Jump to content

PHP Sessions without register_globals

At0mic
 Share

Recommended Posts

At0mic

At0mic

Posted
Posted

I've just tested my website using Firefox and I get the following error message when I try to log in:

Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0

If I press "back" and refresh the page, I'm logged in. Everything works properly in IE6.

Please please please can anyone help?

Here's my login code:

<?
session_start("sesh");

$log_u = trim($_POST['username']);
$log_p = trim($_POST['password']);


if( !empty($log_u) && !empty($log_p) )
{
	$login_u = trim($log_u);
	$login_p = trim(md5($log_p));

	include ('inc/config.php');
	$q = "SELECT * FROM staff 
		WHERE username = '$login_u' 
		AND password = '$login_p'";
	$r = mysql_query($q);
	if (mysql_num_rows($r) == 1)
	{
		while ( $row = mysql_fetch_array($r) )
		{

			$first_name = $row['first_name'];
			$last_name = $row['last_name'];
			$username = $row['username'];			
			$staff_id = $row['id'];
			$permission_id = $row['permission_id'];
			$permission_to_book_rooms = $row['permission_to_book_rooms'];
			$room_booking_admin = $row['room_booking_admin'];

			$is_manager = $row['is_manager'];

			$password = $row['password'];
			$email = $row['email'];

			$full_name = $first_name ." " .$last_name;

			session_start("stusesh");			
			session_register('first_name');
			session_register('last_name');
			session_register('username');			
			session_register('full_name');
			session_register('staff_id');
			session_register('email');
			session_register('permission_id');
			session_register('permission_to_book_rooms');
			session_register('room_booking_admin');
			session_register('password');

			session_register('is_manager');

			if ( $page_logged_in_from == "login.php" )
			{
				header("location: /index.php");
				exit;
			}
			else
			{
				header("location: $page_logged_in_from");
				exit;
			}
		}
	}
	else
	{
		$page_title = "error";
		include ('header.php');
		echo "<p>You have entered an incorrect first name or password</p>";

		echo $_SESSION['first_name'] ."<br/>";
		echo $_SESSION['last_name'] ."<br/>";
		echo $_SESSION['password'] ."<br/>";

		include ('footer.php');
		exit;
	}

}
else
{	


	if ( !empty($_SESSION['username']) && !empty($_SESSION['password']) )
	{
		if ( $page_logged_in_from == "login.php" )
		{
			header("location: /index.php");
			exit;
		}
		else
		{
		//	header("location: $page_logged_in_from");
			exit;
		}

	}
	else
	{
		$page_title = "error";
		include ('header.php');
		echo "<p>You must fill in your <b>first name</b> and your <b>password</b>!</p>";
		include ('footer.php');
		exit;
	}

}

?>

  • 3 weeks later...

At0mic

At0mic

Posted
  • Author
Posted

Hi can anyone help me? If I turn on error reporting, I get:

Notice: Undefined index: submit in H:\xampplite\htdocs\pages\news\editNews.php on line 48

When I make my changes and click submit, I get:

Notice: Undefined index: cmd in H:\xampplite\htdocs\pages\news\editNews.php on line 21

Notice: Undefined index: id in H:\xampplite\htdocs\pages\news\editNews.php on line 62

At0mic

At0mic

Posted
  • Author
Posted

Oh yeah I meant to have posted editnews.php at the time but must have forgot.

With errors turned on, I get:

Notice: Undefined index: submit in H:\xampplite\htdocs\pages\news\editNews.php on line 49

when I try and edit the page and press submit, I get:

Notice: Undefined index: cmd in H:\xampplite\htdocs\pages\news\editNews.php on line 22

<?
include ('../../inc/config.php');

if($_GET["cmd"]=="edit" || $_POST["cmd"]=="edit")
{
   if (!isset($_POST["submit"]))
 {
	  $id = $_GET["id"];
	  $sql = "SELECT * FROM news WHERE id=$id";
	  $result = mysql_query($sql);
	  $myrow = mysql_fetch_array($result);
	  ?>

	  <form action="editNews.php" method="post">
	  <input type=hidden name="id" value="<?php echo $myrow["id"] ?>">

	  Name:<INPUT TYPE="TEXT" NAME="name" VALUE="<?php echo $myrow["name"] ?>" SIZE=30><br>
	  Start_date:<INPUT TYPE="TEXT" NAME="start_date" VALUE="<?php echo $myrow["start_date"] ?>" SIZE=30><br>
	  Headline:<INPUT TYPE="TEXT" NAME="headline" VALUE="<?php echo $myrow["headline"] ?>" SIZE=30><br>
	  Article:<TEXTAREA NAME="article" ROWS=10 COLS=30><? echo $myrow["article"] ?></TEXTAREA><br>
	  <input type="hidden" name="cmd" value="edit">

	  <input type="submit" name="submit" value="submit">

	  </form>

   <? }?>


<?
   if ($_POST["submit"])
   {
	  $id = $_POST["id"];
	  $name = $_POST["name"];
	  $start_date = $_POST["start_date"];
	  $headline = $_POST["headline"];
	  $article = $_POST["article"];

$sql = "UPDATE news
			SET
				name = '".$_POST['name']."',
				start_date = '".$start_date."',
				headline = '".$headline."',
				article = '".$article."'
			WHERE
				id = '$id'
		";

$result = mysql_query($sql)
or die('Could not edit row '.mysql_error());

   }
}
?>

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...