1
All good? I know it will seem like a duplicate question. But unfortunately the answers to the other questions didn’t help me much. I’m fiddling with a ready-made script I picked up on the internet and I’m trying to fix the errors I put in to display them.
Errors that appear in checklogin.php:
Notice: Undefined index: cfgProgDir in /home/USER/public_html/admin/protecao/checklogin.php on line 57
Notice: Undefined index: entered_login in /home/USER/public_html/admin/protecao/checklogin.php on line 63
Notice: Undefined index: entered_password in /home/USER/public_html/admin/protecao/checklogin.php on line 64
Deprecated: mysql() [Function.mysql]: This Function is deprecated; use mysql_query() Instead in /home/USER/public_html/admin/protecao/checklogin.php on line 143
Notice: Undefined variable: dbOld in /home/USER/public_html/admin/protecao/checklogin.php on line 246
Notice: Undefined variable: messageOld in /home/USER/public_html/admin/protecao/checklogin.php on line 247
Source code for checklogin.php the lines that are wrong, I commented with // LINE
<?PHP
// loading functions and libraries
function random($max) {
// create random number between 0 and $max
srand( (double)microtime() * 1000000 );
$r = round(rand(0, $max));
if ($r != 0) $r = $r - 1;
return $r;
}
function rotateBg() {
// rotate background login interface
global $backgrounds, $bgImage, $i;
$c = count($backgrounds);
if ($c == 0) return;
$r = random($c);
if ($backgrounds[$r] == '' && $i < 10) {
$i++;
rotateBg();
} elseif ($i >= 10) {
if (!$bgImage || $bgImage == '') {
$bgImage = 'bg_lock.gif';
} else {
$bgImage = $bgImage;
} }
else { $bgImage = $backgrounds[$r]; }
return $bgImage;
}
function in_array_php3($needle, $haystack) {
// check if the value of $needle exist in array $haystack
// works for both php3 and php4
if ($needle && $haystack) {
if (phpversion() >= 4) {
// phpversion = 4
return(in_array($needle, $haystack));
} else {
// phpversion = 3
for ($i = 0; $i <= count($haystack); $i++) {
if ($haystack[$i] == $needle) {
return(true);
} }
return(false);
} }
else return(false);
}
if ($noDetailedMessages == true) {
$strUserNotExist = $strUserNotAllowed = $strPwNotFound = $strPwFalse = $strNoPassword = $strNoAccess;
}
if ($bgRotate == true) {
$i = 0;
$bgImage = rotateBg();
}
// Check if secure.php has been loaded correctly
if ( !defined("LOADED_PROPERLY") || $HTTP_GET_VARS['cfgProgDir'] || $HTTP_POST_VARS['cfgProgDir']) { // LINHA 57
echo "Parsing of phpSecurePages has been halted!";
exit();
}
// make post variables global
$entered_login = $HTTP_POST_VARS['entered_login']; // LINHA 63
$entered_password = $HTTP_POST_VARS['entered_password']; // LINHA 64
// check if login is necesary
if (!$entered_login && !$entered_password) {
// use data from session
if (phpversion() >= 4) {
// phpversion = 4
session_start();
// session hack to make sessions on old php4 versions work
if (phpversion() > 4.0) {
$login = $HTTP_SESSION_VARS['login'];
$password = $HTTP_SESSION_VARS['password'];
}
} else {
// phpversion = 3
session_start_php3();
} }
else {
// use entered data
if (phpversion() >= 4) {
// phpversion = 4
session_start();
session_unregister("login");
session_unregister("password");
// encrypt entered login & password
$login = $entered_login;
if ($passwordEncryptedWithMD5 && function_exists(md5)) {
$password = md5($entered_password);
} else {
$password = $entered_password;
}
// session hack to make sessions on old php4 versions work
if (phpversion() > 4.0) {
$HTTP_SESSION_VARS['login'] = $login;
$HTTP_SESSION_VARS['password'] = $password;
} else {
session_register("login");
session_register("password");
}
} else {
// phpversion = 3
session_destroy_php3();
session_start_php3();
// encrypt entered login & password
$login = $entered_login;
if ($passwordEncryptedWithMD5 && function_exists(md5)) {
$password = md5($entered_password);
} else {
$password = $entered_password;
}
session_register_php3("login", "STRING", $login);
session_register_php3("password", "STRING", $password);
} }
if (!$login) {
// no login available
include($cfgProgDir . "interface.php");
exit;
}
if (!$password) {
// no password available
$message = $strNoPassword;
include($cfgProgDir . "interface.php");
exit;
}
// use phpSecurePages with Database
if ($useDatabase == true) {
// contact database
if ( empty($cfgServerPort) ) {
mysql_connect($cfgServerHost, $cfgServerUser, $cfgServerPassword)
or die($strNoConnection);
} else {
