register_globals off solution required

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

schandhok
Forum Newbie
Posts: 11
Joined: Thu Sep 21, 2006 4:48 pm

register_globals off solution required

Post by schandhok »

Everah | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi
I had created a few php pages for my site which used register_globals as ON but the version of php has been updated at my server and i can no longer user register_globals to authenticate my login. Here is my code

form_login.php file contains this>>>
[syntax="html"]<form action="login.php" method=post>
<table border=0>
<tr>
<td>Login</td>
<td><input type=text name=login size=16></td>
</tr>
<tr>
<td>Password</td>
<td><input type=password name=password size=16></td>
</tr>
<tr>
<td><a href="prepare_registr.php">REGISTER</a></td>
<td><input type=submit value=" login "></td>
login.php contains this >>>>>[/syntax]

Code: Select all

include "header.php";
#session_destroy();
unset($user);
#session_start();
$login=trim($_POST["login"]);
$password=trim($_POST["password"]);

$my_user='abcd';
$my_pass='1234';
$db=mysql_connect(localhost,$my_user,$my_pass);
mysql_select_db("blast",$db);

$rez = mysql_query("SELECT * FROM users WHERE u_login='$login' and u_password='$password'");
if(mysql_num_rows($rez)!=0){
list($user["id"],$user["login"],$user["password"],$user[ "mail"],$user["ldate"],$user["fname"],$user["lname"])=mysql_fetch_row($rez);
session_register("user");
$date=date("Y-m-d");
$id=$user["id"];
mysql_query("UPDATE users SET u_ldate='$date' WHERE u_id='$id'");
mysql_close($db);
header("location: index.php");
}
else{
include "header1.php";
include "left.php";
?><center> &nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&n bsp&nbsp&nbsp&nbsp User not found <a href='form_login.php'>Try again</a><?
ALL OF THIS WORKS BUT THE AUTHENTICATION AFTER LOGIN TAKES PLACE in header1.php which is this >>>>>>>>>>>>>>>>

Code: Select all

<?php
if($user=@$GLOBALS['user']){
?><h3>Welcome <?
echo $user["login"];
?>
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&n bsp
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&n bsp
<font color="red" ><a href=prepare_edit_user.php>Update Account</a>
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&n bsp
<a href=logoff.php>LogOff</a></font></h3>
<?
}
?>
Since register_globals is off if($user=@$GLOBALS['user']){ never comes true and i cannot open my login pages...what other approach can i use to overcome this problem now?

Please Help

Thank You


Everah | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

"Solution required" .. demanding, aren't we? :)

The data will be in $_POST most likely.
husky_42
Forum Newbie
Posts: 3
Joined: Sun Jul 24, 2005 12:06 am
Location: USA

Post by husky_42 »

Hey, it happened to a friend of mine site. All of his page didn't work.

You could, providing that you got access (or your site is on apache), use .htaccess to enable register.

Enter this line in your .htaccess (without quotes of course) "php_value register_globals 1". That will put it to Register global = on. with no change in your code.

Or use either $_POST['user'] or $_GET['get'] depending on how you post the data in the form.

That should solve your problem.

Let me know if there is anything.

Husky
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

So are you trying to set $user equal to $GLOBALS['user'] or are you checking equality?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Note: it is not recommended in any way, shape or form to turn register_globals on, ever. Writing your code with them off (and always preinitializing) is considered good practice. It should also be noted that register_globals will be removed in future versions of PHP (last I checked.)
schandhok
Forum Newbie
Posts: 11
Joined: Thu Sep 21, 2006 4:48 pm

Post by schandhok »

Thanks guys for all your replies. Yes i am only trying to check the $_GLOBAL['user'] = $user for equality so that i can provide login pages to the authenticated user. So which portion would i require to update instead.

Can i check

Code: Select all

$_POST['user'] =$user?
or will it be

Code: Select all

$_GET['user']=$user
Since i already used

Code: Select all

$login=trim($_POST["login"]);
$password=trim($_POST["password"]);
Thanks again guys... i appreciate it.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Equality is done with a double equal (==). Type and valid equality is done with a triple equal (===). A single equal assigns a value.

Code: Select all

<?php
// This is saying 'if $user is true after assigning it the value of $_POST['user']
if ($user = $_POST['user']) {
...
}

// This is checking to see if $user is the same value as $_POST['user']
if ($user == $_POST['user']) {
...
}

// This is checking to see if $user is the same type and value as $_POST['user']
if ($user === $_POST['user']) {
...
}
?>
schandhok
Forum Newbie
Posts: 11
Joined: Thu Sep 21, 2006 4:48 pm

Post by schandhok »

What would if $user = @$GLOBALS['user'] what would the @ state?

