Jump to content

register globlas off coding help


oMIKEo

Recommended Posts

hi, ive coded a page that works fine on my hosting but not on the clients, i believe its because register globals is set to off so i need to change my code so it works with that off... I dont know how though.

Here is the code:[code]<?php
include "config.php";
if( (!$username) or (!$password) )
{ header("Location:$HTTP_REFERER"); exit(); }

$conn=@mysql_connect("$db_host","$db_username","$db_password") or die("Could not connect");
$rs = @mysql_select_db($db_main,$conn) or die("Could not select database");

$sql="select * from hsm_users where username=\"$username\" and password=\"$password\"";
$rs=mysql_query($sql,$conn) or die("Could not execute query");
$num = mysql_num_rows($rs);

if($num !=0)
{
setcookie("UN",$username);
header("Location:approver.php"); exit(); }
else
{ header("Location:$HTTP_REFERER"); exit(); }
?>[/code]Thanks for any help.
Mike
Link to comment
Share on other sites

Replace them with $_GET['username'] and $_GET['password'] if you are using get or $_POST['username'] and $_POST['password'] for method post.

A "lazier" solution is to use $_REQUEST['username'] / $_REQUEST['password'].
Link to comment
Share on other sites

using the the code below i get this error:[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in D:\inetpub\vhosts\***\httpdocs\pupils\authenticate.php on line 4[/quote][code]<?php
include "config.php";
if( (!$_POST['username']) or (!$_POST['password']) )
{ header("Location:$_SERVER['http_referer']"); exit(); }

$conn=@mysql_connect("$db_host","$db_username","$db_password") or die("Could not connect");
$rs = @mysql_select_db($db_main,$conn) or die("Could not select database");

$sql="select * from hsm_users where username=\"$username\" and password=\"$password\"";
$rs=mysql_query($sql,$conn) or die("Could not execute query");
$num = mysql_num_rows($rs);

if($num !=0)
{
setcookie("UN",$username);
header("Location:approver.php"); exit(); }
else
{ header("Location:$_SERVER['http_referer']"); exit(); }
?>[/code]
Link to comment
Share on other sites

Its not only a register globals issue, but this is pretty poor code. Try using the isset() function to see if $_POST['username'] and $_POST['userpass'] exist.

Id'e also remove the error supressors from both your mysql_connect() and mysql_select_db() calls. There are [b]much[/b] better ways to handle errrors than just ignoring them.

Your also going to need to change your query.
[code]
$sql="select * from hsm_users where username=\"{$_POST['username']}\" and password=\"{$_POST['password']}\"";
[/code]
Link to comment
Share on other sites

:EDIT:

take thorpe's advice.

also, this is a debugging function that would come in handy:
[code]
<?php
    function debugMe($var)
    {
        return '<pre>' . print_r($var, true) . '</pre>';
    }
?>
[/code]


so now, you can just do echo debugMe($_POST) to observe what's in your _POST variables.

also, i'm just being picky here...but whenever you exit, try exiting with a valie like so:
[code]
exit(0);
[/code]
so that something is returned. in the unlikely case that you are running this via cli as a cron job or something on a linux machine, the proceses wouldn't know the script has exited properly unless you return a value. so it's just a tiny good habit in coding that you might want to follow :)

sorry i couldn't solve the real problem at hand here though but you should pick on thorpe's advice. it will lead you to solving the problem.
Link to comment
Share on other sites

Ive managed to get past the first problem and can log into the system.

This is a message board approval section and there are a delete and approve buttons for each message posted.

they dont work though now they go to the correct link but it doesnt delete or approve anything.

Can anyone help:[code]<?php
if (!$_COOKIE[UN])
{
   header("Location:login.php");
}
include("top.php");
if($delete != "")
{
// DO DELETE
    $conn =mysql_connect("$db_host","$db_username","$db_password") or die("Err:Conn");
    $rs=mysql_select_db($db_main, $conn) or die("Err: Db");
    $sql = "delete from hsm_messages where id = '$delete'";
    $result = mysql_query($sql,$conn) or die("Err:Query");
}
if($approve != "")
{
// DO APPROVE
    $conn = mysql_connect("$db_host","$db_username","$db_password") or die("Err:Conn");
    $rs= mysql_select_db($db_main, $conn) or die("Err: Db");
    $title = "Y";    
    mysql_query("UPDATE hsm_messages SET approved = '" . $title . "' where id = '$approve'") or die(mysql_error());
}
?>[/code]thanks for any advice.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.