register_globals causing me problems

[CR0W]

Can anyone please HELP??

 

My host has updated it's PHP version to 5.x.x and my shopping cart script no longer works, it just shows EMPTY, I believe the problem is because register_globals is now off. I have read and read for hours on register_globals

isset($_SESSION['cart']);

$_SESSION['cart']="$cart";

$cart=$_SESSION["cart"];

and PHPSESSID but I just cant figure it out, the script below will run fine stand alone on PHP v4), but not on the server with the updated PHP 5.x.x.

 

any help would be more than appreciated:

 

<FORM action="shopping_cart.php" method="POST">
Solar Cell £9.95<br>Qty: 
<INPUT TYPE="text" NAME="qty" VALUE="1" size="1"> Solar Cell
<INPUT type="submit" name="add" value="Add to basket">
<INPUT type="hidden" name="product" value="Solar Cell"">
<INPUT type="hidden" name="unit_price" value="9.95">
<INPUT type="hidden" name="weight" value="1"></FORM>

 

 

<?php
session_cache_limiter ('none');
session_start();
session_register ("cart");


$cur_bef = "£";             	// currency symbol before the price
$cur_aft = ""; 		// currency symbol after the price

/* correct the price. If the price is not numeric, the function will return "-"  */
function correct ($price) {

$price = str_replace (",", ".", $price);
if (is_numeric ($price)) {
	$price = str_replace (" ","", $price);
	$price = round ($price, 2);
	$price_split = split ("\.", $price);
	if ((strlen (strval ($price_split[1])) == 1) && $price_split[1]) $price = $price ."0";
	if (!$price_split[1]) $price = $price .".00";
	} else {
	$price = "-";
}
return $price;
}

// the above should be called before the header
// include "header.txt";       
echo "<html><body>";                                      

// If no errors found. 
if (!$error_message) {

// add a new product into the shopping basket. 
if ($add && ereg("^[0-9]+$", $qty)) {		
	$product = stripslashes ($product);

	if ($option1) {
		$option1 = stripslashes ($option1);
		$option1 = split (";", $option1);
		$unit_price = $unit_price + $option1[1];
		$option1 = $option1[0];
		$product .= " $option1";
	}

	if ($option2) {
		$option2 = stripslashes ($option2);
		$option2 = split (";", $option2);
		$unit_price = $unit_price + $option2[1];
		$option2 = $option2[0];
		$product .= " $option2";
	}

	if ($option3) {
		$option3 = stripslashes ($option3);
		$option3 = split (";", $option3);
		$unit_price = $unit_price + $option3[1];
		$option3 = $option3[0];
		$product .= " $option3";
	}

	if ($option4) {
		$option4 = stripslashes ($option4);
		$option4 = split (";", $option4);
		$unit_price = $unit_price + $option4[1];
		$option4 = $option4[0];
		$product .= " $option4";
	}

	if ($option5) {
		$option5 = stripslashes ($option5);
		$option5 = split (";", $option5);
		$unit_price = $unit_price + $option5[1];
		$option5 = $option5[0];
		$product .= " $option5";
	}

	$qty = str_replace (",", ".", $qty);
	if (!is_numeric ($weight)) $weight = "0.00";


if (isset($_SESSION['cart'])) {

    foreach ($_SESSION['cart'] as $key => $val) {
             if ($cart[$key]['product'] == $product) {
                 $cart[$key]['qty'] += $qty;
                 $new_qty = 1;
             }
    }
}

	if (!$cart || !$new_qty) {
		$id = md5 ($product);
		$cart[$id][product] = $product;
		$cart[$id][qty] = $qty;
		$cart[$id][unit_price] = $unit_price;
		$cart[$id][weight] = $weight;
	}
	unset ($product, $option1, $option2, $option3, $option4, $option5, $qty, $unit_price, $weight, $key);
}

// update a product´s quantity in the shopping basket. 
if ($cart && $update) foreach ($_SESSION['cart'] as $key => $val) if ($$key && ereg("^[0-9]+$", $$key)) $cart[$key][qty] = $$key;

//  remove a product from the shopping basket. 
if ($cart && $remove) foreach ($_SESSION['cart'] as $key => $val) if ($$key) unset ($cart[$key]);

// empty the shopping basket.
if ($cart && $empty) {
	unset ($cart);
	session_unset();
}

// show the shopping basket page. 
echo "<H3>Shopping Basket</H3>\n\n";

// If the Cookies are disabled. 
// print "PHPSESSID=".session_id();
if (!$PHPSESSID) echo "<P>We encountered a small problem!<br> Your shopping basket is not working properly. Please enable 

Cookies.</P>";

// show the shopping basket.
if ($cart) {
	echo "<TABLE cellpadding=5 cellspacing=3 border=0 width=\"100%\">\n\n";
// Products.
	echo "<TR>";
	echo "<TD valign=\"bottom\"><font class=\"small\">Product</font></TD>";
	echo "<TD valign=\"bottom\" align=\"center\"><font class=\"small\">Qty</font></TD>";
	echo "<TD valign=\"bottom\" align=\"center\"><font class=\"small\">Unit Price</font></TD>";
	echo "<TD valign=\"bottom\" align=\"center\"><font class=\"small\">Subtotal</font></TD>";
	echo "<TD valign=\"bottom\" align=\"center\"><font class=\"small\">Action</font></TD>";
	echo "</TR>\n\n";

