Solved

php session() outdated - question

Posted on 2014-12-23
5
294 Views
Last Modified: 2014-12-24
I have the following code and am getting errors. In my research I have discovered this is no longer the proper code and outdated. (versus $_SESSION[ ])

I saw a post that said, if I simply put a "@" in front of the session tag, everything will work. Here is the comment:
"We just have to use @ in front of the deprecated function. No need to change anything as mentioned in above posts. For example: if(!@session_is_registered("username")){ }. Just put @ and problem is solved."

This does eliminate the "errors" but it still doesn't work (FYI - this all worked fine before I transferred to a newer server)

The code blocks are from two pages:

PAGE ONE - LOGIN CHECK
// Register $myusername, $mypassword and redirect to file "login_success.php"
	session_register("myusername");
	session_register("mypassword");
	
ob_start();

// -----------------------------------------------------
include("../_inc/config.php");
// -----------------------------------------------------
$tbl_name="members"; 

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

Open in new window



****** PAGE TWO - LOG-IN SUCCESS
<?php

// Check if session is not registered, redirect back to main page. 
// Put this code in first line of web page.

$userid = $_GET["myusername"];
$myusername=$_POST['myusername'];
$userid = $_GET["user"];

session_start();
$_SESSION['USERNAME'] = $userid;
if(!session_is_registered(myusername)){
	echo '<script language="JavaScript" type="text/javascript">';
	echo 'self.location = "index_main.php?pg=dashboard&user='.$userid.'&chart=pie"';
	echo '</script>';

}

Open in new window


Ive tried several solutions based on online tutorials and posts but still get errors.

Can anyone make suggestions to modify the code I am showing?

My db table is "members" and I have simple "username" and "password" fields

Thank you - Davo
0
Comment
Question by:edavo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 40516092
'session_register' is no longer valid as of PHP 5.4.  You will need to convert your code to the code in your second example.  And the recommendation to put '@' in front of the function to suppress error messages has always been a bad idea because it does not suppress the actual error.  It just hides it.

http://php.net/manual/en/function.session-register.php
0
 

Author Closing Comment

by:edavo
ID: 40516118
Good direction, but I had already reviewed this. Newbies need more specific details solutions. I finally did solve the problem by changing ONE line of code. If an expert knew the correction and it is only one line, I would suggest they make the change and explain why. I never go to Experts Exchange until I have tried several solutions and finally get frustrated. Im not trying to get Experts to "do" my code for me, rather assist me. I really appreciate the advice I get, its just sometimes, I feel some experts get frustrated with simple questions and many times I feel they assume we didn't research or make efforts before posting sophomoric (newbie) questions. This sounds unappreciative - it is certainly not meant to be. I love experts exchange and the experts have helped me tremendously!
0
 

Author Comment

by:edavo
ID: 40516119
But again thank you, thank you!
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40516169
If you still have 'session_register' in your LOGIN CHECK then it is still going to fail as of PHP 5.4 because the function no longer exists in that version.

Your second code has 'session_is_registered' and that is also gone as of PHP 5.4.  The rest of that appears to be Ok.

I don't really understand your long post because your original post wasn't very specific.  Between the two pieces of code there is/was more than just one line that needs to be changed.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 40516308
Just a thought... Don't wait hours before asking at Experts-Exchange.  Instead, ask questions frequently about best practices, learning resources, etc.  The issues with the PHP session changes have been around for a long time, so long, in fact, that they are called out in E-E articles about the session handlers!  And we have an article that, although it is quite old, still shows the correct design pattern for PHP client authentication.

To this quote...
... a post that said, if I simply put a "@" in front of the session tag, everything will work. Here is the comment:
"We just have to use @ in front of the deprecated function. No need to change anything as mentioned in above posts. For example: if(!@session_is_registered("username")){ }. Just put @ and problem is solved."
That is factually false, and would get me fired immediately if I took that approach at work.  The problem is not solved; it is hidden from your view but still exists.

The dangerous effect of the @ needs to be well understood by every PHP developer.  It does not change the fact of the error; it simply suppresses any visible notification of the error, such as a message warning you about a script failure.  When you see a red "low oil" warning light on your car's dashboard would you cover it up with a piece of black electrical tape?  Or would you add oil so the engine did not burn up?  Putting the @ on a PHP function call is the programmer's equivalent of black electrical tape.  In practice it can lead to a completely silent failure of your script.  Since this is a run time failure, your data can be damaged and you'll never even know until it's too late.

To see what you're setting yourself up for if you use the @ notation in a deployed script, try running this script, shown here in its entirety:
<?php @wtf();

Open in new window

Next, try running it this way, so you can see the failure:
<?php wtf();

Open in new window

Both scripts illustrate a programming blunder, but only one of them will give you the information you need to isolate and correct the error.

PHP is current today at PHP 5.6+ and the older versions are headed for the dustbin; anything before PHP 5.3 is no longer supported at all, not even for security fixes.  You really want to keep your version of PHP up-to-date and you want to use modern best practices in all your deployed applications.  This is the cost of doing business in modern web development.  It may seem like a lot of work to refactor ancient web applications at first, but current best practices include continuous development and deployment cycles that involved refactoring in such a way that you never will find yourself looking at a "deprecated" message.  These practices can keep your applications up-to-date and help you avoid unexpected failures.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Help with mod_substitute 18 76
if statement malfunction 5 44
SQL Function 4 38
Code not executing correctly. 3 43
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
This article shows the steps required to install WordPress on Azure. Web Apps, Mobile Apps, API Apps, or Functions, in Azure all these run in an App Service plan. WordPress is no exception and requires an App Service Plan and Database to install
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question