Here is a stripped down version of what I use to authenticate users, it works fine on my PHP v5.0.2/MySQL 4.0.21 server, but fails on my PHP v5.1.6/MySQL v5.0.45 server.
In the code below, should I be aware of anything that might not be supported by the newer version of PHP & MySQL? Global variables have been enabled.
<?php if(!isset($HTTP_POST_VARS['username'])&&!isset($HTTP_POST_VARS['password'])) { //Visitor needs to enter a name and password ?> <h1>Please Log In</h1> This page is secret. <form method='post' action='<?php echo $PHP_SELF;?>'> <table border='1'> <tr> <th> Username </th> <td> <input type='text' name='username'> </td> </tr> <tr> <th> Password </th> <td> <input type='password' name='password'> </td> </tr> <tr> <td colspan='2' align='center'> <input type='submit' value='Log In'> </td> </tr> </table> </form> <?php } else { // connect to mysql include('../cgi-bin/db.php'); $username = $HTTP_POST_VARS['username']; $password = md5($HTTP_POST_VARS['password']); if(!$db) { echo 'Cannot connect to database.'; exit; } // select the appropriate database $mysql = mysql_select_db('quickwebcms'); if(!$mysql) { echo 'Cannot select database.'; exit; } // query the database to see if there is a record which matches $query = 'select count(*) from auth where username = '$username' and password = '$password''; $result = mysql_query( $query ); if(!$result) { echo 'Cannot run query.'; exit; } $count = mysql_result( $result, 0, 0 ); if ( $count > 0 ) { // visitor's name and password combination are correct echo '<h1>Here it is!</h1>'; echo 'I bet you are glad you can see this secret page.'; } else { // visitor's name and password combination are not correct echo '<h1>Go Away!</h1>'; echo 'You are not authorized to view this resource.'; } } ?>
I’m guessing it might be because of
$HTTP_POST_VARS. Try replacing that with$_POST. If it still doesn’t work, try putting the following snippet right after<?php: