Jump to content

error

Monk3h

By Monk3h
in PHP Coding Help

 Share

Recommended Posts

Monk3h Regular Member

Monk3h

Posted
Posted

Why doesnt this script work when i type in teh right pass.

 

When i type the right pass in it still gives me the Wrong password message. :@

 

<?php $title = "MASTER RESET"; include("header.php"); ?>
<?php


if ($stat[rank] != Admin) {
print "You're not an admin.";
include("footer.php");
exit;
}

Print"<form method=post action=masterreset.php?step=reset> Password: <input type=text name=pass></form>";

if ($step == reset){


if ($pass != abc){
Print "Wrong Password";
}else{

Print"Password Correct!";

}}


?>
<?php include("footer.php"); ?>

Link to comment
https://forums.phpfreaks.com/topic/107076-error/
Share on other sites
wildteen88 Regular Member

wildteen88

Posted
Posted

It is because your code relies up on register_globals. register_globals is depreciated and is being removed from PHP6.

<?php

$title = "MASTER RESET";

include "header.php";


if ($stat['rank'] != 'Admin')
{
print "You're not an admin.";
include "footer.php";
exit;
}

Print "<form method=post action=masterreset.php?step=reset> Password: <input type=text name=pass></form>";

if ($_GET['step'] == 'reset')
{
    if ($_POST['pass'] != 'abc')
    {
    Print "Wrong Password";
    }
    else
    {
        Print "Password Correct!";
    }
}

include "footer.php" ;

?>

You should use the newer superglobals

Link to comment
https://forums.phpfreaks.com/topic/107076-error/#findComment-548887
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

The point of turning off register globals in php4.2 and removing them in php6 is they allowed session variables to be changed by simply sending a post/get/cookie variable to your code with the same name as a session variable. Do you want someone setting the login values in a session to anything they want and appearing to be logged in or appearing to be an administrator account? That is what is happening to a lot forum/cms/blog software that relies on register globals.

 

Register globals (and several other early php features) were added simply as lazy-way short cuts to get the programming language to do something that lazy programmers should have been doing and only when they wanted or needed it to be done.

 

Register globals was the biggest security blunder that I have ever seen and it was deliberately introduced into the language. It was not an accidental bug that session variables were being set by register globals.

 

Register globals, magic quotes, ... that are finally being removed in php6 have caused more damage and wasted time every time a script runs that is using them than they ever saved the programmer when he was writing the code.

 

Short answer, don't be a lazy programmer or rely on lazy-way programming methods, You'll end up with code that can be broken into by someone willing to put in only slightly more effort than you did when you wrote it.

Link to comment
https://forums.phpfreaks.com/topic/107076-error/#findComment-548917
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.