<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
<font face="Helvetica, Arial, sans-serif">I have a couple of LAN
servers set up for learning & developing. One is FreeBSD 4.10
running apache 1.3 with php4 module and postgresql 7.3 ; the 7.0 is
running apache22, php5 and posstgresql 8.3. <br>
Here's the problem: Everything is fine on the older machine. I
transferred one "WebSite" to the newer machine; did the pg_dumpall to
the new machine and all appears ok. I changed the include
$DOCUMENT_ROOTs to ($_SERVER["DOCUMENT_ROOT"]...... and all that is
well. However, there seems to be a problem with the sql code which was
done by another party. There is a function "checkuser" which is invoked
upon login from index.php. The instruction is:
checkuser(array(0,1,2,3,4,5,6));...... and there it stops.<br>
<br>
function checkuser($group_id) {<br>
global
$sid,$ttl,$login_prompt,$user,$password,$REMOTE_ADDR,$HTTP_POST_VARS,<br>
$HTTP_GET_VARS,$SCRIPT_NAME,$HTTP_USER_AGENT,$HTTP_REFERER,<br>
$REQUEST_URI,$loglevel;<br>
<br>
if(!isset($user)) {<br>
$user='';<br>
}<br>
if(!isset($password)) {<br>
$password='';<br>
}<br>
if(!isset($sid)) {<br>
$sid='';<br>
}<br>
if(is_array($group_id)) {<br>
$group_id=join($group_id,',');<br>
}<br>
/*<br>
* Statistics: check if such page exists in database<br>
* If not, add it<br>
*/<br>
if($loglevel>=1) {<br>
list($page_id)=sqlget("<br>
select page_id from pages where name='$SCRIPT_NAME'");<br>
if(!$page_id) {<br>
$page_q=sqlquery("insert into pages (name) values
('$SCRIPT_NAME')");<br>
$page_id=sqlinsid($page_q);<br>
}<br>
}<br>
<br>
/*<br>
* Get user ID by session ID<br>
*/<br>
list($user_id)=sqlget("<br>
select \"user\".user_id from \"user\",groups,user_group,session<br>
where hash='$sid' and<br>
\"user\".user_id=session.user_id and<br>
user_group.group_id=groups.group_id and<br>
\"user\".user_id=user_group.user_id and<br>
groups.group_id in ($group_id) and<br>
end_time>".(time()));<br>
<br>
/*<br>
* No such session, or session is expired<br>
*/<br>
if(!isset($user_id) || $user_id=='') do {<br>
/*<br>
* Handle POSTs<br>
* Check password and group; anonymous access also<br>
*/<br>
list($user_id)=sqlget("<br>
select \"user\".user_id from \"user\",groups,user_group<br>
where \"user\".user_id=user_group.user_id and<br>
user_group.group_id=groups.group_id and <br>
groups.group_id in ($group_id) and<br>
((\"user\".name='$user' and <br>
\"user\".password='".(md5($password))."') or<br>
groups.anonymous='Y')");<br>
<br>
/*<br>
* yeah, authorized<br>
*/<br>
if(isset($user_id) && $user_id!='' &&
$user_id>=0) {<br>
list($md5)=sqlget("<br>
select hash from session where user_id='$user_id' and<br>
ip='$REMOTE_ADDR' and end_time>".(time())."<br>
order by end_time desc");<br>
if(isset($md5) && $md5!='') {<br>
sqlquery("<br>
update session set end_time=".(time()+$ttl).",<br>
visited_pages=visited_pages+1<br>
where hash='$md5' and user_id='$user_id'");<br>
}<br>
else do {<br>
mt_srand((double)microtime()*1000000);<br>
$rnd=mt_rand(0,(double)microtime()*1000000);<br>
$md5=md5("$rnd$REMOTE_ADDR$user_id$password");<br>
$result=sqlquery("<br>
insert into session (hash,user_id,start_time,<br>
end_time,ip,visited_pages,useragent)<br>
values
('$md5','$user_id',".(time()).",".(time()+$ttl).",<br>
'$REMOTE_ADDR',1,'$HTTP_USER_AGENT')");<br>
} while (strcmp($result,'error')==0);<br>
<br>
setcookie('sid',$md5);<br>
$sid=$md5;<br>
break;<br>
}<br>
<br>
/*<br>
* Unauthorized; prompt to login<br>
* Save POST and GET variables, except user/password<br>
*/<br>
<br>
setcookie('sid','-1');<br>
$vars='';<br>
while(list($name,$value)=each($HTTP_POST_VARS)) {<br>
if($name!='user' && $name!='password') {<br>
$vars.="\n<input type=hidden name='$name'
value='$value'>";<br>
}<br>
}<br>
while(list($name,$value)=each($HTTP_GET_VARS)) {<br>
if($name!='user' && $name!='password') {<br>
$vars.="\n<input type=hidden name='$name'
value='$value'>";<br>
}<br>
}<br>
$login_prompt=eregi_replace('<!-- INFERNO -->','<!--
INFERNO -->'.$vars,$login_prompt);<br>
echo $login_prompt;<br>
exit();<br>
} while (0);<br>
/*<br>
* Update existing session to prevent expiration<br>
*/<br>
else {<br>
sqlquery("<br>
update session set end_time=".(time()+$ttl).",<br>
visited_pages=visited_pages+1<br>
where hash='$sid'");<br>
}<br>
<br>
/*<br>
* Statistics: write page view<br>
*/<br>
if($loglevel>=1) {<br>
sqlquery("<br>
insert into visits (session_id,page_id,when_stamp,path,referer)<br>
select session_id,$page_id,'now','$REQUEST_URI','$HTTP_REFERER'<br>
from session<br>
where hash='$sid'");<br>
}<br>
<br>
return $user_id;<br>
}<br>
<br>
The Web page does not load. If I remove the line checkuser (array....)
from the php code, things come up fine. Sooooo, I'm a little lost.
Could it be that the sql code should be different for the current psql?
The database is fine, I can access it and view it (SELECT * FROM
....etc...etc.) from the command line.<br>
<br>
Could someone please steer me as to what to look for and where to find
possible correcections?<br>
Thanks much in advance.<br>
<br>
PJ<br>
</font>
</body>
</html>