PHP Login Help Please - Outdated PHP

MaverickS · January 26, 2018, 3:54pm

Hi Everyone - I’m a novice trying to help our small business update their website. It has a PHP login that was created a long time ago and I’ve been tasked with getting it up to date. From looking around, I know a lot of the extensions are deprecated which is why I’m assuming it’s not working on the site’s new host. I’ve really tried getting everything working myself, but it has been a week of “no-go”. I’m hoping to get some much appreciated help here - thanks in advance!

Here is the current code:

Connections/general.php
[php]<?php

FileName=“Connection_php_mysql.htm”

Type=“MYSQL”

HTTP=“true”

$hostname_general = “localhost”;
$database_general = “";
$username_general = ""”;
$password_general = “”*****";
$general = mysqli_connect($hostname_general, $username_general, $password_general) or trigger_error(mysql_error(),E_USER_ERROR);
?>[/php]

login.php
[php]<?php require_once('Connections/general.php'); ?>

<?php // *** Validate request to login to this site. session_start(); $loginFormAction = $_SERVER['PHP_SELF']; if (isset($accesscheck)) { $GLOBALS['PrevUrl'] = $accesscheck; session_register('PrevUrl'); } /* Check if user has been remembered */ if(isset($_COOKIE['abcookname']) && isset($_COOKIE['abcookpass'])){ $name = $_COOKIE['abcookname']; $pass = $_COOKIE['abcookpass']; $rem = "CHECKED"; } if (isset($_POST['username'])) { $loginUsername=$_POST['username']; $password=$_POST['password']; $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "index.php"; $MM_redirectLoginFailed = "login.php?s=f"; $MM_redirecttoReferrer = true; mysql_select_db($database_general, $general); $LoginRS__query=sprintf("SELECT username, password FROM users WHERE username='%s' AND password='%s'", get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); $LoginRS = mysql_query($LoginRS__query, $general) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = ""; //declare two session variables and assign them $GLOBALS['MM_Username'] = $loginUsername; $GLOBALS['MM_UserGroup'] = $loginStrGroup; //register the session variables session_register("MM_Username"); session_register("MM_UserGroup"); //register cookies if(isset($_POST['remember'])){ setcookie("abcookname", $loginUsername, time()+60*60*24*100, "/"); setcookie("abcookpass", $password, time()+60*60*24*100, "/"); } else { //unregister cookies if(isset($_COOKIE['abcookname']) && isset($_COOKIE['abcookpass'])){ setcookie("abcookname", "", time()-60*60*24*100, "/"); setcookie("abcookpass", "", time()-60*60*24*100, "/"); } } if (isset($_SESSION['PrevUrl']) && true) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } ?>[/php]

page.php
[php]<?php
session_start();
$MM_authorizedUsers = “”;
$MM_donotCheckaccess = “true”;

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;

// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == “”) && true) {
$isValid = true;
}
}
return $isValid;
}

$MM_restrictGoTo = “login.php”;
if (!((isset($_SESSION[‘MM_Username’])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION[‘MM_Username’], $_SESSION[‘MM_UserGroup’])))) {
$MM_qsChar = “?”;
$MM_referrer = $_SERVER[‘PHP_SELF’];
if (strpos($MM_restrictGoTo, “?”)) $MM_qsChar = “&”;
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= “?” . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . “accesscheck=” . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>[/php]

astonecipher · January 26, 2018, 4:50pm

First and foremost, update the database driver. mysqli as a minimum, PDO to use the standard.

What area are you looking for help with?

MaverickS · January 26, 2018, 5:07pm

To be honest, I really don’t know to even start. I’m not a developer/programmer by any stretch so I really don’t have any idea as to what I’m doing - I’m just the youngest guy at a small business so my boss assumes I can figure it out.

The original code still works on our old web host, but we need to move it and it’s not working on the new host. From what I’ve been able to find I know a lot of the expressions have been deprecated. I’ve tried replacing those expressions best I could, but still can’t get the pages to perform correctly.

Basically, I know there are lines/expressions that need to change b/c they don’t work on the new host, but I don’t really know which ones or what to change them to.

astonecipher · January 26, 2018, 6:51pm

Start off with a spreadsheet of what functions you need to change and where they are. You should be able to get those from the error logs in the new host. Tackle those first and then work on the refactoring to make it better.

benanamen · January 27, 2018, 2:54am

To be honest, I really don't know to even start. I'm not a developer/programmer by any stretch so I really don't have any idea as to what I'm doing

Sounds like the boss needs to hire someone. That code is very old. You cant just update it. It needs to be re-written. Really, leaving a login script to someone that doesn’t know what they are doing is a very, very bad idea.