Jump to content

Login works on GoDaddy but not PowWeb .. ??

spacepoet

By spacepoet
in PHP Coding Help

 Share

Recommended Posts

spacepoet Advanced Member

spacepoet

Posted
Posted

Hello:

 

I have a login form that I have been using successfully on GoDaddy.

 

However, I am making a new site on a hosting platform with PowWeb (I think it's a poor platform) and the login script does not work.

It seems like it is not "holding" the session. When I enter the UserName and Password, it keeps kicking me out and back to the Login area. I know I'm using the correct UserName/Password.

 

My question is - do I need to add an .INI file to the host, and add some form of statement to make it "start" the sessions?

 

I know it's not my browsers, as I tested my other sites in FireFox / Chrome, and they work fine.

 

Ideas?

Link to comment
Share on other sites
spacepoet Advanced Member

spacepoet

Posted
  • Author
Posted

Well, the GoDaddy accounts have a PHP.INI file already installed:

register_globals = off
allow_url_fopen = off

expose_php = Off
max_input_time = 60
variables_order = "EGPCS"
extension_dir = ./
upload_tmp_dir = /tmp
precision = 12
SMTP = relay-hosting.secureserver.net
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="


; Only uncomment zend optimizer lines if your application requires Zend Optimizer support

;[Zend]
;zend_optimizer.optimization_level=15
;zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-3.3.3
;zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3
;zend_extension=/usr/local/Zend/lib/Optimizer-3.3.3/ZendExtensionManager.so
;zend_extension_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3/ZendExtensionManager_TS.so


; -- Be very careful to not to disable a function which might be needed!
; -- Uncomment the following lines to increase the security of your PHP site.

;disable_functions = "highlight_file,ini_alter,ini_restore,openlog,passthru,
;		      phpinfo, exec, system, dl, fsockopen, set_time_limit,
;                     popen, proc_open, proc_nice,shell_exec,show_source,symlink"

 

This PowWeb account has no PHP.INI file at all .. I tried uploading the above file but it didn't work ..

 

It has a myPhpAdmin area - do I need to enable something there?

 

All the files are the exact same, which is why I'm confused ...

Link to comment
Share on other sites
gizmola Prolific Member

gizmola

Posted
Posted

Odd .. but I just added a PHP.INI file to the ROOT, htdocs, and the "admin" folder.

 

And it works!

 

All the PHP.INI file has is:

register_globals = On

 

There must be a reason for it ...

 

Right ... ??

 

Oh man.  register_globals --- really insecure and long deprecated feature.  You really need to update your scripts so that they use $_GET and $_POST so you can turn that off.

Link to comment
Share on other sites
spacepoet Advanced Member

spacepoet

Posted
  • Author
Posted

I can post the code ... but I don't use "register_globals = On" usually .. it's the only way it works for this crappy hosting account they gave me.

 

Login.php:

<?php

include('../include/myConn.php');
include('../include/myCodeLib.php');
include('include/myAdminNav.php');

?>

<!DOCTYPE HTML>

<html>
<head>

<meta charset="ISO-8859-1" />

<title>Admin Area</title>

<?php echo spAdminLinks(); ?>

</head>

<body>

<div id="siteContainer">

<div id="topContainer">
	 
</div>

	<div id="topMenuContainer">
		<div id="topMenu">
			 
		</div>
	</div>

<div id="contentContainer">

	<div id="mainContent">

		<h1>Login Area</h1>

		<form name="form1" method="post" action="myLogin.php">

			<div class="myAdminLoginFloatLeft">

				User Name:
				<br /><br />
				Password:

			</div>

			<div class="myAdminLoginFloatRight">

				<input name="myUserName" type="text" id="myUserName">
				<br /><br />
				<input name="myPassword" type="password" id="myPassword">

			</div>

		<div style="clear: both; padding-bottom: 20px;"></div>

		<input type="submit" name="Submit" value="Login">

		</form>

		<br />

		<a href="ForgotPassword.php">Forgot Password?</a>

	</div>

	<div style="clear: both;"></div>

</div>

<div id="footerContainer">
	<?php echo spAdminFooter(); ?>
</div>

</div>

</body>
</html>

 

myLogin.php

<?php

include('../include/myConn.php');
include('../include/myCodeLib.php');
include('include/myAdminNav.php');

ob_start();

$myUserName=$_POST['myUserName'];
$myPassword=$_POST['myPassword'];

$myUserName = stripslashes($myUserName);
$myPassword = stripslashes($myPassword);
$myUserName = mysql_real_escape_string($myUserName);
$myPassword = mysql_real_escape_string($myPassword);

$sql="SELECT * FROM myAdmins WHERE myUserName='$myUserName' and myPassword='$myPassword'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){

session_register("myUserName");
session_register("myPassword");
header("location:a_Home.php");
}
else {

echo "

<!DOCTYPE HTML>

<html>

<head>

<meta charset=\"ISO-8859-1\" />
<meta http-equiv=\"refresh\" content=\"5;url='Login.php'\">

<title>Admin Area</title>

". spAdminLinks() ."

