` VALUES(4, 2, '2008-02-22 22:58:08', 'test', 'test');

Lastly conn.php:

<?php $conn = mysql_connect ('localhost','***','***');
$db = mysql_select_db ('arenlor_blogs');?>

When I echo'd what the exact query was that didn't work on the index page and took that to phpmyadmin and ran it in the sql statement it worked.
Sorry if those post is less than coherent, I'm on three powerful sedatives and am happy to string together more than two words.

tapos

Please check your connection string. I think mysql doesn't connect.
Please For connection.php try bellow

<?php 
     $conn = mysql_connect ('localhost','***','***') or die('Could not connect');
    $db = mysql_select_db ('arenlor_blogs') or die('Could not select the database');
?>

This will ensure that the connection is correct and the database selection is also successful or you will get those messages.

Hope this will help you.

Weedpacket

        setcookie("EDITORADMIN",1,time()+1800);
        setcookie("EDITOR",$blog,time()+1800);

That is a hideous way of controlling access. You're trusting that no-one ever finds out that all they need to do to gain admin access is to create a cookie. Have a look at the manual's coverage of sessions. However, you're not even getting that far and no cookies are being set. (Just temporarily, turn error_reporting on and see if that throws up anything as a result of the database access.)

$path = $_SERVER['REQUEST_URI'];
list($b, $blog) = split('[/]', $path);
$blog = strtolower($blog);

See the note on the [man]split[/man] page about the use of [man]explode[/man]. But are you sure $blog contains the correct value? You're relying utterly on the URL having the precise form "something/username/whatever" - if it was, for example "/something/username/whatever" you'd be out of luck. Why the convolutions to extract the username (unless you can get to this page from somewhere else; again, see about using sessions to store such information).

Arenlor

The reason I pull $blog the way I do is because that's how it is across the whole site. You don't need to be logged in to read it, and I intend to put the software as FOSS after I finish with it, though I'll have to comment it some first. The first thing I did when it wasn't working was to echo $blog and see what it read, and it was correct.

It seems the issue is in the database selection, though I don't see how.

EDIT: Figured it out, something must have gone kaboom when the server was switched recently, it had deleted the user for that database only.

Weedpacket

Arenlor wrote:
I intend to put the software as FOSS after I finish with it

Well as I said, you need to rethink your whole access control mechanism. Right now it's about as secure as hiding your house keys under the doormat and taping a note to the door saying "The keys are under the doormat".