DEVHIDE
Login Or Sign up

How do I upgrade my PHP 4.0 login script to PHP 5.6?

323 Views Asked by At

my script below worked perfect on PHP 4.0 but my ISP upgraded to PHP 5.6 and now there seems to be something wrong (it does not connect to mySQL, etc), any help is appreciated

Many thanks

<?php
$userdb="var1";
$pass="var2";
$database="var3";

mysql_connect("sql.servername.com",$userdb,$pass);
@mysql_select_db($database) or die ( header('location: status4.htm') );
$match = "select id from USER_ACCOUNTS where username = '$username' and password = '$password'";
$qry = mysql_query($match)
or die ( header('location: status.htm?status=9') );
$num_rows = mysql_num_rows($qry); 

// Valid Username and Password
if ($num_rows > 0) { 
$qry = "SELECT * FROM USER_ACCOUNTS WHERE username like '%" . $username . "%'";
$res = mysql_query($qry);
$output='';
while($row = mysql_fetch_assoc($res)){
// loop through all returned results
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
echo "&status=1";
echo $output;
}
}
?>

Here is the mySQL 4.0 Table

id  viewUsername    viewPassword    username    password    name    title   email   admin   file    file2   file3   file4


1                                   user1       pass123     USER1   Manager email1   1      file1   file2   file3   file4
php mysql authentication php-5.6 php4
Original Q&A
2

There are 2 best solutions below

17
Mario On BEST ANSWER

Here you go example with PDO prepared statements

<?php

error_reporting(1);
ini_set('display_errors', '1');

// mysql connection
$db_host = 'localhost';
$db_user = 'root';
$db_pass = '';
$db_name = 'mydatabase';

$dbh = new PDO('mysql:host='.$db_host.';dbname='.$db_name.';charset=utf8', $db_user, $db_pass);

// submit form
if (isset($_POST['submit']))
{

    $username = $_POST['username'];
    $password = $_POST['password'];

    $stmt = $dbh->prepare("SELECT * FROM USER_ACCOUNTS WHERE username = :username AND password = :password");
    $stmt->bindParam(':username', $username);
    $stmt->bindParam(':password', $password);
    $stmt->execute();
    $number_of_rows = $stmt->fetchColumn();

    // Valid Username and Password
    if ($number_of_rows > 0)
    {
        $row = $stmt->fetchAll(); 

        $output = '';

        while($row)
        {
            // loop through all returned results
            $output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
            echo "&status=1";
            echo $output;
        }
    }

}

?>

And html form

<form action="" method="post">
    <input type="text" name="username" placeholder="Username"><br />
    <input type="password" name="password" placeholder="Password"><br />
    <input type="submit" name="submit" value="Login">
</form>

Update

<?php

error_reporting(1);
ini_set('display_errors', '1');

// mysql connection
$db_host = 'localhost';
$db_user = 'root';
$db_pass = '';
$db_name = 'mydatabase';

$mysqli = new mysqli($db_host, $db_user, $db_pass, $db_name);

/* check connection */
if (mysqli_connect_errno())
{
    echo "Connect failed: " . mysqli_connect_error();
    exit();
}

// submit form
if (isset($_POST['submit']))
{

    $username = $_POST['username'];
    $password = $_POST['password'];

    /* create a prepared statement */
    if ($stmt = $mysqli->prepare("SELECT * FROM USER_ACCOUNTS WHERE username = ? AND password = ?"))
    {
        /* bind parameters for markers */
        $stmt->bind_param("s", $username);
        $stmt->bind_param("s", $password);

        /* execute query */
        $stmt->execute();

        $number_of_rows = $stmt->rowCount();

        // Valid Username and Password
        if ($number_of_rows > 0)
        {
            $row = $stmt->fetchAll(); 

            $output = '';

            while($row)
            {
                // loop through all returned results
                $output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
                echo "&status=1";
                echo $output;
            }
        }

        /* close statement */
        $stmt->close();
    }
}
$mysqli->close();
?>

And try this

<?php

error_reporting(1);
ini_set('display_errors', '1');


$conn = mysqli_connect('host', 'username', 'password', 'table name');

/* check connection */
if (mysqli_connect_errno())
{
    echo "Connect failed: " . mysqli_connect_error();
    exit();
}

// submit form
if (isset($_POST['submit']))
{

    $username = $_POST['username'];
    $password = $_POST['password'];

    $query = mysqli_query($conn, "SELECT * FROM USER_ACCOUNTS WHERE username = '$username' AND password = '$password'");

    if ($query)
    {
        // Valid Username and Password
        if (mysqli_row_count($query) > 0)
        {
            $row = mysqli_fetch_array($query);

            $output = '';

            while($row)
            {
                // loop through all returned results
                $output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
                echo "&status=1";
                echo $output;
            }
        }
    }
}

?>
1
Nazareno Lorenzo On

I would guess that on your old version you had register_globals enabled, thus in $username and $password you were getting directly what was posted from a form, which is no longer happening.

The quick solution would be to add at the start of the php code:

$username = $_REQUEST['username']; $password = $_REQUEST['password'];

That being said, every line in your code screams bad practices and possible vulnerabilities. I would highly recommend you getting some help for a complete makeover if you are using that in a productive website.

Related Questions in PHP

Related Questions in MYSQL

Related Questions in AUTHENTICATION

Related Questions in PHP-5.6

Related Questions in PHP4

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

Copyright © 2021 Jogjafile Inc.