[PHP] Script warnings on remote server, but not on local

Speedz

Active Member
Adept
Sep 22, 2007
377
3
28
27
Hey guys, I just made a few tweaks to my website and uploaded it and suddenly its showing me the following warnings when i try to use the login system which I haven't even touched.

The warnings are:

Code:
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in C:\Inetpub\vhosts\clues2college.com\httpdocs\index.php on line 59

Warning: Cannot modify header information - headers already sent by (output started at C:\Inetpub\vhosts\clues2college.com\httpdocs\index.php:59) in C:\Inetpub\vhosts\clues2college.com\httpdocs\index.php on line 80
Interesting thing is, on my local wamp server the pages run just fine. If it helps my PHP version on local wamp server is 5.1.36 whereas that on my host is 5.0.22 . Could that be creating the issue? But I doubt that because the same login ran fine earlier even on the remote server.

My PHP code is as follows:

Code:
<?php error_reporting (E_ALL ^ E_NOTICE); ?>

<?php

define('INCLUDE_CHECK',true);

require 'connect.php';

require 'functions.php';

// Those two files can be included only if INCLUDE_CHECK is defined

session_name('c2cLogin');

// Starting the session

session_set_cookie_params(2*7*24*60*60);

// Making the cookie live for 2 weeks

session_start();

if($_SESSION['user_id'] && !isset($_COOKIE['c2cRemember']) && !$_SESSION['rememberMe'])

{

	// If you are logged in, but you don't have the c2cRemember cookie (browser restart)

	// and you have not checked the rememberMe checkbox:

	$_SESSION = array();

	session_destroy();
	// Destroy the session

}

if(isset($_GET['logoff']))

{

	$_SESSION = array();

	session_destroy();
	header("Location: index.php");

	exit;

}

if($_POST['submit']=='Login')

{

	// Checking whether the Login form has been submitted
	$err = array();

	// Will hold our errors

	if(!$_POST['username'] || !$_POST['password'])

		$err[] = 'All the fields must be filled in!';
	if(!count($err))

	{

		$_POST['username'] = mysql_real_escape_string($_POST['username']);

		$_POST['password'] = mysql_real_escape_string($_POST['password']);

		$_POST['rememberMe'] = (int)$_POST['rememberMe'];

		

		// Escaping all input data

		[COLOR="red"]Line 59- [/COLOR]$row = mysql_fetch_assoc(mysql_query("SELECT user_id,user_name FROM c2c_members WHERE user_name='{$_POST['username']}' AND user_password='{$_POST['password']}'"));

		if($row['user_name'])

		{

			// If everything is OK login

			

			$_SESSION['user_name']=$row['user_name'];

			$_SESSION['user_id'] = $row['user_id'];

			$_SESSION['rememberMe'] = $_POST['rememberMe'];

			

			// Store some data in the session

			

			setcookie('c2cRemember',$_POST['rememberMe']);

		}

		else $err[]='Wrong username and/or password!';

	}
	if($err)

	$_SESSION['msg']['login-err'] = implode('
',$err);

	// Save the error messages in the session

[COLOR="red"]Line 80 - [/COLOR]	header("Location: index.php");

	exit;

}
Please help, i have searched alot online but just couldn't get an answer.
 

Hacker

Well-Known Member
Adept
Apr 1, 2005
1,694
11
51
Pune
I think you have not enabled display warnings in your local wamp server.
 

Speedz

Active Member
Adept
Sep 22, 2007
377
3
28
27
Here are the codes,

connect.php
Code:
<?php

if(!defined('INCLUDE_CHECK')) die('You are not allowed to execute this file directly');
/* Database config */

$db_host		= 'localhost';
$db_user		= 'root';
$db_pass		= '';
$db_database	= 'c2clogin'; 

/* End config */

$link = mysql_connect($db_host,$db_user,$db_pass) or die ("I cannot connect to the database for the following reason" . mysql_error());

mysql_select_db($db_database,$link);
mysql_query("SET names UTF8");

?>
When I do a remote server upload,the user name and password are corrected to match the remote wamp server.

functions.php

Code:
<?php

if(!defined('INCLUDE_CHECK')) die('You are not allowed to execute this file directly');

function checkEmail($str)
{
	return preg_match("/^[\.A-z0-9_\-\+]+[@][A-z0-9_\-]+([.][A-z0-9_\-]+)+[A-z]{1,4}$/", $str);
}
function send_mail($from,$to,$subject,$body)
{
	$headers = '';
	$headers .= "From: $from\n";
	$headers .= "Reply-to: $from\n";
	$headers .= "Return-Path: $from\n";
	$headers .= "Message-ID: <" . md5(uniqid(time())) . "@" . $_SERVER['SERVER_NAME'] . ">\n";
	$headers .= "MIME-Version: 1.0\n";
	$headers .= "Date: " . date('r', time()) . "\n";

	mail($to,$subject,$body,$headers);
}
?>
@Hacker: How do I enable them on my local server?
 

Checksum

Well-Known Member
Adept
Aug 3, 2005
1,544
32
112
33
Put these two lines at the beginning of the script. Or you can add the directives to php.ini if you want them to persist on your server

error_reporting(E_ALL | E_NOTICE | E_STRICT);

ini_set("display_errors", TRUE);
 

Sanjeet Arora

Active Member
Disciple
Sep 16, 2009
172
7
32
30
swtunnel.com
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in C:\Inetpub\vhosts\clues2college.com\httpdocs\index.php on line 59

Warning: Cannot modify header information - headers already sent by (output started at C:\Inetpub\vhosts\clues2college.com\httpdocs\index.php:59) in C:\Inetpub\vhosts\clues2college.com\httpdocs\index.php on line 80
The above mentioned warnings are on your localhost. Are you sure you are checking the correct file?
 

Gaurish

Well-Known Member
ex-Mod
Apr 7, 2006
3,326
135
101
119
Jaipur
www.gaurishsharma.com
I noticed you are attempting to modify session headers after creating a session. so Is output buffering turned ON the server? Also, avoid nesting functions, this code looks much easy to read:

PHP:
$sql = ("SELECT user_id,user_name FROM c2c_members WHERE user_name='{$_POST['username']}' AND user_password='{$_POST['password']}'");

$rs = mysql_query($sql);

if (!$rs) {

    echo "Could not successfully run query ($sql) from DB: " . mysql_error();

    exit;

}

$row = mysql_fetch_assoc($rs);
than this

PHP:
$row = mysql_fetch_assoc(mysql_query("SELECT user_id,user_name FROM c2c_members WHERE user_name='{$_POST['username']}' AND user_password='{$_POST['password']}'"));
Another thing, your code is vulnerable to SQL injection. do some sanity checks. mysql-real_escpape_string might be useful here