orbitalnets Posted March 15, 2008 Share Posted March 15, 2008 Dear All, I am trying a simple login form with a session register. But I am user PHP5 with register globals turn off. <?php require_once('../connect/orbitalnets.php'); ?> <?php // Login & Set Level $myUsername_rsLogin = "0"; if (isset($_POST['username'])) { $myUsername_rsLogin = (get_magic_quotes_gpc()) ? $_POST['username'] : addslashes($_POST['username']); } $myPassword_rsLogin = "0"; if (isset($_POST['password'])) { $myPassword_rsLogin = (get_magic_quotes_gpc()) ? $_POST['password'] : addslashes($_POST['password']); } mysql_select_db($database_orbitalnets, $orbitalnets); // Verify Login is correct $query_rsLogin = sprintf("SELECT username, password, accesscode FROM users WHERE username= '%s' AND password = '%s'", $myUsername_rsLogin,$myPassword_rsLogin); $rsLogin = mysql_query($query_rsLogin, $orbitalnets) or die(mysql_error()); $row_rsLogin = mysql_fetch_assoc($rsLogin); $totalRows_rsLogin = mysql_num_rows($rsLogin); ?> <?php // Login and Set Level - Main if($_POST['action']=="login"){ if($totalRows_rsLogin==0){ $errorMessage = "User name or password not recognised"; mysql_free_result($rsLogin); } else { mysql_free_result($rsLogin); session_register("userSession"); $_POST['userSession'] = $_POST['username']; session_register("levelSession"); $_POST['levelSession'] = $row_rsLogin['accesscode']; header("Location: default.php"); } } ?> And in the default.php page this: <?php // Check User Level session_start(); if(!isset($_SESSION['levelSession'])){ header("Location: login.php"); } else { if($_SESSION['levelSession'] > 0){ header("Location: login.php"); } } ?> I understand that I can not use session_register because I have register globals turn off. What should I use instead? Let me know. Dwayne Quote Link to comment Share on other sites More sharing options...
blackwinter Posted March 15, 2008 Share Posted March 15, 2008 I would say use maybe cookies or what you can do is setup a database session type like have the code get your visitors IP and check the DB for that IP and make sure the session is current and if its not go to the login. You know what I mean ? Quote Link to comment Share on other sites More sharing options...
orbitalnets Posted March 15, 2008 Author Share Posted March 15, 2008 Are cookies the way to go in this case? I have converting all my scripts to fit PHP5. I understand that I should use superglobals for this? Or is it a combination of cookies and superglobals? Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted March 15, 2008 Share Posted March 15, 2008 turning off register_globals has nothing to do with how SESSIONs work, except you have to use the $_SESSION[] super-global, which is what you should use anyway, imo. Forget session_register, forget cookies. Just use the $_SESSION[] super-global instead. page1.php: session_start(); $_SESSION['somekey'] = 24; page2.php session_start(); echo "SESSION['somekey'] = ".$_SESSION['somekey']; Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.