Page 1 of 1

Script Annoyance... register_globals =on Vs off

Posted: Thu Feb 03, 2005 5:29 pm
by mmanders
Hey,

My site developed on a home setup apache/php/mysql server works fine here. My university web space where the site must be uploaded does not run the scripts correctly. They have and older version of PHP with register_globals set to On... I cannot modify this thru .htaccess as AllowOverrides None has been set for my dir.

How do I rewrite, or what needs to be changed in a script to port code written for register_globals = off to register_globals = on

Thanks

Posted: Thu Feb 03, 2005 5:35 pm
by feyd
typically nothing. Maybe you should post your code.

Posted: Thu Feb 03, 2005 5:36 pm
by rehfeld
also, what specific php version are they running?

Posted: Thu Feb 03, 2005 5:38 pm
by mmanders
here is the relevant php, there is html in between but so i can paste it in i have ommited it:

Code: Select all

<?php
session_start();
$path = ini_get('include_path');
$sep = PATH_SEPARATOR;
$docRoot = $_SERVER&#1111;'DOCUMENT_ROOT'];
$dirName = dirname($_SERVER&#1111;'PHP_SELF']);
ini_set('include_path', $path . $sep . $docRoot . '/phpIncludes' . $sep . $docRoot . $dirName . '/login');
include_once('common.php');
include_once('db.php');

$uid = isset($_POST&#1111;'uid']) ? $_POST&#1111;'uid'] : $_SESSION&#1111;'uid'];
$pwd = isset($_POST&#1111;'pwd']) ? $_POST&#1111;'pwd'] : $_SESSION&#1111;'pwd'];

if(!isset($uid)) &#123;
?>
<html>
...
a form to collec tthe login details
...
</html>
<?php
exit;
&#125;

$_SESSION&#1111;'uid'] = $uid;
$_SESSION&#1111;'pwd'] = $pwd;

//dbConnect("elearn");
dbConnect("ceemrm1");
$sql = "SELECT * FROM user WHERE
        username = '$uid' AND password = PASSWORD('$pwd')";

$result = mysql_query($sql);

if (!$result)
&#123;
  error('A database error occurred while checking your '.
        'login details.\\nIf this error persists, please '.
        'contact webmaster@realisedesign.co.uk.');
&#125;

if (mysql_num_rows($result) == 0) &#123;
  unset($_SESSION&#1111;'uid']);
  unset($_SESSION&#1111;'pwd']);
  include("accessdenied.php");
  exit;
&#125;

$username = mysql_result($result,0,'firstname');
$surname = mysql_result($result,0,'surname');
?>

feyx | fixed

Code: Select all

tags[/color]

Posted: Thu Feb 03, 2005 5:40 pm
by mmanders
This code is a header to every protected page... If this is at home, the user is prompted to login if the session variables are not set, at uni, they are shown the protected cotent, and when they signout and try and return to a protected page, they are again show the protected content without being challenged for a password.

the uni url is http://www.macs.hw.ac.uk/~ceemrm1/project

Hope this helps

Posted: Thu Feb 03, 2005 5:42 pm
by feyd
it sounds/looks like they have a version of php that doesn't have the $_SERVER style superglobals.. you'll need to convert them to $HTTP_SERVER_VARS and the like..

Posted: Thu Feb 03, 2005 5:47 pm
by mmanders
They have the same variable_order as me, and use 4.3.4 of PHP... $_SERVER works because otherwise I would get an error about including files because the include path would not be set correctly.

Is it possible that $_SESSIONS does not work? In that case, can you direct me to somewhere that will show me hwo to convert $_SESSION to HTTP_SESSION_VARS !?

Thanks