Solved

php session() outdated - question

Posted on 2014-12-23
5
284 Views
Last Modified: 2014-12-24
I have the following code and am getting errors. In my research I have discovered this is no longer the proper code and outdated. (versus $_SESSION[ ])

I saw a post that said, if I simply put a "@" in front of the session tag, everything will work. Here is the comment:
"We just have to use @ in front of the deprecated function. No need to change anything as mentioned in above posts. For example: if(!@session_is_registered("username")){ }. Just put @ and problem is solved."

This does eliminate the "errors" but it still doesn't work (FYI - this all worked fine before I transferred to a newer server)

The code blocks are from two pages:

PAGE ONE - LOGIN CHECK
// Register $myusername, $mypassword and redirect to file "login_success.php"
	session_register("myusername");
	session_register("mypassword");
	
ob_start();

// -----------------------------------------------------
include("../_inc/config.php");
// -----------------------------------------------------
$tbl_name="members"; 

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

Open in new window



****** PAGE TWO - LOG-IN SUCCESS
<?php

// Check if session is not registered, redirect back to main page. 
// Put this code in first line of web page.

$userid = $_GET["myusername"];
$myusername=$_POST['myusername'];
$userid = $_GET["user"];

session_start();
$_SESSION['USERNAME'] = $userid;
if(!session_is_registered(myusername)){
	echo '<script language="JavaScript" type="text/javascript">';
	echo 'self.location = "index_main.php?pg=dashboard&user='.$userid.'&chart=pie"';
	echo '</script>';

}

Open in new window


Ive tried several solutions based on online tutorials and posts but still get errors.

Can anyone make suggestions to modify the code I am showing?

My db table is "members" and I have simple "username" and "password" fields

Thank you - Davo
0
Comment
Question by:edavo
  • 2
  • 2
5 Comments
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 40516092
'session_register' is no longer valid as of PHP 5.4.  You will need to convert your code to the code in your second example.  And the recommendation to put '@' in front of the function to suppress error messages has always been a bad idea because it does not suppress the actual error.  It just hides it.

http://php.net/manual/en/function.session-register.php
0
 

Author Closing Comment

by:edavo
ID: 40516118
Good direction, but I had already reviewed this. Newbies need more specific details solutions. I finally did solve the problem by changing ONE line of code. If an expert knew the correction and it is only one line, I would suggest they make the change and explain why. I never go to Experts Exchange until I have tried several solutions and finally get frustrated. Im not trying to get Experts to "do" my code for me, rather assist me. I really appreciate the advice I get, its just sometimes, I feel some experts get frustrated with simple questions and many times I feel they assume we didn't research or make efforts before posting sophomoric (newbie) questions. This sounds unappreciative - it is certainly not meant to be. I love experts exchange and the experts have helped me tremendously!
0
 

Author Comment

by:edavo
ID: 40516119
But again thank you, thank you!
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40516169
If you still have 'session_register' in your LOGIN CHECK then it is still going to fail as of PHP 5.4 because the function no longer exists in that version.

Your second code has 'session_is_registered' and that is also gone as of PHP 5.4.  The rest of that appears to be Ok.

I don't really understand your long post because your original post wasn't very specific.  Between the two pieces of code there is/was more than just one line that needs to be changed.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 40516308
Just a thought... Don't wait hours before asking at Experts-Exchange.  Instead, ask questions frequently about best practices, learning resources, etc.  The issues with the PHP session changes have been around for a long time, so long, in fact, that they are called out in E-E articles about the session handlers!  And we have an article that, although it is quite old, still shows the correct design pattern for PHP client authentication.

To this quote...
... a post that said, if I simply put a "@" in front of the session tag, everything will work. Here is the comment:
"We just have to use @ in front of the deprecated function. No need to change anything as mentioned in above posts. For example: if(!@session_is_registered("username")){ }. Just put @ and problem is solved."
That is factually false, and would get me fired immediately if I took that approach at work.  The problem is not solved; it is hidden from your view but still exists.

The dangerous effect of the @ needs to be well understood by every PHP developer.  It does not change the fact of the error; it simply suppresses any visible notification of the error, such as a message warning you about a script failure.  When you see a red "low oil" warning light on your car's dashboard would you cover it up with a piece of black electrical tape?  Or would you add oil so the engine did not burn up?  Putting the @ on a PHP function call is the programmer's equivalent of black electrical tape.  In practice it can lead to a completely silent failure of your script.  Since this is a run time failure, your data can be damaged and you'll never even know until it's too late.

To see what you're setting yourself up for if you use the @ notation in a deployed script, try running this script, shown here in its entirety:
<?php @wtf();

Open in new window

Next, try running it this way, so you can see the failure:
<?php wtf();

Open in new window

Both scripts illustrate a programming blunder, but only one of them will give you the information you need to isolate and correct the error.

PHP is current today at PHP 5.6+ and the older versions are headed for the dustbin; anything before PHP 5.3 is no longer supported at all, not even for security fixes.  You really want to keep your version of PHP up-to-date and you want to use modern best practices in all your deployed applications.  This is the cost of doing business in modern web development.  It may seem like a lot of work to refactor ancient web applications at first, but current best practices include continuous development and deployment cycles that involved refactoring in such a way that you never will find yourself looking at a "deprecated" message.  These practices can keep your applications up-to-date and help you avoid unexpected failures.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Creating and Managing Databases with phpMyAdmin in cPanel.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now