Code: Select all

if($user=@$GLOBALS['user']){
?><h3>Welcome <?
echo $user["login"];
?>
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

schandhok
Forum Newbie
Posts: 11
Joined: Thu Sep 21, 2006 4:48 pm

Post by schandhok »

Hi Guys
Thanks for all your updates, i am really learning alot of issues here. I tried using

Code: Select all

<?php
if($user =$_POST['user']){
?><h3>Welcome  <?
echo $user["user"];
<table>
    <tr>
        <td><a href="index.php">HOME</a></td>
        <td>   &nbsp&nbsp&nbsp&nbsp</td>
        <td>   &nbsp&nbsp&nbsp&nbsp</td>
        <td><a href="form_login.php">LOGIN/REGISTER</a></td>
        <td>   &nbsp&nbsp&nbsp&nbsp</td>
        <td>   &nbsp&nbsp&nbsp&nbsp</td>
        <td><a href="mysearch.php">SEARCH</a></td>
        <td>   &nbsp&nbsp&nbsp&nbsp</td>
        <td>   &nbsp&nbsp&nbsp&nbsp</td>
But no luck, the page does not display the user and i cannot access mysearch.php which would require authentication. I believe before this page the user is registered in login.php page which is the following code:

Code: Select all

$login=trim($_POST["login"]);
$password=trim($_POST["password"]);
$my_user='abcd';
$my_pass='1234';
$db=mysql_connect(localhost,$my_user,$my_pass);
mysql_select_db("blast",$db);
 $rez = mysql_query("SELECT * FROM users WHERE u_login='$login' and u_password='$password'");
 if(mysql_num_rows($rez)!=0){
      list($user["id"],$user["login"],$user["password"],$user["mail"],$user["ldate"],$user["fname"],$user["lname"])=mysql_fetch_row($rez);
      session_register("user");
        $date=date("Y-m-d");
        $id=$user["id"];
        mysql_query("UPDATE users SET u_ldate='$date' WHERE u_id='$id'");
        mysql_close($db);
        header("location: index.php");
       }
[/size]
Do you think the session_register("user") is not registering the session thats why if($user=$_POST['user']) does not work?
Any suggesstions?

Thank You
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

session_register is deprecated... read all the cautions etc. on that page
Use $_SESSION instead
schandhok
Forum Newbie
Posts: 11
Joined: Thu Sep 21, 2006 4:48 pm

Post by schandhok »

Yes i read about it.
Will the syntax be

Code: Select all

$_SESSION['user'] = $user;
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

yup
schandhok
Forum Newbie
Posts: 11
Joined: Thu Sep 21, 2006 4:48 pm

Post by schandhok »

I did the following changes, in login.php i changed it to:

Code: Select all

// session_register("user");
        $_SESSION['user']=$user;
And in my header1.php file i changed the code to:

Code: Select all

<?php
if($user = $_SESSION['user']){
?><h3>Welcome  <?
echo $user['user'];

?>
?>
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp
<font color="red" ><a href=prepare_edit_user.php>Update Account</a>
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp
<a href=logoff.php>LogOff</a></font></h3>
<?
}
?>
<table>
<tr>
<td><a href="index.php">HOME</a></td>
<td> &nbsp&nbsp&nbsp&nbsp</td>
<td> &nbsp&nbsp&nbsp&nbsp</td>
<td><a href="form_login.php">LOGIN/REGISTER</a></td>
<td> &nbsp&nbsp&nbsp&nbsp</td>
<td> &nbsp&nbsp&nbsp&nbsp</td>
<td><a href="mysearch.php">SEARCH</a></td>
<td> &nbsp&nbsp&nbsp&nbsp</td>
<td> &nbsp&nbsp&nbsp&nbsp</td>
<td><a href="info.php">INFO</a></td>
<td> &nbsp&nbsp&nbsp&nbsp</td>
<td> &nbsp&nbsp&nbsp&nbsp</td>
<td><a href="contacts.php">CONTACT US</a></td>
</tr>
</table>

Now when i click Update Account it shows me my account information but the statement echo $user['user']; does not display the username. I tried doing just echo $user and it displays Welcome Array. What could be wrong? My only problem on this page left now is every link works apart from mysearch.php which should open the users page. I might have to look into the code and paste here if need help.

Thanks...what do you suggest Ninja
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

I don't see 'user' as a key anywhere in your user array... try this:

Code: Select all

<?php
if($user = $_SESSION['user']){
?><h3>Welcome  <?
echo $user['fname'];

?>
Post Reply