I have been asked to update a site that is no longer functioning properly.
It was on a server running PHP 4.1 with register globals on. I have moved it to my shared server with register globals off, running 4.4.7.
I have a login script that was used, generated by dreamweaver. The script will allow a user to login and then redirect them to their previous url. The previous URL is usually a shopping cart. The shopping cart is login restricted and kicks them over to a login page. When they login, the user should return to the shopping cart page with the part they wanted to add in the cart.
The original URL is shoppingcart.php?PARTNUM=50500&DB=sdsetgd
Under 4.4.7 with register globals off the user is returned to shoppingcart.php without the HTTP variables.
I cant turn on register globals, it is not smart to have it on anyhow.
I will post any code you want to see.
From shopping cart page:
$MM_restrictGoTo = "login.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
from login script:
if (!isset($_SESSION)) {
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['Username'])) {
$loginUsername=$_POST['Username'];
$password=$_POST['Password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "index.php";
$MM_redirectLoginFailed = "loginfailed.php";
$MM_redirecttoReferrer = true;
mysql_select_db($db, $tl12786);
$LoginRS__query=sprintf("SELECT username, password FROM `user` WHERE username=%s AND password=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $Tool_Link_GOOD) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && true) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
The real killer is that the user logs in and is redirected to the shopping cart, but because the HTTP variables are missing it double sends header requests and put out a header error.
As far as I can see the only thing that is not working is that the HTTP variables are not being included in the prevUrl session variable because of register globals off.
Any ideas on getting those variables to follow? Slightly confused now. Thanks in advance.
