Jump to content

Recommended Posts

Hi, I have a script that a friend has developed but I need to get it into a lower version of php... it is currently using the latest version of php... any idea's / help would be greatly appreciated... bit of a noob!

 

<?php
include('config.php');
 
$sitename = $settings->getVal('site_name')[0]['setting_val'];
 
if($session->sessionExists('email')){
header( 'Location: dashboard.php');
exit();
}
 
$errors = 0;
 
if(isset($_GET['a']) && $_GET['a'] === 'logout'){
$session->unsetSession('email');
}
 
 
if(isset($_POST['login_submit'])){//check if the register form is submitted
if(filter_var($_POST['login_email'], FILTER_VALIDATE_EMAIL)){//if valid email
$email = $_POST['login_email']; //get the email
}else{
echo 'Please enter a valid email';
$errors++;
}
 
$pass = $_POST['login_password']; // get the passowrd
 
//check if the user is registered.
 
//Build the PDO object using Database Class
$query = $db->prepare("SELECT * FROM users WHERE `email` = ?");
//Bind the Email Paramater to the SQL query.
$query->bindValue(1, $email);
//Execute the SQL
$query->execute();
 
// we could check to see what is wrong, email or password, but for the sake of security, you should not say what is wrong. If you say email is correct password is wrong, they know you have that email on your system.
// if you say it's always wrong, they don't know it's valid on your system.
if($query->rowCount() > 0){
//user present get the details
$row = $query->fetchAll(PDO::FETCH_ASSOC);
$row = $row[0];
 
$storedPass = $row['password'];
 
if(!$password->comparePassword($pass, $storedPass)){
//false password
echo 'Not a valid login. Please try again here.';
}else{
//store the email in the session so we have something to reference the login.
$session->setSession('email', $row['email']);
}
 
//
//we never store the persons password in a session!
}else{
// user not present
echo 'Not a valid login. Please try again.';
}
}
 
if(isset($_POST['register_submit'])){//check if the register form is submitted
 
//http://uk3.php.net/filter_var check for a valid email
if(filter_var($_POST['register_email'], FILTER_VALIDATE_EMAIL)){//if valid email
$email = $_POST['register_email']; //get the email
}else{
echo 'Please enter a valid email';
$errors++;
}
//if you want to make sure this is a valid number, look up regex's
$phone = $_POST['register_phone']; //get the phone number
 
//no need to filter as we are going to one way hash these.
$pass = $_POST['register_password']; // get the passowrd
 
//These are PrePared statements. Make sure you use this way, It's more secure and helps prevent MYSQL Injections.
//You should still filter and check all user supplied input. Everyone is out to get you!
 
if($errors == 0){//if no errors process
 
//Build the PDO object using Database Class
$query = $db->prepare("SELECT `email` FROM users WHERE `email` = ?");
//Bind the Email Paramater to the SQL query.
$query->bindValue(1, $email);
//Execute the SQL
$query->execute();
 
//if the email exists
if($query->rowCount() > 0){
echo 'Email is already registered';
}else{//if the email doesn't exists
//generate a PHP 5.5 Passowrd - Really secure, make sure you use the latest PHP 5.5 Hashing method.
//incase you can't use a 5.5 host use this compat library https://github.com/ircmaxell/password_compat
$pass = $password->generatePasswordHash($pass);
//prepare the sql query
$query = $db->prepare("INSERT INTO users (email, password, phone) VALUES (?,?,?);");
 
// as we are using PDO we use try/catch for error handling.
try{
$query->execute(array($email, $pass, $phone));
//echo $db->lastInsertId();
if($db->lastInsertId()){
echo 'You succesfully registered';
}
}catch(Exception $e){
echo 'something went wrong';
//make sure you log this to a log file, outputting it to the user will allow an attacked to compromise your server.
//return $e->getMessage();
}
}
}
}
 
if($session->sessionExists('email')){
header( 'Location: dashboard.php');
exit();
}
?><!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
<link rel="stylesheet" href="assets/css/bootstrap.min.css">
<link rel="stylesheet" href="assets/css/bootstrap-theme.min.css">
</head>
 
<body>
<div class="container">
<div class="row">
<div class="col-md-12">
<?=$sitename;?>
</div>
</div>
<div class="row">
<a href="index.php">homepage</a>
<a href="about.php">about</a>
 
</div>
<div class="row">
<div class="col-md-6">
<form class="form" action="/" method="post" name="login">
<h2>Login</h2>
<div class="form-group">
<label for="login_email">email</label>
<input type="email" id="login_email" name="login_email" class="form-control">
</div>
<div class="form-group">
<label for="login_password">Password</label>
<input type="password" id="login_password" name="login_password" class="form-control">
</div>
<div class="form-group">
<input type="submit" name="login_submit" value="Login!">
</div>
</form>
</div>
<div class="col-md-6">
<form class="form" action="/" method="post" name="register">
<h2>Register</h2>
<div class="form-group">
<label for="register_email">email</label>
<input type="text" id="register_email" name="register_email" class="form-control">
</div>
<div class="form-group">
<label for="email">phone</label>
<input type="text" id="register_phone" name="register_phone" class="form-control">
</div>
<div class="form-group">
<label for="register_password">Password</label>
<input type="password" id="register_password" name="register_password" class="form-control">
</div>
<div class="form-group">
<input type="submit" name="register_submit" value="register!">
</div>
</form>
</div>
</div>
<div class="row">
<div class="col-md-8">
<?php
 
