Jump to content

Recommended Posts

Hello everybody.

I have a school grade script, it's contain of admins, teachers and students.
this script is written in Arabic, by the way i'm from Syria.
The script is working on my localhost very good, but on the web don't work any way.
I think the problem in the Login code, and here it is :

 <?php
   	session_start();
   	//==================================================
   	include("admin/config.php");
   	//==================================================
   	include("admin/setting.php");
   	include("Check.php");
   	echo $stylescript;
   	echo $stylebody;
  	//==================================================
  	$titlepage = "$schoolsname - Login page";
  	//==================================================
  	if ($action == 'trylogin')
  	{
  		if(($user_name_insert == "") OR ($user_password_insert == ""))
  		{
  			$result = mysql_query("SELECT template_content FROM school_template where template_name = '".ErrorInsertUserNameAndPassword."'");
  			$result_info = mysql_fetch_array($result);		
  			$ErrorInsertUserNameAndPassword = $result_info["template_content"];
  			$ErrorInsertUserNameAndPassword = str_replace("\"","'",$ErrorInsertUserNameAndPassword);
  			eval("\$ErrorInsertUserNameAndPassword = \"$ErrorInsertUserNameAndPassword\";");	
  			echo $ErrorInsertUserNameAndPassword;
  			exit;
  		}
  		
  		$result = mysql_query("SELECT * FROM school_user where user_name = '$user_name_insert'");
  		$result_num = mysql_num_rows($result);
  		
  		if ($result_num == 0)
  		{
  			$result = mysql_query("SELECT template_content FROM school_template where template_name = '".ErrorWrongUserNameInsert."'");
  			$result_info = mysql_fetch_array($result);		
  			$ErrorWrongUserNameInsert = $result_info["template_content"];
  			$ErrorWrongUserNameInsert = str_replace("\"","'",$ErrorWrongUserNameInsert);
  			eval("\$ErrorWrongUserNameInsert = \"$ErrorWrongUserNameInsert\";");	
  			echo $ErrorWrongUserNameInsert;
  			exit;
  		}
  		else
  		{
  			$result_info = mysql_fetch_array($result);
  			$user_password = $result_info['user_password'];
  			$user_password2 = $result_info['user_password2'];
  			$user_group_id = $result_info['user_group_id'];
  			$user_user_id = $result_info['user_user_id'];
  		
  				
  			if(($user_password_insert <> $user_password)
  			 and
  			 ($user_password_insert <> $user_password2))
  			{
  				$result = mysql_query("SELECT template_content FROM school_template where template_name = '".ErrorWrongUserPasswordInsert."'");
  				$result_info = mysql_fetch_array($result);		
  				$ErrorWrongUserPasswordInsert = $result_info["template_content"];
  				$ErrorWrongUserPasswordInsert = str_replace("\"","'",$ErrorWrongUserPasswordInsert);
  				eval("\$ErrorWrongUserPasswordInsert = \"$ErrorWrongUserPasswordInsert\";");	
  				echo $ErrorWrongUserPasswordInsert;
  				exit;
  			}
  			else
  			{
  				$new_value_lasttime = time();
  				if($user_group_id == 1)
  				{
  					$result = mysql_query("SELECT * FROM school_employee where employee_id = $user_user_id");
  					$result_info = mysql_fetch_array($result);
  					$user_full_name = $result_info['employee_full_name'];
  					$user_login_lasttime = $result_info['employee_login_lasttime'];
  					include("user_login_lasttime_text.php");
  					$date_to_convert = $user_login_lasttime;
  					$sho_time=1;
  					//include("hejri.php");
  					$user_login_lasttime = $date_result;
  					$result = mysql_query("UPDATE school_employee SET employee_login_lasttime = '$new_value_lasttime',employee_count_login = employee_count_login+1 WHERE employee_id = $user_user_id");
  				}
  				if($user_group_id == 3)
  				{
  					$result = mysql_query("SELECT * FROM school_employee where employee_id = $user_user_id");
  					$result_info = mysql_fetch_array($result);
  					$user_full_name = $result_info['employee_full_name'];
  					$user_login_lasttime = $result_info['employee_login_lasttime'];
  					include("user_login_lasttime_text.php");
  					$date_to_convert = $user_login_lasttime;
  					$sho_time=1;
  					//include("hejri.php");
  					$user_login_lasttime = $date_result;
  					$result = mysql_query("UPDATE school_employee SET employee_login_lasttime = '$new_value_lasttime',employee_count_login = employee_count_login+1 WHERE employee_id = $user_user_id");
  				}
  				if($user_group_id == 4)
  				{
  					if($HTTP_SESSION_VARS['S_pas_login'] == 1){$welcomepas ="ولي امر : ";}
  					$result = mysql_query("SELECT * FROM school_student where student_id = $user_user_id");
  					$result_info = mysql_fetch_array($result);
  					$user_full_name = $welcomepas.''.$result_info['student_full_name'];
  					$user_login_lasttime = $result_info['student_login_lasttime'];
  					include("user_login_lasttime_text.php");
  					$date_to_convert = $user_login_lasttime;
  					$sho_time=1;
  					//include("hejri.php");
 					$user_login_lasttime = $date_result;
 					if($user_password_insert == $user_password2)
 					{
 						
