GDollar_Post Posted August 22, 2007 Share Posted August 22, 2007 Hello, So I have a standard login that sets a userid SESSION variable. I use this to tell if someone is logged in and to do a number of other vanilla things. The problem is $_SESSION['id'] gets magically changed from whatever it was to a new value when I retrieve an id from an URL and set a local variable to that value. In other words, when I do this... session_start(); ... $x = $_SESSION['id']; $id = $_GET['id']; $y = $_SESSION['id']; if($x != $y){ echo "Shit Fuck"; exit(1); } ... "Shit Fuck" gets printed and that's no good. I figure it has to do with Apache's settings or something being messed up in the php.ini file, but I don't see any difference between my local settings and my host's settings. Any help would be amazing. peace. Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted August 22, 2007 Share Posted August 22, 2007 Make sure you don't have register_globals turned on. Register_globals always you to use $id aswell as $_SESSION['id'] for accessing the session variable, or any other server set variables with an 'id' key. To turn register_globals off it is best to add the following at the top of your scripts: ini_set('register_globals', 'Off'); Or if you host always you change PHP settings within an .htaccess file you can add the following to an .htaccess file php_flag register_globals Off Note: It is best place an .htaccess file in you sites root folder, that way register_globals will be off through your entire website. Note: Register_globals can cause exploits within your code, as you have just discovered. This is reason why PHP now has register_globals disabled by default and is being phased out. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.