user authenticaton on a windows box

[CincoPistolero]

I grabbed some code from a website I have running on linux box that works, and put it on a Windows server that I loaded PHP 5 on. I'm getting the below error when bringing up the login page. Anyone know what it means. I tried googling it.

 

PHP Notice: Use of undefined constant session_start - assumed 'session_start'

[PHP_PhREEEk]

Post the code...

 

PhREEEk

[CincoPistolero]

I have this at the top of my login page.

 

<?php session_start();?>

[revraz]

Do you have sessions enabled in your php.ini file?

[CincoPistolero]

Yes, sessions are enabled and I can see session data in my c:\php\sessiondata directory.

 

Here is all the code for my initial login page. I get this error before logging in: PHP Notice: A session had already been started - ignoring session_start()

And the script checks for input of username and password, it checks the password if it has a good login name, but it does not check to see if the username is valid. If I put an invalid user name in it tells me incorrect password. Lastly, my $update_login is not working.

 

<?php session_start();?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>test</title>
</head>
<body>
<?php require("../connections/database.php"); ?>
<?php require("db_connect.php"); ?>
<?php require("../required/loginheader.php"); ?>
<?php
if (isset($_POST['submit'])) { // if form has been submitted


/* check they filled in what they were supposed to and authenticate */
if(!$_POST['uname'] | !$_POST['passwd']) {
	die('You did not fill in a required field. <a href="../login/">Back to Login</a>');
}

// authenticate.

if (!get_magic_quotes_gpc()) {
	$_POST['uname'] = addslashes($_POST['uname']);
}

$check = $db_object->query("SELECT userName, password FROM users WHERE userName = '".$_POST['uname']."'");

if (DB::isError($check)) {
	die('That username does not exist in our database. <a href="../login/">Back to Login</a>');
}

$info = $check->fetchRow();
$info['password'] = md5($info['password']);
// check passwords match

$_POST['passwd'] = stripslashes($_POST['passwd']);
$info['password'] = stripslashes($info['password']);
$_POST['passwd'] = md5($_POST['passwd']);

if ($_POST['passwd'] != $info['password']) {
	die('Incorrect password, please try again. <a href="../login/">Back to Login</a>');
}

// if we get here userName and password are correct, 
//register session variables and set last login time.

$date = date('m d, Y');

$update_login = $db_object->query("UPDATE users SET last_login = '10/12/2006' and logged_in = 1 WHERE userName = '".$_POST['uname']."'");

$_POST['uname'] = stripslashes($_POST['uname']);
$_SESSION['userName'] = $_POST['uname'];
$_SESSION['password'] = $_POST['passwd'];
$db_object->disconnect();
?>
<?php require("db_connect.php"); ?>
<?php $query = "SELECT * FROM users WHERE userName='$uname'";
$result = mssql_query($query) or die ("Error in query: $query. " . mssql_error());
$row= mssql_fetch_array($result); extract($row);
?>
<script language='javascript'>
location.replace('../wcc.php');
</script>
<?php
} else {	// if form hasn't been submitted

?>

    <p><br /><br /><br /><br />Please enter your username and password.<br /><br /><br /></p>


<form method="post">
    <table cellpadding="0" cellspacing="0" border="0" align="center">
      <tr>
        <td class="rt">Username:</td>
        <td><input type="text" name="uname" size="30" /></td>
      </tr>
      <tr>
        <td class="rt">Password:</td>
        <td><input type="password" name="passwd" size="30" /></td>
      </tr>
      <tr>
        <td colspan="2" class="rt"><input type="submit" name="submit" value="Log-In" /></td>
      </tr>
    </table>
    </form>


<?php
}
?>

[revraz]

One thing i noticed real quick

 

if(!$_POST['uname'] | !$_POST['passwd']) {

 

Should be || for OR