Page 1 of 1

Converting a site utilizing REGISTER GLOBALS need help

Posted: Thu Mar 04, 2010 2:40 pm
by jo1234la
Hello, first off I love this site there is so much knowledge here it's crazy. When I am more skilled at PHP I would love to give back.

On to my topic. I have a site I inherited management for. It is built in PHP and uses an older version PHP 3.xxx. When they built this site they used REGISTER GLOBAL and now my host (!@hoo.com) has stopped supporting that. Which is a problem for my client. I have been tasked with fixing this and frankly it is only one directory affected by this and I simply do not have a clue where to start.

The site seems to work fine accept for this one item. The original builder used a database (mySQL) driven login system for users but for the ADMIN portion of the site he seems to have used .htdoc/.htpsswd/ something because the login prompt I get when I access this particular section of the site is in a popup box and I can't seem to locate where the login and passwords are being stored. So since they do not exist in the database then I am assuming they are scripted in an .htpsswd file somewhere.

Overall I need help in changing the ADMIN sections reliability on REGISTER GLOBAL and fix the site.

***Note *** The problems started happening the day Yahoo turned off register globals. Also i can log into the ADMIN section but when I click update on anything it will not commit the changes to the data.

Please help!!

Re: Converting a site utilizing REGISTER GLOBALS need help

Posted: Thu Mar 04, 2010 2:44 pm
by AbraCadaver
We'll need more information in order to quote you a price.

Re: Converting a site utilizing REGISTER GLOBALS need help

Posted: Thu Mar 04, 2010 3:23 pm
by jo1234la
I know I am asking a lot but may be just a pointer in the right direction. Or you are serious about that quote let's talk. I am too tied up to do this on my own right now, especially under this time crunch.

Thanks

Re: Converting a site utilizing REGISTER GLOBALS need help

Posted: Thu Mar 04, 2010 3:40 pm
by AbraCadaver
jo1234la wrote:I know I am asking a lot but may be just a pointer in the right direction. Or you are serious about that quote let's talk. I am too tied up to do this on my own right now, especially under this time crunch.

Thanks
The easy fix would be to add this to the top of each page or a common page that is included in the other pages. This has security implications the same as with register_globals enabled:

Code: Select all

@import_request_variables('GPC');
The best and safest way would be to change all of your variables of type $variable that are coming from POST and GET to the $_POST['variable'] or $_GET['variable'] form.

Re: Converting a site utilizing REGISTER GLOBALS need help

Posted: Thu Mar 04, 2010 5:15 pm
by jo1234la
DUDE !!! As always ..... You so rock!!! Thanks again man......

Re: Converting a site utilizing REGISTER GLOBALS need help

Posted: Fri Aug 06, 2010 11:33 am
by thirdshiftguy
I am fuzzy on this subject. If use of register_globals is not advised and now deprecated, how do I acquire the information it provides? Such as http_referrer and remote_addr. And what is the REAL risk of using it? I am one of those paranoid programmers, so I like monitoring what happens and who is doing it. I have done simple PHP scripting prior to now, but I am now working with a database. I would like to be as secure as possible without restricting myself. Any thoughts?

Thank you.