Authentication Logon page not working using PHP and Oracle on Apache / Windows 2008


Answers

Since PHP4, request variables are only available via the arrays $_GET (for GET requests) and $_POST (for POST requests). You've got some rewriting to do, starting off with turning

if ( (!isset($USER_ID)) && (!isset($PASSWORD)) )

into

if ( (!isset($_POST)) )

or

if ( (!array_key_exists('USERID', $_POST)) && (!array_key_exists('PASSWORD', $_POST)) )

More: http://php.net/manual/en/function.array-key-exists.php

http://www.php.net/manual/en/reserved.variables.php

Question

[UPDATE: Solved: Thanks everyone. See code here: http://pastebin.com/1fJmXeG2] I greatly appreciate any help I can get on this problem. We have a logon page on our site running on an old Linux server using Apache 1 and PHP 4. We want to move it to a new Windows 2008 server (64-bit)... so I installed Apache 2.25 and PHP 5.4 on the new server. I also enabled OCI8 connecting to an Oracle 11g database. I moved the files for the logon page over to the new server and they don't work. What happens is the page does not run the script and it just forwards to the index.php instead of redirecting to index php with the appropriate response. Of course there was some deprecated language which I updated in the PHP script, but it still doesn't work. I am a complete newbie so I am not sure if it is a problem with the script or a problem with the PHP settings. I know I can connect to the database, since I made a test page doing so. Please help me if you can... I am really desperate. The following is the code for my authorization page:

<?php session_start();
// Begin or continue session by registering variables
$_SESSION['USER_ID'] = 'USER_ID';
$_SESSION['PASSWORD'] = 'PASSWORD';
$_SESSION['FIRST'] = 'FIRST';
$_SESSION['LAST'] = 'LAST';
$_SESSION['ACCESS_KEY'] = 'ACCESS_KEY';
$_SESSION['conn'] = 'conn';
$_SESSION['BEENHERE'] = 'BEENHERE';
$_SESSION['CUSTOMER_NAME'] = 'CUSTOMER_NAME';
$_SESSION['WAREHOUSING'] = 'WAREHOUSING';
$_SESSION['TRANSPORTATION'] = 'TRANSPORTATION';
$_SESSION['MYACCOUNT'] = 'MYACCOUNT';

// Set Environment Variables
$SYS_DBUSER = "*****";
$SYS_DBPASSWORD = "*****";
$SYS_DB = "*****";

// Begin Authorization Routine
if ( (!isset($USER_ID)) && (!isset($PASSWORD)) )
    {
    echo '<html>';
    echo '<head>';
    echo '<title> Customer Access - Login</title>';
    echo '<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">';
    echo '</head>';
    echo '<body bgcolor="#FFFFFF" text="#000000">';
    echo '<div align="center">';
    echo '<p><img src="../images/logocir3.gif" width="120" height="123"> </p>';
    echo '<p><b><font size="5" color="#0000FF" face="Arial, Helvetica, sans-serif">The ';
    echo 'The Company</font></b></p>';
    echo '<p><font size="4" color="#0000FF" face="Arial, Helvetica, sans-serif"><b><i>Customer Access</i></b></font></p>';
    echo '<form name="form1" method="post" action="index.php">';
    echo '<p> <font size="3" face="Arial, Helvetica, sans-serif">Username:</font> ';
    echo '<input type="text" name="USER_ID" maxlength="15">';
    echo '</p>';
    echo '<p><font size="3" face="Arial, Helvetica, sans-serif">Password: </font> ';
    echo '<input type="PASSWORD" name="PASSWORD" maxlength="15">';
    echo '</p>';
    echo '<p><input type="submit" name="Submit" value="Login"></p>';
    echo '</form>';
    echo '<p>&nbsp;</p>';
    echo '</div>';
    echo '</body>';
    echo '</html>';
    exit;
    }
elseif ( ($BEENHERE == 1) && (isset($FIRST)) && (isset($PASSWORD)) && (isset($ACCESS_KEY)) && (isset($USER_ID)) && (isset($LAST)) && (isset($conn)) && (isset($CUSTOMER_NAME)) )
    {
    return (TRUE);
    }
else
    {
    // Connect to database
    unset($conn);
    $conn = oci_connect($SYS_DBUSER,$SYS_DBPASSWORD,$SYS_DB);

    // Generate sql statement
    $loginsql = oci_parse($conn,"SELECT FIRST_NAME,LAST_NAME,CUSTOMER_NAME,ACCESS_KEY,TRANSPORTATION,WAREHOUSING,MYACCOUNT FROM WEB_USERS WHERE USER_ID = SUBSTR(UPPER('$USER_ID'),1,15) AND PASSWORD = SUBSTR(UPPER('$PASSWORD'),1,30) AND ENABLED = 'Y'");

    // Execute statement
    oci_execute($loginsql,OCI_NO_AUTO_COMMIT);

    // Retrieve number of rows for authentication
    $nrows = oci_fetch_all($loginsql,$results);

    // Database Authenticate
    if ( $nrows != 1 )
        {
        // Display if login fails
        unset($USER_ID);
        unset($PASSWORD);
        unset($FIRST);
        unset($LAST);
        unset($ACCESS_KEY);
        unset($conn);
        unset($BEENHERE);
        unset($CUSTOMER_NAME);
        unset($WAREHOUSING);
        unset($TRANSPORTATION);
        unset($MYACCOUNT);
        echo "<H1>Login Failure - Please Check Your Password AND/OR Username</H1><BR>";
        echo "<A HREF=\"$PHP_SELF\"><H3>Try Again</H3></A>";

        // Close used resources
        oci_free_statement($loginsql);
        oci_close($conn);
        exit;
        }
    else
        {
        // Assign login information to global variables
        unset($FIRST);
        unset($LAST);
        unset($ACCESS_KEY);
        unset($BEENHERE);
        unset($CUSTOMER_NAME);
        unset($WAREHOUSING);
        unset($TRANSPORTATION);
        unset($MYACCOUNT);
        $FIRST = $results['FIRST_NAME'][0];
        $LAST = $results['LAST_NAME'][0];
        $CUSTOMER_NAME = $results['CUSTOMER_NAME'][0];
        $ACCESS_KEY = $results['ACCESS_KEY'][0];
        $TRANSPORTATION = $results['TRANSPORTATION'][0];
        $WAREHOUSING = $results['WAREHOUSING'][0];
        $MYACCOUNT = $results['MYACCOUNT'][0];
        $BEENHERE = 1;

        // Close used resources
        oci_free_statement($loginsql);
        oci_close($conn);
        }
    }
        ?>

Here are my php settings in a png file: http://i.imgur.com/7c8BzZG.png?1







Tags