Help please with my site.

[shanee86]

Hello I own http://freephotopost.com and I was on a friends server awhile ago and he was hosting the site and everything worked fine. Well I got my own server for it over a month ago, And well I got busy and didn't notice that the signup and a part of admin panel won't work. What I mean is before it all worked now I moved to my own server and it won't work. I think it must be a version problem. We see http://freephotopost.com/join.php doesn't work I was wondering why I wasn't getting signups. I need help fixing it I have tried anyone have any ideas?

 

[stscac]

Looks like you're not telling the form where it needs to POST the information.

<form method=post>

Once you tell it where to go, you should be fine, pending your other code accepts the post.

-Steve

 

[shanee86]

Say the next page was nopaidsignupform.php in the include folder what would I add?

No I think it is all one page when I open up join.php in dreamweaver it has all the join pages on one page. And it has if and then's.

 

[sjaguar13]

Turn globals on. Someone else I know had the same problem. I still might have the files that I modified to get around the global thing. The problem is you submit the form, and it checks to make sure the radio button equals 1 (for I agree). If it doesn't, it shows the same page again. Without globals turned on, everything comes up blank and you never go to the next page. The page is actually just a different part of that page you are on. If you need more help, PM me and I can tell you exactly how to fix this.

 

[shanee86]

Yes that might be the problem. It is just like you say all on one page. So how do I trun globals on edit php.ini?

Nevermind that was a stupid question lol I know how to do that I am a server admin lol. But I turned them on and it works fine thanks. Also is there away to do it without having them on? I think it is security issue for globals to be on right?

 

[sjaguar13]

Globals itself isn't really an security issue, it's the fact that poorly coded scripts can be easily exploited with globals on. There is a way to do it, you have to change the form files to get the input a different way.

With globals on, an input field with the name "user" is gotten by the variable $user. With them off, the data in user is gotten with the variable $_POST["user"]. On the join page, variables like $user are used throughout the script. The easiest thing to do is at the top, add the correct way of getting the variables, but then set the other variable equal to it. That way, you don't have to go through the page replacing all instances of $user.

So for the "user" example, at the top of the script under the require("whatever"); you would add $user = $_POST["user"]; This would properly initialize $user without using globals and the rest of the script would work the way it should. The hard part is going through the files and looking for variables that need to be changed. I know for join.php, you should add these:
$submit1 = $_POST["submit1"];
$susername = $_POST["susername"];
$semail = $_POST["semail"];
$submit3 = $_POST["submit3"];
$sfirst_name = $_POST["sfirst_name"];
$slast_name = $_POST["slast_name"];
$sstreet = $_POST["sstreet"];
$scity = $_POST["scity"];
$sstate = $_POST["sstate"];
$szip = $_POST["szip"];
$scountry = $_POST["scountry"];
$stelephone = $_POST["stelephone"];

After that, though, it begins to get a little tough. The problem is for logging in, the sessions also need changed, but you just can't add them to the top of the script because you need them in the proper place in the If/Else statement. You have to check that they used a valid loggin before you set the session. The script is template driven and I converted it to non-globals. I also changed the contact us page to use Sock instead of mail for security and efficiency.

If you want those files, you can have them. I am pretty sure you can just upload them and it won't change the look of you site if you do not overwrite header.php or footer.php.

Another thing, you would need to add this to account.php:
$loggedin = $_SESSION["loggedin"];
$myuid = $_SESSION["myuid"];
$myname = $_SESSION["myname"];