Jump to content

Archived

This topic is now archived and is closed to further replies.

All4172

PHP register_globals question

Recommended Posts

I have a script that works on one server and not on the other.  I noticed the register_globals are on, on the server the works and off on the server that doesn't work.

In my code I posted below, what kind of changes do I have to make in order for it to be compat with register_globals being off?

[code]
<?

// Database settings
DEFINE("SERVER", "local");
DEFINE("DATABASE", "mine");
DEFINE("USERNAME", "myname");
DEFINE("DBPASSWORD", "mypw");


// IP's you want to ban seperated by spaces
DEFINE("DENYIPS", "");

// Administrator password for the admin interface, example: stats.php?a=vs&password=****
// If no password is given the admin interface will be available to anyone.
DEFINE("ADMINPASSWORD", "");


$db = mysql_connect(SERVER, USERNAME, DBPASSWORD);

function checkPageExits($page) {
    $queryGetPages = "SELECT * FROM pagecounter";
    $resultGetPages = mysql_db_query(DATABASE, $queryGetPages) or die ("Query failed: error was ".mysql_error());
    while($row=mysql_fetch_array($resultGetPages)) {
        if (stristr($row["page"], $page)) {
            $r = true;
        }
    }
    if ($r) {
        return true;
    } else {
        return  false;
    }
}

function createPageEntry($page) {
    if (isset($page)) {
        $queryGetPages = "INSERT INTO `pagecounter` (`pageID`, `page`, `visits`) VALUES ('', '$page', '1')";
        $resultGetPages = mysql_db_query(DATABASE, $queryGetPages) or die ("Query failed: error was ".mysql_error());
        return true;
    } else {
        return false;
    }
}

function incrementVisits($page,$ip) {
    $denyips = explode(" ", DENYIPS);
    if (!in_array($ip, $denyips)) {
        if (isset($page)) {
            if (checkPageExits($page)) {
                $queryIncrement = "UPDATE pagecounter SET visits = visits + 1 WHERE page='$page'";
                $resultIncrement = mysql_db_query(DATABASE, $queryIncrement) or die ("Query failed: error was ".mysql_error());
                return true;
            } elseif(createPageEntry($page)) {
                return true;
            } else {
                return false;
            }
        } else {
            return false;
        }
    } else {
        return false;
    }
}

function viewStatus($self,$password) {

if (authUser($password)) {
$queryGetData = "SELECT * FROM pagecounter order by visits DESC LIMIT 5"; //set your own LIMIT by replacing the 5
$resultGetData = mysql_db_query(DATABASE, $queryGetData) or die ("Query failed: error was ".mysql_error());





for($i=0;$row=mysql_fetch_array($resultGetData);$i++) {
$fd= fread(fopen("$row[page]", "r"), 100000);
if ($fd)
{
$start= strpos($fd, "<title>");
$finish= strpos($fd, "</title>");
$length= $finish-$start;
$code_grabbed=Substr($fd, $start, $length);
$title=str_replace("<title>", "", $code_grabbed);

}

$i % 2 ? 0: $bgcolor = "#ffffff";
$o .=" &#8226;&nbsp;<a href=$row[page]>$title</a><BR>\n";
}

if (mysql_num_rows($resultGetData) == "0") {
return "There are no active counters.\n";
} else {
return $o;
}
} else {
$o .=" <form action=\"$self\" method=post>\n";
$o .=" Password:\n";
$o .=" <input name=\"password\" type=\"password\" /> \n";
$o .=" <input type=hidden name=a value=vs>\n";
$o .=" </form>\n";
return $o;
}
}


function authUser($password) {
    if ($password == ADMINPASSWORD) {
        return true;
    } elseif (ADMINPASSWORD == "") {
        return true;
    } else {
        return false;
    }
}

function resetCounter($pageID,$self,$password) {
    $queryResetCounter = "UPDATE pagecounter SET visits = 0 WHERE pageID='$pageID'";
    $resultResetCounter = mysql_db_query(DATABASE, $queryResetCounter) or die ("Query failed: error was ".mysql_error());
    return viewStatus($self,$password);
}

function deleteCounter($pageID,$self,$password) {
    $queryDeleteCounter = "DELETE FROM pagecounter WHERE pageID = '$pageID'";
    $resultDeleteCounter = mysql_db_query(DATABASE, $queryDeleteCounter) or die ("Query failed: error was ".mysql_error());
    return viewStatus($self,$password);
}

switch ($a) {
default:
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); 
header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header ("Pragma: no-cache"); // HTTP/1.0
header ("Content-type: image/gif");
$im = @ImageCreate (30, 10)
or die ("Cannot Initialize new GD image stream");
$white = ImageColorAllocate ($im, 255, 255, 255);
$trans = imagecolortransparent($im,$white);
ImagePng ($im);
incrementVisits ($HTTP_REFERER,$REMOTE_ADDR);
break;
case "vs":
print viewStatus($PHP_SELF,$password);
break;
case "rc":
print resetCounter($pageID,$PHP_SELF,$password);
break;
case "dc":
print deleteCounter($pageID,$PHP_SELF,$password);
break;
}

mysql_close($db);

?>

[/code]

Share this post


Link to post
Share on other sites
any time a varible is passed through the url with globals on you can use this any where in your script. ie script url: index.php?user=1

you would then access this using $user eg. echo $user. If globals are off which they should be for security you would then need to use this $_GET['user'], eg at the top of you page you would do the following, $user=$_GET['user']. Now all references to $user below would work. It is the same with varibles from forms as well. These now need to be accessed by $_POST['your_varible_name_here'].

The best thing to do is to ensure that your test server has globals off and you have all errors and warnings being displayed (set in your php.ini file). Then run the script and read the errors. They should give you line numbers of varibles that are not set. See what they are and where did it get it from then make the changes.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.