Smarty Forum Index Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon.

Login form does not function when switched to PHP 5.5

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> General
View previous topic :: View next topic  
Author Message
ADYX
Smarty Rookie


Joined: 28 Oct 2015
Posts: 5

PostPosted: Wed Oct 28, 2015 12:23 pm    Post subject: Login form does not function when switched to PHP 5.5 Reply with quote

Hi, i have limited knowledge of Smarty as a development platform but i am working on a site which uses it. I did not make the site so it is all a bit of an unknown with what code was set up etc.

Basically the first problem is that when the site is running on PHP 5.5 the login form just refreshes when it is submitted.
However this works fine in PHP 5.3

Is this most likely a register globals $_POST issue ?
I suspect that the variables are not being passed to the query.
I have error reporting on, but that is showing the usual undefined.index type of feedback, nothing fundamental about the query itself failing.

Below i have added the various bits of code that i think are involved.
Highly likely that these are badly coded in the respect of security etc.

If you can see anything that jumps out as far as a failing login form is concerned (Works in PHP5.3 / not in PHP5.5), very much appreciated Wink


The loginform.tpl is like this
Code:

<span class="ErrorMsg"> {$strCommonError} </span>
<table width="100%" border="0" align="center" cellpadding="2" cellspacing="2">
        <tr>
          <td class="MainTableBar" height="20">{$lblLoginHeader}</td>
        </tr>
        <tr>
          <td align="center" class="MainTableBg"><form name="form1" method="post" action="{$strThisPage}">
              <table width="90%" border="0" cellspacing="3" cellpadding="3">
                <tr class="FormLabel">
                  <td width="50%">Email Address</td>
                  <td width="50%"><input name="{$fldLogin}" type="text" class="FormTextField" value="{$valLogin}" size="10"></td>
                </tr>
                <tr class="FormLabel">
                  <td width="50%">{$lblPassword}</td>
                  <td width="50%"><input name="{$fldPassword}" type="password" class="FormTextField" value="{$valPassword}" size="10"></td>
                </tr>
                <tr class="FormLabel">
                  <td width="50%">&nbsp;</td>
                  <td width="50%"><input name="Submit" type="submit" class="FormButton" value="{$btnLogin}" onclick="this.form.fAction.value='1'" title="Login" alt="Login">
              <input type="hidden" name="fAction"></td>
                </tr>
            {if $strSignUpText neq ""}
                <tr align="center" valign="middle" class="FormLabel">
                  <td colspan="2" class="MenuBarDeActive">[<a href="{$strSignUpLink}" title="Sign Up">{$strSignUpText}</a>]</td>
                </tr>
            {/if}
            {if $strForgotText neq ""}
                <tr align="center" valign="middle" class="FormLabel">
                  <td colspan="2" class="MenuBarDeActive">[<a href="{$strForgotLink}" title="Forgot Password">{$strForgotText}</a>]</td>
                </tr>
            {/if}
              </table></form>
             
              <p>{include file="/home/********/htdocs/inc_files/pre_menu.inc" title=pre_menu}
              <p></p>
              </td>
        </tr>
      </table>



And the function (i think this is the one it is using) appears to be like this:

Code:

function isValidLogin($Request)
{
   global $ErrorMsg,$objSmarty,$Fields,$S_PatientID,$S_PatientName,$S_PatientLoggedIn, $S_Gender;
   $Valid = true;
   for($i=0;$i<count($Fields);$i++)
   {
      if($Fields[$i][1]==1 && trim($Request[$Fields[$i][0]]) == "")
      {
         $ErrorMsg = $Fields[$i][0]." should not be Empty";
         $Valid = false;
         break;
      }
   }
   $strEmail = trim($Request[$Fields[0][0]]);
   $strPassword = trim($Request[$Fields[1][0]]);
   $SelectQry = "select * from TblPatientDetails where Email = '".$strEmail."'";

