Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Fatal error: Call to undefined function session_is_registered()

Posted on 2014-06-09
17
Medium Priority
?
11,348 Views
Last Modified: 2016-12-01
Today I started getting this error on my login page.

Fatal error: Call to undefined function session_register() in /home/post22/public_html/parent-corner/checklogin.php on line 33

I understand it has something to do with an upgrade to PHP.. what is the fix? Help.
checklogin.php
0
Comment
Question by:BHUC
  • 6
  • 4
  • 4
  • +2
16 Comments
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40122409
Without a little more information about your code base, we might not be able to fix it.  All of the PHP instructions are documented in the online man pages, including session_register() which was deprecated at PHP 5.3 (several years ago) and removed in PHP 5.4.

Depending on your exact code base you may want to read this article about Register Globals, too.  If you read the man page and still don't know what to do, please post the code involved and we can help look for a solution.
0
 

Author Comment

by:BHUC
ID: 40122415
Ray - I attached the page.... is it not the right page?
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40122424
Sorry -- didn't see it (blind).  Here it is in the code snippet, where we have line numbers to facilitate discussion.

<?php
$host="localhost"; // Host name 
$username="*******"; // Mysql username 
$password="********"; // Mysql password 
$db_name="post22_wrdp1"; // Database name 
$tbl_name="FamilyInfo"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$login_row = mysql_fetch_assoc($result);
$FamNum = $login_row['FamilyNumber'];
$PN = $login_row['ID'];
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:ticket-information.php?id=$FamNum&pn=$PN");
}
else {
echo "Wrong Username or Password";
}
?>

Open in new window

0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 58

Expert Comment

by:Gary
ID: 40122437
session_register() is gone in 5.4

Use
$_SESSION['myusername']=$myusername;

edit
Then again that whole page is pretty much deprecated
0
 

Author Comment

by:BHUC
ID: 40122446
Thanks Gary!

So what does that do to this on the page it goes to?

if(!session_is_registered(myusername)){
header("location:index.php");
}
0
 
LVL 58

Accepted Solution

by:
Gary earned 2000 total points
ID: 40122457
Change to

if( !isset($_SESSION['myusername']) ){
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40122459
This looks like very, very old code and potentially dangerous.  From the inappropriate use of stripslashes() it appears that it was written with the assumption that Magic Quotes was in play, a known security error since 2005.  I can't think of any reason why someone would put the client password into the session array.  If I were you I would want to make refactoring an urgent priority.  You're going to run into the same thing with the MySQL extension soon because PHP is dropping support for the MySQL extension.

Here's the article showing what you must do to keep your scripts running:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/A_11177-PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html

Here's the article that shows the correct design pattern for PHP client authentication:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

Let's try it like this.  It's only a patch, not a fix.
<?php

// ALWAYS START THE SESSION ON EVERY PAGE
session_start();

$host="localhost"; // Host name 
$username="*******"; // Mysql username 
$password="********"; // Mysql password 
$db_name="post22_wrdp1"; // Database name 
$tbl_name="FamilyInfo"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$login_row = mysql_fetch_assoc($result);
$FamNum = $login_row['FamilyNumber'];
$PN = $login_row['ID'];
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

    // SAVE SESSION VARIABLES AND REDIRECT TO "login_success.php"
    $_SESSION['myusername'] = $myusername;
    $_SESSION['mypassword'] = $mypassword;
    header("location:ticket-information.php?id=$FamNum&pn=$PN");
    exit;
}
else {
    echo "Wrong Username or Password";
}

Open in new window

Best of luck with it, ~Ray
0
 

Author Comment

by:BHUC
ID: 40122482
Thanks to both of you. Ray - I will be doing a lot of reading on this and probably asking more questions. For now, I just need it to work as I rebuild their site.
0
 
LVL 58

Expert Comment

by:Gary
ID: 40122485
Did you accept the wrong comment?
0
 

Author Comment

by:BHUC
ID: 40122491
Yes Gary, I did.. Moving too fast... I will contact about getting that fixed. On a different note, when I change the top to what you showed, it just bounces back to the login screen.
0
 
LVL 58

Expert Comment

by:Gary
ID: 40122496
To the beginning of the page (and all pages that use sessions) add

session_start();
0
 

Author Comment

by:BHUC
ID: 40122500
Thanks.. that worked.. I have requested the points me reassigned.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40122523
I'll write an article about this because I'm sure you're not the only one who will hit this wall.  I have seen an almost identical piece of authentication code in another question recently, so it's probable that this code has been copied far and wide.

Changing from the "registered" functions to the use of $_SESSION is recommended by PHP as an all-or-none activity.  You want to plan remediation for any script that contains these functions:
http://us3.php.net/manual/en/function.session-is-registered.php
http://us3.php.net/manual/en/function.session-register.php
http://us3.php.net/manual/en/function.session-unregister.php

And in every script you will need to use this:
http://us3.php.net/manual/en/function.session-start.php

And be on the lookout for this:
http://us3.php.net/manual/en/function.session-unset.php

An article about the general ideas behind PHP sessions:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11909-PHP-Sessions-Simpler-Than-You-May-Think.html
0
 

Author Comment

by:BHUC
ID: 40122536
Thanks so much Ray! Love learning new stuff.
0
 

Expert Comment

by:Prisca Okoro
ID: 41908982
I haave this error, how do i fix it


Warning: session_start(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /home/excavi5/public_html/app/groundhandling.php on line 29
0
 

Expert Comment

by:Simon Okoro
ID: 41908987
I haave this error, how do i fix it


Warning: session_start(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /home/excavi5/public_html/app/groundhandling.php on line 29
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question