Relocating script trouble

  • Thread starter Thread starter LifeWater
  • 2 comments
  • 448 views
L

LifeWater

Messages
66
I recently moved this project: http://www.lsdrift.com/gtsettings/ to here: http://idm.ldrift.com/gettings/ .

The problem is the new folder does not work. Now I've double check this about a hundred times, and all the paths are correct and everything. The problem lies at the login screen. My program is dependent on things set in $_SESSION[''] vars. This is my login, pretty typical ( see below ). User enters info, I double check on my backend... if its verified I take the info gathered from the DB, and store it in $_SESSION[''] vars.

No matter what account I login as, it will just not save any session variables, but it will save session variables in its original directory...

PHP: 
 <?
 session_start();
 ob_start();
 include('http://idm.lsdrift.com/standard/standard.inc');
 
 if ($cmd=="login"){
 	$query="SELECT * FROM users WHERE username='". addslashes($uname) . "' AND password='" . addslashes($upass) . "'";
 	$result = mysql_query($query,$db);
 
 	if ((($rows=mysql_num_rows($result)) == 1)) {
 	echo "Login successful... starting user session";
 	// set users variables we are going to interact with
 	$userdata=mysql_fetch_array($result);
 	$_SESSION['username'] = $userdata['username'];
 	$_SESSION['accdate'] = $userdata['accessdate'];
 	$_SESSION['acclevel'] = $userdata['accesslevel'];
 	$_SESSION['numposts'] = $userdata['numposts'];
 	$_SESSION['avatar'] = $userdata['avatar'];
 	$_SESSION['email'] = $userdata['email'];
 	$_SESSION['name'] = $userdata['name'];
 	$_SESSION['age'] = $userdata['age'];
 	$_SESSION['location'] = $userdata['location'];
 	$_SESSION['interests'] = $userdata['interests'];
 	$_SESSION['website'] = $userdata['website'];
 	$_SESSION['aim'] = $userdata['aim'];
 	$_SESSION['icq'] = $userdata['icq'];
 	$_SESSION['msn'] = $userdata['msn'];
 	$_SESSION['bio'] = $userdata['bio'];
 	$_SESSION['datereg'] = $userdata['date_registered'];
 	$_SESSION['toggle'] = 0;
 
 	$query="UPDATE users SET accessdate='". date("Ymd") . "'";
 	$result=mysql_query($query,$db);
 	header("Location:main.php");
 	}
 	else {
 	echo "<center>Login unsuccessful... please try logging in again</center>";
 	include("login.html");
 	}
 }
 else {
 include('login.html');
 }
 ?>

So... in conclusion.. Help! :P hehe.
 
Hi,
Have you switched servers? Or just changed the hostname?

The only thing that strikes me about this is that you've been careful to use the superglobal $_SESSION[], but you may not be using this with other data.

For example, I see:

PHP: 
if ($cmd=="login"){
    $query="SELECT * FROM users WHERE username='". addslashes($uname) . "' AND password='" . addslashes($upass) . "'";
    $result = mysql_query($query,$db);

I have had a look at the form source code, and I see that $cmd is actually a GET variable, so should be referenced using the superglobal $_GET["cmd"]. Similarly, $uname and $upass are form variables, therefore are POST variables, and should be referenced using the superglobal $_POST["uname"] and $_POST["upass"].

If you run phpinfo() you may notice differences between the results you get from each server. Specifically, it looks like register_globals on the first server is "on", and on the second server is "off".

"Off" is more secure, and you should get into the habit of using the superglobals.
 
Thanks for the reply. It turns out I was incorrectly including my standard.inc file while holds my connection to the server and such. Thanks for pointing out the superglobal problem through. I tend to get inconsistant after a while, not to mention I just totally forgot about $_GET[] :)
 

Latest Posts

Back