Dear my friends, I am learning a PHP implementation with MyMarket now. I got it from http://sourceforge.net/projects/mymarket/files/mymarket/mymarket-1.72/mymarket-1.72.tar.gz/download . I have installed and configured its '/var/www/html/mymarket/application.php' to the login account of my MySQL and I've been able to do login: " <? /* $RCSfile: application.php,v $ (c) 2000 Ying Zhang (ying@xxxxxxxxxxxxxxx) * * $Revision: 1.7 $ * $Date: 2002/09/23 17:31:17 $ * $Author: yingz $ * error_reporting(15); class object {}; $CFG = new object; $CFG->dbhost = "localhost"; $CFG->dbname = "mymarket"; $CFG->dbuser = "mymarket"; $CFG->dbpass = "mypassword"; $CFG->wwwroot = "http://127.0.0.1/mymarket";; $CFG->dirroot = dirname(__FILE__); $CFG->templatedir = "$CFG->dirroot/templates"; $CFG->libdir = "$CFG->dirroot/lib"; $CFG->imagedir = "$CFG->wwwroot/images"; $CFG->icondir = "$CFG->imagedir/icons"; $CFG->bannerdir = "$CFG->imagedir/banners"; $CFG->support = "support@xxxxxxxxxxxx"; $CFG->version = "1.71"; $CFG->sessionname = "mymarket"; $CFG->showsponsor = true; // enabled banner advertising $CFG->currency = "$"; $CFG->currencyfirst = true; // show the currency symbol before the price tag $DB_DEBUG = true; $DB_DIE_ON_FAIL = true; require("$CFG->libdir/stdlib.php"); require("$CFG->libdir/dblib.php"); require("$CFG->libdir/mymarket.php"); require("$CFG->libdir/cart.php"); $ME = qualified_me(); ini_set("session.name", $CFG->sessionname); session_start(); session_register("USER"); session_register("CART"); if (! isset($_SESSION["USER"])) { $_SESSION["USER"] = array(); } if (! isset($_SESSION["CART"])) { $_SESSION["CART"] = new Cart; } $USER = &$_SESSION["USER"]; $CART = &$_SESSION["CART"]; db_connect($CFG->dbhost, $CFG->dbname, $CFG->dbuser, $CFG->dbpass); ?> ==== The default password of MyMarket for 'root' (administrator account) is 'password'. I have checked that my MySQL use 'md5()' as the default encryption method. I can do login. But the problem is, I can not change the password of root. The error message is: " Errors Your old password is invalid ". I've taken a look which script does the password replacement and I found it is '/var/www/html/mymarket/users/change_password.php' in that script I've found the function and edit it for investigating where the problem resides: " <? /* change_password.php (c) 2000 Ying Zhang (ying@xxxxxxxxxxxxxxx) * */ include("../application.php"); require_login(); if (match_referer() && isset($_POST)) { $frm = $_POST; $errormsg = validate_form($frm, $errors); if (empty($errormsg)) { update_password($frm["newpassword"]); $noticemsg = "Password change successful"; } } $DOC_TITLE = "Change Password"; include("$CFG->templatedir/header.php"); include("$CFG->templatedir/form_header.php"); include("templates/change_password_form.php"); include("$CFG->templatedir/footer.php"); function validate_form(&$frm, &$errors) { $errors = new Object; $msg = ""; if (empty($frm["oldpassword"])) { $errors->oldpassword = true; $msg .= "You did not specify your old password"; } elseif (! password_valid($frm["oldpassword"])) { $errors->oldpassword = true; $msg .= "Your old password is invalid"; } elseif (empty($frm["newpassword"])) { $errors->newpassword = true; $msg .= "You did not specify your new password"; } elseif (empty($frm["newpassword2"])) { $errors->newpassword2 = true; $msg .= "You did not confirm your new password"; } elseif ($frm["newpassword"] != $frm["newpassword2"]) { $errors->newpassword = true; $errors->newpassword2 = true; $msg .= "Your new passwords do not match"; } return $msg; } function password_valid($password) { global $USER; $username = $SUSER["user"]["username"]; $password = md5($password); $qid = db_query("SELECT 1 FROM users WHERE username = '$username' AND password = '$password'"); /* Here my investigator */ echo db_num_rows($qid)."-->"."SELECT 1 FROM users WHERE username = '$username' AND password = '$password'"; /* end of my investigator */ return db_num_rows($qid); } function update_password($newpassword) { global $USER; $username = $USER["user"]["username"]; $newpassword = md5($newpassword); $qid = db_query("UPDATE users SET password = '$newpassword' WHERE username = '$username'"); } ?> ". And the result is: " 0-->SELECT 1 FROM users WHERE username = '' AND password = '5f4dcc3b5aa765d61d8327deb882cf99' ". So the user variable is empty, that's why. Now, my problem is I don't know my the PHP Script on my Apache2 of Mandriva 2009.1 does not store the session variable? Anybody has ever found the same problem as mine? Please share it to me. Please tell me my mistake. Thank you very much in advance. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
