Jump to content

Archived

This topic is now archived and is closed to further replies.

oMIKEo

register globlas off coding help

Recommended Posts

hi, ive coded a page that works fine on my hosting but not on the clients, i believe its because register globals is set to off so i need to change my code so it works with that off... I dont know how though.

Here is the code:[code]<?php
include "config.php";
if( (!$username) or (!$password) )
{ header("Location:$HTTP_REFERER"); exit(); }

$conn=@mysql_connect("$db_host","$db_username","$db_password") or die("Could not connect");
$rs = @mysql_select_db($db_main,$conn) or die("Could not select database");

$sql="select * from hsm_users where username=\"$username\" and password=\"$password\"";
$rs=mysql_query($sql,$conn) or die("Could not execute query");
$num = mysql_num_rows($rs);

if($num !=0)
{
setcookie("UN",$username);
header("Location:approver.php"); exit(); }
else
{ header("Location:$HTTP_REFERER"); exit(); }
?>[/code]Thanks for any help.
Mike

Share this post


Link to post
Share on other sites
.. and how do $username and $password arrive at that script?

Share this post


Link to post
Share on other sites
Replace them with $_GET['username'] and $_GET['password'] if you are using get or $_POST['username'] and $_POST['password'] for method post.

A "lazier" solution is to use $_REQUEST['username'] / $_REQUEST['password'].

Share this post


Link to post
Share on other sites
In IE i get a "The page cannot be displayed" error and in FF i get an "Object Moved" error.

I think it doesnt like the redirects but im not sure.

Any ideas?

Thanks, Mike

Share this post


Link to post
Share on other sites
$HTTP_REFERER should be $_SERVER['http_referer']

Share this post


Link to post
Share on other sites
using the the code below i get this error:[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in D:\inetpub\vhosts\***\httpdocs\pupils\authenticate.php on line 4[/quote][code]<?php
include "config.php";
if( (!$_POST['username']) or (!$_POST['password']) )
{ header("Location:$_SERVER['http_referer']"); exit(); }

$conn=@mysql_connect("$db_host","$db_username","$db_password") or die("Could not connect");
$rs = @mysql_select_db($db_main,$conn) or die("Could not select database");

$sql="select * from hsm_users where username=\"$username\" and password=\"$password\"";
$rs=mysql_query($sql,$conn) or die("Could not execute query");
$num = mysql_num_rows($rs);

if($num !=0)
{
setcookie("UN",$username);
header("Location:approver.php"); exit(); }
else
{ header("Location:$_SERVER['http_referer']"); exit(); }
?>[/code]

Share this post


Link to post
Share on other sites
Change these lines:

[code]{ header("Location:$_SERVER['http_referer']"); exit(); }[/code]

To

[code]{ header("Location:{$_SERVER['HTTP_REFERER']}"); exit(); }[/code]

Share this post


Link to post
Share on other sites
thanks, thats 1 step closer....

It redirects fine but i its not getting past the first part of the code so i think its not detecting any value for the username and password.

Any ideas?

Thanks

Share this post


Link to post
Share on other sites
Its not only a register globals issue, but this is pretty poor code. Try using the isset() function to see if $_POST['username'] and $_POST['userpass'] exist.

Id'e also remove the error supressors from both your mysql_connect() and mysql_select_db() calls. There are [b]much[/b] better ways to handle errrors than just ignoring them.

Your also going to need to change your query.
[code]
$sql="select * from hsm_users where username=\"{$_POST['username']}\" and password=\"{$_POST['password']}\"";
[/code]

Share this post


Link to post
Share on other sites
:EDIT:

take thorpe's advice.

also, this is a debugging function that would come in handy:
[code]
<?php
    function debugMe($var)
    {
        return '<pre>' . print_r($var, true) . '</pre>';
    }
?>
[/code]


so now, you can just do echo debugMe($_POST) to observe what's in your _POST variables.

also, i'm just being picky here...but whenever you exit, try exiting with a valie like so:
[code]
exit(0);
[/code]
so that something is returned. in the unlikely case that you are running this via cli as a cron job or something on a linux machine, the proceses wouldn't know the script has exited properly unless you return a value. so it's just a tiny good habit in coding that you might want to follow :)

sorry i couldn't solve the real problem at hand here though but you should pick on thorpe's advice. it will lead you to solving the problem.

Share this post


Link to post
Share on other sites
Ive managed to get past the first problem and can log into the system.

This is a message board approval section and there are a delete and approve buttons for each message posted.

they dont work though now they go to the correct link but it doesnt delete or approve anything.

Can anyone help:[code]<?php
if (!$_COOKIE[UN])
{
   header("Location:login.php");
}
include("top.php");
if($delete != "")
{
// DO DELETE
    $conn =mysql_connect("$db_host","$db_username","$db_password") or die("Err:Conn");
    $rs=mysql_select_db($db_main, $conn) or die("Err: Db");
    $sql = "delete from hsm_messages where id = '$delete'";
    $result = mysql_query($sql,$conn) or die("Err:Query");
}
if($approve != "")
{
// DO APPROVE
    $conn = mysql_connect("$db_host","$db_username","$db_password") or die("Err:Conn");
    $rs= mysql_select_db($db_main, $conn) or die("Err: Db");
    $title = "Y";    
    mysql_query("UPDATE hsm_messages SET approved = '" . $title . "' where id = '$approve'") or die(mysql_error());
}
?>[/code]thanks for any advice.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.