   $SelectRec = SelectQry($SelectQry);

   if(count($SelectRec)>0)
   {
      if($SelectRec[0]["Password"]==$strPassword)
      {
         $UpdateQry          = "Update TblPatientDetails set UserLoggedIn=1 where Email = '".$strEmail."'";
         $ResultQry          = ExecuteQry($UpdateQry);
         $S_PatientID         = $SelectRec[0]["PatientID"];
         $S_PatientName       = $SelectRec[0]["Forename"]." ".$SelectRec["Surname"];
         $S_PatientLoggedIn  = "1";
         $S_Gender         = $SelectRec[0]["Gender"];

         session_register("S_PatientID");
         session_register("S_PatientName");
         session_register("S_PatientLoggedIn");
         session_register("S_Gender");
         $sesLoginName = trim($Request[$Fields[0][0]]);
         saveActionLog(2);
      }
      else
      {
         $Valid = false;
         $ErrorMsg = "Invalid User Password";
      }

   }
   else
   {
      $Valid = false;
      $ErrorMsg = "Invalid User Login";
   }

   if(!$Valid)
      $objSmarty->assign('strCommonError',"$ErrorMsg");
   return $Valid;
}




There also appears to be this file loginformdetails.php

Code:

$FormLinks = array(
      array("New User SignUp","https://www.****/register.php"),
      array("Forgot Password","forgotpass.php")
      );


   //Should not Edit From This
   $Fields = array(
      array("Login",1),
      array("Password",1)
      );


   // load the template
   // Fields for Login Form
   $objSmarty->assign('fldLogin',$Fields[0][0]);
   $objSmarty->assign('fldPassword',$Fields[1][0]);

   //Button Values for Login Form
   $objSmarty->assign('btnLogin',"Login");

   //Labels for Login Form
   $objSmarty->assign('lblLogin',"Email Address");
   $objSmarty->assign('lblPassword',"Password");


   //Other Links for Login Form
   $objSmarty->assign('lblLoginHeader','User Login');
   if($strEmailExists!="1")
   {
      for($i=0;$i<count($Fields);$i++)
      {
         $objSmarty->assign('val'.$Fields[$i][0],$_POST[$Fields[$i][0]]);
      }

      $objSmarty->assign('strSignUpText',$FormLinks[0][0]);
      $objSmarty->assign('strSignUpLink',$FormLinks[0][1]);
      $objSmarty->assign('strForgotText',$FormLinks[1][0]);
      $objSmarty->assign('strForgotLink',$FormLinks[1][1]);
   }
   else
   {
      $objSmarty->assign('strForgotText',"Request your password");
      $objSmarty->assign('strForgotLink',$FormLinks[1][1]);
   }
Back to top
View user's profile Send private message
AnrDaemon
Administrator


Joined: 03 Dec 2012
Posts: 1785

PostPosted: Wed Oct 28, 2015 1:31 pm    Post subject: Reply with quote

What immediately jumps out is very, very, very bad code.
Other than that, did you clear Smarty cache after moving/upgrading the site?
One of my clients just hit the same brick. Smile
Passed him a new code, and he told me that "it renders old data".
Back to top
View user's profile Send private message
ADYX
Smarty Rookie


Joined: 28 Oct 2015
Posts: 5

PostPosted: Wed Oct 28, 2015 3:02 pm    Post subject: Reply with quote

Hi, Yes, i totally agree with you on the bad code issue.. this was put together by a 3rd party who then vanished pretty soon afterwards. Ultimately this whole things needs to be remade, but in the short term i am just trying to see if i can patch it in some way to work with PHP 5.5

I have cleared out all the template_c directories and i also cleared out a /cache directory on root.

The only instance i can find related to cache_dir is this one though:
private $cache_dir = null;
and it looks like the caching system is currently not in use ?

