Sessions

[icash]

Hey, I am new to X10, but so far (besides downtime in the arvo's) they are great.

Though, I finally got my PHP upgraded and email system working, though I can't login to my website. I have an admin section on my website, that requires me to enter a new password (once only) and once I enter it and click "Submit" it just refreshes the pages. Nothing gets registered, and when I revisit the page again it still asks for the new password.

I know my script works because I have hosted it with other hosts before, and it worked first time.

Does anyone have any idea why it wont let me enter and store a password?

Also, when I try to set up a new job for my site (e.g. set up some mail to get sent out) and click "Submit" it will just refresh the page again and not register anything I entered.

Any idea why this might be occurring? Some people said it could be the sessions, are they automatically enabled?

Thanks,
Jason.

 

[Slothie]

Sesions are enabled by default.

It might help if you posted some code then we can try to troubleshoot.

 

[icash]

Its hard to post the code because there are many PHP files, around 60 for the admin pages.

Here are a few though, as I have no idea what is causing the error:

Login script:

<center><form method=post><font class=fsize2>Enter Admin Password: <input type=password name=admin_password>
<br>
Secure your PHPSESSIONs? <input type=checkbox class=checkbox <? echo $adminipsecchecked;?> name=adminipsec value=1><br>
<font size="1" class=fsize1>(not compatible with some Internet providers)</font><br><br>
<input type=submit value=Login></form></font>


Enter password (where the script just refreshes the page when I attempt to enter my admin pass. I enter two the exact same, click "Submit" then it just refreshes the page):
<? include("../conf.inc.php");
require_once("../functions.inc.php");
$title='Set Admin Password';
admin_login();?>

<?
if ($setpassword){
if ($setpassword!=$setconfirmpassword){
echo "Error Passwords did not match";}
else { $setmade=1; @mysql_query("replace into ".mysql_prefix."system_values set name='admin password',value=password('$setpassword')");
if (!$newpass){
echo "Admin password has been updated. DO NOT FORGET IT!"; footer();;}
}}
if (!$setmade){
echo "<form method=post>THE LONGER YOUR PASSWORD THE MORE SECURE YOUR SITE WILL BE. USE LETTERS AND NUMBERS INSTEAD OF COMMON PHRASES<br><br>Enter New Password: <input type=password name=setpassword><br>Confirm New Password: <input type=password name=setconfirmpassword><br><input type=submit></form>";
}
footer();


Indexer:

#!/usr/local/bin/php
<?php
mysql_connect("","","");
mysql_select_db("ptrsuccesscom_downline");
$gettables=@mysql_query("show tables");
while($tables=@mysql_fetch_row($gettables)){
$getindexes=@mysql_query("show index from $tables[0]");
while($indexes=@mysql_fetch_row($getindexes)){
$keys[$indexes[4]]=1;
}
$getfields=@mysql_query("describe $tables[0]");
while($fields=@mysql_fetch_row($getfields)){
if (!$keys[$fields[0]]){
echo $tables[0].".".$fields[0]."\n";}
@mysql_query("create index key_$fields[0] on $tables[0]($fields[0])");
}}


Though, as I said above the scripts worked perfectly on my other host. This is why I think it has something to do with a setting on X10.

Jason.

*Edit: Even when I attempt to send two different passwords (e.g. abcd in one field, dcba in the other) it doesn't even come up with the "Error Passwords did not match". This makes me wonder if the script is even loading... Though I do see the two bars to enter the password.
Edit:
If you want to check my old site, look at this and how it asks for the password:

http://garbchris.coolpage.biz/scripts/admin/

now look at my X10 account (feel free to enter a password, if it works please post here, as I am needing to start a new database anyway)

http://icash.elementfx.com/scripts/admin/

Jason.

 

[Corey]

Do you know the requirements of the script? It sounds kind of like it's trying to use register_globals to me.

 

[icash]

Im not exactly sure. Is there any way that I can find out?

I think that the sessions are ok, because people say that sessions wont let you change anything in the admin panel. I can change some settings (small ones, such as the email title) in the admin, but I can't save my password or anything.


So far it has worked on every other host, but for some reason just not here.

Are there any settings that you have blocked off on the accounts? I know that a PHP upgrade fixed some of my problems, but im only on the v2. Do you think that the v3 may fix this?

Jason.

 

[Bryon]

We have register_globals disabled on all server for all versions of PHP, like Corey said, it looks to be the cause of the problems you're having.

Switching away from register_globals is not a very hard change to make, but it may take some getting used to. I'm not sure how familiar you are with PHP, but I'll attempt to explain briefly.

Instead of accessing submitted form data through direct variable names (Like $setpassword), you'd need to access the data through the correct PHP super globe variable, such as $_GET or $_POST.

Submitted "name=value" pairs by scripts/forms/etc are put into their respective super globe variable in the form $_POST['name'] = value. What register_globals does is it takes any of these $_GET/$_POST array indexes and creates a variable with the same name and variable: $name = value

Register Globals can lead to very insecure scripts and other problems and will be removed in PHP 6, which is why we have it disabled.

For more information: http://us.php.net/register_globals

So in short, any variables that you're using, such as $setpassword, need to now be accessed using $_POST['setpassword'].

$setconfirmpassword -> $_POST['setconfirmpassword']
$admin_password -> $_POST['admin_password']
etc

 

[icash]

So you are saying that all I have to do is replace those values?

Im not too familiar with PHP, im not too much into web language besides some flash.

If this would work, it would be fine with me changing them all. But the script has lots of other PHP files, wont these be effected?

Also, if it would work, are these the only things that I need to change?

Lastly, it wont effect my database or anything will it? It is just a way of storing data, not the type of data stored or anything?

Thanks for helping,
Jason.
Edit:
Edit:

So what about things like this:
($setpassword!=$setconfirmpassword) how would i do that?

Also:
$setmade=1

Do I have to change everything with a $ right before it?

 

[Bryon]

No you wouldn't necessarily change every variable, only the variables with corresponding HTML form input elements. (<input type="blah" name="example" .. />)

Before changing a variable, check to see if you can find an HTML input tag with the same value of the name attribute.

For example: You see the variable $example. Before changing $example to $_POST['example'], check to make sure an HTML similar to <input type="text" name="example" .. > exists.

So..
($setpassword!=$setconfirmpassword) -> ($_POST['setpassword'] != $_POST['setconfirmpassword'])

 

[icash]

Thanks for the help, I will see how it goes. Im just about to try and change the password script, and if that works then I will go on to change the other ones that don't work.

Though, you said only change the ones with the input type=

In each PHP document, there is this for some, but would it be possible for this to be in a different PHP document? As in, it gets the variable in password, then the input type= is in index or something?
Edit:
I was just looking through the PHP files, and I don't know if I will be able to do it. There are about 200 to 300 PHP files, and some are up to 4 pages long.

I have partly got the password one working, it has accepted my password but now when I try and log in it just refreshes the page.

Is there no way I can get the scripts to work as they are? It will take weeks to get everything working by changing it all.

Jason.

 

[Dustcrazy]

http://www.phpeasystep.com/workshopview.php?id=6 - Hope that helps you out some Jason...

-dustin

 

[icash]

Thanks, it did sort of. Though I was wondering if there was an easy way to by pass the $_POST and $_GET, since I have over 300 PHP files, and this is going to take lots of time.

- Jason.

 

[Corey]

If they are all using the register_globals way then you'll have to change them. You will have to update it eventually anyways when PHP6 comes out because it will not support register_globals at all. So might as well get it over with