Home/ Questions/Q 6253309
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T13:58:02+00:00

I’m going through the pain of upgrading PHP on my server from 5.2 to

  • 0

I’m going through the pain of upgrading PHP on my server from 5.2 to 5.3. Having migrated my old php.ini to the new and upgraded my mysql passwords, my PHP sessions no longer work.

This is my login code below, it executes correctly and even logs my login correctly in the activity log. (updatelog function) I have also posted my session valid check code.

Is there anything obvious in my login code that is no longer valid in PHP 5.3, having previously worked under 5.2?

// Login User///

if(@$_POST["dologin"] == 1)
{
    //record login attempt
    updatelog("",$_SERVER['REMOTE_ADDR'],"Login Attempt By: ".$_POST['username']);

    $user_name = escape($_POST["username"]);
    $password = escape(md5(SALT.$_POST["password"]));

    $login = $query->GetSingleQuery("--SINGLE","SELECT user_name, id, user_email FROM url_users WHERE user_name='".$user_name."' and user_password='".$password."';",array("user_name","id","user_email"));

    if(!isset($login['user_name'])) //failed login
    {
        $_SESSION['loggedin'] = 0;
        //record failure
        updatelog("",$_SERVER['REMOTE_ADDR'],"Login Failure By: ".$_POST['username']);
        header("Location: index.php?failed=1&user=$user_name");
    }else
    { 
    //login valid
    //get country details
    $getcountry = $query->GetSingleQuery("--SINGLE","SELECT geo_ip.ctry FROM admin_adfly.geo_ip geo_ip WHERE INET_ATON ('".$_SERVER['REMOTE_ADDR']."') BETWEEN geo_ip.ipfrom AND geo_ip.ipto;",array("ctry"));

    //set session items
        $_SESSION['country'] = $getcountry['ctry'];
        $_SESSION['username'] = $login['user_name']; 
        $_SESSION['userid'] = $login['id']; 
        $_SESSION['loggedin'] = 1;
        $_SESSION['email'] = $login['user_email'];
    //session salt
        $hsh = md5($_SERVER['HTTP_USER_AGENT'].SALT);
        $_SESSION['_XXX(*@#!_D@R*&$%(){*@)_D_296']['user_agent'] = $hsh;

    //update the ui transaction log
        updatelog($login['id'],$_SERVER['REMOTE_ADDR'],"Login Success For: ".$_POST['username']);

        // run function to check if any adverts have completed
        adcomplete($_SESSION['userid']);

    //redirect
        header("Location: index.php");
    }

}

// Check users login session is valid, this is called on each page I want to restrict by login. ////

if(isset($_SESSION['_XXX(*@#!_D@R*&$%(){*@)_D_296']['user_agent']) ==  $_SERVER['HTTP_USER_AGENT'].SALT)
                {
                    return 1; //session success
                }else
                {
                    return 0; //session failure
                }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    After much messing about, it turns out that the problem was related to the last session name, it was somehow invalidating the entire browser session, removing all data from the session.

    After removing "(*@#!_D@R*&$%(){*@)_D_296" from the $_SESSION array, my login session started working again.

    • 0