register_globals off solution required

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

schandhok
Forum Newbie
Posts: 11
Joined: Thu Sep 21, 2006 4:48 pm

Code problem

Post by schandhok »

Hi Guys
Do you register_globals off i was able to open my index page using $_SESSION and access the update Account link as you see in the above posts i mentioned but now my main last page which is my_search.php which is the Search link does not work coz this is the code for it

Code: Select all

<?php
include "header.php";
include "valodator.php";
include "header1.php";
?>
<a href="new_search.php"> New Search</a>
<table border=3 width=100%>
 <tr>
    <td>Search ID</td>
    <td>Created</td>
    <td>Periodicity</td>
    <td>Results Obtained</td>
 </tr>
<?php
 $id=$user["id"];
 $my_user='****';
 $my_pass='****';
 $db=mysql_connect(localhost,$my_user,$my_pass);
 mysql_select_db("blast",$db);
 $rez=mysql_query("SELECT * FROM search WHERE s_user=$id");
 while(list($s_id,$s_user,$s_time,$s_query_first,$s_query_last,$s_cdate)=mysql_fetch_row($rez)){
     ?>
      <tr>
          <td><?=$s_id?></td>
          <td><?=$s_cdate?></td>
          <td><?
                switch($s_time){
                    case 0:echo "no subscription"; break;
                    case 1:echo "daily"; break;
                    case 2:echo "weekly"; break;
                    case 3:echo "monthly"; break;
                    }
              ?>
          </td>
          <td><?
                if($s_query_last==''){echo "NO";
                    }else{echo "YES";}
              ?>
          </td>
          <td><a href='prepare_edit_search.php?id=<?=$s_id?>'>EDIT</a></td>
          <td><a href='del_search.php?id=<?=$s_id?>'>DELETE</a></td>
       </tr>
     <?
     }
?>
</table>
<a href='del_search.php?id=all'>Clear History</a>
</body>
</html>
The header.php contains only this <?php session_start();?> and the valodator.php contains only this

Code: Select all

<?php
if(!$user){
    header("location: form_login.php");
    }
?>
I know the valodator.php is failing thats why after i login and click Search i get back to the login page. Now what do i do since i was using the $_SESSION instead of globals the if(!$user) gets true...how i use the same session or user information? I am very confused.

Please Help!!!! All my code is falling apart due to register_globals off

Everah | Removed actual database connection details.
schandhok
Forum Newbie
Posts: 11
Joined: Thu Sep 21, 2006 4:48 pm

Post by schandhok »

THanks ninja that fname did work, and i can see the login name now. Can you look at my other problem? the if(!user) in the valodator.php and mysearch.php page? Would the session work there? i need to check $user[fname] there as well?
schandhok
Forum Newbie
Posts: 11
Joined: Thu Sep 21, 2006 4:48 pm

Stuck

Post by schandhok »

Hey guys
I have been trying to fix each and every page of my site to overcome the register_globals off code changes. I was able to fix session problems with the help of ninja to the point that my search.php page now opens easily as i changed the code in my valodator.php header file with this

Code: Select all

<?php
//if(!$user){
  //  header("location: form_login.php");
   // }
	
	if(!$_SESSION['user']){
    header("location: form_login.php");
    }
The only problem now i am encountering is that after i input my parameters for search and submit. I get the following error
Warning: fopen(new_gateway.txt) [function.fopen]: failed to open stream: Permission denied in /usr/local/www/apache22/data/new_gateway.php on line 4

Warning: curl_setopt(): supplied argument is not a valid File-Handle resource in /usr/local/www/apache22/data/new_gateway.php on line 9

THis is my new_gateway.php file which is the form action of mysearch.php file...

Code: Select all

<?php
    session_start();
   // include "valodator.php";
 $file_gateway_respons = fopen('new_gateway.txt', 'w');
 $blas=curl_init();
 #curl_setopt($blas,CURLOPT_URL,"http://localhost/artur/prob.php");
 curl_setopt($blas,CURLOPT_URL,"http://www.ncbi.nlm.nih.gov/BLAST/Blast.cgi");
 curl_setopt($blas,CURLOPT_POSTFIELDS,$GLOBALS["QUERY_STRING"]);
 curl_setopt($blas,CURLOPT_FILE,$file_gateway_respons);
 curl_exec($blas);
 curl_close($blas);
 fclose($file_gateway_respons);

    $file_gateway_respons = fopen('new_gateway.txt', 'r');
    $gateway_respons_text = fread($file_gateway_respons,100000);
    fclose($file_gateway_respons);
    
    if(strpos($gateway_respons_text,"<font color=¥"red¥">ERROR:")==0){
        $gateway_respons_text=str_replace("<form action=¥"http://www.ncbi.nlm.nih.gov/BLAST/Blast.cgi¥" enctype=¥"application/x-www-form-urlencoded¥" method=¥"POST¥" NAME=¥"FormatForm¥">","<form action=new_setparams.php method=get NAME=¥"FormatForm¥" enctype=¥"application/x-www-form-urlencoded¥">",$gateway_respons_text);
        $gateway_respons_text=str_replace("<form action=¥"Blast.cgi¥" enctype=¥"application/x-www-form-urlencoded¥" method=¥"POST¥" NAME=¥"FormatForm¥">","<form action=new_setparams.php method=get NAME=¥"FormatForm¥" enctype=¥"application/x-www-form-urlencoded¥">",$gateway_respons_text);
        $s_query_first=$GLOBALS["QUERY_STRING"];
        session_register("s_query_first");
        }
        else{
             $my_user='chandhs';
             $my_pass='gnome007';
            // $my_pass='';
             $db=mysql_connect(localhost,$my_user,$my_pass);
             mysql_select_db("blast",$db);
             
