upgraded PHP & mySQL now logging in doesn't work

[DJMic]

??? Can anyone give me some possibilities as to what could be wrong here? I have a Win32 based server running with Apache (current ver.) and mySQL & PHP (phpmyadmin) all running my php sites are working except for one.  If I try to log in using username and passwrod it just kicks you back out asking you to log in again.  I have other PHP sites and they are working fine so I'm wondering if it's the site itself.  I have checked all my error logs and I am not getting any.  Before I upgraded Apache, mySQL and PHP this site was working fine.  I'm sure it is a simple cookie setting or something I'm overlooking in one of the ini or config files.  But like I said you can log in but then if you click on any links it just asks you to login again.  Any ideas?

[pocobueno1388]

We need to see the code.

[nathanmaxsonadil]

did you use sessions?

[revraz]

Did you use MySQL PASSWORD to hash the passwords?

[DJMic]

yes MySQL hashes the passwords, why?

 

yes sessions is used.

[DJMic]

But it's strange because it flashes the user home page but the flips back quickly to "login" page. Then the admin panel logs you in but then once you are in and you click a menu item it just boots you out asking to login again. really strange this is happening because it's the only 1 of 3 in total web pages that is doing this.

[DJMic]

If sessions were used on a previous version will that give problems?

[teng84]

your session checking doesnt match with the other page ?show how you detect that session on that page and on the other

[DJMic]

your session checking doesnt match with the other page ?show how you detect that session on that page and on the other

 

So if my session checking isn't matching what can I do to fix this? Because I've even tried to setup a blank database and register a new user and the site would still refresh itself and re-ask me to log in.

 

Thanks!

[teng84]

HERE IS what in suspecting..

 

once you log in into your log in page you passed the variable  on the other page to do some query

so once the query success it will match your condition and it will run but once you navigate to other page all the data has lost so your query failed and your condition aint satisfied.. is that what you did?

 

or show us that part of the code ...

[DJMic]

HERE IS what in suspecting..

 

once you log in into your log in page you passed the variable  on the other page to do some query

so once the query success it will match your condition and it will run but once you navigate to other page all the data has lost so your query failed and your condition aint satisfied.. is that what you did?

 

or show us that part of the code ...

 

Which part of my code do you want to see?

But why would it have been working before I upgraded the server software? My code should be good I think it's a setting in my php.ini or config.inc.php files.

[teng84]

show the codes that check if user is allowed to view that page!

[DJMic]

show the codes that check if user is allowed to view that page!

 

This is index.php

 

<?

include("includes/config.php");

include("includes/db_connect.php");

include("includes/functions.php");

ind();

$log=check();

include("templates/header.tpl");

if($log != 1)

{

include("templates/fail-main.tpl");

include("templates/login.tpl");

}

include("templates/footer.tpl");

?>

 

This is login.tpl

 

<tr valign="top" align="center">

<td>

  <form method="post" action="login.php?sid=<? echo $sid ?>">

  <table class="vform">

    <tr>

<td>Username:</td><td><input type="text" size="20" maxlength="50" name="user"></td>

</tr>

<tr>

<td>Password:</td><td><input type="password" size="20" maxlength="50" name="pass"></td>

</tr>

<tr>

<td colspan="2" align="center"><input type="submit" value="Submit"></td>

</tr>

  </table>

  </form>

</td>

</tr>

 

[DJMic]

I also have this error at the bottom of phpMyAdmin:

 

Cannot load mcrypt extension. Please check your PHP configuration.

[DJMic]

Anything look wrong here?

 

; Check HTTP Referer to invalidate externally stored URLs containing ids.

; HTTP_REFERER has to contain this substring for the session to be

; considered as valid.

session.referer_check =

 

; How many bytes to read from the file.

session.entropy_length = 0

 

; Specified here to create the session id.

session.entropy_file =

 

;session.entropy_length = 16

 

;session.entropy_file = /dev/urandom

 

; Set to {nocache,private,public,} to determine HTTP caching aspects

; or leave this empty to avoid sending anti-caching headers.

session.cache_limiter = nocache

 

; Document expires after n minutes.

session.cache_expire = 180

 

; trans sid support is disabled by default.

; Use of trans sid may risk your users security.

; Use this option with caution.

; - User may send URL contains active session ID

;  to other person via. email/irc/etc.

; - URL that contains active session ID may be stored

;  in publically accessible computer.

; - User may access your site with the same session ID

;  always using URL stored in browser's history or bookmarks.

session.use_trans_sid = 1

 

; Select a hash function

; 0: MD5  (128 bits)

; 1: SHA-1 (160 bits)

session.hash_function = 0

 

; Define how many bits are stored in each character when converting

; the binary hash data to something readable.

;

; 4 bits: 0-9, a-f

; 5 bits: 0-9, a-v

; 6 bits: 0-9, a-z, A-Z, "-", ","

session.hash_bits_per_character = 4

 

; The URL rewriter will look for URLs in a defined set of HTML tags.

; form/fieldset are special; if you include them here, the rewriter will

; add a hidden <input> field with the info which is otherwise appended

; to URLs.  If you want XHTML conformity, remove the form entry.

