0

I migrated website to new hosting but now I cannot login to admin. And I dont know why. Maybe problem with sessions? Anny help? This is part of code admin.php

<?php
include("auth/data/functions.php");
//$_SESSION["logged"] = true;
if (isset($_POST["auth_login"])) {
    if($_POST["auth_login"]&&$_POST["auth_password"])
    {
        if (mysql_result(mysql_query("SELECT COUNT(*) FROM `admin` WHERE name = '".addslashes($_POST['auth_login'])."' AND password = '".sha1($_POST["auth_password"])."'"), 0)) 
        {
            $_SESSION["logged"] = true;
        }
    }
}

if (!isset($_SESSION["logged"]))
{
    print('
                <h1>Log in</h1>
');
    if (isset($_POST["auth_login"])) {
        print('<p>Error. Wrong username or password.</p>');
    }
    print('<br><form method="post">');
    print('<label for="name">Name: </label><input name="auth_login" maxlength="30" id="name" /> ');
    print('<label for="pass">Password: </label><input type="password" name="auth_heslo" id="pass" /> ');
    print('<input type="submit" value="--&gt;" title="Log in" style="cursor:pointer" /> ');
    print('</form>');
}

elseif($_SESSION["logged"])
{
    if(!$subsection)
    {
?>

... Content
bulldozer
  • 101
  • 10
  • did you set up the phpmyadmin part. i meaned user. – Vimukthi Guruge May 05 '17 at 09:57
  • Possibly database connection and/or content... do you get inside the if condition? – Jack hardcastle May 05 '17 at 09:57
  • Hello. First of all, you should stop using `mysql_` functions since they're deprecated. Use mysqli_ or PDO driver instead. Also, you should take a look at http://bobby-tables.com since you're script is really vulnerable to SQL injections. – Twinfriends May 05 '17 at 09:58
  • what type of error you got? – Vimukthi Guruge May 05 '17 at 09:58
  • No errors on page. – bulldozer May 05 '17 at 10:02
  • What version of PHP is the new host? And have you actually enabled error reporting? – Qirel May 05 '17 at 10:04
  • PHP 7.0 I think no error enabled but I'm not sure. – bulldozer May 05 '17 at 10:14
  • `mysql_` was removed entirely in PHP7. So if you had error-reporting enabled, you would have gotten messages like "*Call to undefined function..*". Seems like a good time to learn PDO or `mysqli_` and update your code to a newer API! Learn about *prepared statements*. – Qirel May 05 '17 at 10:19
  • Possible duplicate of [Why shouldn't I use mysql\_\* functions in PHP?](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) – Qirel May 05 '17 at 10:21
  • Allright. So I need change this: if (mysql_result(mysql_query("SELECT COUNT(*) FROM `admin` WHERE name = '".addslashes($_POST['auth_login'])."' AND password = '".sha1($_POST["auth_heslo"])."'"), 0)) – bulldozer May 05 '17 at 10:34
  • You need to convert your entire code from `mysql_` to either `mysqli_` or PDO. All lines that use `mysql_` must be changed. Read http://php.net/manual/en/mysqlinfo.api.choosing.php – Qirel May 05 '17 at 10:39

0 Answers0