Here is my source
<?php
//This file verifies the information entered by the user is correct, creates the proper sessions to log them in, and directs them to the members only area
if (empty($_POST["username"]) || empty($_POST["password"])) //Check if either field was empty
{
header("Location: /index.john?condition=1"); //Condition 1 = Both fields were not completed
exit();
}
$username1 = $_POST["username"]; //Username1 = Username input by the user
$password1 = $_POST["password"]; //Password1 = Password input by the user
$includes = "authorized"; //Authorize includes
include("../includes/dbconnect.john"); //Include database connection
$result = mysql_query("SELECT password,securitylevel,resetpass FROM members WHERE username='" . $username1 . "'"); //Search the database for the username entered
if (mysql_num_rows($result) < 1) //If no rows were found
{
header("Location: /index.john?condition=3"); //Condition 3 = Username entered does not exist
exit();
}
$password1md5 = md5($password1); //Encrpyt the entered password
$password2 = mysql_result($result,0,"password"); //Set password2 equal to the password stored in the database
if ($password1md5 <> $password2) //If the password entered differs from the one stored in the database
{
header("Location: /index.john?condition=4"); //Condition 4 = Passwords do not match
exit();
}
$securitylevel = mysql_result($result,0,"securitylevel"); //Store the users security level in a variable
$resetpass = mysql_result($result,0,"resetpass"); //Determine if the users password is temporary
session_start();
$_SESSION["username"] = $username1; //Put the user's username in a session
$_SESsION["securitylevel"] = $securitylevel; //Put the user's security level in a session
if ($resetpass < 1) //If the users password is temporary
{
header("Location: /members/setpass.john?Conditon=1"); //Direct the user to the password set page (Conition 1 = Temporary Password)
exit();
}
header("Location: /members/index.john"); //Direct the user to the member's index page
//Complete
?>
The database connect takes place in the included file, dbconnect.john, and this is the code for that:
CODE
<?php
//This file initiates a standard connection to mysql and selects the database "Jo(h)n Club"
if (empty($includes) || $includes!="authorized") //Verify that includes have been authorized
{
header("Location: /index.john?condition=2"); //Condition 2 - Not using front end
exit();
}
mysql_connect("localhost","bd18ba8_johnclub","*******") or die("MySql Connection Failed"); //Connect to mysql
mysql_select_db("bd18ba8_johnclub") or die("Database Selection Failed") //Select the database
//Complete
?>
This scripts run absolutely fine when I test on my local machine. But When I upload it to my hoast (FRandT), and try to run it, I get a blank page. Now, if I leave either of the fields blank on the login page, it will catch that, and perform the proper commands (the first IF statement). But nothing else seems to work.
Even more confusing...On my member's only pages, there is a script that checks your session to verify that you're logged in. If I use a proper username and password the login.john script seems to properly create the sessions, because I can then view the members only pages(but I have to manually enter the url to them). And if I use an invalid username or password I am not able to view the members only page.
So my question is, why does all of it work locally, while on FRandT I get no output, though the sessions seem to work fine?
Also, I know that you guys aren't FRandT, and don't know what their setup is, so if you think its because of my hosts setup, just tell that, and what setting might cause it.
Any help would be greatly appreciated
Thank you,
The Jo(h)n ClubJust to make sure, you have set up your database accordingly on your online server?
Upload a file called phpinfo.php with this code in it
<?php
phpinfo();
?>
and post the link.I have checked the database, and I am pretty sure its setup correctly. Wouldn't the mysql_connect be returning errors if it wasn't?
anyway, heres the phpinfo...<!-- m --><a class="postlink" href="http://www.johnclubmembers.uni.cc/phpinfo.johnadd">http://www.johnclubmembers.uni.cc/phpinfo.johnadd</a><!-- m --> or die(mysql_error()); to this line
$result = mysql_query("SELECT password,securitylevel,resetpass FROM members WHERE username='" . $username1 . "'");
ooooo...you have register_globals on..it should be off, it is by default. Ask your host if you can get that turned off, or you could try turning register_globals on on your own server and see if you get the same problems.
I've never worked with register_globals so I don't know what the problem is.I added the or die() stuff and theres no apparent change.
I tried to turning register globals on locally, and I didn't notice any changes, although I am not 100% sure I turned it on properly. I just added the line
"register_globals = on"
to C:/Windows/php.ini and restarted apache
But would that even affect it? I'm getting all of the variables out of superglobals anyway.
Also, is there some way to turn off register globals vie my hosts .htaccess using PHP_FLAG.
Thanks for all the help,
johnnabnYou added the line? It should already be there, just change off to on.Actually I commented out the register_globals = off and added the line. I have no idea why. But I imagine it has the same effect.no, you can't comment it out, jsu tchange on to off, no need to add a new line.
also why would this work on your host
index.john
your host doesn't know what a .john isWell, I'm not a total moron. I've set it up so .john files are sent to the PHP parser. And apparently I can comment it out. It worked fine. Just use a semi-colon. Any way, I solved my problem. It had nothing to do with register_globals. From my past experience with FRandT I remember that for some reason extra returns after the last delimeter will count as output. And there were several of these returns in the included file dbconnect.john. As we all know, headers won't work if the output has already started. Now I have no idea why it wasn't giving the error message "Can't send headers output already started on line...", but after running a few tests, it seems it isn't displaying any error messages at all for anything, unless forced with mysql_error().
