PHP-->on MyMarket can not get username variable value from session.

Dear my friends,

I am learning a PHP implementation with MyMarket now. I got it from
http://sourceforge.net/projects/mymarket/files/mymarket/myma rket-1.72/mymarket-1.72.tar.gz/download .

I have installed and configured its
'/var/www/html/mymarket/application.php' to the login account of my
MySQL and I've been able to do login:
"
/* $RCSfile: application.php,v $ (c) 2000 Ying Zhang
(ying@zippydesign.com)
*
* $Revision: 1.7 $
* $Date: 2002/09/23 17:31:17 $
* $Author: yingz $
*
error_reporting(15);
class object {};
$CFG = new object;
$CFG->dbhost = "localhost";
$CFG->dbname = "mymarket";
$CFG->dbuser = "mymarket";
$CFG->dbpass = "mypassword";
$CFG->wwwroot = "http://127.0.0.1/mymarket";
$CFG->dirroot = dirname(__FILE__);
$CFG->templatedir = "$CFG->dirroot/templates";
$CFG->libdir = "$CFG->dirroot/lib";
$CFG->imagedir = "$CFG->wwwroot/images";
$CFG->icondir = "$CFG->imagedir/icons";
$CFG->bannerdir = "$CFG->imagedir/banners";
$CFG->support = "support@mymarket.org";
$CFG->version = "1.71";
$CFG->sessionname = "mymarket";

$CFG->showsponsor = true; // enabled banner advertising
$CFG->currency = "$";
$CFG->currencyfirst = true; // show the currency symbol before
the price tag

$DB_DEBUG = true;
$DB_DIE_ON_FAIL = true;

require("$CFG->libdir/stdlib.php");
require("$CFG->libdir/dblib.php");
require("$CFG->libdir/mymarket.php");
require("$CFG->libdir/cart.php");

$ME = qualified_me();

ini_set("session.name", $CFG->sessionname);
session_start();
session_register("USER");
session_register("CART");

if (! isset($_SESSION["USER"])) {
$_SESSION["USER"] = array();
}

if (! isset($_SESSION["CART"])) {
$_SESSION["CART"] = new Cart;
}

$USER = &$_SESSION["USER"];
$CART = &$_SESSION["CART"];

db_connect($CFG->dbhost, $CFG->dbname, $CFG->dbuser, $CFG->dbpass);
?>
====

The default password of MyMarket for 'root' (administrator account) is
'password'. I have checked that my MySQL use 'md5()' as the default
encryption method.

I can do login. But the problem is, I can not change the password of
root. The error message is:
"
Errors
Your old password is invalid
".

I've taken a look which script does the password replacement and I
found it is '/var/www/html/mymarket/users/change_password.php' in that
script I've found the function and edit it for investigating where the
problem resides:
"
/* change_password.php (c) 2000 Ying Zhang (ying@zippydesign.com)
*
*/
include("../application.php");
require_login();
if (match_referer() && isset($_POST)) {
$frm = $_POST;
$errormsg = validate_form($frm, $errors);

if (empty($errormsg)) {
update_password($frm["newpassword"]);
$noticemsg = "Password change successful";
}
}

$DOC_TITLE = "Change Password";
include("$CFG->templatedir/header.php");
include("$CFG->templatedir/form_header.php");
include("templates/change_password_form.php");
include("$CFG->templatedir/footer.php");

function validate_form(&$frm, &$errors) {
$errors = new Object;
$msg = "";
if (empty($frm["oldpassword"])) {
$errors->oldpassword = true;
$msg .= "You did not specify your old password";
} elseif (! password_valid($frm["oldpassword"])) {
$errors->oldpassword = true;
$msg .= "Your old password is invalid";
} elseif (empty($frm["newpassword"])) {
$errors->newpassword = true;
$msg .= "You did not specify your new password";
} elseif (empty($frm["newpassword2"])) {
$errors->newpassword2 = true;
$msg .= "You did not confirm your new password";
} elseif ($frm["newpassword"] != $frm["newpassword2"]) {
$errors->newpassword = true;
$errors->newpassword2 = true;
$msg .= "Your new passwords do not match";
}
return $msg;
}

function password_valid($password) {
global $USER;

$username = $SUSER["user"]["username"];
$password = md5($password);
$qid = db_query("SELECT 1 FROM users WHERE username = '$username' AND password = '$password'");
/* Here my investigator */
echo db_num_rows($qid)."-->"."SELECT 1 FROM users WHERE username = '$username' AND password = '$password'";
/* end of my investigator */
return db_num_rows($qid); }

function update_password($newpassword) {
global $USER;
$username = $USER["user"]["username"];
$newpassword = md5($newpassword);
$qid = db_query("UPDATE users SET password = '$newpassword'
WHERE username = '$username'"); }
?>
".

