?
Solved

php session() outdated - question

Posted on 2014-12-23
5
Medium Priority
?
297 Views
Last Modified: 2014-12-24
I have the following code and am getting errors. In my research I have discovered this is no longer the proper code and outdated. (versus $_SESSION[ ])

I saw a post that said, if I simply put a "@" in front of the session tag, everything will work. Here is the comment:
"We just have to use @ in front of the deprecated function. No need to change anything as mentioned in above posts. For example: if(!@session_is_registered("username")){ }. Just put @ and problem is solved."

This does eliminate the "errors" but it still doesn't work (FYI - this all worked fine before I transferred to a newer server)

The code blocks are from two pages:

PAGE ONE - LOGIN CHECK
// Register $myusername, $mypassword and redirect to file "login_success.php"
	session_register("myusername");
	session_register("mypassword");
	
ob_start();

// -----------------------------------------------------
include("../_inc/config.php");
// -----------------------------------------------------
$tbl_name="members"; 

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

Open in new window



****** PAGE TWO - LOG-IN SUCCESS
<?php

// Check if session is not registered, redirect back to main page. 
// Put this code in first line of web page.

$userid = $_GET["myusername"];
$myusername=$_POST['myusername'];
$userid = $_GET["user"];

session_start();
$_SESSION['USERNAME'] = $userid;
if(!session_is_registered(myusername)){
	echo '<script language="JavaScript" type="text/javascript">';
	echo 'self.location = "index_main.php?pg=dashboard&user='.$userid.'&chart=pie"';
	echo '</script>';

}

Open in new window


Ive tried several solutions based on online tutorials and posts but still get errors.

Can anyone make suggestions to modify the code I am showing?

My db table is "members" and I have simple "username" and "password" fields

Thank you - Davo
0
Comment
Question by:edavo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 1500 total points
ID: 40516092
'session_register' is no longer valid as of PHP 5.4.  You will need to convert your code to the code in your second example.  And the recommendation to put '@' in front of the function to suppress error messages has always been a bad idea because it does not suppress the actual error.  It just hides it.

http://php.net/manual/en/function.session-register.php
0
 

Author Closing Comment

by:edavo
ID: 40516118
Good direction, but I had already reviewed this. Newbies need more specific details solutions. I finally did solve the problem by changing ONE line of code. If an expert knew the correction and it is only one line, I would suggest they make the change and explain why. I never go to Experts Exchange until I have tried several solutions and finally get frustrated. Im not trying to get Experts to "do" my code for me, rather assist me. I really appreciate the advice I get, its just sometimes, I feel some experts get frustrated with simple questions and many times I feel they assume we didn't research or make efforts before posting sophomoric (newbie) questions. This sounds unappreciative - it is certainly not meant to be. I love experts exchange and the experts have helped me tremendously!
0
 

Author Comment

by:edavo
ID: 40516119
But again thank you, thank you!
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40516169
If you still have 'session_register' in your LOGIN CHECK then it is still going to fail as of PHP 5.4 because the function no longer exists in that version.

Your second code has 'session_is_registered' and that is also gone as of PHP 5.4.  The rest of that appears to be Ok.

I don't really understand your long post because your original post wasn't very specific.  Between the two pieces of code there is/was more than just one line that needs to be changed.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40516308
Just a thought... Don't wait hours before asking at Experts-Exchange.  Instead, ask questions frequently about best practices, learning resources, etc.  The issues with the PHP session changes have been around for a long time, so long, in fact, that they are called out in E-E articles about the session handlers!  And we have an article that, although it is quite old, still shows the correct design pattern for PHP client authentication.

To this quote...
... a post that said, if I simply put a "@" in front of the session tag, everything will work. Here is the comment:
"We just have to use @ in front of the deprecated function. No need to change anything as mentioned in above posts. For example: if(!@session_is_registered("username")){ }. Just put @ and problem is solved."
That is factually false, and would get me fired immediately if I took that approach at work.  The problem is not solved; it is hidden from your view but still exists.

The dangerous effect of the @ needs to be well understood by every PHP developer.  It does not change the fact of the error; it simply suppresses any visible notification of the error, such as a message warning you about a script failure.  When you see a red "low oil" warning light on your car's dashboard would you cover it up with a piece of black electrical tape?  Or would you add oil so the engine did not burn up?  Putting the @ on a PHP function call is the programmer's equivalent of black electrical tape.  In practice it can lead to a completely silent failure of your script.  Since this is a run time failure, your data can be damaged and you'll never even know until it's too late.

To see what you're setting yourself up for if you use the @ notation in a deployed script, try running this script, shown here in its entirety:
<?php @wtf();

Open in new window

Next, try running it this way, so you can see the failure:
<?php wtf();

Open in new window

Both scripts illustrate a programming blunder, but only one of them will give you the information you need to isolate and correct the error.

PHP is current today at PHP 5.6+ and the older versions are headed for the dustbin; anything before PHP 5.3 is no longer supported at all, not even for security fixes.  You really want to keep your version of PHP up-to-date and you want to use modern best practices in all your deployed applications.  This is the cost of doing business in modern web development.  It may seem like a lot of work to refactor ancient web applications at first, but current best practices include continuous development and deployment cycles that involved refactoring in such a way that you never will find yourself looking at a "deprecated" message.  These practices can keep your applications up-to-date and help you avoid unexpected failures.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
In this blog post, we’ll look at how using thread_statistics can cause high memory usage.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question