Ricky Tompu Breaky wrote: > Dear my friends, > > I am learning a PHP implementation with MyMarket now. I got it from > http://sourceforge.net/projects/mymarket/files/mymarket/mymarket-1.72/mymarket-1.72.tar.gz/download > . > > I have installed and configured its > '/var/www/html/mymarket/application.php' to the login account of my > MySQL and I've been able to do login: > " > <? > /* $RCSfile: application.php,v $ (c) 2000 Ying Zhang > (y...@zippydesign.com) > * > * $Revision: 1.7 $ > * $Date: 2002/09/23 17:31:17 $ > * $Author: yingz $ > * > error_reporting(15); > class object {}; > $CFG = new object; > $CFG->dbhost = "localhost"; > $CFG->dbname = "mymarket"; > $CFG->dbuser = "mymarket"; > $CFG->dbpass = "mypassword"; > $CFG->wwwroot = "http://127.0.0.1/mymarket";; > $CFG->dirroot = dirname(__FILE__); > $CFG->templatedir = "$CFG->dirroot/templates"; > $CFG->libdir = "$CFG->dirroot/lib"; > $CFG->imagedir = "$CFG->wwwroot/images"; > $CFG->icondir = "$CFG->imagedir/icons"; > $CFG->bannerdir = "$CFG->imagedir/banners"; > $CFG->support = "supp...@mymarket.org"; > $CFG->version = "1.71"; > $CFG->sessionname = "mymarket"; > > $CFG->showsponsor = true; // enabled banner advertising > $CFG->currency = "$"; > $CFG->currencyfirst = true; // show the currency symbol before > the price tag > > $DB_DEBUG = true; > $DB_DIE_ON_FAIL = true; > > require("$CFG->libdir/stdlib.php"); > require("$CFG->libdir/dblib.php"); > require("$CFG->libdir/mymarket.php"); > require("$CFG->libdir/cart.php"); > > $ME = qualified_me(); > > ini_set("session.name", $CFG->sessionname); > session_start(); > session_register("USER"); > session_register("CART"); > > if (! isset($_SESSION["USER"])) { > $_SESSION["USER"] = array(); > } > > if (! isset($_SESSION["CART"])) { > $_SESSION["CART"] = new Cart; > } > > $USER = &$_SESSION["USER"]; > $CART = &$_SESSION["CART"]; > > db_connect($CFG->dbhost, $CFG->dbname, $CFG->dbuser, $CFG->dbpass); > ?> > ==== > > The default password of MyMarket for 'root' (administrator account) is > 'password'. I have checked that my MySQL use 'md5()' as the default > encryption method. > > I can do login. But the problem is, I can not change the password of > root. The error message is: > " > Errors > Your old password is invalid > ". > > I've taken a look which script does the password replacement and I > found it is '/var/www/html/mymarket/users/change_password.php' in that > script I've found the function and edit it for investigating where the > problem resides: > " > <? > /* change_password.php (c) 2000 Ying Zhang (y...@zippydesign.com) > * > */ > include("../application.php"); > require_login(); > if (match_referer() && isset($_POST)) { > $frm = $_POST; > $errormsg = validate_form($frm, $errors); > > if (empty($errormsg)) { > update_password($frm["newpassword"]); > $noticemsg = "Password change successful"; > } > } > > $DOC_TITLE = "Change Password"; > include("$CFG->templatedir/header.php"); > include("$CFG->templatedir/form_header.php"); > include("templates/change_password_form.php"); > include("$CFG->templatedir/footer.php"); > > function validate_form(&$frm, &$errors) { > $errors = new Object; > $msg = ""; > if (empty($frm["oldpassword"])) { > $errors->oldpassword = true; > $msg .= "You did not specify your old password"; > } elseif (! password_valid($frm["oldpassword"])) { > $errors->oldpassword = true; > $msg .= "Your old password is invalid"; > } elseif (empty($frm["newpassword"])) { > $errors->newpassword = true; > $msg .= "You did not specify your new password"; > } elseif (empty($frm["newpassword2"])) { > $errors->newpassword2 = true; > $msg .= "You did not confirm your new password"; > } elseif ($frm["newpassword"] != $frm["newpassword2"]) { > $errors->newpassword = true; > $errors->newpassword2 = true; > $msg .= "Your new passwords do not match"; > } > return $msg; > } > > function password_valid($password) { > global $USER; > > $username = $SUSER["user"]["username"]; > $password = md5($password); > $qid = db_query("SELECT 1 FROM users WHERE username = '$username' AND > password = '$password'"); > /* Here my investigator */ > echo db_num_rows($qid)."-->"."SELECT 1 FROM users WHERE username = > '$username' AND password = '$password'"; > /* end of my investigator */ > return db_num_rows($qid); } > > function update_password($newpassword) { > global $USER; > $username = $USER["user"]["username"]; > $newpassword = md5($newpassword); > $qid = db_query("UPDATE users SET password = '$newpassword' > WHERE username = '$username'"); } > ?> > ". > > And the result is: > " > 0-->SELECT 1 FROM users WHERE username = '' AND password = > '5f4dcc3b5aa765d61d8327deb882cf99' > ". > So the user variable is empty, that's why. > > Now, my problem is I don't know my the PHP Script on my Apache2 > of Mandriva 2009.1 does not store the session variable? > > Anybody has ever found the same problem as mine? Please share it to me. > > Please tell me my mistake. > > Thank you very much in advance.
Well that's a lot of code to look through and still not enough code :-) Just glancing through it in function update_password() I would expect: $username = $SUSER["user"]["username"]; to actually be: $username = $USER["user"]["username"]; Don't know where the S in $SUSER came from. -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