</head>

<body>

<div id=\"siteContainer\">

<div id=\"topContainer\">
	 
</div>

	<div id=\"topMenuContainer\">
		<div id=\"topMenu\">
			 
		</div>
	</div>

<div id=\"contentContainer\">

	<div id=\"mainContent\">

			<h1>Incorrect User Name or Password.</h1>

		<p>You will now be re-directed back to the login area to try again, or <a href=\"Login.php\">click here</a>.</p>

	</div>

	<div style=\"clear: both;\"></div>

</div>

<div id=\"footerContainer\">

	". spAdminFooter() ."

</div>

</div>

</body>

</html>
";
}

ob_end_flush();
?>

 

 

a_Home.php:

<?php
include('include/myCheckLogin.php');
?>
<html>
...STUFF...
</html>

 

myCheckLogin.php:

<?
session_start();
if(!session_is_registered(myUserName)){
header("location:Login.php");
}
?>

 

mySQL "Admins" TABLE:

-- 
-- Table structure for table `myAdmins`
-- 

CREATE TABLE `myAdmins` (
  `id` int(4) NOT NULL auto_increment,
  `myUserName` varchar(65) NOT NULL default '',
  `myPassword` varchar(65) NOT NULL default '',
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;

-- 
-- Dumping data for table `myAdmins`
-- 

INSERT INTO `myAdmins` VALUES (1, 'abc', 'abc');

 

 

My first login script ..

 

How can I slim this down to do the same thing, but use less code AND make it more secure?

 

Also, how do I set a "timeout" so if the page is in active for 20 minutes it will push the user back to the Login.php page?

 

Thanks for the help.

 

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

I think what session_register() does internally is dependent on the state of register_globals. The php.net documentation states that session_register() doesn't work when register_globals are off, but I tested not too long ago and with register_globals OFF, it registers the php variable you supply as the argument as the value that gets saved to the session data file, ignoring the actual $_SESSION variable you set in the script that has the same name.

 

It's also possible that by creating a local php.ini with only the register_globals setting in it that all the other php.ini settings took on their default values.

Link to comment
Share on other sites
gizmola Prolific Member

gizmola

Posted
Posted

I think what session_register() does internally is dependent on the state of register_globals. The php.net documentation states that session_register() doesn't work when register_globals are off, but I tested not too long ago and with register_globals OFF, it registers the php variable you supply as the argument as the value that gets saved to the session data file, ignoring the actual $_SESSION variable you set in the script that has the same name.

 

It's also possible that by creating a local php.ini with only the register_globals setting in it that all the other php.ini settings took on their default values.

 

I didn't look at the code closely enough to even notice session_register().  But as it's deprecated, I think we can advise that any of those calls should be rewritten:

 

session_register("myUserName");

 

Change this to:

 

$_SESSION['myUserName'] = $myUserName;

 

Do this for all occurrences of session_register(), rename the php.ini to php.ini.local and see if things now work correctly.

 

 

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

That code looks like it just has to be from phpeasystep.com, and their tutorials are among the most obsolete, outdated and incorrect on the web. Someone seriously needs to disconnect the CAT3 cable from the 9600 baud modem card on the back of their 80486 based web server . . .

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

IMO, most of the php tutorials posted around the Internet are dated and should either be removed or brought up to current php coding standards. There are a number of things that php put into the language in the early days that have proven to have been poor choices for a programming language and most of these things have been depreciated, turned off by default (in some cases, over 9 years ago), and soon to be removed from the language.

 

Also, tutorials are meant to teach you in general how to do some task (i.e. a tutorial is part of the learning process) so that you can write the code yourself for that task that meets the needs of your application, it is not meant to be THE FINAL code you use in your application.

Link to comment
Share on other sites
gizmola Prolific Member

gizmola

Posted
Posted

That code looks like it just has to be from phpeasystep.com, and their tutorials are among the most obsolete, outdated and incorrect on the web. Someone seriously needs to disconnect the CAT3 cable from the 9600 baud modem card on the back of their 80486 based web server . . .

 

Haha.  Reminds me of:

 

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.