Jump to content

register_globals off and my sessions won't work

meltingpoint

By meltingpoint
in PHP Coding Help

 Share

Recommended Posts

meltingpoint Member

meltingpoint

Posted
Posted

How does one code sessions with register_globals set to off?

 

<?

session_start();

 

$_SESSION['name'] = 'Joe';

 

?>

 

.........now when I have session_start() at the top of each and every page- when I call on any subsequent pages

 

echo "$_SESSION['name']";  I get nothing.  With register_globals set to ON- it will echo - Joe

 

What am I missing.

Link to comment
Share on other sites
teamatomic Newbie

teamatomic

Posted
Posted

The only thing with globals on is that

$_SESSION['name'] = 'joe';

would be accessible with $name without doing

$name = $_SESSION['name'];

 

But to echo out what you want you need to:

echo "{$_SESSION['name']}";

enclose the session var in curly brackets

 

 

HTH

Teamatomic

Link to comment
Share on other sites
meltingpoint Member

meltingpoint

Posted
  • Author
Posted

Ok- I did that and it did echo out correctly.  But why the curly brackets? 

 

Also- I have a login script that I can use with globals on- but not with globals off.  IN other words the variable is not being passed from page to page.  Obviously I am not echoing them out to each page- put my script does check a flat file data base and does not allow access if the session variable does not match.  Turn globals off and it triggers the "You are not a member" message.  So what is the correct way to call declare a $_SESSION variable and have it accessible from page to page?

Link to comment
Share on other sites
teamatomic Newbie

teamatomic

Posted
Posted

page1:

session_start();

 

$_SESSION['foo'] = 'bar'

 

 

page2"

session_start();

 

echo "{$_SESSION['foo']}";

 

read my first answer about globals and $_SESSION['name'] and $name. the reason your script works with globals on is that is uses $name instead of $_SESSION['name'] or $_POST['name'] or $_GET['name'].

 

I dont know how to make it any clearer.

 

 

HTH

Teamatomic

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

echo "$_SESSION['name']"; produces a fatal parse error, having nothing to do with the register_globals setting and therefore cannot be your actual code.

 

It would take seeing your actual code to be able to tell you why it is not working when register_globals are off.

Link to comment
Share on other sites
meltingpoint Member

meltingpoint

Posted
  • Author
Posted

on my authenticate page I have the $_SESSION variables declared;

 

$_SESSION['Xuser'] = $Xuser;

 

now I call to see if the session variable $_SESSION['Xuser'] is set;

 

if(!isset($_SESSION['Xuser']))

{

echo "Sorry your not a member";

}

else

{

.....continue on

}

 

with register_globals on- it works.  With register_globals off- it triggers the "Sorry your not a member"

 

Sorry if I am being dense here- but I am missing something.  So how do I use the decalred session variable.  And also- in the previous posts, what function did the curly brackets have?

 

Thanks in advance.

Link to comment
Share on other sites
gizmola Prolific Member

gizmola

Posted
Posted

We can only suspect, because this isn't your real code, and you're quite probably omitting a key detail that would explain things better.  A few things to know:

 

The isset() language construct can be very confusing if you don't understand how it works.  Admittedly the manual doesn't do the best job with it.  This is probably more as a comment because it doesn't really explain what you're seeing, but doing what you're doing isn't the best idea, because the minute you do the $_SESSION['Xuser'] = assignment, unless you are doing an unset at some point, or you are assigning to null, isset is going to be true.  That seems more a problem with your working code, since you will allow someone to get into the member system, even if $Xuser is an empty string.

 

 


$foo = "";

if (isset($foo)) {
  echo "Foo isset";
} else {
  echo "Foo is not set";
}

 

So what I'm guessing the real problem here is that what register globals is changing, is that it's hiding a flaw in your form handling code, where you are getting whatever $_POST or $_GET variables during the login.  Perhaps you have a typo or some other small detail wrong, and register globals is hiding that mistake.  It has nothing to do with how $_SESSION works or doesn't, as  PFMaBiSmAd already explained.

 

With that said -- register globals is really bad, opens up huge security holes and is deprecated.  It doesn't do anything magic other than to convert all the variables that come in from the environment into global variables. 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.