This must relate to something that is 'o.k' in PHP 5.3 but not in PHP 5.5
Back to top
View user's profile Send private message
AnrDaemon
Administrator


Joined: 03 Dec 2012
Posts: 1785

PostPosted: Wed Oct 28, 2015 11:30 pm    Post subject: Reply with quote

Now, that it is out of the window, enable all error reporting and error display, and try again.
Watch webserver logs for any suspicious activity.
Back to top
View user's profile Send private message
ADYX
Smarty Rookie


Joined: 28 Oct 2015
Posts: 5

PostPosted: Thu Oct 29, 2015 9:21 am    Post subject: Reply with quote

Hi, As mentioned, the error reporting is on in user.ini

error_reporting = E_ALL

Should that be a different parameter ?

The only errors i am getting are the undefined variable / index type errors.
No fatal error for the failing query.

I don't have direct access to the Mysql logs, but i have requested help/info from the server vendors.

I read elsewhere of people having this sort of issue regarding a failing DB query due to null variable values being passed, and they also comment about the lack of useful error feedback.

Maybe i could add in something that stops the code after the login query and displays an error at that point ? I am unsure what/where to add that code though and the relevant Smarty syntax.
Back to top
View user's profile Send private message
ADYX
Smarty Rookie


Joined: 28 Oct 2015
Posts: 5

PostPosted: Thu Oct 29, 2015 4:14 pm    Post subject: Reply with quote

Break through!

A friend of mine took a look and worked out that the usage of session_register was killed off after PHP 5.4

That and a global inclusion set for :
$_POST = ($HTTP_POST_VARS);
$_GET = ($HTTP_GET_VARS);
$_SESSION = ($HTTP_SESSION_VARS);

Now commented out.

So, hopefully this might help someone who encounters a similar issue:

http://php.net/manual/en/function.session-register.php

also for unregister
http://php.net/manual/en/function.session-unregister.php


Now comes the fun job of patching 100s of instances of this
Back to top
View user's profile Send private message
AnrDaemon
Administrator


Joined: 03 Dec 2012
Posts: 1785

PostPosted: Thu Oct 29, 2015 6:43 pm    Post subject: Reply with quote

ADYX wrote:

$_POST = ($HTTP_POST_VARS);
$_GET = ($HTTP_GET_VARS);
$_SESSION = ($HTTP_SESSION_VARS);

That… I. Have. No. words.
This is so bullshit that whoever wrote this code must be shot down like a rabid dog he is.

ADYX wrote:
A friend of mine took a look and worked out that the usage of session_register was killed off after PHP 5.4


This is why I said you should enable all error reporting on your dev. system.
E_ALL isn't actually ALL of it.
Code:
error_reporting = E_ALL | E_STRICT | E_DEPRECATED
is an absolute minimum for development.
The long arrays were deprecated SINCE PHP 4.1 almost fourteen years ago!!!!
Back to top
View user's profile Send private message
ADYX
Smarty Rookie


Joined: 28 Oct 2015
Posts: 5

PostPosted: Wed Nov 18, 2015 11:48 am    Post subject: Reply with quote

Quote:
This is so bullshit that whoever wrote this code must be shot down like a rabid dog he is.


LOL Laughing
Agreed!



I have added :
Code:
error_reporting = E_ALL | E_STRICT | E_DEPRECATED

to the .ini file but it still does not render anything new as far as errors go.
I am fairly sure the original coders have put in error suppression somewhere in the files (not found it yet though) as it should be throwing out errors all over the place and currently it only shows things like 'undefined' etc.
Very frustrating..
Back to top
View user's profile Send private message
U.Tews
Administrator


Joined: 22 Nov 2006
Posts: 5068
Location: Hamburg / Germany

PostPosted: Wed Nov 25, 2015 5:38 am    Post subject: Reply with quote

If $smarty->error_reporting is set Smarty will use these error setting while processing the templates. If it's not set the php.ini setting will be used.
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> General All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP