I have used the same, dependable login script for ages but realize that with register_globals being removed from PHP6 entirely, I need to remove it from my toolbox as well. The only problem is I'm not really sure how else I can sustain user interaction and no method I try will keep variables in place. I'm not even sure if the strategy I'm using right now is still dependent on register_globals. The code I have is below -- I've omitted what I'm 99% positive isn't important.
Code: Select all
<?
session_start();
header("Cache-control: private");
include("calls in database information");
$login_email = $_POST['email'];
$password = $_POST['password'];
$login_password = $_POST['encryptedpassword'];
if($online=='yes')
{ // Fail
}
else
{
$connection = mysql_connect("$server", "$db_user", "$db_pass");
$db = mysql_select_db("$database", $connection);
$query = "SELECT userid,email,password FROM users WHERE email='$login_email'";
$result = mysql_query($query, $connection);
$rows = mysql_fetch_array($result);
$table_id = $rows['userid'];
$table_email = $rows['email'];
$table_pass = $rows['password'];
if(!isset($password) OR !isset($login_email))
{ // Fail }
elseif($login_password==$table_pass)
{
$_SESSION["userid"] = "$table_id";
$_SESSION["email"] = "$table_email";
$_SESSION["online"] = "yes";
$_SESSION["password"] = "$table_pass";
session_register("userid");
session_register("email");
session_register("online");
session_register("password");
// LOAD SUCCESS
}
else { // fail }
}
?>
Code: Select all
@session_start(); // Maintain sessionstate
$_SESSION['email'] = $email;
$_SESSION['password'] = $password;
$_SESSION['online'] = $online;
$_SESSION['userid'] = $userid;
I really don't understand how else I'm supposed to keep things like the user's account # carried through the session. It's crucial in the header.php for determining many different permissions and I feel like there has to be an easier way than some kind of $_GET call from the URL. I apologize if my problem isn't clearly explained or something. I've spent far too long trying to fix this today... Any help would be greatly appreciated as I'd really like to keep my code as efficient and up-to-date as possible without compromising security.