Help-Urgent! My login script stopped working after transferring to new hosting

So last week our company decided to migrate our website to a new server and after doing so we noticed one key element has stopped working- our login!

Apache 2.2.23
PHP 5.3.20

The files are the exact same- the SQL database is the exact same- but once the correct login information is input the page just loads to: http://198.154.XXX.XXX/login.php?accesscheck=%2Fsubscribers%2Fgetting-started.php
instead of http://198.154.XXX.XXX/subscribers/getting-started.php

We know that it correctly recognizes that the user has permissions because if we enter the incorrect password or just bogus information period- it brings us to the failed login page: http://198.154.XXX.XXX/login.php?access=failed

So without further adieu, here’s the code:

[php]

<?php require_once('Connections/dbconnec.php'); ?> <?php // *** Validate request to login to this site. if (!isset($_SESSION)) { session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['email'])) { $loginUsername=$_POST['email']; $password=$_POST['password']; $MM_fldUserAuthorization = "prilevel_id"; $MM_redirectLoginSuccess = "/subscribers/getting-started.php"; $MM_redirectLoginFailed = "login.php?access=failed"; $MM_redirecttoReferrer = false; mysql_select_db($database_dbconnec, $dbconnec); $LoginRS__query=sprintf("SELECT cust_email, cust_password, prilevel_id, acctexp_date FROM customers WHERE cust_email='%s' AND cust_password='%s' AND acctexp_date >= CURDATE()", get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); $LoginRS = mysql_query($LoginRS__query, $dbconnec) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = mysql_result($LoginRS,0,'prilevel_id'); //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } ?>

[/php]

I’m not really very familiar with PHP or SQL so much as HTML and CSS so this is all still kind of foreign to me- SO I bring it before the community here at phphelp… HELP, I’ve been banging my head against a wall for 2 days!!

The code appears to be working as it should but without seeing your actual URL it’s hard to say.

If your url contains the ‘accesscheck’ variable then it will use that in the redirect. Based on this code:

[php]if (isset($_GET[‘accesscheck’])) {
$_SESSION[‘PrevUrl’] = $_GET[‘accesscheck’];
}
[/php]

http://198.154.221.208/login.php?accesscheck=%2Fsubscribers%2Fgetting-started.php

should be

http://198.154.221.208/subscribers/getting-started.php

Sorry I’m having a hard time seeing the problem. According to what you posted and reading the code the URLs are the same.

$_GET[‘accesscheck’] = %2Fsubscribers%2Fgetting-started.php
$MM_redirectLoginSuccess = “/subscribers/getting-started.php”;

These are the same URLs.

If you want to send me a private message with login credentials so I can test and maybe understand the problem that might help.

I can take a shot in the dark here… I don’t know if the url encoding could be causing an issue or not. You could try changing this line

[php]$MM_redirectLoginSuccess = $_SESSION[‘PrevUrl’];[/php]

To this:

[php]$MM_redirectLoginSuccess = urldecode($_SESSION[‘PrevUrl’];)[/php]

Otherwise without actually being able to see the problem in action, I have no clue

Hello. And Bye.

maybe i missed something, but i don’t understand this bit:
[php]if (isset($_SESSION[‘PrevUrl’]) && false) [/php]
How can this ever be ‘set’ and ‘false’??

you check here if $_GET[‘accesscheck’] is set, and if so assign it to the $_SESSION[‘prevUrl’],
regardless of the value of accesscheck, the session ‘PrevUrl’ will always be true because it has a value.
[php]if (isset($_GET[‘accesscheck’])) {
$_SESSION[‘PrevUrl’] = $_GET[‘accesscheck’];
}[/php]

so, IMO, the value you are checking will never be false, thus always using this line:
[php]$MM_redirectLoginSuccess = $_SESSION[‘PrevUrl’];[/php]
instead of this one:
[php]$MM_redirectLoginSuccess = “/subscribers/getting-started.php”;[/php]

or maybe i missed something…

Sponsor our Newsletter | Privacy Policy | Terms of Service