[PHP] Script warnings on remote server, but not on local

Status
Not open for further replies.
S

Speedz

Contributor
Hey guys, I just made a few tweaks to my website and uploaded it and suddenly its showing me the following warnings when i try to use the login system which I haven't even touched.

The warnings are:

Code: 
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in C:\Inetpub\vhosts\clues2college.com\httpdocs\index.php on line 59

Warning: Cannot modify header information - headers already sent by (output started at C:\Inetpub\vhosts\clues2college.com\httpdocs\index.php:59) in C:\Inetpub\vhosts\clues2college.com\httpdocs\index.php on line 80

Interesting thing is, on my local wamp server the pages run just fine. If it helps my PHP version on local wamp server is 5.1.36 whereas that on my host is 5.0.22 . Could that be creating the issue? But I doubt that because the same login ran fine earlier even on the remote server.

My PHP code is as follows:

Code: 
<?php error_reporting (E_ALL ^ E_NOTICE); ?>

<?php

define('INCLUDE_CHECK',true);

require 'connect.php';

require 'functions.php';

// Those two files can be included only if INCLUDE_CHECK is defined

session_name('c2cLogin');

// Starting the session

session_set_cookie_params(2*7*24*60*60);

// Making the cookie live for 2 weeks

session_start();

if($_SESSION['user_id'] && !isset($_COOKIE['c2cRemember']) && !$_SESSION['rememberMe'])

{

	// If you are logged in, but you don't have the c2cRemember cookie (browser restart)

	// and you have not checked the rememberMe checkbox:

	$_SESSION = array();

	session_destroy();
	// Destroy the session

}

if(isset($_GET['logoff']))

{

	$_SESSION = array();

	session_destroy();
	header("Location: index.php");

	exit;

}

if($_POST['submit']=='Login')

{

	// Checking whether the Login form has been submitted
	$err = array();

	// Will hold our errors

	if(!$_POST['username'] || !$_POST['password'])

		$err[] = 'All the fields must be filled in!';
	if(!count($err))

	{

		$_POST['username'] = mysql_real_escape_string($_POST['username']);

		$_POST['password'] = mysql_real_escape_string($_POST['password']);

		$_POST['rememberMe'] = (int)$_POST['rememberMe'];

		

		// Escaping all input data

		[COLOR="red"]Line 59- [/COLOR]$row = mysql_fetch_assoc(mysql_query("SELECT user_id,user_name FROM c2c_members WHERE user_name='{$_POST['username']}' AND user_password='{$_POST['password']}'"));

		if($row['user_name'])

		{

			// If everything is OK login

			

			$_SESSION['user_name']=$row['user_name'];

			$_SESSION['user_id'] = $row['user_id'];

			$_SESSION['rememberMe'] = $_POST['rememberMe'];

			

			// Store some data in the session

			

			setcookie('c2cRemember',$_POST['rememberMe']);

		}

		else $err[]='Wrong username and/or password!';

	}
	if($err)

	$_SESSION['msg']['login-err'] = implode('
',$err);

	// Save the error messages in the session

[COLOR="red"]Line 80 - [/COLOR]	header("Location: index.php");

	exit;

}

Please help, i have searched alot online but just couldn't get an answer.
 
Here are the codes,

connect.php
Code: 
<?php

if(!defined('INCLUDE_CHECK')) die('You are not allowed to execute this file directly');
/* Database config */

$db_host		= 'localhost';
$db_user		= 'root';
$db_pass		= '';
$db_database	= 'c2clogin'; 

/* End config */

$link = mysql_connect($db_host,$db_user,$db_pass) or die ("I cannot connect to the database for the following reason" . mysql_error());

mysql_select_db($db_database,$link);
mysql_query("SET names UTF8");

?>

When I do a remote server upload,the user name and password are corrected to match the remote wamp server.

functions.php

Code: 
<?php

if(!defined('INCLUDE_CHECK')) die('You are not allowed to execute this file directly');

function checkEmail($str)
{
	return preg_match("/^[\.A-z0-9_\-\+]+[@][A-z0-9_\-]+([.][A-z0-9_\-]+)+[A-z]{1,4}$/", $str);
}
function send_mail($from,$to,$subject,$body)
{
	$headers = '';
	$headers .= "From: $from\n";
	$headers .= "Reply-to: $from\n";
	$headers .= "Return-Path: $from\n";
	$headers .= "Message-ID: <" . md5(uniqid(time())) . "@" . $_SERVER['SERVER_NAME'] . ">\n";
	$headers .= "MIME-Version: 1.0\n";
	$headers .= "Date: " . date('r', time()) . "\n";

	mail($to,$subject,$body,$headers);
}
?>

@Hacker: How do I enable them on my local server?
 
Put these two lines at the beginning of the script. Or you can add the directives to php.ini if you want them to persist on your server

error_reporting(E_ALL | E_NOTICE | E_STRICT);

ini_set("display_errors", TRUE);
Click to expand...
 
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in C:\Inetpub\vhosts\clues2college.com\httpdocs\index.php on line 59

Warning: Cannot modify header information - headers already sent by (output started at C:\Inetpub\vhosts\clues2college.com\httpdocs\index.php:59) in C:\Inetpub\vhosts\clues2college.com\httpdocs\index.php on line 80
Click to expand...
The above mentioned warnings are on your localhost. Are you sure you are checking the correct file?
 
I noticed you are attempting to modify session headers after creating a session. so Is output buffering turned ON the server? Also, avoid nesting functions, this code looks much easy to read:

PHP: 
$sql = ("SELECT user_id,user_name FROM c2c_members WHERE user_name='{$_POST['username']}' AND user_password='{$_POST['password']}'");

$rs = mysql_query($sql);

if (!$rs) {

    echo "Could not successfully run query ($sql) from DB: " . mysql_error();

    exit;

}

$row = mysql_fetch_assoc($rs);

than this

PHP: 
$row = mysql_fetch_assoc(mysql_query("SELECT user_id,user_name FROM c2c_members WHERE user_name='{$_POST['username']}' AND user_password='{$_POST['password']}'"));

Another thing, your code is vulnerable to SQL injection. do some sanity checks. mysql-real_escpape_string might be useful here
 
Status
Not open for further replies.
Top Bottom