Convert script form PHP 4 to PHP 5

Hello all,
I have a script that was written on PHP 4, it uses Globals On. Now that I have moved to PHP 5 my script no longer works.

I know that in PHP 4 Globals was on. In PHP 5 Globals is Off by default.

I could override using a php.ini file in the directory, but this is a hack and does not fix the problem.

I know what the problem is, but can’t for the life of me figure out how to correct it for PHP 5 and Globals Off. The script has a password field and then if correct logs in the user. If not the error is given.

So… I know I need to update the syntacs but I have no idea what to do here. If I can get some help on thi spart, I can then correct the rest of the script.

The variable $adpasswd is set and pulled from the config.php file. A form is used to login and checks against the config.php to see if the password is correct. If it is you login, if not the error is shown.

Thank you ahead of time for your help.

Here is the part in question:

session_start();
include("templates/header.tpl");
include("config.php");

if(!isset($adminuser)){
if(!isset($action)){
include("templates/login.tpl");
}else{
if($adminpass != $adpasswd){
include("templates/login.tpl");
echo "<table width='100%' border='0' cellspacing='3' cellpadding='3'><tr><td class='message_error' align='center'>Invalid Password, Please Try Again!</td></tr></table>";
}else{
$adminuser = "yes";
session_register('adminuser');
$action = "loggedin";
}
}
}

if(isset($adminuser)){
dbconnect();
include('templates/menu.tpl');

if($action == "loggedin"){
$message = "<tr><td><table width='100%' border='0' cellspacing='3' cellpadding='3'><tr><td class='message_error' align='center'>Hello $contact_name! Nice to see you again. Use the menu above to navigate EzBan.</td></tr></table>";
$msg = $message;
echo $msg;
}

You should honestly be happy that it doesnt work anymore…

The way you had it setup was that anyone could type ?adminuser=yes in their browser and be an admin…

or ?adminpass=1&verifypass=1&adminuser=1…

see where the problem is?

From looking at the script $adminpass is passed through a form, $adpasswd is the verifying password set in config.php, $adminuser is the session variable?

If so, change session variables like this

$adminuser = $_SESSION[‘adminuser’]

Form variables: $adminpass = $_POST[‘adminpass’]

Session_register is no longer used… simply use $_SESSION[‘adminuser’] = ‘yes’;

Hello acecool,
you are correct… And here is where I seem to get lost.

What you say makes perfect sense but I can’t seem to get my head around where it all goes in the script.

Would you be kind enough to use the snip and add/edit your suggestions?

I know your explanation should be more than clear enough… But I am missing the obvious here.

for example… replace

if(isset($adminuser)){

with

if(isset($_SESSION[‘adminuser’])){

Hello Acecool,
I try tried this before my last post. I replaced everything I thought should be as you suggested and it doesn’t work.

Please see below for the changes this last round and if you would be kind enough to note what I’m doing wrong.

if(!isset($_SESSION['adminuser'])){
if(!isset($action)){
include("templates/login.tpl");
}else{
if($adminpass = $_POST['adminpass'] != $adpasswd){
include("templates/login.tpl");
echo "<table width='100%' border='0' cellspacing='3' cellpadding='3'><tr><td class='message_error' align='center'>Invalid Password, Please Try Again!</td></tr></table>";
}else{
$_SESSION['adminuser'] = 'yes';
$action = "loggedin";
}
}
}

if($adminpass = $_POST[‘adminpass’] != $adpasswd){

is wrong

should be

if($_POST[‘adminpass’] != $adpasswd){

This might be a post variable… I would need to see the other parts of your script… if(!isset($action)){

Acecool,
Here is more code to help you get the idea… THANK YOU VERY MUCH FOR YOUR TIME!

session_start();
include("templates/header.tpl");
include("config.php");

if(!isset($adminuser)){
if(!isset($action)){
include("templates/login.tpl");
}else{
if($adminpass != $adpasswd){
include("templates/login.tpl");
echo "<table width='100%' border='0' cellspacing='3' cellpadding='3'><tr><td class='message_error' align='center'>Invalid Password, Please Try Again!</td></tr></table>";
}else{
$adminuser = "yes";
session_register('adminuser');
$action = "loggedin";
}
}
}

if(isset($adminuser)){
dbconnect();
include('templates/menu.tpl');

if($action=="loggedin"){
$message = "<tr><td><table width='100%' border='0' cellspacing='3' cellpadding='3'><tr><td class='message_error' align='center'>Hello $contact_name! Nice to see you again. Use the menu above to navigate EzBan.</td></tr></table>";
$msg = $message;
echo $msg;
}

if($action == "add"){
$act = "insert";
$imgrow = "<td class='message_header' align='center' colspan='2'>Add A New Banner To The Database</td>";
$radio = "<b>Off</b> <input class="radio_button" name="status" type="radio" value="0" onClick="return confirm('Are you sure you want this banner inactive and not displayed in the rotation?');" onFocus="this.blur()">&nbsp;&nbsp;&nbsp;<b>On</b> <input class="radio_button" name="status" type="radio" value="1" onFocus="this.blur()" checked>";
$adstyle = "<b>Local Image</b> <input class="radio_button" name="adtype" type="radio" value="1" onFocus="this.blur()">&nbsp;&nbsp;&nbsp;<b>HTML - Affiliate Code</b> <input class="radio_button" name="adtype" type="radio" value="0" onFocus="this.blur()">";
$targetsel = "<option value="0" selected>New Window</option><option value="1">Main Window</option>";  
include("templates/add.tpl");
}

if($action == "insert"){
if($upimage != ""){
$imgfile = "images/".$upimage_name;
if(!move_uploaded_file($upimage, $imgfile)){
domessage("<tr><td><table width='100%' border='0' cellspacing='3' cellpadding='3'><tr><td class='message_error' align='center'>Upload of banner image failed!</td></tr></table>");
include("templates/footer.tpl");
end;
}

`Can you post config.php with your password removed? Then I can see which variables go where…

Also the form used to submit the data!

config.php

$adpasswd = "";
$user = "eztechne_eztech";
$pass = "";
$host = "localhost";
$database = "eztechne_ezbantest";
$prefix = "ezban_";
$banners = $prefix . "banners";
$stats = $prefix . "stats";

function dbconnect() {
global $host, $user, $pass, $database;
$db_bks = mysql_pconnect($host,$user,$pass);
if (!$db_bks) {
echo "Login failed."; 
exit;}
mysql_select_db($database);
}

function doquery($query) {
$result = mysql_query($query) or die(mysql_error());
return $result;
}

function openfile($path){
$file = '';
$fp = fopen($path,'r');
while(!feof($fp))
$file .= fgets($fp,4098);
return $file;
}
 
function domessage($message){
$msg = "$message";
echo $msg;
}

Form used to login:

<form action="<?php $PHP_SELF ?>" method="post">
<table align="center" width="60%" cellspacing="3" cellpadding="3" border="0">
 <tr>
  <td colspan="2">&nbsp;</td>
 </tr>
 <tr>
  <td class="list" align="right" width="25%"><b>Enter Password:</b></td>
  <td class="list" align="left" width="75%"><input class="input" type="password" name="adminpass" size="40"></td>
 </tr>
 <tr>
  <td colspan="2">&nbsp;</td>
 </tr>
 <tr>
  <td colspan="2" align="center">
  <input type="hidden" name="action" value="login">
  <input class="button" type="submit" value="Submit" name="submit" onFocus="this.blur()">
  </td>
 </tr>
 <tr>
  <td align="right" colspan="2"><a href="<?php echo $contact_url; ?>" onFocus="this.blur()"><img src="img/gohome.png" width="32" height="32" border="0" title="Go To Your Main Website" alt="Go To Your Main Website"></a></td>
 </tr>
</table>
</form>
Sponsor our Newsletter | Privacy Policy | Terms of Service