Home/ Questions/Q 855687
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T08:07:03+00:00

I am working on a osCommerce project, which is accessible on the main server,

  • 0

I am working on a osCommerce project, which is accessible on the main server, but when i try to access the admin portion of the project on my LOCALHOST the login page do accepts my login, ideally it should accept my login and redirect me to index,php..
below is the login script i am using..

<?php
  require('includes/application_top.php');

  if ($session_started == false) {
  echo 'session not started';
  }

  $error = false;
  if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
    $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
    $password = tep_db_prepare_input($HTTP_POST_VARS['password']);

// Check if email exists
    $check_admin_query = tep_db_query("select admin_id as login_id, admin_groups_id as login_groups_id, admin_firstname as login_firstname, admin_email_address as login_email_address, admin_password as login_password, admin_modified as login_modified, admin_logdate as login_logdate, admin_lognum as login_lognum from " . TABLE_ADMIN . " where admin_email_address = '" . tep_db_input($email_address) . "'");
    if (!tep_db_num_rows($check_admin_query)) {
      $HTTP_GET_VARS['login'] = 'fail';
    } else {
      $check_admin = tep_db_fetch_array($check_admin_query);

      //BOF code for cPanel installer - convert password to cre hash
      $check_password = $check_admin['login_password'];
      if (substr($check_password, 0, 8) == '_cPanel_'){
        $check_password = substr($check_password, 8);
        $password_hash = tep_encrypt_password($check_password);
        tep_db_query("UPDATE " . TABLE_ADMIN . " SET admin_password = '" . $password_hash . "'");
        $check_admin_query = tep_db_query("select admin_id as login_id, admin_groups_id as login_groups_id, admin_firstname as login_firstname, admin_email_address as login_email_address, admin_password as login_password, admin_modified as login_modified, admin_logdate as login_logdate, admin_lognum as login_lognum from " . TABLE_ADMIN . " where admin_email_address = '" . tep_db_input($email_address) . "'");
        $check_admin = tep_db_fetch_array($check_admin_query);
      }
      //EOF code for cPanel installer - convert password to cre hash

      // Check that password is good
      if (!tep_validate_password($password, $check_admin['login_password'])) {
        $HTTP_GET_VARS['login'] = 'fail';
      } else {
        if (tep_session_is_registered('password_forgotten')) {
          tep_session_unregister('password_forgotten');
        }

        $login_id = $check_admin['login_id'];
        $login_groups_id = $check_admin[login_groups_id];
        $login_firstname = $check_admin['login_firstname'];
        $login_email_address = $check_admin['login_email_address'];
        $login_logdate = $check_admin['login_logdate'];
        $login_lognum = $check_admin['login_lognum'];
        $login_modified = $check_admin['login_modified'];

        tep_session_register('login_id');
        tep_session_register('login_groups_id');
        tep_session_register('login_firstname');

        //$date_now = date('Ymd');
        tep_db_query("update " . TABLE_ADMIN . " set admin_logdate = now(), admin_lognum = admin_lognum+1 where admin_id = '" . $login_id . "'");

        if (($login_lognum == 0) || !($login_logdate) || ($login_email_address == 'admin@localhost') || ($login_modified == '0000-00-00 00:00:00')) {
          tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT, '', 'SSL'));
        } else {
          tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'SSL'));
        }

      }
    }
  }

  require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN);
  include('includes/functions/rss2html.php');
?>

I tried tracking the issue, whenever I login with correct email and password it doesnt give me the “$HTTP_GET_VARS[‘action’]

Could someone guide me whats going wrong here?

ACCORDING TO THE INITIAL REPLIES

i have register_long_arrays enabled in my localhost and it is working very well in case of wrong input of email address and password..

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Variables such as HTTP_GET_VARS are called long-arrays, and are deprecated — and can be disabled.

    See the register_long_arrays directive, about this : maybe it’s disabled on your server ?

    Instead of `$HTTP_GET_VARS`, you should be using the `$_GET` super-global array.

    For a couple of references, see :

    Note : OS-commerce is a quite old piece of software, and was developped before long-arrays were deprecated — which is probably why they are used… and why it is possible to enable the `register_long_arrays` directive in PHP’s configuration.

    Of course, this is not recommended for new software… But if you have to work with that… it might be easier than replacing every instance of $HTTP_GET_VARS.

    • 0