And the result is:
"
0-->SELECT 1 FROM users WHERE username = '' AND password = '5f4dcc3b5aa765d61d8327deb882cf99'
".
So the user variable is empty, that's why.

Now, my problem is I don't know my the PHP Script on my Apache2
of Mandriva 2009.1 does not store the session variable?

Anybody has ever found the same problem as mine? Please share it to me.

Please tell me my mistake.

Thank you very much in advance.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: PHP-->on MyMarket can not get username variable value from session.

Ricky Tompu Breaky wrote:
> Dear my friends,
>
> I am learning a PHP implementation with MyMarket now. I got it from
> http://sourceforge.net/projects/mymarket/files/mymarket/myma rket-1.72/mymarket-1.72.tar.gz/download .
>
> I have installed and configured its
> '/var/www/html/mymarket/application.php' to the login account of my
> MySQL and I've been able to do login:
> "
> > /* $RCSfile: application.php,v $ (c) 2000 Ying Zhang
> (ying@zippydesign.com)
> *
> * $Revision: 1.7 $
> * $Date: 2002/09/23 17:31:17 $
> * $Author: yingz $
> *
> error_reporting(15);
> class object {};
> $CFG = new object;
> $CFG->dbhost = "localhost";
> $CFG->dbname = "mymarket";
> $CFG->dbuser = "mymarket";
> $CFG->dbpass = "mypassword";
> $CFG->wwwroot = "http://127.0.0.1/mymarket";
> $CFG->dirroot = dirname(__FILE__);
> $CFG->templatedir = "$CFG->dirroot/templates";
> $CFG->libdir = "$CFG->dirroot/lib";
> $CFG->imagedir = "$CFG->wwwroot/images";
> $CFG->icondir = "$CFG->imagedir/icons";
> $CFG->bannerdir = "$CFG->imagedir/banners";
> $CFG->support = "support@mymarket.org";
> $CFG->version = "1.71";
> $CFG->sessionname = "mymarket";
>
> $CFG->showsponsor = true; // enabled banner advertising
> $CFG->currency = "$";
> $CFG->currencyfirst = true; // show the currency symbol before
> the price tag
>
> $DB_DEBUG = true;
> $DB_DIE_ON_FAIL = true;
>
> require("$CFG->libdir/stdlib.php");
> require("$CFG->libdir/dblib.php");
> require("$CFG->libdir/mymarket.php");
> require("$CFG->libdir/cart.php");
>
> $ME = qualified_me();
>
> ini_set("session.name", $CFG->sessionname);
> session_start();
> session_register("USER");
> session_register("CART");
>
> if (! isset($_SESSION["USER"])) {
> $_SESSION["USER"] = array();
> }
>
> if (! isset($_SESSION["CART"])) {
> $_SESSION["CART"] = new Cart;
> }
>
> $USER = &$_SESSION["USER"];
> $CART = &$_SESSION["CART"];
>
> db_connect($CFG->dbhost, $CFG->dbname, $CFG->dbuser, $CFG->dbpass);
> ?>
> ====
>
> The default password of MyMarket for 'root' (administrator account) is
> 'password'. I have checked that my MySQL use 'md5()' as the default
> encryption method.
>
> I can do login. But the problem is, I can not change the password of
> root. The error message is:
> "
> Errors
> Your old password is invalid
> ".
>
> I've taken a look which script does the password replacement and I
> found it is '/var/www/html/mymarket/users/change_password.php' in that
> script I've found the function and edit it for investigating where the
> problem resides:
> "
> > /* change_password.php (c) 2000 Ying Zhang (ying@zippydesign.com)
> *
> */
> include("../application.php");
> require_login();
> if (match_referer() && isset($_POST)) {
> $frm = $_POST;
> $errormsg = validate_form($frm, $errors);
>
> if (empty($errormsg)) {
> update_password($frm["newpassword"]);
> $noticemsg = "Password change successful";
> }
> }
>
> $DOC_TITLE = "Change Password";
> include("$CFG->templatedir/header.php");
> include("$CFG->templatedir/form_header.php");
> include("templates/change_password_form.php");
> include("$CFG->templatedir/footer.php");
>
> function validate_form(&$frm, &$errors) {
> $errors = new Object;
> $msg = "";
> if (empty($frm["oldpassword"])) {
> $errors->oldpassword = true;
> $msg .= "You did not specify your old password";
> } elseif (! password_valid($frm["oldpassword"])) {
> $errors->oldpassword = true;
> $msg .= "Your old password is invalid";
> } elseif (empty($frm["newpassword"])) {
> $errors->newpassword = true;
> $msg .= "You did not specify your new password";
> } elseif (empty($frm["newpassword2"])) {
> $errors->newpassword2 = true;
> $msg .= "You did not confirm your new password";
> } elseif ($frm["newpassword"] != $frm["newpassword2"]) {
> $errors->newpassword = true;
> $errors->newpassword2 = true;
> $msg .= "Your new passwords do not match";
> }
> return $msg;
> }
>
> function password_valid($password) {
> global $USER;
>
> $username = $SUSER["user"]["username"];
> $password = md5($password);
> $qid = db_query("SELECT 1 FROM users WHERE username = '$username' AND password = '$password'");
> /* Here my investigator */
> echo db_num_rows($qid)."-->"."SELECT 1 FROM users WHERE username = '$username' AND password = '$password'";
> /* end of my investigator */
> return db_num_rows($qid); }
>
> function update_password($newpassword) {
> global $USER;
> $username = $USER["user"]["username"];
> $newpassword = md5($newpassword);
> $qid = db_query("UPDATE users SET password = '$newpassword'
> WHERE username = '$username'"); }
> ?>
> ".
>
> And the result is:
> "
> 0-->SELECT 1 FROM users WHERE username = '' AND password = '5f4dcc3b5aa765d61d8327deb882cf99'
> ".
> So the user variable is empty, that's why.
>
> Now, my problem is I don't know my the PHP Script on my Apache2
> of Mandriva 2009.1 does not store the session variable?
>
> Anybody has ever found the same problem as mine? Please share it to me.
>
> Please tell me my mistake.
>
> Thank you very much in advance.

