Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

php session() outdated - question

Posted on 2014-12-23
5
Medium Priority
?
300 Views
Last Modified: 2014-12-24
I have the following code and am getting errors. In my research I have discovered this is no longer the proper code and outdated. (versus $_SESSION[ ])

I saw a post that said, if I simply put a "@" in front of the session tag, everything will work. Here is the comment:
"We just have to use @ in front of the deprecated function. No need to change anything as mentioned in above posts. For example: if(!@session_is_registered("username")){ }. Just put @ and problem is solved."

This does eliminate the "errors" but it still doesn't work (FYI - this all worked fine before I transferred to a newer server)

The code blocks are from two pages:

PAGE ONE - LOGIN CHECK
// Register $myusername, $mypassword and redirect to file "login_success.php"
	session_register("myusername");
	session_register("mypassword");
	
ob_start();

// -----------------------------------------------------
include("../_inc/config.php");
// -----------------------------------------------------
$tbl_name="members"; 

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

Open in new window



****** PAGE TWO - LOG-IN SUCCESS
<?php

// Check if session is not registered, redirect back to main page. 
// Put this code in first line of web page.

$userid = $_GET["myusername"];
$myusername=$_POST['myusername'];
$userid = $_GET["user"];

session_start();
$_SESSION['USERNAME'] = $userid;
if(!session_is_registered(myusername)){
	echo '<script language="JavaScript" type="text/javascript">';
	echo 'self.location = "index_main.php?pg=dashboard&user='.$userid.'&chart=pie"';
	echo '</script>';

}

Open in new window


Ive tried several solutions based on online tutorials and posts but still get errors.

Can anyone make suggestions to modify the code I am showing?

My db table is "members" and I have simple "username" and "password" fields

Thank you - Davo
0
Comment
Question by:edavo
  • 2
  • 2
5 Comments
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 1500 total points
ID: 40516092
'session_register' is no longer valid as of PHP 5.4.  You will need to convert your code to the code in your second example.  And the recommendation to put '@' in front of the function to suppress error messages has always been a bad idea because it does not suppress the actual error.  It just hides it.

http://php.net/manual/en/function.session-register.php
0
 

Author Closing Comment

by:edavo
ID: 40516118
Good direction, but I had already reviewed this. Newbies need more specific details solutions. I finally did solve the problem by changing ONE line of code. If an expert knew the correction and it is only one line, I would suggest they make the change and explain why. I never go to Experts Exchange until I have tried several solutions and finally get frustrated. Im not trying to get Experts to "do" my code for me, rather assist me. I really appreciate the advice I get, its just sometimes, I feel some experts get frustrated with simple questions and many times I feel they assume we didn't research or make efforts before posting sophomoric (newbie) questions. This sounds unappreciative - it is certainly not meant to be. I love experts exchange and the experts have helped me tremendously!
0
 

Author Comment

by:edavo
ID: 40516119
But again thank you, thank you!
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40516169
If you still have 'session_register' in your LOGIN CHECK then it is still going to fail as of PHP 5.4 because the function no longer exists in that version.

Your second code has 'session_is_registered' and that is also gone as of PHP 5.4.  The rest of that appears to be Ok.

I don't really understand your long post because your original post wasn't very specific.  Between the two pieces of code there is/was more than just one line that needs to be changed.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40516308
Just a thought... Don't wait hours before asking at Experts-Exchange.  Instead, ask questions frequently about best practices, learning resources, etc.  The issues with the PHP session changes have been around for a long time, so long, in fact, that they are called out in E-E articles about the session handlers!  And we have an article that, although it is quite old, still shows the correct design pattern for PHP client authentication.

To this quote...
... a post that said, if I simply put a "@" in front of the session tag, everything will work. Here is the comment:
"We just have to use @ in front of the deprecated function. No need to change anything as mentioned in above posts. For example: if(!@session_is_registered("username")){ }. Just put @ and problem is solved."
That is factually false, and would get me fired immediately if I took that approach at work.  The problem is not solved; it is hidden from your view but still exists.

The dangerous effect of the @ needs to be well understood by every PHP developer.  It does not change the fact of the error; it simply suppresses any visible notification of the error, such as a message warning you about a script failure.  When you see a red "low oil" warning light on your car's dashboard would you cover it up with a piece of black electrical tape?  Or would you add oil so the engine did not burn up?  Putting the @ on a PHP function call is the programmer's equivalent of black electrical tape.  In practice it can lead to a completely silent failure of your script.  Since this is a run time failure, your data can be damaged and you'll never even know until it's too late.

To see what you're setting yourself up for if you use the @ notation in a deployed script, try running this script, shown here in its entirety:
<?php @wtf();

Open in new window

Next, try running it this way, so you can see the failure:
<?php wtf();

Open in new window

Both scripts illustrate a programming blunder, but only one of them will give you the information you need to isolate and correct the error.

PHP is current today at PHP 5.6+ and the older versions are headed for the dustbin; anything before PHP 5.3 is no longer supported at all, not even for security fixes.  You really want to keep your version of PHP up-to-date and you want to use modern best practices in all your deployed applications.  This is the cost of doing business in modern web development.  It may seem like a lot of work to refactor ancient web applications at first, but current best practices include continuous development and deployment cycles that involved refactoring in such a way that you never will find yourself looking at a "deprecated" message.  These practices can keep your applications up-to-date and help you avoid unexpected failures.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
In this article, I’ll talk about multi-threaded slave statistics printed in MySQL error log file.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question