My Project Admin is not working on my Localhost for PHP..

Question

I am working on a osCommerce project, which is accessible on the main server, but when i try to access the admin portion of the project on my LOCALHOST the login page do accepts my login, ideally it should accept my login and redirect me to index,php.. below is the login script i am using..

<?php
  require('includes/application_top.php');

  if ($session_started == false) {
  echo 'session not started';
  }

  $error = false;
  if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
    $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
    $password = tep_db_prepare_input($HTTP_POST_VARS['password']);

// Check if email exists
    $check_admin_query = tep_db_query("select admin_id as login_id, admin_groups_id as login_groups_id, admin_firstname as login_firstname, admin_email_address as login_email_address, admin_password as login_password, admin_modified as login_modified, admin_logdate as login_logdate, admin_lognum as login_lognum from " . TABLE_ADMIN . " where admin_email_address = '" . tep_db_input($email_address) . "'");
    if (!tep_db_num_rows($check_admin_query)) {
      $HTTP_GET_VARS['login'] = 'fail';
    } else {
      $check_admin = tep_db_fetch_array($check_admin_query);

      //BOF code for cPanel installer - convert password to cre hash
      $check_password = $check_admin['login_password'];
      if (substr($check_password, 0, 8) == '_cPanel_'){
        $check_password = substr($check_password, 8);
        $password_hash = tep_encrypt_password($check_password);
        tep_db_query("UPDATE " . TABLE_ADMIN . " SET admin_password = '" . $password_hash . "'");
        $check_admin_query = tep_db_query("select admin_id as login_id, admin_groups_id as login_groups_id, admin_firstname as login_firstname, admin_email_address as login_email_address, admin_password as login_password, admin_modified as login_modified, admin_logdate as login_logdate, admin_lognum as login_lognum from " . TABLE_ADMIN . " where admin_email_address = '" . tep_db_input($email_address) . "'");
        $check_admin = tep_db_fetch_array($check_admin_query);
      }
      //EOF code for cPanel installer - convert password to cre hash

      // Check that password is good
      if (!tep_validate_password($password, $check_admin['login_password'])) {
        $HTTP_GET_VARS['login'] = 'fail';
      } else {
        if (tep_session_is_registered('password_forgotten')) {
          tep_session_unregister('password_forgotten');
        }

        $login_id = $check_admin['login_id'];
        $login_groups_id = $check_admin[login_groups_id];
        $login_firstname = $check_admin['login_firstname'];
        $login_email_address = $check_admin['login_email_address'];
        $login_logdate = $check_admin['login_logdate'];
        $login_lognum = $check_admin['login_lognum'];
        $login_modified = $check_admin['login_modified'];

        tep_session_register('login_id');
        tep_session_register('login_groups_id');
        tep_session_register('login_firstname');

        //$date_now = date('Ymd');
        tep_db_query("update " . TABLE_ADMIN . " set admin_logdate = now(), admin_lognum = admin_lognum+1 where admin_id = '" . $login_id . "'");

        if (($login_lognum == 0) || !($login_logdate) || ($login_email_address == 'admin@localhost') || ($login_modified == '0000-00-00 00:00:00')) {
          tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT, '', 'SSL'));
        } else {
          tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'SSL'));
        }

      }
    }
  }

  require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN);
  include('includes/functions/rss2html.php');
?>

I tried tracking the issue, whenever I login with correct email and password it doesnt give me the "$HTTP_GET_VARS['action']"

Could someone guide me whats going wrong here?

ACCORDING TO THE INITIAL REPLIES

i have register_long_arrays enabled in my localhost and it is working very well in case of wrong input of email address and password..

Answer 1

$HTTP_GET_VARS is old and deprecated, use $_GET instead. Same applies to other superglobals as well: $_POST, $_REQUEST, $_SERVER, $_COOKIES, $_FILES, etc.

Answer 2

Try $_GET['action'] instead of $HTTP_GET_VARS['action']. I suggest you entirely replace $HTTP_GET_VARS with $_GET.

As of PHP 5.0.0, the long PHP predefined variable arrays may be disabled with the register_long_arrays directive.

Answer 3

Variables such as HTTP_GET_VARS are called long-arrays, and are deprecated -- and can be disabled.
See the register_long_arrays directive, about this : maybe it's disabled on your server ?

Instead of $HTTP_GET_VARS, you should be using the $_GET super-global array.

For a couple of references, see :

• $_GET
• Predefined Variables

Note : OS-commerce is a quite old piece of software, and was developped before long-arrays were deprecated -- which is probably why they are used... and why it is possible to enable the register_long_arrays directive in PHP's configuration.

Of course, this is not recommended for new software... But if you have to work with that... it might be easier than replacing every instance of $HTTP_GET_VARS.

Answer 4

From PHP 5.0.3 long predefined arrays such HTTP_GET_VARS got disabled by default. Use this instead:

$_GET['action'];