; Note that all valid entries require a "=", even if no value follows.

url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

[DJMic]

Bump up please

 

Anyone interested in making some extra money helping me one on one with this problem talking on any means of chat MSN, Skype, ICQ, etc.

[PHP_PhREEEk]

In php.ini, find this section, and uncomment mcrypt so that it looks like this:

 

;Windows Extensions
;Note that MySQL and ODBC support is now built in, so no dll is needed for it.
;
extension=php_mbstring.dll
;extension=php_bz2.dll
;extension=php_cpdf.dll
;extension=php_crack.dll
;extension=php_curl.dll
;extension=php_db.dll
;extension=php_dba.dll
;extension=php_dbase.dll
;extension=php_dbx.dll
;extension=php_domxml.dll
;extension=php_exif.dll
;extension=php_fdf.dll
;extension=php_filepro.dll
extension=php_gd2.dll
;extension=php_gettext.dll
;extension=php_hyperwave.dll
;extension=php_iconv.dll
;extension=php_ifx.dll
;extension=php_iisfunc.dll
;extension=php_imap.dll
;extension=php_interbase.dll
;extension=php_java.dll
;extension=php_ldap.dll
extension=php_mcrypt.dll
;extension=php_mhash.dll
;extension=php_mime_magic.dll
;extension=php_ming.dll
;extension=php_mssql.dll
;extension=php_msql.dll
;extension=php_oci8.dll
;extension=php_openssl.dll
;extension=php_oracle.dll
;extension=php_pdf.dll
;extension=php_pgsql.dll
;extension=php_printer.dll
;extension=php_shmop.dll
;extension=php_snmp.dll
;extension=php_sockets.dll
;extension=php_sybase_ct.dll
;extension=php_w32api.dll
;extension=php_xmlrpc.dll
;extension=php_xslt.dll
;extension=php_yaz.dll
;extension=php_zip.dll

 

See if that finds any joy... it will at least clear the mcrypt error.

 

PhREEEk

[DJMic]

As soon as I do that I get this...

 

 

Warning: mcrypt_decrypt() [function.mcrypt-decrypt]: Size of key is too large for this algorithm in X:\XXX\XXX\libraries\mcrypt.lib.php on line 86

 

Catchable fatal error: mcrypt_decrypt() [function.mcrypt-decrypt]: Mcrypt initialisation failed in X:\XXX\XXX\libraries\mcrypt.lib.php on line 86

 

line 86 is:

 

return trim(mcrypt_decrypt(MCRYPT_BLOWFISH, $secret, base64_decode($encdata), MCRYPT_MODE_CBC, $iv));

[DJMic]

So in config.ini.php I changed my key:

 

from this:

$cfg['blowfish_secret'] = 'gfhu438hgslrdh3q49pygrsheg8yy4thseihgwpy34pw89htygwps8y54pphy';

 

to this:

$cfg['blowfish_secret'] = '1234';

 

And now I don't get an error but my login screen is putting "garble" in the username:

[PHP_PhREEEk]

Well, you are at least closer, and since you were using mcrypt, it's nice to have it back, and I do believe your problem will be resolved. Unfortunately, I am logging out, so I won't much more help.

 

Thought: do you have a backup of your old php.ini settings anywhere? You might find some things that need to be reactivated. Best of luck with it...

 

PhREEEk

[DJMic]

yes I have compared the 2 php.ini files and have not found anything to make it so this web site works.

 

Before I upgraded Apache, mySQL and PHP the site was working fine.  If I try to log in using username and passwrod it just kicks you back out asking you to log in again.  I have other PHP sites and they are working fine so I'm wondering if it's the type of code this site uses that is not enabled for PHP.

 

I'm sure it is a simple setting somewhere or something I'm overlooking in one of the ini or config files.  But like I said you can log in but then if you click on any links it just asks you to login again.  I even compared the 2 php.ini files and could not find anything to resolve this problem.

 

This is index.php

 

<?

include("includes/config.php");

include("includes/db_connect.php");

include("includes/functions.php");

ind();

$log=check();

include("templates/header.tpl");

if($log != 1)

{

include("templates/fail-main.tpl");

include("templates/login.tpl");

}

include("templates/footer.tpl");

?>

 

This is login.tpl

 

<tr valign="top" align="center">

<td>

  <form method="post" action="login.php?sid=<? echo $sid ?>">

  <table class="vform">

    <tr>

    <td>Username:</td><td><input type="text" size="20" maxlength="50" name="user"></td>

  </tr>

  <tr>

    <td>Password:</td><td><input type="password" size="20" maxlength="50" name="pass"></td>

  </tr>

  <tr>

    <td colspan="2" align="center"><input type="submit" value="Submit"></td>

  </tr>

  </table>

  </form>

</td>

 

And if someone can help me one on one I'm willing to pay them.

[DJMic]

Any pros out there that can I help with this is there more information I haven't included that I could?

 

Please I'm stumped on this one!  ???

[trq]

Where do you define $sid?

[DJMic]

Not sure where should it be defined?

[DJMic]

I found this in the login.tpl file

 

<form method="post" action="login.php?sid=<? echo $sid ?>">

 

I'm assuming that maybe "post" features are not active in my PHP?