Jump to content


Photo

Login code not redirecting ? please help

login

  • Please log in to reply
2 replies to this topic

#1 bavarian1985

bavarian1985

    Newbie

  • New Members
  • Pip
  • 2 posts

Posted 25 January 2014 - 09:35 AM

Hello everybody.

I have a school grade script, it's contain of admins, teachers and students.
this script is written in Arabic, by the way i'm from Syria.
The script is working on my localhost very good, but on the web don't work any way.
I think the problem in the Login code, and here it is :

 <?php
   	session_start();
   	//==================================================
   	include("admin/config.php");
   	//==================================================
   	include("admin/setting.php");
   	include("Check.php");
   	echo $stylescript;
   	echo $stylebody;
  	//==================================================
  	$titlepage = "$schoolsname - Login page";
  	//==================================================
  	if ($action == 'trylogin')
  	{
  		if(($user_name_insert == "") OR ($user_password_insert == ""))
  		{
  			$result = mysql_query("SELECT template_content FROM school_template where template_name = '".ErrorInsertUserNameAndPassword."'");
  			$result_info = mysql_fetch_array($result);		
  			$ErrorInsertUserNameAndPassword = $result_info["template_content"];
  			$ErrorInsertUserNameAndPassword = str_replace("\"","'",$ErrorInsertUserNameAndPassword);
  			eval("\$ErrorInsertUserNameAndPassword = \"$ErrorInsertUserNameAndPassword\";");	
  			echo $ErrorInsertUserNameAndPassword;
  			exit;
  		}
  		
  		$result = mysql_query("SELECT * FROM school_user where user_name = '$user_name_insert'");
  		$result_num = mysql_num_rows($result);
  		
  		if ($result_num == 0)
  		{
  			$result = mysql_query("SELECT template_content FROM school_template where template_name = '".ErrorWrongUserNameInsert."'");
  			$result_info = mysql_fetch_array($result);		
  			$ErrorWrongUserNameInsert = $result_info["template_content"];
  			$ErrorWrongUserNameInsert = str_replace("\"","'",$ErrorWrongUserNameInsert);
  			eval("\$ErrorWrongUserNameInsert = \"$ErrorWrongUserNameInsert\";");	
  			echo $ErrorWrongUserNameInsert;
  			exit;
  		}
  		else
  		{
  			$result_info = mysql_fetch_array($result);
  			$user_password = $result_info['user_password'];
  			$user_password2 = $result_info['user_password2'];
  			$user_group_id = $result_info['user_group_id'];
  			$user_user_id = $result_info['user_user_id'];
  		
  				
  			if(($user_password_insert <> $user_password)
  			 and
  			 ($user_password_insert <> $user_password2))
  			{
  				$result = mysql_query("SELECT template_content FROM school_template where template_name = '".ErrorWrongUserPasswordInsert."'");
  				$result_info = mysql_fetch_array($result);		
  				$ErrorWrongUserPasswordInsert = $result_info["template_content"];
  				$ErrorWrongUserPasswordInsert = str_replace("\"","'",$ErrorWrongUserPasswordInsert);
  				eval("\$ErrorWrongUserPasswordInsert = \"$ErrorWrongUserPasswordInsert\";");	
  				echo $ErrorWrongUserPasswordInsert;
  				exit;
  			}
  			else
  			{
  				$new_value_lasttime = time();
  				if($user_group_id == 1)
  				{
  					$result = mysql_query("SELECT * FROM school_employee where employee_id = $user_user_id");
  					$result_info = mysql_fetch_array($result);
  					$user_full_name = $result_info['employee_full_name'];
  					$user_login_lasttime = $result_info['employee_login_lasttime'];
  					include("user_login_lasttime_text.php");
  					$date_to_convert = $user_login_lasttime;
  					$sho_time=1;
  					//include("hejri.php");
  					$user_login_lasttime = $date_result;
  					$result = mysql_query("UPDATE school_employee SET employee_login_lasttime = '$new_value_lasttime',employee_count_login = employee_count_login+1 WHERE employee_id = $user_user_id");
  				}
  				if($user_group_id == 3)
  				{
  					$result = mysql_query("SELECT * FROM school_employee where employee_id = $user_user_id");
  					$result_info = mysql_fetch_array($result);
  					$user_full_name = $result_info['employee_full_name'];
  					$user_login_lasttime = $result_info['employee_login_lasttime'];
  					include("user_login_lasttime_text.php");
  					$date_to_convert = $user_login_lasttime;
  					$sho_time=1;
  					//include("hejri.php");
  					$user_login_lasttime = $date_result;
  					$result = mysql_query("UPDATE school_employee SET employee_login_lasttime = '$new_value_lasttime',employee_count_login = employee_count_login+1 WHERE employee_id = $user_user_id");
  				}
  				if($user_group_id == 4)
  				{
  					if($HTTP_SESSION_VARS['S_pas_login'] == 1){$welcomepas ="ولي امر : ";}
  					$result = mysql_query("SELECT * FROM school_student where student_id = $user_user_id");
  					$result_info = mysql_fetch_array($result);
  					$user_full_name = $welcomepas.''.$result_info['student_full_name'];
  					$user_login_lasttime = $result_info['student_login_lasttime'];
  					include("user_login_lasttime_text.php");
  					$date_to_convert = $user_login_lasttime;
  					$sho_time=1;
  					//include("hejri.php");
 					$user_login_lasttime = $date_result;
 					if($user_password_insert == $user_password2)
 					{
 						
