Convert script from PHP 4 to PHP 5

[DonH]

Hello all

I have a script that was written on PHP 4, it uses Globals On. Now that I have moved to PHP 5 my script no longer works.

 

I know that in PHP 4 Globals was on. In PHP 5 Globals is Off by default.

 

I could override using a php.ini file in the directory, but this is a hack and does not fix the problem.

 

I know what the problem is, but can't for the life of me figure out how to correct it for PHP 5 and Globals Off. The script has a password field and then if correct logs in the user. If not the error is given.

 

So... I know I need to update the syntacs but I have no idea what to do here. If I can get some help on thi spart, I can then correct the rest of the script.

 

The variable $adpasswd is set and pulled from the config.php file. A form is used to login and checks against the config.php to see if the password is correct. If it is you login, if not the error is shown.

 

Thank you ahead of time for your help.

 

Here is the part in question:

 

session_start();
include("templates/header.tpl");
include("config.php");

if(!isset($adminuser)){
if(!isset($action)){
include("templates/login.tpl");
}else{
if($adminpass != $adpasswd){
include("templates/login.tpl");
echo "<table width='100%' border='0' cellspacing='3' cellpadding='3'><tr><td class='message_error' align='center'>Invalid Password, Please Try Again!</td></tr></table>";
}else{
$adminuser = "yes";
session_register('adminuser');
$action = "loggedin";
}
}
}

if(isset($adminuser)){
dbconnect();
include('templates/menu.tpl');

if($action == "loggedin"){
$message = "<tr><td><table width='100%' border='0' cellspacing='3' cellpadding='3'><tr><td class='message_error' align='center'>Hello $contact_name! Nice to see you again. Use the menu above to navigate EzBan.</td></tr></table>";
$msg = $message;
echo $msg;
}

[hitman6003]

Generally speaking, the values that were registered came from the $_POST and $_GET super globals.  I'm assuming that you have a $_POST or $_GET array element with the key "adminpass", along with the other variables.

 

You can recreate the effect using extract (http://www.php.net/extract):

 

extract($_POST);

 

Or you can simply set the values equal to the variable name:

 

$adminpass = $_POST['adminpass']

[redarrow]

hitman i never new that at all i always wanted to no that..........

 

is this correct then

<?php
extract($_POST);
$name=mysql_real_escape_string($name);
$address=mysql_real_escape_string($address);
?>

 

are you saying now the varable is exstacted and set to $_POST cheers mate learnig

 

would you need to use the 3rd premeiter

 

EXTR_OVERWRITE

 

    If there is a collision, overwrite the existing variable.

[hitman6003]

Yes...for example, say you have $_POST like this:

 

$_POST['name'] = 'abcde';
$_POST['pass'] = 'secret';

 

When you "extract" $_POST, it will create variables named "$name" and "$pass" that are equal to their $_POST equivalents.

[redarrow]

thank you so much becouse so many users ask the same quistion cheers mate........

[DonH]

The variable $adpasswd is set and pulled from the config.php file. A form is used to login and checks against the config.php to see if the password is correct. If it is you login, if not the error is shown.

[deadimp]

Just for kicks, this would be the basic functionality of extract($_POST):

foreach ($_POST as $var => &$value) {
$$var=&$value; //Sets variable named $var to reference to that value
}

This, however, is extremely insecure. The reason this was disabled was for security reasons. If you have code that might depend on variables anybody can overwrite that value just by injecting their own POST/GET values.

As painful as it may be, it's better to manually use $_POST['var'] or $_GET['var'], or even $_REQUEST['var'] if you don't want to differ between those environmental variables.