register_globals

[andyg666]

I have adapted one of the user registration and login scripts i found here. I set it up months ago, and now I have a real project to apply it to. It was working fine many months ago, but now I'm getting the following error when i attempt to login:

[quote]Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0[/quote]

here is the code:
[code]<?php
session_start();
require_once('connect.php');

if(isset($_POST['login']))
{
  $error = '';
  $username = $_POST['username'];
  $password = $_POST['password'];
  if($username == "" || $password == "")
  {
      $error .= 'A required field was left blank.<br />';
  }
  $password = md5($password);
  if(get_magic_quotes_gpc())
  {
      $username = $username;
  }
  else
  {
      $username = addslashes($username);
  }
  $result = mysql_query("SELECT * FROM users WHERE UserName='".$username."' AND UserPWD='".$password."'")
  or die(mysql_error());
 
  $valid_login = mysql_num_rows($result);
  if($valid_login == 0)
  {
      $error .= "The supplied username and/or password was incorrect.<br />";
  }
  if($error == "")
  {
      $data = mysql_fetch_array($result);
      $_SESSION['username'] = $data['username'];
      $utime = date("Y/m/d, H:i:s"); 
      mysql_query("UPDATE users SET LastLogin='".$utime."' WHERE UserName='".$username."'");
      echo '<meta http-equiv="Refresh" Content="5; URL=index.php"><BR>
      Thank you for logging in, '.$_SESSION['username'].'.';
      die();
      setcookie("user", $_SESSION['username'], time()+3600);
  }
  else{
      echo 'The following errors were returned:<br />'.$error.'<br />';
      echo $username.', '.$password;
  }
}

?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Log In</title>
<style type="text/css">
.container {
  text-align: center;
  border: 1px solid #000000;
  width: 300px;
}
td {
  text-align: left;
}
</style>
</head>
<body>
<form action="login.php" method="post">
<table class="container" align="center" cellspacing="0" cellpadding="0">
  <tr>
      <td colspan="2" style="text-align:center;"><h1>Log In</h1></td>
  </tr>
  <tr>
      <td>Username:</td>
      <td><input type="text" name="username" maxlength="20" /></td>
  </tr>
  <tr>
      <td>Password:</td>
      <td><input type="password" name="password" /></td>
  </tr>
  <tr>
      <td colspan="2" style="text-align:center;"><input name="login" type="submit" value="Log In" /></td>
  </tr>
  <tr>
      <td colspan="2" style="text-align:center;"><a href="register.php">Register</a> | <a href="index.php">Index</a></td>
  </tr>
</table>
</form>
</body>
</html>
[/code]
it IS updating the lastlogin field. but it doesn't set the cookie. what global variable is it talking about? and how can i fix this? thanks.

[complex05]

remove die(); from your script.

[andyg666]

[quote author=complex05 link=topic=118746.msg485477#msg485477 date=1166200583]
remove die(); from your script.
[/quote]
D'OH!! thanks.

[andyg666]

it's removed. now i get 2 errors...

[quote]
Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\xampplite\htdocs\thebeathub\login.php:38) in C:\xampp\xampplite\htdocs\thebeathub\login.php on line 39

Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0
[/quote]

[complex05]

the first line of your script, type ob_start();

[andyg666]

ok, did that. the original error message is still there and it's not setting the cookie. this is weird because it was working in the past. all i didnt was change the database name in the connect.php file and some of the field names in the script itself. i'm wondering why it now requires all of this fixing...

thanks for your help, by the way.

[complex05]

Are you hosting this file on a web server? It's possible that whoever is maintaining your server upgraded the version of PHP that may have a session bug in it.

Your script appears to be fine and should work.

[andyg666]

no i'm using xxamplite. should i see if there are any upgrades or patches available? maybe it's a firewall problem?
PHP Version 5.1.4

[complex05]

No I don't think it's a firewall issue. Try reinstalling XAMP (and get the full version) and see if that helps. If not, I will continue to try to help you with this.

[andyg666]

thanks much!

[andyg666]

i fixed it like by getting rid of the $data and $result and just setting $_SESSION with the $username variable. it works, but is this a viable and secure solution?

[code] if($error == "")
  {
      // $data = mysql_fetch_array($result);
      // $_SESSION['username'] = $data['username'];
      $_SESSION['username'] = $username;
      $utime = date("Y/m/d, H:i:s"); 
      mysql_query("UPDATE users SET LastLogin='".$utime."' WHERE UserName='".$username."'");
      echo '<meta http-equiv="Refresh" Content="20; URL=index.php"><BR>
      Thank you for logging in, '.$_SESSION['username'].'.';
      setcookie("user", $_SESSION['username'], time()+3600);
  }[/code]

[complex05]

where is the $username variable coming from?

[andyg666]

an HTML form

$username = $_POST['username'];