edavo
asked on
php session() outdated - question
I have the following code and am getting errors. In my research I have discovered this is no longer the proper code and outdated. (versus $_SESSION[ ])
I saw a post that said, if I simply put a "@" in front of the session tag, everything will work. Here is the comment:
"We just have to use @ in front of the deprecated function. No need to change anything as mentioned in above posts. For example: if(!@session_is_registered ("username ")){ }. Just put @ and problem is solved."
This does eliminate the "errors" but it still doesn't work (FYI - this all worked fine before I transferred to a newer server)
The code blocks are from two pages:
PAGE ONE - LOGIN CHECK
****** PAGE TWO - LOG-IN SUCCESS
Ive tried several solutions based on online tutorials and posts but still get errors.
Can anyone make suggestions to modify the code I am showing?
My db table is "members" and I have simple "username" and "password" fields
Thank you - Davo
I saw a post that said, if I simply put a "@" in front of the session tag, everything will work. Here is the comment:
"We just have to use @ in front of the deprecated function. No need to change anything as mentioned in above posts. For example: if(!@session_is_registered
This does eliminate the "errors" but it still doesn't work (FYI - this all worked fine before I transferred to a newer server)
The code blocks are from two pages:
PAGE ONE - LOGIN CHECK
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
ob_start();
// -----------------------------------------------------
include("../_inc/config.php");
// -----------------------------------------------------
$tbl_name="members";
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
****** PAGE TWO - LOG-IN SUCCESS
<?php
// Check if session is not registered, redirect back to main page.
// Put this code in first line of web page.
$userid = $_GET["myusername"];
$myusername=$_POST['myusername'];
$userid = $_GET["user"];
session_start();
$_SESSION['USERNAME'] = $userid;
if(!session_is_registered(myusername)){
echo '<script language="JavaScript" type="text/javascript">';
echo 'self.location = "index_main.php?pg=dashboard&user='.$userid.'&chart=pie"';
echo '</script>';
}
Ive tried several solutions based on online tutorials and posts but still get errors.
Can anyone make suggestions to modify the code I am showing?
My db table is "members" and I have simple "username" and "password" fields
Thank you - Davo
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
But again thank you, thank you!
If you still have 'session_register' in your LOGIN CHECK then it is still going to fail as of PHP 5.4 because the function no longer exists in that version.
Your second code has 'session_is_registered' and that is also gone as of PHP 5.4. The rest of that appears to be Ok.
I don't really understand your long post because your original post wasn't very specific. Between the two pieces of code there is/was more than just one line that needs to be changed.
Your second code has 'session_is_registered' and that is also gone as of PHP 5.4. The rest of that appears to be Ok.
I don't really understand your long post because your original post wasn't very specific. Between the two pieces of code there is/was more than just one line that needs to be changed.
Just a thought... Don't wait hours before asking at Experts-Exchange. Instead, ask questions frequently about best practices, learning resources, etc. The issues with the PHP session changes have been around for a long time, so long, in fact, that they are called out in E-E articles about the session handlers! And we have an article that, although it is quite old, still shows the correct design pattern for PHP client authentication.
To this quote...
The dangerous effect of the @ needs to be well understood by every PHP developer. It does not change the fact of the error; it simply suppresses any visible notification of the error, such as a message warning you about a script failure. When you see a red "low oil" warning light on your car's dashboard would you cover it up with a piece of black electrical tape? Or would you add oil so the engine did not burn up? Putting the @ on a PHP function call is the programmer's equivalent of black electrical tape. In practice it can lead to a completely silent failure of your script. Since this is a run time failure, your data can be damaged and you'll never even know until it's too late.
To see what you're setting yourself up for if you use the @ notation in a deployed script, try running this script, shown here in its entirety:
PHP is current today at PHP 5.6+ and the older versions are headed for the dustbin; anything before PHP 5.3 is no longer supported at all, not even for security fixes. You really want to keep your version of PHP up-to-date and you want to use modern best practices in all your deployed applications. This is the cost of doing business in modern web development. It may seem like a lot of work to refactor ancient web applications at first, but current best practices include continuous development and deployment cycles that involved refactoring in such a way that you never will find yourself looking at a "deprecated" message. These practices can keep your applications up-to-date and help you avoid unexpected failures.
To this quote...
... a post that said, if I simply put a "@" in front of the session tag, everything will work. Here is the comment:That is factually false, and would get me fired immediately if I took that approach at work. The problem is not solved; it is hidden from your view but still exists.
"We just have to use @ in front of the deprecated function. No need to change anything as mentioned in above posts. For example: if(!@session_is_registered("username ")){ }. Just put @ and problem is solved."
The dangerous effect of the @ needs to be well understood by every PHP developer. It does not change the fact of the error; it simply suppresses any visible notification of the error, such as a message warning you about a script failure. When you see a red "low oil" warning light on your car's dashboard would you cover it up with a piece of black electrical tape? Or would you add oil so the engine did not burn up? Putting the @ on a PHP function call is the programmer's equivalent of black electrical tape. In practice it can lead to a completely silent failure of your script. Since this is a run time failure, your data can be damaged and you'll never even know until it's too late.
To see what you're setting yourself up for if you use the @ notation in a deployed script, try running this script, shown here in its entirety:
<?php @wtf();
Next, try running it this way, so you can see the failure:<?php wtf();
Both scripts illustrate a programming blunder, but only one of them will give you the information you need to isolate and correct the error.PHP is current today at PHP 5.6+ and the older versions are headed for the dustbin; anything before PHP 5.3 is no longer supported at all, not even for security fixes. You really want to keep your version of PHP up-to-date and you want to use modern best practices in all your deployed applications. This is the cost of doing business in modern web development. It may seem like a lot of work to refactor ancient web applications at first, but current best practices include continuous development and deployment cycles that involved refactoring in such a way that you never will find yourself looking at a "deprecated" message. These practices can keep your applications up-to-date and help you avoid unexpected failures.
ASKER