Jump to content

register_globals


webwired

Recommended Posts

I have researched and researched and read tutorial after tutorial and I just can't seem to get it... Could someone please tell me why the following login script won't work with register_globals off

[b]login.php[/b]
[code]
<?php

if(isset($_POST[login]))    {

include_once "connection.php";

$query = mysql_query("select * from users where username = '$_POST[username]' and password = '$_POST[password]'")or die(mysql_error());

$count = mysql_num_rows($query);

if ($count == 1)    {

        header("Location: loginaction.php?" . "userid=$row[userid]&" . "condition=logged&" . "username=$row[username]");

                    }elseif($count == 0)    {

                    echo 'Invalid Username and/or Password';

                                            }

                            }

?>
<br><br>
<center>
<h1>Login</h1>

<form method="POST" action="<?php echo $_SERVER[php_self]; ?>">

<table border="0" width="300">

  <tr>

      <td>Username</td>

    <td><input type="text" name="username" size="20"></td>

  </tr>

  <tr>

      <td>Password</td>

    <td><input type="password" name="password" size="20"></td>

  </tr>

  <tr>

      <td colspan="2"><center><input type="submit" name="login" value="Submit"></center></td>

  </tr>

</table>

</form>
</center>
[/code]

[b]loginaction.php[/b]
[code]
<?php

session_start();

    $_SESSION['userid'] = $_GET[userid];

    $_SESSION['condition'] = $_GET[condition];

    $_SESSION['username'] = $_GET[username];

        header("Location: index.php");

?>
[/code]
Link to comment
Share on other sites

Well, it just doesn't redirect to the loginaction.php page... When you enter your username and password, it just comes back to the login screen... So its accessing the database and seeing that its a valid username and password, because if you enter a bad username and password, it'll perform: echo 'Invalid Username and/or Password'; It works fine with register_globals "ON".
Link to comment
Share on other sites

Well, for starters. Non numerical array keys need to be surrounded in quotes. So this...
[code]
if(isset($_POST[login]))
[/code]
Should be...
[code]
if(isset($_POST[login]))
[/code]
Php is pretty forgiving in this area, but dont push your luck. There is quite a few places in your code where you have neglected to use this proper syntax.

Then, if your using non numerical array keys within a double quoted string you need to surround them in curly braces.
[code]
$query = mysql_query("select * from users where username = '{$_POST['username']}' and password = '{$_POST['password']}'") or die(mysql_error());
[/code]
Link to comment
Share on other sites

I've made all of these changes as you can see from the following code, but it still doesn't redirect to the loginaction.php page with the register_globals off. I tried to change the task if login was successful, such as echo something and that works, so it's definately something about the header that register_globals doesn't like.[code]header("Location: loginaction.php?" . "userid=$row[userid]&" . "condition=logged&" . "username=$row[username]");[/code]


[code]
<?php

if(isset($_POST["login"]))    {

include_once "connection.php";

$query = mysql_query("select * from users where username = '{$_POST['username']}' and password = '{$_POST['password']}'") or die(mysql_error());


$count = mysql_num_rows($query);

if ($count == '1')    {

        header("Location: loginaction.php?" . "userid=$row[userid]&" . "condition=logged&" . "username=$row[username]");

                    }elseif($count == '0')    {

                    echo 'Invalid Username and/or Password';

                                            }

                            }

?>
<br><br>
<center>
<h1>Login</h1>

<form method="POST" action="<?php echo $_SERVER[php_self]; ?>">

<table border="0" width="300">

  <tr>

      <td>Username</td>

    <td><input type="text" name="username" size="20"></td>

  </tr>

  <tr>

      <td>Password</td>

    <td><input type="password" name="password" size="20"></td>

  </tr>

  <tr>

      <td colspan="2"><center><input type="submit" name="login" value="Submit"></center></td>

  </tr>

</table>

</form>
</center>
[/code]
Link to comment
Share on other sites

Yeah... sorry, that was a typo before. Im really not sure this will even help, but it is best practice.

You didn't make ALL required chnges.
[code]
header("Location: loginaction.php?userid={$row['userid']}&condition=logged&username={$row['username']}");
[/code]
Dont see why you need that all broken up with concatination.
Link to comment
Share on other sites

Sorry, yeah I missed that on the Header, I'll remember from now on the {}

Still doesn't work though, like you expected. Is there some kind of rule about header("Location: with register_globals off versus with register_globals on that I'm missing?
Link to comment
Share on other sites

In order to prove or disprove that the header does or doesn't work, create two small PHP scripts, one with the header() function and one as the target.

header_test.php:
[code]<?php
$row = array('userid' => '1234', 'username' => 'test1234');
$x = "Location: header_target.php?" . "userid=$row[userid]&" . "condition=logged&" . "username=$row[username]";
header($x);
exit('did not transfer to loginaction ... ' . $x);
?>[/code]

header_target.php:
[code]<?php
echo '<pre>' . print_r($_GET,true).'</pre>';
?>[/code]

Invoke header_test.php
If you see the dump of the $_GET array, then everything worked and your non-working script has a differenct problem.

