Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 12040
  • Last Modified:

Fatal error: Call to undefined function session_is_registered()

Today I started getting this error on my login page.

Fatal error: Call to undefined function session_register() in /home/post22/public_html/parent-corner/checklogin.php on line 33

I understand it has something to do with an upgrade to PHP.. what is the fix? Help.
checklogin.php
0
BHUC
Asked:
BHUC
  • 6
  • 4
  • 4
  • +2
1 Solution
 
Ray PaseurCommented:
Without a little more information about your code base, we might not be able to fix it.  All of the PHP instructions are documented in the online man pages, including session_register() which was deprecated at PHP 5.3 (several years ago) and removed in PHP 5.4.

Depending on your exact code base you may want to read this article about Register Globals, too.  If you read the man page and still don't know what to do, please post the code involved and we can help look for a solution.
0
 
BHUCAuthor Commented:
Ray - I attached the page.... is it not the right page?
0
 
Ray PaseurCommented:
Sorry -- didn't see it (blind).  Here it is in the code snippet, where we have line numbers to facilitate discussion.

<?php
$host="localhost"; // Host name 
$username="*******"; // Mysql username 
$password="********"; // Mysql password 
$db_name="post22_wrdp1"; // Database name 
$tbl_name="FamilyInfo"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$login_row = mysql_fetch_assoc($result);
$FamNum = $login_row['FamilyNumber'];
$PN = $login_row['ID'];
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:ticket-information.php?id=$FamNum&pn=$PN");
}
else {
echo "Wrong Username or Password";
}
?>

Open in new window

0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
GaryCommented:
session_register() is gone in 5.4

Use
$_SESSION['myusername']=$myusername;

edit
Then again that whole page is pretty much deprecated
0
 
BHUCAuthor Commented:
Thanks Gary!

So what does that do to this on the page it goes to?

if(!session_is_registered(myusername)){
header("location:index.php");
}
0
 
GaryCommented:
Change to

if( !isset($_SESSION['myusername']) ){
0
 
Ray PaseurCommented:
This looks like very, very old code and potentially dangerous.  From the inappropriate use of stripslashes() it appears that it was written with the assumption that Magic Quotes was in play, a known security error since 2005.  I can't think of any reason why someone would put the client password into the session array.  If I were you I would want to make refactoring an urgent priority.  You're going to run into the same thing with the MySQL extension soon because PHP is dropping support for the MySQL extension.

Here's the article showing what you must do to keep your scripts running:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/A_11177-PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html

Here's the article that shows the correct design pattern for PHP client authentication:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

Let's try it like this.  It's only a patch, not a fix.
<?php

// ALWAYS START THE SESSION ON EVERY PAGE
session_start();

$host="localhost"; // Host name 
$username="*******"; // Mysql username 
$password="********"; // Mysql password 
$db_name="post22_wrdp1"; // Database name 
$tbl_name="FamilyInfo"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$login_row = mysql_fetch_assoc($result);
$FamNum = $login_row['FamilyNumber'];
$PN = $login_row['ID'];
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

    // SAVE SESSION VARIABLES AND REDIRECT TO "login_success.php"
    $_SESSION['myusername'] = $myusername;
    $_SESSION['mypassword'] = $mypassword;
    header("location:ticket-information.php?id=$FamNum&pn=$PN");
    exit;
}
else {
    echo "Wrong Username or Password";
}

Open in new window

Best of luck with it, ~Ray
0
 
BHUCAuthor Commented:
Thanks to both of you. Ray - I will be doing a lot of reading on this and probably asking more questions. For now, I just need it to work as I rebuild their site.
0
 
GaryCommented:
Did you accept the wrong comment?
0
 
BHUCAuthor Commented:
Yes Gary, I did.. Moving too fast... I will contact about getting that fixed. On a different note, when I change the top to what you showed, it just bounces back to the login screen.
0
 
GaryCommented:
To the beginning of the page (and all pages that use sessions) add

session_start();
0
 
BHUCAuthor Commented:
Thanks.. that worked.. I have requested the points me reassigned.
0
 
Ray PaseurCommented:
I'll write an article about this because I'm sure you're not the only one who will hit this wall.  I have seen an almost identical piece of authentication code in another question recently, so it's probable that this code has been copied far and wide.

Changing from the "registered" functions to the use of $_SESSION is recommended by PHP as an all-or-none activity.  You want to plan remediation for any script that contains these functions:
http://us3.php.net/manual/en/function.session-is-registered.php
http://us3.php.net/manual/en/function.session-register.php
http://us3.php.net/manual/en/function.session-unregister.php

And in every script you will need to use this:
http://us3.php.net/manual/en/function.session-start.php

And be on the lookout for this:
http://us3.php.net/manual/en/function.session-unset.php

An article about the general ideas behind PHP sessions:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11909-PHP-Sessions-Simpler-Than-You-May-Think.html
0
 
BHUCAuthor Commented:
Thanks so much Ray! Love learning new stuff.
0
 
Prisca OkoroCommented:
I haave this error, how do i fix it


Warning: session_start(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /home/excavi5/public_html/app/groundhandling.php on line 29
0
 
Simon OkoroCommented:
I haave this error, how do i fix it


Warning: session_start(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /home/excavi5/public_html/app/groundhandling.php on line 29
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 6
  • 4
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now