mysql_connect($cfgServerHost . ":" . $cfgServerPort, $cfgServerUser, $cfgServerPassword)
or die($strNoConnection);
}
$userQuery = mysql($cfgDbDatabase, "SELECT * FROM $cfgDbTableUsers WHERE status='S' AND $cfgDbLoginfield = '$login'") // LINHA 143
or die($strNoDatabase);
// check user and password
if (mysql_num_rows($userQuery) != 0) {
// user exist --> continue
$userArray = mysql_fetch_array($userQuery);
if ($login != $userArray[$cfgDbLoginfield]) {
// Case sensative user not present in database
$message = $strUserNotExist;
// include($cfgProgDir . "logout.php");
include($cfgProgDir . "interface.php");
exit;
} }
else {
// user not present in database
$message = $strUserNotExist;
// include($cfgProgDir . "logout.php");
include($cfgProgDir . "interface.php");
exit;
}
if (!$userArray[$cfgDbPasswordfield]) {
// password not present in database for this user
$message = $strPwNotFound;
include($cfgProgDir . "interface.php");
exit;
}
if (stripslashes($userArray["$cfgDbPasswordfield"]) != $password) {
// password is wrong
$message = $strPwFalse;
// include($cfgProgDir . "logout.php");
include($cfgProgDir . "interface.php");
exit;
}
if ( isset($userArray["$cfgDbUserLevelfield"]) && !empty($cfgDbUserLevelfield) ) {
$userLevel = stripslashes($userArray["$cfgDbUserLevelfield"]);
}
if ( ( $requiredUserLevel && !empty($requiredUserLevel[0]) ) || $minUserLevel ) {
// check for required user level and minimum user level
if ( !isset($userArray["$cfgDbUserLevelfield"]) ) {
// check if column (as entered in the configuration file) exist in database
$message = $strNoUserLevelColumn;
include($cfgProgDir . "interface.php");
exit;
}
if ( empty($cfgDbUserLevelfield) || ( !in_array_php3($userLevel, $requiredUserLevel) && ( !isset($minUserLevel) || empty($minUserLevel) || $userLevel < $minUserLevel ) ) ) {
// this user does not have the required user level
$message = $strUserNotAllowed;
include($cfgProgDir . "interface.php");
exit;
} }
if ( isset($userArray["$cfgDbUserIDfield"]) && !empty($cfgDbUserIDfield) ) {
$ID = stripslashes($userArray["$cfgDbUserIDfield"]);
} }
// use phpSecurePages with Data
elseif ($useData == true && $useDatabase != true) {
$numLogin = count($cfgLogin);
$userFound = false;
// check all the data input
for ($i = 1; $i <= $numLogin; $i++) {
if ($cfgLogin[$i] != '' && $cfgLogin[$i] == $login) {
// user found --> check password
if ($cfgPassword[$i] == '' || $cfgPassword[$i] != $password) {
// password is wrong
$message = $strPwFalse;
include($cfgProgDir . "logout.php");
include($cfgProgDir . "interface.php");
exit;
}
$userFound = true;
$userNr = $i;
} }
if ($userFound == false) {
// user is wrong
$message = $strUserNotExist;
include($cfgProgDir . "logout.php");
include($cfgProgDir . "interface.php");
exit;
}
$userLevel = $cfgUserLevel[$userNr];
if ( ( $requiredUserLevel && !empty($requiredUserLevel[0]) ) || $minUserLevel ) {
// check for required user level and minimum user level
if ( !in_array_php3($userLevel, $requiredUserLevel) && ( !isset($minUserLevel) || empty($minUserLevel) || $userLevel < $minUserLevel ) ) {
// this user does not have the required user level
$message = $strUserNotAllowed;
include($cfgProgDir . "interface.php");
exit;
} }
$ID = $cfgUserID[$userNr];
}
// neither of the two data inputs was chosen
else {
$message = $strNoDataMethod;
include($cfgProgDir . "interface.php");
exit;
}
// restore values
if ($dbOld) $db = $dbOld; // LINHA 246
if ($messageOld) $message = $messageOld; // LINHA 247
?>
I’m sorry about the size of the code. But because of all the searches I did, I couldn’t get those lines right. If anyone can help me I’d be very grateful.
This code was written at a time of transition from php3 to php4, it even has an implementation of
in_array()I don’t know if it’s worth just correcting it. There are several questions on how to solve Undefined index/variable and how to use codemysql_formysqli_or PDO.– rray
Personally I think this code is extremely obsolete (this:
phpversion() >= 4is the biggest proof! ). The first error is because there are no required parameters (ie the link has no?cfgProgDir=XXx&entered_login=YYYY. Then one more thing begins: the$HTTP_GET_VARShas long been considered obsolete, being "replaced" by$_GET. Then themysql()is already obsolete, the substitute is themysql_query(), as you say in the error, but he is also gone, so migrate to themysqli_query(). The last two errors is because the variable doesn’t even exist. You should useisset().– Inkeliz