Many wired problems occurs during upload to server

[fypstudent]

I have this web portal already uploaded into the server, where it allows the staff to login to their account, however i faced this problem when the user logins, all the details/profile of the user is change to another user. what happens? it working fine when i view in localhost, however many problems occurs when i upload to the server..is it b'cos of the server? or the problem with our codings.

 

this is one of the php of our web portal called index.php

<?php 
session_start();
ob_start();
?>

<html>
<head>
<title>Staff Signage: Web Portal</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="style.css" rel="stylesheet" type="text/css">

<style type="text/css">
<!--
body {
background-color: #FFFFFF;
}
.style1 {
font-family: Arial, Helvetica, sans-serif;
font-size: 11px;
}
-->
</style></head>
<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<!-- ImageReady Slices (login.psd) -->
<table width="800" height="600" border="0" align="center" cellpadding="0" cellspacing="0" id="Table_01">
<tr>
	<td colspan="3">
		<img src="images/index_01.gif" width="800" height="105" alt=""></td>
</tr>
<tr>
	<td rowspan="4">
		<img src="images/index_02.gif" width="212" height="495" alt=""></td>
	<td>
		<img src="images/index_03.gif" width="387" height="86" alt=""></td>
	<td rowspan="4">
		<img src="images/index_04.gif" width="201" height="495" alt=""></td>
</tr>
<tr>
	<td width="387" height="249" valign="top" bgcolor="#E8E8E8" ><table width="381" height="25" border="0">
          <tr>
            <td width="6" height="21"></td>
            <td width="361">
             <?php
		/*if(isset($_SESSION['staffid'])==FALSE){

		}else{
			echo"<meta http-equiv='refresh' content='0; URL=main.php'>";}*/
		?>
              <div align="center">
                <?php

			// read the value of the hidden text field and check whether it has been set
			$submitted = isset($_POST['formSubmitted']);
			$success = FALSE;


			// retrieve the user input in the name and password textfield
			if($submitted){


			// determine if the user name and password field is empty. show an error message if it is

			if(!empty($_POST['staffid'])){
				$staffid = $_POST['staffid'];
			}
			else {
				$staffid = NULL;
				echo "<br><font color=red><center><span class = 'text'> You forgot to enter your staff ID! </span></center></font>";
			}

			if(!empty($_POST['password'])) {
				$password = $_POST['password'];
			}
			else{
				$password = NULL;
				echo "<br><font color=red><center><span class = 'text'> You forgot to enter your password! </span></center></font>";
			}


			//Verify that the user name and password is the same before going into the registration page
			if($staffid && $password){

				require_once('staffSql.php');
					// connect to the mysql database server.
				mysql_select_db($dbname); 

				//assign the data passed from Flex to variables
				$staffid = mysql_real_escape_string($_POST["staffid"]);
				$password = mysql_real_escape_string($_POST["password"]);
				$name = mysql_real_escape_string($_POST["name"]);
				//Query the database to see if the given username/password combination is valid.
				$query = "SELECT staffid ,password, name FROM staff where staffid='$staffid' and password= '$password'";
				$_SESSION['staffid'] = $staffid;
				$result = mysql_query($query);




				if(mysql_num_rows($result) == 1){

						if ($staffid == admin && $password == password)
						{
							$_SESSION['$staffid'] = $$staffid;
							$_SESSION['name'] = $name;
							$success=TRUE;
							echo "<br><P><B><center><span class = 'text'>Log in successful! Welcome ".$staffid.".</span></center></b></p>";
					echo"<span class = 'text'>You will be redirected to the home page in 3 seconds.</span>";
							echo"<meta http-equiv='Refresh' content='3; URL=admin_main3.php'>";
						}


					else{
					   while ($row = mysql_fetch_array ($result)) {

					$name=$row['name'];
					echo "<br><P><B><center><span class = 'text'>Log in successful! Welcome ".$name.".</span></center></b></p>";
					echo"<span class = 'text'>You will be redirected to the home page in 3 seconds.</span>";
					echo"<meta http-equiv='Refresh' content='3; URL=main.php'>";
						$_SESSION['name'] = $name;			
						$success = TRUE;
					}
					}
				}
				else{
					echo "<P><font color=red><center><span class = 'text'>Either your username or password is incorrect. Please try again.<span class = 'text'></center></font>";
				}	
			}

		}



?>            
            </div></td>
            
          </tr>
        </table>        
      <?php if($success==FALSE) { ?>
         <br>
          
           <form name="form1" method="post" action="index.php">
<table width="86%" border="0" align="center" cellspacing="0">
                    <tr>
                      <td><span class="text">Employee ID:</span></td>
                      <td><input type="text" name="staffid" class="inputtext" value="<?php if(isset($_POST['staffid'])) echo $staffid; ?>" /></td>
                    </tr>
                    <tr>
                      <td width="44%"><span class="text">Password:</span></td>
                      <td width="56%"><input type="password" name="password" class="inputtext"/></td>
                    </tr>
                    <?php //echo $staffid; ?>
                    <tr>
                      <td><label></label></td>
                      <td><span class="style1">*Please note that all fields are case sensitive</span></td>
                    </tr>
                    <tr>
                      <td></td>
                      
                      
                      <td>                        <div align="right"><br>
                        <input type="submit" name="Submit" value="Login" />
                        <input type="reset" name="Submit2" value="Reset">
                      </div>
                        <label>
                      <div align="center"></div>
                            </label>                      </td>
          </tr>
                  </table>
			  
			  
<!-- TODO insert a hidden field -->
                  <input type="hidden" name="formSubmitted" value="TRUE" />
                  
          </form>
			  

			  
  <?php } ?> 
          
      <br></td>
  </tr>
<tr>
	<td>
		<img src="images/index_06.gif" width="387" height="1" alt=""></td>
</tr>
<tr>
	<td>
		<img src="images/index_07.jpg" width="387" height="159" alt=""></td>
</tr>
</table>
<!-- End ImageReady Slices -->
</body>
</html>
<?php ob_flush();?>

 

 

[PFMaBiSmAd]

It sounds like a register_globals problem. What does a phpinfo(); statement show for the register_globals setting on both your localhost and online servers?

[fypstudent]

hi, thanks for replying

hrmm sorry we are new here, how do we see the register-global and phpinfo(); in our localhost? as for server, it belongs to the school,, so we need further enquiry from our lecturers.

 

Basically the system design of our application is there is a front end application (build by flex) to allow the students to view the information of the staff (we manage to fix all the problems (where all the problem suddenly surfaced after uploading to the server, (which is same server as the web portal))) btw, we uses filezilla to upload.

 

thanks again!

[fypstudent]

The other end is the web portal, wic is what im facing now, it allows the staff at the back end to change their information like profile and photo, wic will reflect on the front end. It was not working smoothly at first when we upload to server, we also faced a lot of problems such as the layout went out of order, and the functions like edit/add/delete staff are not working, but after MANY attempts, we mange to fix, HOWEVEr, just yesterday, all the functions went crazy and gone worst, like when the user is logged in, all the information is display as another person!! what happen?? we swear that all webportal n flex app are working properly in our localhost before upload to the server

[fypstudent]

Hi, I found out that my register_globals is on from the phpinfo. As this domain is a sub domain from my lecturer, I do not have the php.ini file. Is there a possible way whereby i can create the php.ini file?

 

Thanks

[PFMaBiSmAd]

Register_globals were turned off 6 years ago because of the huge security hole they caused (external post/get/cookie data overwrites session and program variables.) No server, especially one being used by a programming class, should have register_globals turned on.

 

If php is running as a CGI application, it should be possible to place a local php.ini in your document root folder with a statement that turns off register_globals - register_globals = Off If php is running as an Apache module, it should be possible to place a statement in a .htaccess file that turns off register_globals - php_flag register_globals off

 

If you cannot turn off register_globals, it would be necessary for you to change your code so that all post/get/cookie/session and program variables do not have any names in common.