Thanks for all the help,
Johnnabn
<?php
//This file verifies the information entered by the user is correct, creates the proper sessions to log them in, and directs them to the members only area
if (empty($_POST["username"]) || empty($_POST["password"])) //Check if either field was empty
{
header("Location: /index.john?condition=1"); //Condition 1 = Both fields were not completed
exit();
}
$username1 = $_POST["username"]; //Username1 = Username input by the user
$password1 = $_POST["password"]; //Password1 = Password input by the user
$includes = "authorized"; //Authorize includes
include("../includes/dbconnect.john"); //Include database connection
$result = mysql_query("SELECT password,securitylevel,resetpass FROM members WHERE username='" . $username1 . "'"); //Search the database for the username entered
if (mysql_num_rows($result) < 1) //If no rows were found
{
header("Location: /index.john?condition=3"); //Condition 3 = Username entered does not exist
exit();
}
$password1md5 = md5($password1); //Encrpyt the entered password
$password2 = mysql_result($result,0,"password"); //Set password2 equal to the password stored in the database
if ($password1md5 <> $password2) //If the password entered differs from the one stored in the database
{
header("Location: /index.john?condition=4"); //Condition 4 = Passwords do not match
exit();
}
$securitylevel = mysql_result($result,0,"securitylevel"); //Store the users security level in a variable
$resetpass = mysql_result($result,0,"resetpass"); //Determine if the users password is temporary
session_start();
$_SESSION["username"] = $username1; //Put the user's username in a session
$_SESsION["securitylevel"] = $securitylevel; //Put the user's security level in a session
if ($resetpass < 1) //If the users password is temporary
{
header("Location: /members/setpass.john?Conditon=1"); //Direct the user to the password set page (Conition 1 = Temporary Password)
exit();
}
header("Location: /members/index.john"); //Direct the user to the member's index page
//Complete
?>
The database connect takes place in the included file, dbconnect.john, and this is the code for that:
CODE
<?php
//This file initiates a standard connection to mysql and selects the database "Jo(h)n Club"
if (empty($includes) || $includes!="authorized") //Verify that includes have been authorized
{
header("Location: /index.john?condition=2"); //Condition 2 - Not using front end
exit();
}
mysql_connect("localhost","bd18ba8_johnclub","*******") or die("MySql Connection Failed"); //Connect to mysql
mysql_select_db("bd18ba8_johnclub") or die("Database Selection Failed") //Select the database
//Complete
?>
This scripts run absolutely fine when I test on my local machine. But When I upload it to my hoast (FRandT), and try to run it, I get a blank page. Now, if I leave either of the fields blank on the login page, it will catch that, and perform the proper commands (the first IF statement). But nothing else seems to work.
Even more confusing...On my member's only pages, there is a script that checks your session to verify that you're logged in. If I use a proper username and password the login.john script seems to properly create the sessions, because I can then view the members only pages(but I have to manually enter the url to them). And if I use an invalid username or password I am not able to view the members only page.
So my question is, why does all of it work locally, while on FRandT I get no output, though the sessions seem to work fine?
Also, I know that you guys aren't FRandT, and don't know what their setup is, so if you think its because of my hosts setup, just tell that, and what setting might cause it.
Any help would be greatly appreciated
Thank you,
The Jo(h)n ClubJust to make sure, you have set up your database accordingly on your online server?
Upload a file called phpinfo.php with this code in it
<?php
phpinfo();
?>
and post the link.I have checked the database, and I am pretty sure its setup correctly. Wouldn't the mysql_connect be returning errors if it wasn't?
anyway, heres the phpinfo...<!-- m --><a class="postlink" href="http://www.johnclubmembers.uni.cc/phpinfo.johnadd">http://www.johnclubmembers.uni.cc/phpinfo.johnadd</a><!-- m --> or die(mysql_error()); to this line
$result = mysql_query("SELECT password,securitylevel,resetpass FROM members WHERE username='" . $username1 . "'");
ooooo...you have register_globals on..it should be off, it is by default. Ask your host if you can get that turned off, or you could try turning register_globals on on your own server and see if you get the same problems.
I've never worked with register_globals so I don't know what the problem is.I added the or die() stuff and theres no apparent change.
I tried to turning register globals on locally, and I didn't notice any changes, although I am not 100% sure I turned it on properly. I just added the line
"register_globals = on"
to C:/Windows/php.ini and restarted apache
But would that even affect it? I'm getting all of the variables out of superglobals anyway.
Also, is there some way to turn off register globals vie my hosts .htaccess using PHP_FLAG.
Thanks for all the help,
johnnabnYou added the line? It should already be there, just change off to on.Actually I commented out the register_globals = off and added the line. I have no idea why. But I imagine it has the same effect.no, you can't comment it out, jsu tchange on to off, no need to add a new line.
also why would this work on your host
index.john
your host doesn't know what a .john isWell, I'm not a total moron. I've set it up so .john files are sent to the PHP parser. And apparently I can comment it out. It worked fine. Just use a semi-colon. Any way, I solved my problem. It had nothing to do with register_globals. From my past experience with FRandT I remember that for some reason extra returns after the last delimeter will count as output. And there were several of these returns in the included file dbconnect.john. As we all know, headers won't work if the output has already started. Now I have no idea why it wasn't giving the error message "Can't send headers output already started on line...", but after running a few tests, it seems it isn't displaying any error messages at all for anything, unless forced with mysql_error().
Thanks for all the help,
Johnnabn