Search the Community

I am having a very strange issue on one server. I have the same code in a development server running fine, but in my prod server it is failing. Here is the main issue: I have a user authentication routine that accepts UserID and Password from a form and validates it against a MySQL database. So to start, UserId and Password are entered via POST variables as is standard: $UserId=@$_POST['UserId']; $Password=@$_POST['Password']; The Password is encrypted using a standard crypt method such as: $encrypt = crypt($Password,'6!68$7435!'); And this is stored in a MySQL database. This part is working fine, that is, the password is encrypted in value and stored in the MySQL database as 'epasswd'. On login, I am using session, so a standard session_start() and eventual session_destroy() on logout are used. The reason I mention this is because I suspect my issue is session related. So normally this works well. User logs in and I check credentials as follows in one part of my auth routine: elseif(UserAuth($UserId,$Password)){ $UserLogin=$UserId; session_start(); $_SESSION['UserLogin'] = $UserLogin; sql_insertActivity(); header("Location: home.php"); And the auth routine is as follows: <? function UserAuth($UserId,$Password){ global $conn; $Stmt="select epasswd from Users where UserId='$UserId' and Approved='1' or Approved='-1' or Approved='-2'"; $Result = mysql_query($Stmt, $conn) or die(mysql_error()); $Result=mysql_fetch_row($Result); $epasswd=$Result[0]; $retval=($epasswd==crypt($Password,$epasswd)); return($retval); } ?> So I am checking for a valid UserID and Password on form input, and I have a few other variables set for approved status. The retval checks the password they enter versus the encrypted value for a match. This usually works well. Then login occurs and session started, etc. Here is the issue. I added a quick admin routine a little while ago which helps reset a user's password to a temporary value. Once this value is set, along with a setting of approved=-1 in my database, then the user is re-directed to a Change Password screen to update his or her password. *Note: I changed the value to 'Charlie' for this discussion purpose. Here is that quick admin routine I run when I need to change a User to a temp setting: // ----- Establish database connection ----- require "../inc_php/inc_mysql_prod.php"; // $UserId=@$_GET['UserId']; $Password='Charlie'; $encrypt = crypt($Password,'6!68$7435!'); $sql = "UPDATE Users set epasswd='$encrypt', approved='-1' where UserId='$UserId'"; mysql_query($sql, $conn) or die(mysql_error()); So this does work as I validate the UserID is updated in the MySQL database along with an encrypted value for 'Charlie'. However, this is where things breakdown going forward. When the user logs in with the temp credentials, and enters in the Change password routine, their new password is saved in the table. However, when logging back in with the new credentials, the new password is not valid. And what's odd is that 'Charlie', the temp password, works for them on login and nothing else, no matter how many times they change the password in the form. So seems a case of session management out of control? What is the issue? I am defining session on all Php pages used, and have a logout to destroy session, etc. The temp password routine is something I run as an admin in the system and it doesn't have a session start statement. And I am not defining any global vars for Password. I lloked into session management and tried some UNSET paths and such, but may not be doing this correctly. Also I did a complete stop apache, remove all php sess_ files, restart and to no avail. I tried the clear my client side cookies deal in the browser, and still the same problem. What is odd is that this same set of code works fine on my other server, but breaks down on the mirrored server. They are essentially twins in all setup. Some minor differences between the two servers regarding PHP setup that might(?) make a difference. DEV server: SERVER_SOFTWARE Apache/2.2.3 (Red Hat) PROD server: (server showing the issues): SERVER_SOFTWARE Apache/2.2.3 (CentOS) HTTP_COOKIE PHPSESSID=3gocr0hhelvsjjlt63pp4qlnp3 _REQUEST["PHPSESSID"] 3gocr0hhelvsjjlt63pp4qlnp3 _COOKIE["PHPSESSID"] 3gocr0hhelvsjjlt63pp4qlnp3 _SERVER["HTTP_COOKIE"] PHPSESSID=3gocr0hhelvsjjlt63pp4qlnp3 Thanks appreciate the help! -Eddie

Hi all, So im trying to improve on my PHP as my knowledge isn't that great. lets say for argument sake my ip is: 192.168.0.1 im trying to set a external variable to set this as the url. so on each page i use, for each link instead of typing out the ip address i can simply type: <a href="{url}/index.php">Home</a> and then if it is possible, to do something like this: <link rel="stylesheet" href="{url}/main.css" type="text/css"> all in one file so in my php pages i can simple include 1 php file and it will have all of the relevant stylesheets ect linked to it.

I have a fulltext search setup. The issue I have is that I have to add it on every page and do an if statement. The search box is shown fixed position at the top of the website. I was wondering if there is a way I can set it up so that no matter what page I am on, it'll do the search without modifying the selected page? For eg. <html> <head> <title>home page</title> </head> <body> <?php if(isset($_GET['search'])) { echo 'search.php'; } else { // echo rest of the page content. } ?> </body> </html>

Hey guys, I am learning some basic OOP rules and application right now. I was trying to understand setting a property inside of an object. $name = $_GET['user']; if(isset($name)){ class BankAccount{ public $balance = 3500; public function DisplayBalance(){ return $name . ' your Balance Currently is: ' .$this->balance; } public function Withdraw($amount){ $balance = $this->balance; if($balance < $amount){ $this->balance = 'Sorry you can\'t withdraw any funds right now, not enough to cover amount request of: $' .$amount . '. '; } else{ $this->balance = $this->balance-$amount; } } } So here i am trying to add an extra property into this class by grabbing the variable of $name, which is a dynamic string given from a user submit form. When i add public $user = $name; || $user = $name; I get an error, so my syntax is wrong So ultimately my question is, how do i correctly add the variable of $name into my class ? thanks guys,

This forum is "programming theory" so I assume this is the most appropriate place to put this. (Admins or someone feel free to move this if the location is incorrect.) The issue is that a site, example.com, loads slowly to international users because of its US-based host. So the thought is to buy... example.co.uk example.in example.br example.cn ... and host those domains on servers near the respective location. Or something like this. So the question is... what's the best way to handle users getting to the right site from the right location? There are google results out there that sort of address this question, but I'm wondering what has worked for others, or what you've heard of working. I think the solution will be to install a package on my server that can tell where the user is from, and to either redirect the user outright or to let them click a link to go to a more "local" version of the website. Thoughts? Have you handled this? Howso? Thanks

I'm trying to access the variables in the array below outside of the function. I've tried everything The variables I'm trying to access are bold and in red in the code below. These variables are just not accessible outside the function. function GenerateSitemap($params = array()) { // default parameters extract(shortcode_atts(array( 'title' => 'Site map', 'id' => 'sitemap', 'depth' => 2 ), $params)); // create sitemap $sitemap = wp_list_pages("title_li=&depth=$depth&sort_column=menu_order&echo=0"); if ($sitemap != '') { $sitemap = ($title == '' ? '' : "<h2>$title</h2>") . '<ul' . ($id == '' ? '' : " id=\"$id\"") . ">$sitemap</ul>"; } return $sitemap; } add_shortcode('sitemap', 'GenerateSitemap'); Thanks!!