Hey all

can anyone tell me which part of this code will only work in php 4.3?

<?php

//Set showform flag to true
$showLogin = true;
$showform = false;
//Create empty array for errors
$errors = array();

//Check for submission of form
if($_POST['submit']) {
if($_SESSION['loggedIn']!="yep"){
//echo "not logged in code";
//check that username does not already exist
$checkUserName=$_POST['username'];
$checkPass=$_POST['pass'];
$crypt=md5($checkPass);
if($checkUserName != ""){
$dbHost = "sql";
$dbUser = "not";
$dbPass = "telling";
$dbName = "aDB";
$link = @mysql_connect($dbHost, $dbUser, $dbPass);
@mysql_select_db($dbName);
$query = "SELECT * FROM subscribers WHERE username='$checkUserName' AND password='$crypt'";
// Execute Query
$result = mysql_query($query);

// If query was successful and there was a match
if ($result && @mysql_num_rows($result) > 0) {
//match found
while($row=mysql_fetch_array($result)){
//echo $row['paid'];
if($row['paid']=="true"){
$_SESSION['loggedIn']="yep";
$showLogin = false;
$showform=true;
}else{
$errors[] = "You need to be a paid subscriber.";
}//close else
}//close while

}else{
$errors[] = "There was an error with your login - please try again.";
}//end check num row
mysql_close($link);
}else{//end if username = ""
$errors[] = "Please enter a username";
}
if(count($errors) < 1) {
//Stick it in the database
$showLogin = false;
}
//if not logged in
}else{
//logged in and checking main form
$showLogin = false;
//echo "checked";
if($_POST['em1'] == "") $errors[] = "Please enter something for em1";
if($_POST['em2'] == "") $errors[] = "Please enter something for em2";
if(count($errors) > 0) {
//Stick it in the database
$showform = true;
}
}

}//if post
if ($showLogin == true) {
?>
<h2>Login to the EM form</h2>
<?php

//Check to see if the errors array is populated
if(count($errors)) {
print "<ul>";
foreach($errors as $key => $val) {
print "<li class='content'><p class='error'>$val</p></li>";
}
print "</ul>";
}//end of print errors


?>
<p class="content"> Please enter your <b>australian anthill</b> username and password.
</p>
<form class="subscribe" action="main.php?page=em_form" method="post">
<table cellpadding="10" cellspacing="10">
<tr><td align="right">
<div class="form"><b>Username:</b></div>
</td><td align="left">
<input name="username" type="text" class="box" title="Title" size="30" maxlength="30"></td></tr>

<tr><td align="right">
<div class="form"><b>Password:</b></div>
</td><td align="left">
<input name="pass" type="password" class="box" title="given name" size="30" maxlength="30">
</td></tr>


<tr><td align="left" valign="top">


</td><td align="right" valign="top">
<input type="submit" name="submit" value="Submit">
</td></tr>
</table>


</form>
<?php
//end of show login
} else {
//logged in
if($showform){
?>
<h2>EM form</h2>
<?
if(count($errors)) {
print "<ul>";
foreach($errors as $key => $val) {
print "<li class='content'><p class='error'>$val</p></li>";
}
print "</ul>";
} //end of print errors


?>
<form class="subscribe" action="main.php?page=em_form" method="post">
<table cellpadding="10" cellspacing="10">
<tr><td align="right">
<div class="form"><b>EM1:</b></div>
</td><td align="left">
<input name="em1" type="text" class="box" title="Title" size="30" maxlength="30"></td></tr>

<tr><td align="right">
<div class="form"><b>EM2:</b></div>
</td><td align="left">
<input name="em2" type="text" class="box" title="given name" size="30" maxlength="30">
</td></tr>


<tr><td align="left" valign="top">


</td><td align="right" valign="top">
<input type="submit" name="submit" value="Submit">
</td></tr>
</table>

</form>
<?
//end if showform
}else{
echo "all cool";
}
//end else
}

?>

cause it works in 4.3 but not in 4.2

Thanks

btw my guess is it might be the $_SESSION

There is nothing super apparent, is there a specific error? One thing you never called session_start(); Maybe your local version of PHP has session.auto_start set to on locally and its not on the remote server?

Can you be more specific as to what is the problem, because from the script nothing jumps out at me.

yeah sorry i should have explained in more detail

the session start is being called in another file (script above is included in that file)

session_start();
header("Cache-control: private"); //IE 6 Fix
session_register('loggedIn');
session_register('gotFlash');

you can see there effect here -

http://www.australiananthill.com/main.php?page=em_form

its not giving an error but both forms on the page are being shown when only one is supposed to be (form shown depends on the $_SESSION['loggedIn'] variable)

The forms also do not give the error messages that they are supposed to do but I'm sure that's just part of the same problem

Thanks freddy

From the PHP manual on sessions

If you are using $_SESSION and disable register_globals, do not use session_register(), session_is_registered() and session_unregister(), if your scripts shall work in PHP 4.2 and earlier. You can use these functions in 4.3 and later.


So the session_register() are causing problems in 4.2, but work in 4.3 and later.

Hope that helps.

Maybe try commenting them out.

I'll give it a shot

thanks again!

Let me know how that works, if that is the problem maybe I can show you how to come up with a solution that won't include chaning scripts for both local and remote versions.

its a frustrating situation...I dont have ftp access so I have to send the file to someone and wait until they put it online

I'll keep you posted

Thanks freddy

hmm well that appears to have fixed the problem of both forms showing (not positive though as appeared to fix itself even before this guy put the new file online...)

but now it just keeps saying

There was an error with your login - please try again.

when I try to login.

Which would mean that

if ($result && @mysql_num_rows($result) > 0) {

is returning false. I know I have the l/p correct and all the db details are correct so I've got no idea...

:(

well that completely did my head in but I found the problem

the password column of the database was set to varchar(30) and the md5 encryption was blowing the password out to more that 30 characters :(

well changing it to varchar(100) seems to fix the problem but it doesn't seem like a very elegant solution - what do people (freddies) use as the type for columns to ensure that this doesn't happen?

Thanks

I don't use MD5 to encrypt my passwords, I use the PASSWORD() function in MySQL.

LIKE

INSERT INTO table SET user = 'BillyT', pass = PASSWORD('mypassword');

ok

is that a better way of doing for any reason? does that not adjust the length of value being inserted?

Thanks

It changes the length to something more like.

29bad1457ee5e49e

Advantages? Well obviously its shorter, it uses built in MySQL functions, can be compared to user submitted password with

password = PASSWORD('$passfromform')


Disadvantages?
Can't encrypt like that from PHP, so there is no equivelant function in PHP like md5,




but I have always done it that way, that is what MySQL uses when adding user with grant.

cool

Thanks again