 						$S_pas_login = 1;
 						$S_student_login = 0;
 						session_register("S_pas_login");
 						session_register("S_student_login");
 						$result = mysql_query("UPDATE school_student SET student_login_pas_lasttime = '$new_value_lasttime',student_pas_login_count = student_pas_login_count+1 WHERE student_id = $user_user_id");
 					}
 					elseif($user_password_insert == $user_password)
 					{
 						
 						$S_pas_login = 0;
 						$S_student_login = 1;
 						session_register("S_pas_login");
 						session_register("S_student_login");
 						$result = mysql_query("UPDATE school_student SET student_login_lasttime = '$new_value_lasttime',student_login_count = student_login_count+1 WHERE student_id = $user_user_id");
 					}
 				}
 						
 				
 				$S_user_user_id = $user_user_id;
 				session_register("S_user_user_id");
 				$S_user_group_id = $user_group_id;
 				session_register("S_user_group_id");
 				$S_user_full_name = $user_full_name;
 				session_register("S_user_full_name");
 				$S_user_login_lasttime = $user_login_lasttime;
 				session_register("S_user_login_lasttime");
 				$S_user_login_lasttime_text = $user_login_lasttime_text;
 				session_register("S_user_login_lasttime_text");
 				
 	echo "<p dir='rtl'>Accepted..</p>";
 	exit("<META HTTP-EQUIV='refresh' CONTENT='2 URL=index.php'>");
 			}
 		}
 	}		
 	$result = mysql_query("SELECT template_content FROM school_template where template_name = '".login."'");
 	$result_info = mysql_fetch_array($result);		
 	$login = $result_info["template_content"];
 	$login = str_replace("\"","'",$login);
 	eval("\$login = \"$login\";");	
 	echo $login;
 ?>

Any one can help me please.. I need Ur help.
Thank you....

 

Link to comment
https://forums.phpfreaks.com/topic/285664-login-code-not-redirecting-please-help/
Share on other sites

It looks like your PHP code appears to rely on a setting called register_globals being on. Nowadays this setting is off by default (on 5.3+) and has been removed since PHP5.4+. 

I would look into doing a complete rewrite so your code is more upto date.

 

Also using eval() is very dangerous too.

Edited by Ch0cu3r

thank you Sir.

could you please help me to rewrite the code to corresponding with php 5.3

here is the hosting server information :

 

Apache version: 2.2.15 PHP version: 5.3.24 MySQL version: 5.6.13 Operating System Linux Kernel Version 3.2.40 Architecture i686 Theme x3

 

Thnx a lot

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.