$page = $pages->getPages()[0];
 
echo $page['page_content'];
?>
</div>
<div class="col-md-4">
<ul>
<?php
foreach($event->getEvents() as $row){
?>
 
 
<li><?=$row['event_name'];?></li>
<ul>
<li><?=$row['event_desc'];?></li>
</ul>
<?php
}
?></ul>
</div>
</div>
</div>
</body>
</html>

Your code is PHP5.5 compatible.

 

The problem is more likely an error in the code. Make sure have error reporting enabled, you can do this by openning the php.ini and add the following to end of the file

error_reporting = E_ALL
displayer_errors = On

Save the php.ini and restart Apache. Run your code and post the error messages you get in full here

The code is not even running I have checked my error log and this keeps appearing. 

 

PHP Parse error:  syntax error, unexpected '[' in /home/trutexui/public_html/Tony/index.php on line 4

 

I need this code to run on php  4.1.8 

 

 

I need this code to run on php  4.1.8 

What! :o  You said earlier you're using PHP5.5.9 now its PHP4.1.8

 

That version of PHP was released way back in 2002! You should not even be running that version of PHP. PHP4 has not seen any security/maintenance updates since 2008.

 

You should be using atleast PHP5.3 

Line 4:

$sitename = $settings->getVal('site_name')[0]['setting_val'];

 

PHP 5.latest allows for (something like) the 'dereferencing' of objects, which allows indexing into the array of a object.

 

Please try this equivalent:

$settingsVal = (array)$settings->getVal('site_name');

$sitename = $settingsVal[0]['setting_val'];

What! :o  You said earlier you're using PHP5.5.9 now its PHP4.1.8

 

That version of PHP was released way back in 2002! You should not even be running that version of PHP. PHP4 has not seen any security/maintenance updates since 2008.

 

You should be using atleast PHP5.3 

 

XAMPP I am using PHP 5.5.9. My host is using PHP 4.1.8 I got this info from latest version of PHP My Admin. 

Line 4:

$sitename = $settings->getVal('site_name')[0]['setting_val'];

 

PHP 5.latest allows for (something like) the 'dereferencing' of objects, which allows indexing into the array of a object.

 

Please try this equivalent:

$settingsVal = (array)$settings->getVal('site_name');

$sitename = $settingsVal[0]['setting_val'];

 

I tried this but still a blank screen... just gunna see if I can get a better version of PHP...

"I tried post#7 but still a blank screen."

 

Sorry. I did not mean to imply this was the only statement that needed to be examined.

 

 

Line 181:

$page = $pages->getPages()[0];

 

Same thing. Please try this equivalent:

$pagesPages = (array)$pages->getPages();

$page = $pagesPages[0];

Edited by bsmither

"I tried post#7 but still a blank screen."

 

Sorry. I did not mean to imply this was the only statement that needed to be examined.

 

 

Line 181:

$page = $pages->getPages()[0];

 

Same thing. Please try this equivalent:

$pagesPages = (array)$pages->getPages();

$page = $pagesPages[0];

 

Ahh OK - sorry my mistake, I have now changed the following statements. All seem OK - Just sorting some SQL issue and I can let you know if it has done the job. Thanks for your help. 

XAMPP I am using PHP 5.5.9. My host is using PHP 4.1.8 I got this info from latest version of PHP My Admin.

Then the correct solution to your problem is to get a new host, not fix the script. Your host is severely out of date with the PHP versions. If they are that out of date with PHP, who knows what other software they are using is out of date and full of security holes.

 

Besides, there are a few things in that script besides just the array dereferencing that will need adjusted to work on php4, such as the use of PDO and filter_* functions. It's not worth your (or our) time and effort to rewrite the script.

 

 

My host is using PHP 4.1.8 I got this info from latest version of PHP My Admin

I think that is the version of PHPMyAdmin your host uses. This does not indicate the actual version PHP. To find out the version of PHP, use either phpinfo() or phpversion();

Let's assume filter_var() works.That means the script is running on PHP 5.2 or greater. And since the script is referencing a class by a variable, the PHP must be 5.3 or greater. But probably not PHP 5.4 as the dereferencing was implemented in this version.

 

This was also said:

I got this info from latest version of phpMyAdmin.

 

I cannot dispute that phpMyAdmin may indicate the version of PHP of which this application is running under (the demo of the latest version requires you to click a link to see the phpinfo), but since phpMyAdmin is actually a web-based database GUI, I am more inclined that: I am using PHP 5.5.9. My host is using PHP 4.1.8 is a misreading of the indicators and that phpMyAdmin is reporting that this is its own version (latest being 4.1.13).

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.