Jump to content

Archived

This topic is now archived and is closed to further replies.

elios

register_globals validation

Recommended Posts

HI!
I'm a graphic designer and right now approaching to server side programming. I found this code in a blog board flash+php+mysql, but this code was written in a old php version, in which register_globals value was "ON". How can rewrite this code with register_globals value "off"?
tnks, sorry for my very bad englihs!!! [img src=\"style_emoticons/[#EMO_DIR#]/wink.gif\" style=\"vertical-align:middle\" emoid=\":wink:\" border=\"0\" alt=\"wink.gif\" /]


// *** validate database
<?php require_once('../connectiona/datisql.php'); ?>
<?php
// *** Start the session
session_start();
// *** Validate request to log in to this site.
$FF_LoginAction = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING']) && $HTTP_SERVER_VARS['QUERY_STRING']!="") $FF_LoginAction .= "?".$HTTP_SERVER_VARS['QUERY_STRING'];
if (isset($HTTP_POST_VARS['email'])) {
$FF_valUsername=$HTTP_POST_VARS['email'];
$FF_valPassword=$HTTP_POST_VARS['password'];
$FF_fldUserAuthorization="nivelAcceso";
$FF_redirectLoginSuccess="inicio/index.php";
$FF_redirectLoginFailed="sin_acceso.php";
$FF_rsUser_Source="SELECT email, Password ";
if ($FF_fldUserAuthorization != "") $FF_rsUser_Source .= "," . $FF_fldUserAuthorization;
$FF_rsUser_Source .= " FROM usuarios WHERE email='" . $FF_valUsername . "' AND Password='" . $FF_valPassword . "'";
mysql_select_db($database_connFlashblog, $connFlashblog);
$FF_rsUser=mysql_query($FF_rsUser_Source, $connFlashblog) or die(mysql_error());
$row_FF_rsUser = mysql_fetch_assoc($FF_rsUser);
if(mysql_num_rows($FF_rsUser) > 0) {
// username and password match - this is a valid user
$MM_Username=$FF_valUsername;
session_register("MM_Username");
if ($FF_fldUserAuthorization != "") {
$MM_UserAuthorization=$row_FF_rsUser[$FF_fldUserAuthorization];
} else {
$MM_UserAuthorization="";
}
session_register("MM_UserAuthorization");
if (isset($accessdenied) && false) {
$FF_redirectLoginSuccess = $accessdenied;
}
mysql_free_result($FF_rsUser);
session_register("FF_login_failed");
$FF_login_failed = false;
header ("Location: $FF_redirectLoginSuccess");
exit;
}
mysql_free_result($FF_rsUser);
session_register("FF_login_failed");
$FF_login_failed = true;
header ("Location: $FF_redirectLoginFailed");
exit;

Share this post


Link to post
Share on other sites
[!--quoteo(post=377129:date=May 25 2006, 04:22 PM:name=rab)--][div class=\'quotetop\']QUOTE(rab @ May 25 2006, 04:22 PM) [snapback]377129[/snapback][/div][div class=\'quotemain\'][!--quotec--]
php.ini file?
[/quote]

may be, but register_globals must remain OFF, value ON represents a very dangerous security risk! [img src=\"style_emoticons/[#EMO_DIR#]/excl.gif\" style=\"vertical-align:middle\" emoid=\":excl:\" border=\"0\" alt=\"excl.gif\" /]

Share this post


Link to post
Share on other sites
Is the files your hosting from your PC?

Share this post


Link to post
Share on other sites
[!--quoteo(post=377143:date=May 25 2006, 04:49 PM:name=rab)--][div class=\'quotetop\']QUOTE(rab @ May 25 2006, 04:49 PM) [snapback]377143[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Is the files your hosting from your PC?
[/quote]
from server which host the page posted

Share this post


Link to post
Share on other sites
I wouldn't bother changing that code. There probably going to be more than just register_globals issue there. Looks like register long vars is on aswell. Besides that, that code was written by Dreamweaver and Dreamweaver writes absolutely bloated and inificient code.

Share this post


Link to post
Share on other sites
is there someone for a suggestion? i'm not a coder...help me please! [img src=\"style_emoticons/[#EMO_DIR#]/unsure.gif\" style=\"vertical-align:middle\" emoid=\":unsure:\" border=\"0\" alt=\"unsure.gif\" /]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.