All4172 Posted September 28, 2006 Share Posted September 28, 2006 I have a script that works on one server and not on the other. I noticed the register_globals are on, on the server the works and off on the server that doesn't work.In my code I posted below, what kind of changes do I have to make in order for it to be compat with register_globals being off?[code]<?// Database settings DEFINE("SERVER", "local"); DEFINE("DATABASE", "mine"); DEFINE("USERNAME", "myname"); DEFINE("DBPASSWORD", "mypw"); // IP's you want to ban seperated by spaces DEFINE("DENYIPS", ""); // Administrator password for the admin interface, example: stats.php?a=vs&password=**** // If no password is given the admin interface will be available to anyone. DEFINE("ADMINPASSWORD", ""); $db = mysql_connect(SERVER, USERNAME, DBPASSWORD); function checkPageExits($page) { $queryGetPages = "SELECT * FROM pagecounter"; $resultGetPages = mysql_db_query(DATABASE, $queryGetPages) or die ("Query failed: error was ".mysql_error()); while($row=mysql_fetch_array($resultGetPages)) { if (stristr($row["page"], $page)) { $r = true; } } if ($r) { return true; } else { return false; } } function createPageEntry($page) { if (isset($page)) { $queryGetPages = "INSERT INTO `pagecounter` (`pageID`, `page`, `visits`) VALUES ('', '$page', '1')"; $resultGetPages = mysql_db_query(DATABASE, $queryGetPages) or die ("Query failed: error was ".mysql_error()); return true; } else { return false; } } function incrementVisits($page,$ip) { $denyips = explode(" ", DENYIPS); if (!in_array($ip, $denyips)) { if (isset($page)) { if (checkPageExits($page)) { $queryIncrement = "UPDATE pagecounter SET visits = visits + 1 WHERE page='$page'"; $resultIncrement = mysql_db_query(DATABASE, $queryIncrement) or die ("Query failed: error was ".mysql_error()); return true; } elseif(createPageEntry($page)) { return true; } else { return false; } } else { return false; } } else { return false; } } function viewStatus($self,$password) { if (authUser($password)) { $queryGetData = "SELECT * FROM pagecounter order by visits DESC LIMIT 5"; //set your own LIMIT by replacing the 5 $resultGetData = mysql_db_query(DATABASE, $queryGetData) or die ("Query failed: error was ".mysql_error()); for($i=0;$row=mysql_fetch_array($resultGetData);$i++) { $fd= fread(fopen("$row[page]", "r"), 100000); if ($fd) { $start= strpos($fd, "<title>"); $finish= strpos($fd, "</title>"); $length= $finish-$start; $code_grabbed=Substr($fd, $start, $length); $title=str_replace("<title>", "", $code_grabbed); } $i % 2 ? 0: $bgcolor = "#ffffff"; $o .=" • <a href=$row[page]>$title</a><BR>\n"; } if (mysql_num_rows($resultGetData) == "0") { return "There are no active counters.\n"; } else { return $o; } } else { $o .=" <form action=\"$self\" method=post>\n"; $o .=" Password:\n"; $o .=" <input name=\"password\" type=\"password\" /> \n"; $o .=" <input type=hidden name=a value=vs>\n"; $o .=" </form>\n"; return $o; } } function authUser($password) { if ($password == ADMINPASSWORD) { return true; } elseif (ADMINPASSWORD == "") { return true; } else { return false; } } function resetCounter($pageID,$self,$password) { $queryResetCounter = "UPDATE pagecounter SET visits = 0 WHERE pageID='$pageID'"; $resultResetCounter = mysql_db_query(DATABASE, $queryResetCounter) or die ("Query failed: error was ".mysql_error()); return viewStatus($self,$password); } function deleteCounter($pageID,$self,$password) { $queryDeleteCounter = "DELETE FROM pagecounter WHERE pageID = '$pageID'"; $resultDeleteCounter = mysql_db_query(DATABASE, $queryDeleteCounter) or die ("Query failed: error was ".mysql_error()); return viewStatus($self,$password); } switch ($a) { default: header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header ("Pragma: no-cache"); // HTTP/1.0 header ("Content-type: image/gif"); $im = @ImageCreate (30, 10) or die ("Cannot Initialize new GD image stream"); $white = ImageColorAllocate ($im, 255, 255, 255); $trans = imagecolortransparent($im,$white); ImagePng ($im); incrementVisits ($HTTP_REFERER,$REMOTE_ADDR); break; case "vs": print viewStatus($PHP_SELF,$password); break; case "rc": print resetCounter($pageID,$PHP_SELF,$password); break; case "dc": print deleteCounter($pageID,$PHP_SELF,$password); break; } mysql_close($db); ?> [/code] Quote Link to comment Share on other sites More sharing options...
steveclondon Posted September 28, 2006 Share Posted September 28, 2006 any time a varible is passed through the url with globals on you can use this any where in your script. ie script url: index.php?user=1you would then access this using $user eg. echo $user. If globals are off which they should be for security you would then need to use this $_GET['user'], eg at the top of you page you would do the following, $user=$_GET['user']. Now all references to $user below would work. It is the same with varibles from forms as well. These now need to be accessed by $_POST['your_varible_name_here'].The best thing to do is to ensure that your test server has globals off and you have all errors and warnings being displayed (set in your php.ini file). Then run the script and read the errors. They should give you line numbers of varibles that are not set. See what they are and where did it get it from then make the changes. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.