Well that's a lot of code to look through and still not enough code :-)

Just glancing through it in function update_password() I would expect:

$username = $SUSER["user"]["username"];

to actually be:

$username = $USER["user"]["username"];

Don't know where the S in $SUSER came from.
--
Thanks!
-Shawn
http://www.spidean.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: PHP-->on MyMarket can not get username variable value from session.

Dear Shawn.

Hooray, you've solved my problem. Thank you....very....very....much.

I really appreciate it.

Thanks, Buddy.
===
On Tue, 01 Sep 2009 16:22:39 -0500
Shawn McKenzie wrote:

> Ricky Tompu Breaky wrote:
> > Dear my friends,
> >
> > I am learning a PHP implementation with MyMarket now. I got it from
> > http://sourceforge.net/projects/mymarket/files/mymarket/myma rket-1.72/mymarket-1.72.tar.gz/download .
> >
> > I have installed and configured its
> > '/var/www/html/mymarket/application.php' to the login account of my
> > MySQL and I've been able to do login:
> > "
> > > > /* $RCSfile: application.php,v $ (c) 2000 Ying Zhang
> > (ying@zippydesign.com)
> > *
> > * $Revision: 1.7 $
> > * $Date: 2002/09/23 17:31:17 $
> > * $Author: yingz $
> > *
> > error_reporting(15);
> > class object {};
> > $CFG = new object;
> > $CFG->dbhost = "localhost";
> > $CFG->dbname = "mymarket";
> > $CFG->dbuser = "mymarket";
> > $CFG->dbpass = "mypassword";
> > $CFG->wwwroot = "http://127.0.0.1/mymarket";
> > $CFG->dirroot = dirname(__FILE__);
> > $CFG->templatedir = "$CFG->dirroot/templates";
> > $CFG->libdir = "$CFG->dirroot/lib";
> > $CFG->imagedir = "$CFG->wwwroot/images";
> > $CFG->icondir = "$CFG->imagedir/icons";
> > $CFG->bannerdir = "$CFG->imagedir/banners";
> > $CFG->support = "support@mymarket.org";
> > $CFG->version = "1.71";
> > $CFG->sessionname = "mymarket";
> >
> > $CFG->showsponsor = true; // enabled banner
> > advertising $CFG->currency = "$";
> > $CFG->currencyfirst = true; // show the currency symbol
> > before the price tag
> >
> > $DB_DEBUG = true;
> > $DB_DIE_ON_FAIL = true;
> >
> > require("$CFG->libdir/stdlib.php");
> > require("$CFG->libdir/dblib.php");
> > require("$CFG->libdir/mymarket.php");
> > require("$CFG->libdir/cart.php");
> >
> > $ME = qualified_me();
> >
> > ini_set("session.name", $CFG->sessionname);
> > session_start();
> > session_register("USER");
> > session_register("CART");
> >
> > if (! isset($_SESSION["USER"])) {
> > $_SESSION["USER"] = array();
> > }
> >
> > if (! isset($_SESSION["CART"])) {
> > $_SESSION["CART"] = new Cart;
> > }
> >
> > $USER = &$_SESSION["USER"];
> > $CART = &$_SESSION["CART"];
> >
> > db_connect($CFG->dbhost, $CFG->dbname, $CFG->dbuser, $CFG->dbpass);
> > ?>
> > ====
> >
> > The default password of MyMarket for 'root' (administrator account)
> > is 'password'. I have checked that my MySQL use 'md5()' as the
> > default encryption method.
> >
> > I can do login. But the problem is, I can not change the password of
> > root. The error message is:
> > "
> > Errors
> > Your old password is invalid
> > ".
> >
> > I've taken a look which script does the password replacement and I
