Jump to content


Photo

register_globals validation


  • Please log in to reply
6 replies to this topic

#1 elios

elios
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 25 May 2006 - 09:16 PM

HI!
I'm a graphic designer and right now approaching to server side programming. I found this code in a blog board flash+php+mysql, but this code was written in a old php version, in which register_globals value was "ON". How can rewrite this code with register_globals value "off"?
tnks, sorry for my very bad englihs!!! [img src=\"style_emoticons/[#EMO_DIR#]/wink.gif\" style=\"vertical-align:middle\" emoid=\":wink:\" border=\"0\" alt=\"wink.gif\" /]


// *** validate database
<?php require_once('../connectiona/datisql.php'); ?>
<?php
// *** Start the session
session_start();
// *** Validate request to log in to this site.
$FF_LoginAction = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING']) && $HTTP_SERVER_VARS['QUERY_STRING']!="") $FF_LoginAction .= "?".$HTTP_SERVER_VARS['QUERY_STRING'];
if (isset($HTTP_POST_VARS['email'])) {
$FF_valUsername=$HTTP_POST_VARS['email'];
$FF_valPassword=$HTTP_POST_VARS['password'];
$FF_fldUserAuthorization="nivelAcceso";
$FF_redirectLoginSuccess="inicio/index.php";
$FF_redirectLoginFailed="sin_acceso.php";
$FF_rsUser_Source="SELECT email, Password ";
if ($FF_fldUserAuthorization != "") $FF_rsUser_Source .= "," . $FF_fldUserAuthorization;
$FF_rsUser_Source .= " FROM usuarios WHERE email='" . $FF_valUsername . "' AND Password='" . $FF_valPassword . "'";
mysql_select_db($database_connFlashblog, $connFlashblog);
$FF_rsUser=mysql_query($FF_rsUser_Source, $connFlashblog) or die(mysql_error());
$row_FF_rsUser = mysql_fetch_assoc($FF_rsUser);
if(mysql_num_rows($FF_rsUser) > 0) {
// username and password match - this is a valid user
$MM_Username=$FF_valUsername;
session_register("MM_Username");
if ($FF_fldUserAuthorization != "") {
$MM_UserAuthorization=$row_FF_rsUser[$FF_fldUserAuthorization];
} else {
$MM_UserAuthorization="";
}
session_register("MM_UserAuthorization");
if (isset($accessdenied) && false) {
$FF_redirectLoginSuccess = $accessdenied;
}
mysql_free_result($FF_rsUser);
session_register("FF_login_failed");
$FF_login_failed = false;
header ("Location: $FF_redirectLoginSuccess");
exit;
}
mysql_free_result($FF_rsUser);
session_register("FF_login_failed");
$FF_login_failed = true;
header ("Location: $FF_redirectLoginFailed");
exit;

#2 rab

rab
  • Members
  • PipPipPip
  • Advanced Member
  • 155 posts

Posted 25 May 2006 - 09:22 PM

php.ini file?

#3 elios

elios
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 25 May 2006 - 09:28 PM

[!--quoteo(post=377129:date=May 25 2006, 04:22 PM:name=rab)--][div class=\'quotetop\']QUOTE(rab @ May 25 2006, 04:22 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
php.ini file?
[/quote]

may be, but register_globals must remain OFF, value ON represents a very dangerous security risk! [img src=\"style_emoticons/[#EMO_DIR#]/excl.gif\" style=\"vertical-align:middle\" emoid=\":excl:\" border=\"0\" alt=\"excl.gif\" /]

#4 rab

rab
  • Members
  • PipPipPip
  • Advanced Member
  • 155 posts

Posted 25 May 2006 - 09:49 PM

Is the files your hosting from your PC?

#5 elios

elios
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 25 May 2006 - 09:54 PM

[!--quoteo(post=377143:date=May 25 2006, 04:49 PM:name=rab)--][div class=\'quotetop\']QUOTE(rab @ May 25 2006, 04:49 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
Is the files your hosting from your PC?
[/quote]
from server which host the page posted

#6 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 25 May 2006 - 10:34 PM

I wouldn't bother changing that code. There probably going to be more than just register_globals issue there. Looks like register long vars is on aswell. Besides that, that code was written by Dreamweaver and Dreamweaver writes absolutely bloated and inificient code.

#7 elios

elios
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 26 May 2006 - 02:23 PM

is there someone for a suggestion? i'm not a coder...help me please! [img src=\"style_emoticons/[#EMO_DIR#]/unsure.gif\" style=\"vertical-align:middle\" emoid=\":unsure:\" border=\"0\" alt=\"unsure.gif\" /]




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users