Possible solutions for register_globals
Question
.hi guys i have created a site which uses $_SESSION multiple times. but, there was always an error saying that i shouldn't use such to throw values to other pages. but i found a solution to turn on the register_globals in my php.ini and so it did work. but now, my problem is that i have already had my site hosted online. and the host doesn't have register_globals on. and so my site doesn't work specially on the login part.
.can anyone please tell me what I can use to replace $_SESSION which also has the same function. Thanks in advance guys! More power!
.Alright guys here is the snippet where i am having the errors, please take time to check.:
this is my index.php where the user needs to login:
<form method="post" action="login-exec.php">
<tr>
<td><label for="email">Student Number</label></td>
<td><label for="pass">Password</label></td>
<td></td>
</tr>
<tr>
<td><input type="text" name="Studentno" id="Studentno" tabindex="1" /></td>
<td><input type="password" name="password" id="password" tabindex="2" /></td>
<td><input value="Login" tabindex="3" type="submit" style="background:#06C; color:#fff; cursor:pointer; border-top:solid 1px #CCC; border-left:solid 1px #CCC; border-radius:3px; margin-left:2px;width:60px; height:21px; font-weight:900;"/></td>
</tr>
<tr style="color:#F00;" align="center">
</tr>
</form>
after which, this page named login-exec.php will catch the value of the inputs:
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Array to store validation errors
$errmsg_arrs = array();
//Validation error flag
$errflags = false;
//Connect to mysql server
$con = mysql_connect(host,user,pw);
if(!$con)
{
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(dtbse);
if(!$db)
{
die("Unable to select database");
}
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str)
{
$str = @trim($str);
if(get_magic_quotes_gpc())
{
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$Studentno = clean($_POST['Studentno']);
$password = clean($_POST['password']);
//Input Validations
if($Studentno == '')
{
$errmsg_arrs[] = '* Student ID missing';
$errflags = true;
}
if($password == '')
{
$errmsg_arrs[] = '* Password missing';
$errflags = true;
}
//If there are input validations, redirect back to the Studentno form
if($errflags)
{
$_SESSION['ERRMSG_ARRS'] = $errmsg_arrs;
session_write_close();
header("location: index.php");
exit();
}
//Create query
if($Studentno!="" and $password!="")
{
$qry="SELECT * FROM `cassw` WHERE studentno='$Studentno' AND password='$password' UNION
SELECT * FROM `cbaa` WHERE studentno='$Studentno' AND password='$password' UNION
SELECT * FROM `cedap` WHERE studentno='$Studentno' AND password='$password' UNION
SELECT * FROM `ceit` WHERE studentno='$Studentno' AND password='$password' UNION
SELECT * FROM `cnah` WHERE studentno='$Studentno' AND password='$password'";
$result=mysql_query($qry);
$table = mysql_fetch_assoc($result);
//$row = mysql_fetch_assoc($result);
//$array[] = $row;
$tr = $table['restriction'];
$act = $table['activation'];
//echo $tr;
//Check whether the query was successful or not
if($result)
{
if((mysql_num_rows($result) == 1) && ($tr ==0) && ($act==1))
{
//Studentno Successful
session_regenerate_id();
//$table = mysql_fetch_assoc($result);
$_SESSION['studentno'] = $table['studentno'];
$_SESSION['SESS_FIRST_NAME'] = $table['firstname'];
$_SESSION['SESS_FIRST_NICK'] = $table['nickname'];
//$_SESSION['SESS_LAST_NAME'] = $ceit['lastname'];
session_write_close();
header("location: Auth.php");
exit();
}
else if((mysql_num_rows($result) == 1) && ($tr ==1) && ($act==1))
{
//Studentno Successful
session_regenerate_id();
//$table = mysql_fetch_assoc($result);
$_SESSION['studentno'] = $table['studentno'];
$_SESSION['SESS_FIRST_NAME'] = $table['firstname'];
$_SESSION['SESS_FIRST_NICK'] = $table['nickname'];
//$_SESSION['SESS_LAST_NAME'] = $ceit['lastname'];
session_write_close();
header("location: AdminPage.php");
exit();
}
else
{
//Studentno failed
header("location: login-failed.php");
exit();
}
}
else
{
die("Query failed");
}
}
?>
and when the input values passed verification this page will create a session for studentno and then redirects to Auth.php.
here is the code for Auth.php:
<?php
//Start session
session_start();
if(!isset($_SESSION['studentno']) || (trim($_SESSION['studentno']) == ''))
{
header("location: access-denied.php");
exit();
}
else
{
header("location: homepage.php");
exit();
}
?>
.when i test this on dreamweaver with php, and mysql. it works fine as it redirects to homepage.php. but when i got it hosted online. it always goes to access-denied.php even though the login is correct.
1 answers
solution1
5 2011-03-27 00:22:33
You do not need to activate register_globals in order to use persistent $_SESSION variables. In fact, the use of register_globals is strongly discouraged by many developers and deprecated as of PHP 5.3.0.
With register_globals off , we can still define values like:
# foo.php
session_start();
$_SESSION['foo'] = 'bar';
and on another page, return that value:
# bar.php
session_start();
echo $_SESSION['foo'];
Turning register_globals on would allow us to access that value more easily:
# bar.php
session_start();
echo $foo;
but opens up a number of security issues you can read about here .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.