register_globals validation

[elios]

HI!
I'm a graphic designer and right now approaching to server side programming. I found this code in a blog board flash+php+mysql, but this code was written in a old php version, in which register_globals value was "ON". How can rewrite this code with register_globals value "off"?
tnks, sorry for my very bad englihs!!! [img src=\"style_emoticons/[#EMO_DIR#]/wink.gif\" style=\"vertical-align:middle\" emoid=\":wink:\" border=\"0\" alt=\"wink.gif\" /]


// *** validate database
<?php require_once('../connectiona/datisql.php'); ?>
<?php
// *** Start the session
session_start();
// *** Validate request to log in to this site.
$FF_LoginAction = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING']) && $HTTP_SERVER_VARS['QUERY_STRING']!="") $FF_LoginAction .= "?".$HTTP_SERVER_VARS['QUERY_STRING'];
if (isset($HTTP_POST_VARS['email'])) {
$FF_valUsername=$HTTP_POST_VARS['email'];
$FF_valPassword=$HTTP_POST_VARS['password'];
$FF_fldUserAuthorization="nivelAcceso";
$FF_redirectLoginSuccess="inicio/index.php";
$FF_redirectLoginFailed="sin_acceso.php";
$FF_rsUser_Source="SELECT email, Password ";
if ($FF_fldUserAuthorization != "") $FF_rsUser_Source .= "," . $FF_fldUserAuthorization;
$FF_rsUser_Source .= " FROM usuarios WHERE email='" . $FF_valUsername . "' AND Password='" . $FF_valPassword . "'";
mysql_select_db($database_connFlashblog, $connFlashblog);
$FF_rsUser=mysql_query($FF_rsUser_Source, $connFlashblog) or die(mysql_error());
$row_FF_rsUser = mysql_fetch_assoc($FF_rsUser);
if(mysql_num_rows($FF_rsUser) > 0) {
// username and password match - this is a valid user
$MM_Username=$FF_valUsername;
session_register("MM_Username");
if ($FF_fldUserAuthorization != "") {
$MM_UserAuthorization=$row_FF_rsUser[$FF_fldUserAuthorization];
} else {
$MM_UserAuthorization="";
}
session_register("MM_UserAuthorization");
if (isset($accessdenied) && false) {
$FF_redirectLoginSuccess = $accessdenied;
}
mysql_free_result($FF_rsUser);
session_register("FF_login_failed");
$FF_login_failed = false;
header ("Location: $FF_redirectLoginSuccess");
exit;
}
mysql_free_result($FF_rsUser);
session_register("FF_login_failed");
$FF_login_failed = true;
header ("Location: $FF_redirectLoginFailed");
exit;

[rab]

php.ini file?

[elios]

[!--quoteo(post=377129:date=May 25 2006, 04:22 PM:name=rab)--][div class=\'quotetop\']QUOTE(rab @ May 25 2006, 04:22 PM) [snapback]377129[/snapback][/div][div class=\'quotemain\'][!--quotec--]
php.ini file?
[/quote]

may be, but register_globals must remain OFF, value ON represents a very dangerous security risk! [img src=\"style_emoticons/[#EMO_DIR#]/excl.gif\" style=\"vertical-align:middle\" emoid=\":excl:\" border=\"0\" alt=\"excl.gif\" /]

[rab]

Is the files your hosting from your PC?

[elios]

[!--quoteo(post=377143:date=May 25 2006, 04:49 PM:name=rab)--][div class=\'quotetop\']QUOTE(rab @ May 25 2006, 04:49 PM) [snapback]377143[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Is the files your hosting from your PC?
[/quote]
from server which host the page posted

[trq]

I wouldn't bother changing that code. There probably going to be more than just register_globals issue there. Looks like register long vars is on aswell. Besides that, that code was written by Dreamweaver and Dreamweaver writes absolutely bloated and inificient code.

[elios]

is there someone for a suggestion? i'm not a coder...help me please! [img src=\"style_emoticons/[#EMO_DIR#]/unsure.gif\" style=\"vertical-align:middle\" emoid=\":unsure:\" border=\"0\" alt=\"unsure.gif\" /]