I got a client who was running on php 4.1.2. We moved the to a new server with upgraded php, and like I expected part of the site broke. Logging in no longer works and its cookie based. I was wondering if anyone knows the specific items that changed from 4.1.2 to 4.4.4 that involved cookies.

I installed 4.1.2 for shits and giggles and can confirm it works. So its something that was changed.

A long shot - something with register_globals, I bet they're on at 4.1.2 version and off at 4.4.4.

They are on :)

First off, I dont want to hear how insecure or poor this is. I am not the developer. The developer is MIA. I just need it to work for now. I will be adding some sanitizing once I figure out why it doesn't work.

Snips of code I Believe is the issue:


function login($username, $password) {
global $setinfo, $system;
$username = strtolower($username);
setcookie("user");
$result = mysql_query("select email,password,deleted,perpage,name from client where username='$username'");
if(mysql_num_rows($result)==1 && !$setinfo[deleted]) {
$setinfo = mysql_fetch_array($result);
$dbpass=$setinfo[password];
if (strcasecmp($dbpass,$password)) {
Header("Location: index.php?stop=1");
return;
}
docookie($setinfo[email], $username, $password, $setinfo[perpage], $setinfo[name] );
}
else {
Header("Location: index.php?stop=1");
return;}
}



function docookie($setemail, $setusername, $setpassword, $setperpage, $name) {
$info = base64_encode("$setemail:$setusername:$setpassword:$setperpage:$name");
setcookie("user","$info",time()+15552000, "/", ".domain.com", 0);
}



if(is_user($user)) {
$user2 = base64_decode($user);
$cookie = explode(":", $user2);
cookiedecode($user);
$username = $cookie[1];}
else {
Header("Location: index.php?stop=1");
exit;}


When ever you try to login it goes to index.php?stop=1


<? if ($stop == 1) { ?>
<font face="Arial, Helvetica, sans-serif" size="2"><b><font color="#CC0000">
Login Error</font></b></font>
<?
}

error_reporting(E_ALL);
ini_set('display_errors', '1'); Add that in the top of the script, and give us an output of the errors? Alternatively, pm me an msn account and i'll try to lend ya a hand through that?

I cant see anything which would really bug this coding in the php change log.

Have you checked whether or not the cookie is actually set?

Problem resolved with the expert opinion of KsJeppe