             $u_id=$user["id"];
             $date=date("Y-m-d");
             $s_query_first=$GLOBALS["QUERY_STRING"];
             $rez=mysql_query("INSERT INTO search (s_user,s_time,s_query_first,s_query_last,s_cdate) VALUES($u_id,'0','$s_query_first','','$date')");
             mysql_close($db);
             $gateway_respons_text=str_replace("<!--  the header   -->",
"<center>
<h2>Western Washington Periodic Search Agent for<br> Protein Database Information</h2>
<img src='NCBI%20Blast.files/wwu_header.gif' width='291' height='90'><BR>
<table>
    <tr>
        <td><a href='index.php'>HOME</a></td>
        <td>   &nbsp&nbsp&nbsp&nbsp</td>
        <td><a href='form_login.php'>LOGIN/REGISTER</a></td>
        <td>   &nbsp&nbsp&nbsp&nbsp</td>
        <td><a href='mysearch.php'>SEARCH</a></td>
        <td>   &nbsp&nbsp&nbsp&nbsp</td>
        <td><a href='info.php'>INFO</a></td>
        <td>   &nbsp&nbsp&nbsp&nbsp</td>
        <td><a href='contacts.php'>CONTACT US</a></td>
    </tr>
</table>
</center>",$gateway_respons_text);

Can someone pls help!

            }
    echo $gateway_respons_text;

?>
:oops:
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Permission denied means that there is some form of authentication that you need to you don't have or didn't pass.
schandhok
Forum Newbie
Posts: 11
Joined: Thu Sep 21, 2006 4:48 pm

Update

Post by schandhok »

Hi guys
I fixed the permissions problem so it does move forward but i still dont get the results as i should as i know it is coz of $GLOBALS variable that worked before with register_globals off. I have to change pieces of code to make sure this thing works but i am having trouble here.

So here was the code which works with register_globals on

Code: Select all

#curl_setopt($blas,CURLOPT_URL,"http://localhost/artur/prob.php");
curl_setopt($blas,CURLOPT_URL,"http://www.ncbi.nlm.nih.gov/BLAST/Blast.cgi");
curl_setopt($blas,CURLOPT_POSTFIELDS,$GLOBALS["QUERY_STRING"]);
curl_setopt($blas,CURLOPT_FILE,$file_gateway_respons);
curl_exec($blas);
curl_close($blas);
fclose($file_gateway_respons);

$file_gateway_respons = fopen('new_gateway.txt', 'r');
$gateway_respons_text = fread($file_gateway_respons,100000);
fclose($file_gateway_respons);

if(strpos($gateway_respons_text,"<font color=¥"red¥">ERROR:")==0){
$gateway_respons_text=str_replace("<form action=¥"http://www.ncbi.nlm.nih.gov/BLAST/Blast.cgi¥" enctype=¥"application/x-www-form-urlencoded¥" method=¥"POST¥" NAME=¥"FormatForm¥">","<form action=new_setparams.php method=get NAME=¥"FormatForm¥" enctype=¥"application/x-www-form-urlencoded¥">",$gateway_respons_text);
$gateway_respons_text=str_replace("<form action=¥"Blast.cgi¥" enctype=¥"application/x-www-form-urlencoded¥" method=¥"POST¥" NAME=¥"FormatForm¥">","<form action=new_setparams.php method=get NAME=¥"FormatForm¥" enctype=¥"application/x-www-form-urlencoded¥">",$gateway_respons_text);
$s_query_first=$GLOBALS["QUERY_STRING"];
session_register("s_query_first");
}
else{
$my_user='chandhs';
$my_pass='gnome007';
// $my_pass='';
$db=mysql_connect(localhost,$my_user,$my_pass);
mysql_select_db("blast",$db);

$u_id=$user["id"];
$date=date("Y-m-d");
$s_query_first=$GLOBALS["QUERY_STRING"];
$rez=mysql_query("INSERT INTO search (s_user,s_time,s_query_first,s_query_last,s_cdate) VALUES($u_id,'0','$s_query_first','','$date')");
mysql_close($db);
$gateway_respons_text=str_replace("<!-- the header -->",
"<center>
I am sure these lines curl_setopt($blas,CURLOPT_POSTFIELDS,$GLOBALS["QUERY_STRING"]);
$s_query_first=$GLOBALS["QUERY_STRING"];
session_register("s_query_first");
$s_query_first=$GLOBALS["QUERY_STRING"];
$rez=mysql_query("INSERT INTO search (s_user,s_time,s_query_first,s_query_last,s_cdate) VALUES($u_id,'0','$s_query_first','','$date')");

with $GLOBALS need to be changed, i tried replacing $GLOBALS["QUERY_STRING"] with $_POST["QUERY_STRING"] and even $_SESSION["QUERY_STRING"] but it didnt work. Any suggesstions???
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

You may want to consider rewriting the code for this. It might make it easier to see where things are coming from.
Post Reply