Need help, $password being lost in function

O

onetwenty8k

2[H]4U
Joined
Nov 24, 2006
Messages
2,554
Hello,

I'm having trouble migrating an opensource room booking script called iCalScheduler (http://sourceforge.net/projects/icalscheduler/). When adding a new user in the admin panel, the password in the form gets passed into the MySQL table as (null) (but in an md5 hash).

The form code is all fine, you'll just have to trust me on that. The command that loses the md5 is

HTML: 
include_once(BASE.'functions/ical_parser.php');

So inside ical_parser, the only commands that are relevant to $password, is

HTML: 
require_once(BASE.'functions/init.inc.php');
require_once(BASE.'functions/date_functions.php');

Date functions has nothing relevent either, so in init.inc, here is the code. Can you tell me if anything looks off to you? I've been looking at it with tunnel vision, I need some help.

http://pastebin.com/89PW4X30

You need PHP version: 5.2.17

He has deprecated commands. When I get this problem fixed, I'm going update the script up to standard PHP and put it up on sourceforge.
 
Did you narrow down the problem past some include/require statements?
 
Well, in that aforementioned file, this is the only area that calls on $password but I don't see where it can be losing it.

HTML: 
// If not HTTP authenticated, try login via cookies or the web page.
$username = ''; $password = '';
if (!isset($_SERVER['PHP_AUTH_USER'])) {
	// Look for a login cookie.
	if (isset($HTTP_COOKIE_VARS['icalscheduler_login'])) {
		$login_cookie = unserialize(stripslashes($HTTP_COOKIE_VARS['icalscheduler_login']));
		if (isset($login_cookie['username']))	$username = $login_cookie['username'];
		if (isset($login_cookie['password']))	$password = $login_cookie['password'];
	}

	// Look for a new username and password.
	if (isset($HTTP_GET_VARS['username']))			$username = $HTTP_GET_VARS['username'];
	else if (isset($HTTP_POST_VARS['username']))	$username = $HTTP_POST_VARS['username'];
	if (isset($HTTP_GET_VARS['password']))			$password = $HTTP_GET_VARS['password'];
	else if (isset($HTTP_POST_VARS['password']))	$password = $HTTP_POST_VARS['password'];

	// Grab the action (login or logout).
	if (isset($HTTP_GET_VARS['action']))			$action = $HTTP_GET_VARS['action'];
	else if (isset($HTTP_POST_VARS['action']))		$action = $HTTP_POST_VARS['action'];
	else											$action = '';

	// Check to make sure the username and password is valid.
	if ($action == 'login' && !key_exists("$username:$password", $g_locked_map)) {
		// Don't login, instead logout.
		$action = 'logout';

		// Remember the invalid login, because we may want to
		// display a message elsewhere.
		$invalid_login = true;
	} else {
		$invalid_login = false;
	}

	// Set the login cookie if logging in. Clear it if logging out.
	if ($action == 'login') {
		$the_cookie = serialize(array('username' => $username, 'password' => $password));
		setcookie('icalscheduler_login', $the_cookie, time()+(60*60*24*7*12*10), '/', $g_cookie_uri, 0);
	} else if ($action == 'logout') {
		setcookie('icalscheduler_login', '', time()-(60*60*24*7), '/', $g_cookie_uri, 0);
		$username = ''; $password = '';
	}
}
 
Which line of that file does $password no longer contain the data you are expecting?
 
You must log in or register to reply here.
Back
Top