Jump to content

PHP register_globals question


All4172

Recommended Posts

I have a script that works on one server and not on the other.  I noticed the register_globals are on, on the server the works and off on the server that doesn't work.

In my code I posted below, what kind of changes do I have to make in order for it to be compat with register_globals being off?

[code]
<?

// Database settings
DEFINE("SERVER", "local");
DEFINE("DATABASE", "mine");
DEFINE("USERNAME", "myname");
DEFINE("DBPASSWORD", "mypw");


// IP's you want to ban seperated by spaces
DEFINE("DENYIPS", "");

// Administrator password for the admin interface, example: stats.php?a=vs&password=****
// If no password is given the admin interface will be available to anyone.
DEFINE("ADMINPASSWORD", "");


$db = mysql_connect(SERVER, USERNAME, DBPASSWORD);

function checkPageExits($page) {
    $queryGetPages = "SELECT * FROM pagecounter";
    $resultGetPages = mysql_db_query(DATABASE, $queryGetPages) or die ("Query failed: error was ".mysql_error());
    while($row=mysql_fetch_array($resultGetPages)) {
        if (stristr($row["page"], $page)) {
            $r = true;
        }
    }
    if ($r) {
        return true;
    } else {
        return  false;
    }
}

function createPageEntry($page) {
    if (isset($page)) {
        $queryGetPages = "INSERT INTO `pagecounter` (`pageID`, `page`, `visits`) VALUES ('', '$page', '1')";
        $resultGetPages = mysql_db_query(DATABASE, $queryGetPages) or die ("Query failed: error was ".mysql_error());
        return true;
    } else {
        return false;
    }
}

function incrementVisits($page,$ip) {
    $denyips = explode(" ", DENYIPS);
    if (!in_array($ip, $denyips)) {
        if (isset($page)) {
            if (checkPageExits($page)) {
                $queryIncrement = "UPDATE pagecounter SET visits = visits + 1 WHERE page='$page'";
                $resultIncrement = mysql_db_query(DATABASE, $queryIncrement) or die ("Query failed: error was ".mysql_error());
                return true;
            } elseif(createPageEntry($page)) {
                return true;
            } else {
                return false;
            }
        } else {
            return false;
        }
    } else {
        return false;
    }
}

function viewStatus($self,$password) {

if (authUser($password)) {
$queryGetData = "SELECT * FROM pagecounter order by visits DESC LIMIT 5"; //set your own LIMIT by replacing the 5
$resultGetData = mysql_db_query(DATABASE, $queryGetData) or die ("Query failed: error was ".mysql_error());





for($i=0;$row=mysql_fetch_array($resultGetData);$i++) {
$fd= fread(fopen("$row[page]", "r"), 100000);
if ($fd)
{
$start= strpos($fd, "<title>");
$finish= strpos($fd, "</title>");
$length= $finish-$start;
$code_grabbed=Substr($fd, $start, $length);
$title=str_replace("<title>", "", $code_grabbed);

}

$i % 2 ? 0: $bgcolor = "#ffffff";
$o .=" &#8226;&nbsp;<a href=$row[page]>$title</a><BR>\n";
}

if (mysql_num_rows($resultGetData) == "0") {
return "There are no active counters.\n";
} else {
return $o;
}
} else {
$o .=" <form action=\"$self\" method=post>\n";
$o .=" Password:\n";
$o .=" <input name=\"password\" type=\"password\" /> \n";
$o .=" <input type=hidden name=a value=vs>\n";
$o .=" </form>\n";
return $o;
}
}


function authUser($password) {
    if ($password == ADMINPASSWORD) {
        return true;
    } elseif (ADMINPASSWORD == "") {
        return true;
    } else {
        return false;
    }
}

function resetCounter($pageID,$self,$password) {
    $queryResetCounter = "UPDATE pagecounter SET visits = 0 WHERE pageID='$pageID'";
    $resultResetCounter = mysql_db_query(DATABASE, $queryResetCounter) or die ("Query failed: error was ".mysql_error());
    return viewStatus($self,$password);
}

function deleteCounter($pageID,$self,$password) {
    $queryDeleteCounter = "DELETE FROM pagecounter WHERE pageID = '$pageID'";
    $resultDeleteCounter = mysql_db_query(DATABASE, $queryDeleteCounter) or die ("Query failed: error was ".mysql_error());
    return viewStatus($self,$password);
}

switch ($a) {
default:
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); 
header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header ("Pragma: no-cache"); // HTTP/1.0
header ("Content-type: image/gif");
$im = @ImageCreate (30, 10)
or die ("Cannot Initialize new GD image stream");
$white = ImageColorAllocate ($im, 255, 255, 255);
$trans = imagecolortransparent($im,$white);
ImagePng ($im);
incrementVisits ($HTTP_REFERER,$REMOTE_ADDR);
break;
case "vs":
print viewStatus($PHP_SELF,$password);
break;
case "rc":
print resetCounter($pageID,$PHP_SELF,$password);
break;
case "dc":
print deleteCounter($pageID,$PHP_SELF,$password);
break;
}

mysql_close($db);

?>

[/code]
Link to comment
Share on other sites

any time a varible is passed through the url with globals on you can use this any where in your script. ie script url: index.php?user=1

you would then access this using $user eg. echo $user. If globals are off which they should be for security you would then need to use this $_GET['user'], eg at the top of you page you would do the following, $user=$_GET['user']. Now all references to $user below would work. It is the same with varibles from forms as well. These now need to be accessed by $_POST['your_varible_name_here'].

The best thing to do is to ensure that your test server has globals off and you have all errors and warnings being displayed (set in your php.ini file). Then run the script and read the errors. They should give you line numbers of varibles that are not set. See what they are and where did it get it from then make the changes.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.