Ken
Link to comment
Share on other sites

The result of test is as follows:
Address: [a href=\"http://url.com/header_target.php?userid=1234&condition=logged&username=test1234\" target=\"_blank\"]http://url.com/header_target.php?userid=12...ername=test1234[/a]

Displays:
Array
(
[userid] => 1234
[condition] => logged
[username] => test1234
)

Link to comment
Share on other sites

This proves that the header() function works as advertised and your script is not failing there.

Is error reporting turned on? You may be getting "header already sent" errors and not seeing them if error reporting is turned off.

Ken
Link to comment
Share on other sites

I'm not sure about if error reporting is turned on, I'll have to ask dedicated server support,... but I did try another test, I put your code into mine and it worked fine, but when I changed the redirect URL back to loginaction.php it wouldn't work again... so it leads me to think something about my loginaction.php page isn't accepting the redirect somehow...
[code]
<?php

session_start();

    $_SESSION['userid'] = $_GET[userid];

    $_SESSION['condition'] = $_GET[condition];

    $_SESSION['username'] = $_GET[username];

        header("Location: index.php");

?>
[/code]
Link to comment
Share on other sites

Just a note...where you use $_GET and $_POST I notice you use things like $_GET[userid]...that would mean userid is a constant that refers to an entity in an array...I believe it is proper to use $_GET['userid'] to reference entity with key userid in array $_GET...just a bit of a side note there...
Link to comment
Share on other sites

PHP will do the "right thing" in these situations after issuing a warning. If it is issuing a warning that could be what is preventing the header function from working. Clean up your array references and see if that makes a difference.

Also, why don't you do this code in your first script and then go directly to the "index.php" script? That would save one header bump.

Ken
Link to comment
Share on other sites

Ok, did all of those things... Still don't work. Here's my code.

[code]
<?php
session_start();
if(isset($_POST['login']))    {
include_once "connection.php";
$query = mysql_query("select * from users where username = '{$_POST['username']}' and password = '{$_POST['password']}'") or die(mysql_error());
$count = mysql_num_rows($query);
if ($count == '1')    {
    $_SESSION['userid'] = $row['userid'];
    $_SESSION['condition'] = 'logged';
    $_SESSION['username'] = $row['username'];
        header("Location: index.php");
                    }elseif($count == '0')    {
                    echo 'Invalid Username and/or Password';
                                            }
                            }
?>
<br><br>
<center>
<h1>Login</h1>
<form method="POST" action="<?php echo $_SERVER['php_self']; ?>">
<table border="0" width="300">
  <tr>
      <td>Username</td>
    <td><input type="text" name="username" size="20"></td>
  </tr>
  <tr>
      <td>Password</td>
    <td><input type="password" name="password" size="20"></td>
  </tr>
  <tr>
      <td colspan="2"><center><input type="submit" name="login" value="Submit"></center></td>
  </tr>
</table>
</form>
</center>
[/code]
Link to comment
Share on other sites

Let's make sure there are no errors that are not being reported. Put this line:
[code]error_reporting(E_ALL);[/code] right after the sessin_start()

Also in this section of code:
[code]<?php
if ($count == '1')    {
    $_SESSION['userid'] = $row['userid'];
    $_SESSION['condition'] = 'logged';
    $_SESSION['username'] = $row['username'];
        header("Location: index.php");
                    }elseif($count == '0')    {
                    echo 'Invalid Username and/or Password';
                                            }
?>[/code]
The value of $count will only be 1 or 2, so you don't need a "elseif" here. A "else" will work fine.
[code]<?php
if ($count == '1')    {
    $_SESSION['userid'] = $row['userid'];
    $_SESSION['condition'] = 'logged';
    $_SESSION['username'] = $row['username'];
    header("Location: index.php");
}
else echo 'Invalid Username and/or Password';
?>[/code]

Ken
Link to comment
Share on other sites

[code]<?php

session_start();
if(isset($_POST['login']))    {
include_once "connection.php";
$query = mysql_query("select * from users where username = '{$_POST['username']}' and password = '{$_POST['password']}'") or die(mysql_error());
if ($query) {
  $row = mysql_fetch_assoc($query); // Notice modification made here.
  $_SESSION['userid'] = $row['userid'];
  $_SESSION['condition'] = 'logged';
  $_SESSION['username'] = $row['username'];
  header("Location: index.php");
}elseif($count == '0')    {
  echo 'Invalid Username and/or Password';
}

?>[/code]

$row[] is not defined until you define it. Try the above code and see how it works for you.
Link to comment
Share on other sites

kenrbnsn, I put in that error code and changed the elseif to an else... Like txmedic03 said, "$row[] is not defined until you define it" was what I was getting... So I changed to his code, still nothing, no errors, no redirect... nothing, even when I put in a wrong username and password. So I made a hybrid of his code and my code, still doesn't redirect, it'll do anything you want it to do, but redirect...

[code]
<?php
session_start();
error_reporting(E_ALL);
if(isset($_POST['login']))    {
include_once "connection.php";
$query = mysql_query("select * from users where username = '{$_POST['username']}' and password = '{$_POST['password']}'") or die(mysql_error());
$count = mysql_num_rows($query);
if ($count == 1)    {
  $row = mysql_fetch_assoc($query);
  $_SESSION['userid'] = $row['id'];
  $_SESSION['condition'] = 'logged';
  $_SESSION['username'] = $row['username'];
  header("Location: index.php");
                    }else    {
  echo 'Invalid Username and/or Password';
                            }
                            }
?>
[/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.