	foreach ($_SESSION['cart'] as $key => $val) {
		$product = $cart[$key][product];
		$qty = $cart[$key][qty];
		$unit_price = correct ($cart[$key][unit_price]);
		$weight = $qty * $cart[$key][weight];
		$total_weight = $total_weight + $weight;
		$subtotal = correct ($qty * $unit_price); // line total
		$total = correct ($total + $subtotal); // products total

		echo "<FORM action=\"shopping_cart.php\" method=\"POST\" class=\"inline\">";
		echo "<TR>";
		echo "<TD class=\"grayborder\">$product</TD>";
		echo "<TD align=\"center\" class=\"grayborder\"><INPUT TYPE=\"text\" NAME=\"$key\" VALUE=\"$qty\" SIZE=2></TD>";
		echo "<TD align=\"right\" class=\"grayborder\">$cur_bef$unit_price$cur_aft</TD>";
		echo "<TD align=\"right\" class=\"grayborder\">$cur_bef$subtotal$cur_aft</TD>";
		echo "<TD align=\"center\" class=\"grayborder\"><INPUT type=\"submit\" name=\"remove\" 

value=\"Delete\"><br><INPUT type=\"submit\" name=\"update\" value=\"Update\"></TD>";
		echo "</TR>\n";
		echo "</FORM>";
	}

// Total. 
	echo "<TR>";
	echo "<TD align=\"right\" colspan=3><font class=\"small\">Total</font></TD>";
	echo "<TD align=\"right\" class=\"grayfill\">$cur_bef$total$cur_aft</TD>";
	echo "</TR>\n\n";
	echo "</TABLE>\n\n";

// "Empty" button is hidden by default. You may show it if you like it. 
echo "<FORM action=\"shopping_cart.php\" method=\"POST\" class=\"inline\"><INPUT type=\"submit\" name=\"empty\" value=\"Empty Shopping 

Basket\"></FORM>";  
}

// If shopping basket is empty,
if (!$cart) echo "<P>Your shopping Basket is empty.</P>";
?>

<H3>Payment Method</H3>

<table>
<tr>
<td>
Choose your method of payment: 
</td>
</tr>
<tr>
<td>
<FORM action="order.php" method="post" class="inline">
<select name="payment">
<option value="">Please Select</option>
<option value="banktransfer">Bank Transfer</option>
<option value="cash">Cash/Cheque/Postal Order</option>
</select>
</td>
</tr>
<tr>
<td>
<INPUT type="submit" value="Continue">
</FORM>
</td>
</tr>
</table>


<?php

// show a "Previous page" link, if JavaScript is enabled. 
	echo "<SCRIPT language=\"JavaScript\" type=\"Text/JavaScript\">\n";
	echo "document.writeln ('<P><A HREF=\"javascript:history.go(-1)\">< Previous page</A></P>');\n";
	echo "</SCRIPT>\n\n";

}

// show an error message. 
if ($error_message) {
echo "<H3>We encountered a small problem!</H3>\n\n";
echo "<P>$error_message</P>\n\n";

// show a "Previous page" button, if JavaScript is enabled. 
echo "<SCRIPT language=\"JavaScript\" type=\"Text/JavaScript\">\n";
echo "document.writeln ('<P><A HREF=\"javascript:history.go(-1)\">< Previous page</A></P>');\n";
echo "</SCRIPT>\n\n";
}

// include "footer.txt";
echo "</body></html>";

?>

 

[wildteen88]

There is no need to call the session_register function when creating a session variable. The use of this function is now depreciated.

 

Looking at your script it looks like you should change all instance of $cart to $_SESSION['cart']

 

Also you'll need to change variables which access form field values too the new $_POST superglobals, so $form_field_name should be $_POST['form_field_name'] the same for a any URL variables, eg instead of $my_url_var it should be $_GET['my_url_var'];

 

You should read up on superglobals

[PFMaBiSmAd]

Turning on full php error reporting will help in identifying what variables were previously being populated due to register globals, because most of them will generate "undefined" notice messages when register globals are off.

[CR0W]

Thank you wildteen88 I have managed to progress a little by replacing code as you suggested and turning on error reporting as suggested by PFMaBiSmAd but I still can not make it function, there are several things I simply don't understand, I don't think I have the knowledge required to fix this myself. 

 

Should anyone have php5 or above and a little free time maybe you would be good enough to have a little look (test).  The php code above, is totally complete it just needs the sample item html <form> code to be added to a separate html page, then click the button add to basket.  As you will then see this will work on php4 but not php5.

 

Thanks in advance to anyone who may be able to help in any way.

[wildteen88]

Did you code this yourself? or did you download this script from somewhere or someone else coded it for you? If its any of the latter then I suggest you to either find an updated script or get in contact with the author of the script.

 

We cant really correct the script to work with register globals being off. This is one of the many pains of scripts which rely upon register_globals being off.

[CR0W]

Thanks for your reply wildteen88

 

A friend coded it over 5 years ago, he said he didn't know php but it was something he knocked up, he then went globe trotting and so I have eventually lost contact.  Over the years I have made amendments too keep it running as various upgrades in php versions came along, but this time I am stumped!!  I have been trying various things and reading all weekend trying different things, but my knowledge is simply not enough.  I'm sure it's not really that difficult to sort, but it's just beyond my skill level.  I would change the cart, but it means totally rewriting my websites, which I have built around this cart and fully understand how it works.  Incorporating a new cart into my sites would be a mammoth task.  So the best solution at present is to try and fix what I have.

 

I would even be willing to pay someone a few quid if it could be sorted.