php session() outdated - question

I have the following code and am getting errors. In my research I have discovered this is no longer the proper code and outdated. (versus $_SESSION[ ])

I saw a post that said, if I simply put a "@" in front of the session tag, everything will work. Here is the comment:
"We just have to use @ in front of the deprecated function. No need to change anything as mentioned in above posts. For example: if(!@session_is_registered("username")){ }. Just put @ and problem is solved."

This does eliminate the "errors" but it still doesn't work (FYI - this all worked fine before I transferred to a newer server)

The code blocks are from two pages:

PAGE ONE - LOGIN CHECK
// Register $myusername, $mypassword and redirect to file "login_success.php"
	session_register("myusername");
	session_register("mypassword");
	
ob_start();

// -----------------------------------------------------
include("../_inc/config.php");
// -----------------------------------------------------
$tbl_name="members"; 

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

Open in new window



****** PAGE TWO - LOG-IN SUCCESS
<?php

// Check if session is not registered, redirect back to main page. 
// Put this code in first line of web page.

$userid = $_GET["myusername"];
$myusername=$_POST['myusername'];
$userid = $_GET["user"];

session_start();
$_SESSION['USERNAME'] = $userid;
if(!session_is_registered(myusername)){
	echo '<script language="JavaScript" type="text/javascript">';
	echo 'self.location = "index_main.php?pg=dashboard&user='.$userid.'&chart=pie"';
	echo '</script>';

}

Open in new window


Ive tried several solutions based on online tutorials and posts but still get errors.

Can anyone make suggestions to modify the code I am showing?

My db table is "members" and I have simple "username" and "password" fields

Thank you - Davo
edavoAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Dave BaldwinConnect With a Mentor Fixer of ProblemsCommented:
'session_register' is no longer valid as of PHP 5.4.  You will need to convert your code to the code in your second example.  And the recommendation to put '@' in front of the function to suppress error messages has always been a bad idea because it does not suppress the actual error.  It just hides it.

http://php.net/manual/en/function.session-register.php
0
 
edavoAuthor Commented:
Good direction, but I had already reviewed this. Newbies need more specific details solutions. I finally did solve the problem by changing ONE line of code. If an expert knew the correction and it is only one line, I would suggest they make the change and explain why. I never go to Experts Exchange until I have tried several solutions and finally get frustrated. Im not trying to get Experts to "do" my code for me, rather assist me. I really appreciate the advice I get, its just sometimes, I feel some experts get frustrated with simple questions and many times I feel they assume we didn't research or make efforts before posting sophomoric (newbie) questions. This sounds unappreciative - it is certainly not meant to be. I love experts exchange and the experts have helped me tremendously!
0
 
edavoAuthor Commented:
But again thank you, thank you!
0
 
Dave BaldwinFixer of ProblemsCommented:
If you still have 'session_register' in your LOGIN CHECK then it is still going to fail as of PHP 5.4 because the function no longer exists in that version.

Your second code has 'session_is_registered' and that is also gone as of PHP 5.4.  The rest of that appears to be Ok.

I don't really understand your long post because your original post wasn't very specific.  Between the two pieces of code there is/was more than just one line that needs to be changed.
0
 
Ray PaseurCommented:
Just a thought... Don't wait hours before asking at Experts-Exchange.  Instead, ask questions frequently about best practices, learning resources, etc.  The issues with the PHP session changes have been around for a long time, so long, in fact, that they are called out in E-E articles about the session handlers!  And we have an article that, although it is quite old, still shows the correct design pattern for PHP client authentication.

To this quote...
... a post that said, if I simply put a "@" in front of the session tag, everything will work. Here is the comment:
"We just have to use @ in front of the deprecated function. No need to change anything as mentioned in above posts. For example: if(!@session_is_registered("username")){ }. Just put @ and problem is solved."
That is factually false, and would get me fired immediately if I took that approach at work.  The problem is not solved; it is hidden from your view but still exists.

The dangerous effect of the @ needs to be well understood by every PHP developer.  It does not change the fact of the error; it simply suppresses any visible notification of the error, such as a message warning you about a script failure.  When you see a red "low oil" warning light on your car's dashboard would you cover it up with a piece of black electrical tape?  Or would you add oil so the engine did not burn up?  Putting the @ on a PHP function call is the programmer's equivalent of black electrical tape.  In practice it can lead to a completely silent failure of your script.  Since this is a run time failure, your data can be damaged and you'll never even know until it's too late.

To see what you're setting yourself up for if you use the @ notation in a deployed script, try running this script, shown here in its entirety:
<?php @wtf();

Open in new window

Next, try running it this way, so you can see the failure:
<?php wtf();

Open in new window

Both scripts illustrate a programming blunder, but only one of them will give you the information you need to isolate and correct the error.

PHP is current today at PHP 5.6+ and the older versions are headed for the dustbin; anything before PHP 5.3 is no longer supported at all, not even for security fixes.  You really want to keep your version of PHP up-to-date and you want to use modern best practices in all your deployed applications.  This is the cost of doing business in modern web development.  It may seem like a lot of work to refactor ancient web applications at first, but current best practices include continuous development and deployment cycles that involved refactoring in such a way that you never will find yourself looking at a "deprecated" message.  These practices can keep your applications up-to-date and help you avoid unexpected failures.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.