Bob Hutchinson wrote:
>
> //ini_set('error_reporting', E_ALL ^ E_NOTICE);
> ini_set('error_reporting', E_ALL);
Am I right in thinking that neither of these lines were in the original
index.php? i.e. you didn't comment our the first one and add the second
one - you added both?
> The database was empty, so create_tables.php would run. This resulted in a
> nasty Notice:
>
> Notice: Use of undefined constant test - assumed 'test'
> in /home/hutch/www/html/vegadns-0.9.9.1/src/create_tables.php on line 43
>
> Warning: Cannot modify header information - headers already sent by (output
> started at /home/hutch/www/html/vegadns-0.9.9.1/src/create_tables.php:43)
> in /home/hutch/www/html/vegadns-0.9.9.1/index.php on line 108
>
> so I edited create_tables.php on line 43
> replaced md5(test) with md5('test')
I've done that.
> BTW I realise that I could have avoided this by setting
> ini_set('error_reporting', E_ALL ^ E_NOTICE);
> but then you don't find the bugs, that's how I set production boxes, not the
> development box I'm doing this on.
Good call, because ...
> cleared the database and ran again, closing the browser in between (just in
> case)
>
> much better, straight into the edit account page where I changed a few things
> and hit the edit button and it saved successfully, and left me logged in, I
> clicked around a bit, logged out and logged in again, no problem, it accepted
> the new password.
It works for me now!
> This is the point that yours has been stumbling on, right?
> I'm using MySQL - 4.0.24
> You are using MySQL 5.0.18 right?
>
> does it support mysql_escape_string()
>
> see line 95 and on src/users.php
>
> do you see
>
> 'update accounts set First_Name=' and so on in your mysql log?
Sure do!
12 Query update accounts set
First_Name='Robin',
Last_Name='Bowes',
Phone='',
Email='[EMAIL PROTECTED]',
Password='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
Account_Type='senior_admin', Status='active' where cid='1'
12 Query update active_sessions set
Email='[EMAIL PROTECTED]' where Email='[email protected]'
> The initial edit account page should have a hidden field for 'cid', it is set
> in index.php line 203 or thereabouts
>
> I'm just wondering if the refusal to save has to do with MySQL 5.x.xx ....
>
> I'm rather conservative about upgrading, this is just the kind of thing I
> dread, and the hords of angry customers...
>
> but it would be good to know in any event
>
>
>>It appears that I can use most of the functionality but checking the
>>logs reveals that several variables are not being passed between forms
>>(cid being one example that prevent login).
>>
>>If I log out I am unable to log back in again even with the original
>>password.
>>
>>I've checked with phpmyadmin (and mysql command line) and the
>>username/password remains unchanged.
>>
>>The MySQL query log actually shows that the app. is submitting the wrong
>>md5 hashed password (see above).
>>
>>I'm sure there's a logical explanation for all this but I can't put my
>>finger on it just at the moment...
Looks like you nailed it Bob - it was the missing quotes in that call to
md5 which screwed things up.
Thanks! I can now try and sell this to my clients! :)
R.