 						$S_pas_login = 1;
 						$S_student_login = 0;
 						session_register("S_pas_login");
 						session_register("S_student_login");
 						$result = mysql_query("UPDATE school_student SET student_login_pas_lasttime = '$new_value_lasttime',student_pas_login_count = student_pas_login_count+1 WHERE student_id = $user_user_id");
 					}
 					elseif($user_password_insert == $user_password)
 					{
 						
 						$S_pas_login = 0;
 						$S_student_login = 1;
 						session_register("S_pas_login");
 						session_register("S_student_login");
 						$result = mysql_query("UPDATE school_student SET student_login_lasttime = '$new_value_lasttime',student_login_count = student_login_count+1 WHERE student_id = $user_user_id");
 					}
 				}
 						
 				
 				$S_user_user_id = $user_user_id;
 				session_register("S_user_user_id");
 				$S_user_group_id = $user_group_id;
 				session_register("S_user_group_id");
 				$S_user_full_name = $user_full_name;
 				session_register("S_user_full_name");
 				$S_user_login_lasttime = $user_login_lasttime;
 				session_register("S_user_login_lasttime");
 				$S_user_login_lasttime_text = $user_login_lasttime_text;
 				session_register("S_user_login_lasttime_text");
 				
 	echo "<p dir='rtl'>Accepted..</p>";
 	exit("<META HTTP-EQUIV='refresh' CONTENT='2 URL=index.php'>");
 			}
 		}
 	}		
 	$result = mysql_query("SELECT template_content FROM school_template where template_name = '".login."'");
 	$result_info = mysql_fetch_array($result);		
 	$login = $result_info["template_content"];
 	$login = str_replace("\"","'",$login);
 	eval("\$login = \"$login\";");	
 	echo $login;
 ?>

Any one can help me please.. I need Ur help.
Thank you....

 



#2 Ch0cu3r

Ch0cu3r

    Advanced Member

  • Moderators
  • 2,222 posts

Posted 25 January 2014 - 10:03 AM

It looks like your PHP code appears to rely on a setting called register_globals being on. Nowadays this setting is off by default (on 5.3+) and has been removed since PHP5.4+. 

I would look into doing a complete rewrite so your code is more upto date.

 

Also using eval() is very dangerous too.


Edited by Ch0cu3r, 25 January 2014 - 10:03 AM.


#3 bavarian1985

bavarian1985

    Newbie

  • New Members
  • Pip
  • 2 posts

Posted 25 January 2014 - 12:59 PM

thank you Sir.

could you please help me to rewrite the code to corresponding with php 5.3

here is the hosting server information :

 

Apache version: 2.2.15 PHP version: 5.3.24 MySQL version: 5.6.13 Operating System Linux Kernel Version 3.2.40 Architecture i686 Theme x3

 

Thnx a lot






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com