> > found it is '/var/www/html/mymarket/users/change_password.php' in
> > that script I've found the function and edit it for investigating
> > where the problem resides:
> > "
> > > > /* change_password.php (c) 2000 Ying Zhang (ying@zippydesign.com)
> > *
> > */
> > include("../application.php");
> > require_login();
> > if (match_referer() && isset($_POST)) {
> > $frm = $_POST;
> > $errormsg = validate_form($frm, $errors);
> >
> > if (empty($errormsg)) {
> > update_password($frm["newpassword"]);
> > $noticemsg = "Password change successful";
> > }
> > }
> >
> > $DOC_TITLE = "Change Password";
> > include("$CFG->templatedir/header.php");
> > include("$CFG->templatedir/form_header.php");
> > include("templates/change_password_form.php");
> > include("$CFG->templatedir/footer.php");
> >
> > function validate_form(&$frm, &$errors) {
> > $errors = new Object;
> > $msg = "";
> > if (empty($frm["oldpassword"])) {
> > $errors->oldpassword = true;
> > $msg .= "You did not specify your old password";
> > } elseif (! password_valid($frm["oldpassword"])) {
> > $errors->oldpassword = true;
> > $msg .= "Your old password is invalid";
> > } elseif (empty($frm["newpassword"])) {
> > $errors->newpassword = true;
> > $msg .= "You did not specify your new password";
> > } elseif (empty($frm["newpassword2"])) {
> > $errors->newpassword2 = true;
> > $msg .= "You did not confirm your new password";
> > } elseif ($frm["newpassword"] != $frm["newpassword2"]) {
> > $errors->newpassword = true;
> > $errors->newpassword2 = true;
> > $msg .= "Your new passwords do not match";
> > }
> > return $msg;
> > }
> >
> > function password_valid($password) {
> > global $USER;
> >
> > $username = $SUSER["user"]["username"];
> > $password = md5($password);
> > $qid = db_query("SELECT 1 FROM users WHERE username =
> > '$username' AND password = '$password'"); /* Here my investigator */
> > echo db_num_rows($qid)."-->"."SELECT 1 FROM users WHERE
> > username = '$username' AND password = '$password'"; /* end of my
> > investigator */ return db_num_rows($qid); }
> >
> > function update_password($newpassword) {
> > global $USER;
> > $username = $USER["user"]["username"];
> > $newpassword = md5($newpassword);
> > $qid = db_query("UPDATE users SET password = '$newpassword'
> > WHERE username = '$username'"); }
> > ?>
> > ".
> >
> > And the result is:
> > "
> > 0-->SELECT 1 FROM users WHERE username = '' AND password =
> > '5f4dcc3b5aa765d61d8327deb882cf99' ".
> > So the user variable is empty, that's why.
> >
> > Now, my problem is I don't know my the PHP Script on my Apache2
> > of Mandriva 2009.1 does not store the session variable?
> >
> > Anybody has ever found the same problem as mine? Please share it to
> > me.
> >
> > Please tell me my mistake.
> >
> > Thank you very much in advance.
>
> Well that's a lot of code to look through and still not enough
> code :-)
>
> Just glancing through it in function update_password() I would expect:
>
> $username = $SUSER["user"]["username"];
>
> to actually be:
>
> $username = $USER["user"]["username"];
>
> Don't know where the S in $SUSER came from.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php