Session login

[grlayouts]

Hi,

 

I have a login on www.ycreate.com which was working on another cpanel server. recently i changed host and now when i've uploaded the files no one can log in as the session seems to fail..

 

I beleive this to be server side but my host state it's not

 

can someone try it and give advice on what they need to activate for it to work

 

username: testaccount

password:test

 

website: www.ycreate.com

 

 

I can provide the code if required.

[peterg0123]

We need some code...

[grlayouts]

i see it as pointless the code is working but okay.

 

Login form.

 

<form name="login"  class="login" method="post" action="login.php">
   <label>Username</label> <input type="text" name="user" size="20" maxlength="20" style="width:148px; height:16px;" /><br/><br/>
   <label>Password</label> <input type="password" name="pass" size="20"  maxlength="20"  style="width:148px; height:16px;" /><br/>
   
  <input name="submit" type="submit" value="Login" class="submit" /> 
  </form>

 

login.php

 

<?php 

include("config.php"); 

session_start(); 

?>
<?php



if (!$user || !$pass) {



include("head2.php"); 



print "Please fill out all fields.";



exit;



}



include("header1.php"); 



$logres = mysql_num_rows(mysql_query("select * from players where user='$user' and pass='$pass'"));



$stat = mysql_fetch_array(mysql_query("select * from players where user='$user' and pass='$pass'"));



if ($logres <= 0) {
;



exit;



} else {



session_register("user");



session_register("pass");



}

  $unixtime = time();

  	  $b = date("g:i a d-m-Y",$unixtime);



$ip = " $_SERVER[REMOTE_ADDR] ";



mysql_query("update players set ip='$ip' where id=$stat[id]");

mysql_query("update players set lastonline='$b' where id=$stat[id]");

mysql_query("update players set logins=logins+1 where id=$stat[id]");



?>
blah blah page so on!!!

[grlayouts]

and sorry header1 is

 

<?















if (!session_is_registered("user") || !session_is_registered("pass")) {







print "<center><font color=silver>Your session is over you will need to log back in....<a href=index.php>CLICK HERE</a>.";







exit;







}







$stat = mysql_fetch_array(mysql_query("select * from players where user='$user' and pass='$pass'"));







if (empty ($stat[id])) {







print "Invalid login.";







exit;







}

[peterg0123]

Hi,

 

What version of PHP is your new host running?

[PFMaBiSmAd]

Your code relies on both register_globals and session_register() (and probably session_is_registered() and session_unregister()). All of these were turned off by default in php4.2 in April of the year 2002, over 7 years ago. All of these have also been completely removed in php6, so now is the time to update the code to current php standards.

 

[peterg0123]

Hi,

 

This line of code will always stop here and go no further.  Because when you call

include("header1.php"); 

it checks the below.  These global vars (user && pass) have not been set yet and "exit" will terminate the script.

 

<?if (!session_is_registered("user") || !session_is_registered("pass")) {	print "<center><font color=silver>Your session is over you will need to log back in....<a href=index.php>CLICK HERE</a>.";	exit;}

 

Also session_is_registered has been deprecated.  Use isset() on the $_SESSION global var.  e.g. !isset($_SESSION['user'])

[grlayouts]

okay i have updated the code to the new standards and codded out the session checks now im getting the error fill in both fields.

 

can someone suggest a simpler way to login than what i am doing?