asked on PHP Register global
Hi,
On PHP 5.2, where should be the option to declare variable as Register global one? Within httpd.conf, I cannot find out such option.
On PHP 5.2, where should be the option to declare variable as Register global one? Within httpd.conf, I cannot find out such option.
PHPApache Web ServerWeb ServersWindows Server 2008Web Development
Last Comment
Julian Hansen
ASKER
I do not see php.ini file and should I create it?
How to further declare variable for Register global use, within PHP files?
How to further declare variable for Register global use, within PHP files?
I recognize that this is a continuation of this question that veered off topic. Thank you for starting a new question but I'm afraid you're still asking the wrong question. As I understand from the previous question, the question is really about getting a variable from one page to pass to the next page. In the other question we strongly suggested that you avoid using register globals and session_register which are now deprecated and removed because of the security issues. Allow me to address the situation using the recommended approach.
You have two files, login.php and login_menu.php. As I understand it, $username and $passwd are being defined in login.php but you need to use them again in login_menu.php. So what we need to do, is to store those values in the $_SESSION superglobal at the very end of login.php. Please find the very last exit PHP flag (?>) in login.php. It could be at the very end or it may have some HTML after it. When you've found it, enter the following just before it.
You have two files, login.php and login_menu.php. As I understand it, $username and $passwd are being defined in login.php but you need to use them again in login_menu.php. So what we need to do, is to store those values in the $_SESSION superglobal at the very end of login.php. Please find the very last exit PHP flag (?>) in login.php. It could be at the very end or it may have some HTML after it. When you've found it, enter the following just before it.
$_SESSION['username'] = $username;
$_SESSION['passwd'] = $passwd;
?>
<?php
//...
//...
error_reporting(E_ALL);
ini_set('display_errors','on');
require_once("login_fns.php");
require_once("..\lib\db_fns.php");
ob_start();
session_start();
if (isset($_SESSION['username']) && isset($_SESSION['passwd']) )
// they have just tried logging in
{
$username = $_SESSION['username'];
$passwd = $_SESSION['passwd'];
...
1. You can find out where your php.ini file is by simply creating a new PHP script and put this line in it:
<?php phpinfo(); ?>
Save and visit the page and you will see all sorts of settings and configurations. In the first section, it will tell you the location for the php.ini file. You also don't HAVE to have a php.ini file. It will use defaults if you don't have a php.ini file.
2. You don't declare variables for "register global use". The register_globals setting will automatically create variables for you. So if you normally had $_GET["myvariable"] with a value of 1, then if register_globals was enabled, then you would automatically have another copy of that variable called $myvariable with a value of 1. So you could use either $_GET["myvariable"] or $myvariable.
3. Register_globals is bad. You should not use it. It is very insecure and can lead to problems. That is why it is turned off by default and it is completely deprecated in recent versions.
<?php phpinfo(); ?>
Save and visit the page and you will see all sorts of settings and configurations. In the first section, it will tell you the location for the php.ini file. You also don't HAVE to have a php.ini file. It will use defaults if you don't have a php.ini file.
2. You don't declare variables for "register global use". The register_globals setting will automatically create variables for you. So if you normally had $_GET["myvariable"] with a value of 1, then if register_globals was enabled, then you would automatically have another copy of that variable called $myvariable with a value of 1. So you could use either $_GET["myvariable"] or $myvariable.
3. Register_globals is bad. You should not use it. It is very insecure and can lead to problems. That is why it is turned off by default and it is completely deprecated in recent versions.
@gr8gonzo, in the author's previous question we determined that they are using PHP 5.2 and register_globals is already turned on.
register_globals was turned off by default in PHP 4.2.
@HuaMinChen register_globals is a security threat.
Please consider that it was turned off by default almost 15 years ago you should take the advice Ray Paseur gave you in your previous question and use an up to date secure method to authenticate your users.
@HuaMinChen register_globals is a security threat.
Please consider that it was turned off by default almost 15 years ago you should take the advice Ray Paseur gave you in your previous question and use an up to date secure method to authenticate your users.
ASKER
I have line like
register_globals = On
to file php.ini-dist
Here is login.php
![6v.png]()
register_globals = On
to file php.ini-dist
Here is login.php
<?
//Author:jack
//Date:30/03/09
global $username, $passwd;
$username='';
$passwd='';
session_register("username","passwd");
require_once("login_fns.php");
do_html_header("Login");
display_site_info();
display_login_form();
do_html_footer();
$_SESSION['username'] = $username;
$_SESSION['passwd'] = $passwd;
?>
<?
//Author:jack Desc:Login validation program
//Created Date: 15/04/09 Modified Date: 15:08 30/11/10
error_reporting(E_ALL);
ini_set('display_errors','on');
require_once("login_fns.php");
require_once("..\lib\db_fns.php");
ob_start();
session_start();
//if ($username && $passwd)
//if (session_is_registered("username") && session_is_registered("passwd") )
if (isset($_SESSION['username']) && isset($_SESSION['passwd']) )
// they have just tried logging in
{
echo "DEBUG: iiiValid User = {$username}<br/>";
if (login($username, $passwd))
{
echo "DEBUG: dddValid User = jjj<br/>";
// if they are in the database register the user id
$valid_user = $username;
echo "DEBUG: Valid User = {$valid_user}<br/>";
session_register("valid_user");
$conn = df_conn();
$sql="select top 1 principal from user_acct where username='$username'";
$rst = odbc_exec($conn,$sql);
$qry = odbc_fetch_array($rst);
$pri=$qry[principal];
session_register("pri");
$sql="select top 1 territory from user_acct where username='$username'";
$rst = odbc_exec($conn,$sql);
$qry = odbc_fetch_array($rst);
$g_area=$qry[territory];
session_register("g_area");
$g_multiarea = str_replace(",", chr(13), $g_area);
session_register("g_multiarea");
}
else
{
// unsuccessful login
do_html_header("Problem:");
echo "You could not be logged in.
You must be logged in to view this page.";
do_html_url("login.php", "Login");
do_html_footer();
exit;
}
}
check_valid_user();
setcookie("username", $username);
?>
<head>
<title>Zimnet A4 Menu</title>
</head>
<link rel="stylesheet" href="../styles.css" type="text/css">
<body style="background-color:white;">
<table width="100%" border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
<tr>
<td height="21" bgcolor="#495e83"></td>
<td height="21" bgcolor="#495e83"></td>
</tr>
<tr>
<td height="120" align="left" valign="middle" bgcolor="#FFFFFF"> <img alt="" src="../images/company_name.gif" width="368" height="110">
</td>
<td align="right" width="287"><img alt="" src="../images/header_graphic.jpg" width="287" height="119"></td>
</tr>
<tr>
<td height="35" valign="middle" bgcolor="#495e83"> </td>
<td bgcolor="#495e83"></td>
</tr>
<tr>
<td height="1"><img alt="" src="../images/spacer.gif" width="1" height="1"></td>
<td height="1"><img alt="" src="../images/spacer.gif" width="1" height="1"></td>
</tr>
<tr background="../images/links_bot_fill.gif">
<td height="30"> </td>
<td> </td>
</tr>
</table>
<img src="../images/RightImage1570.jpg" alt="" name="zimpic1" width="112" height="533" align="right">
<script language="JavaScript" src="zam.js"></script>
<?
$conn = df_conn();
$sql="select top 10000 * from user_role where username='$username'";
$rst = odbc_exec($conn,$sql);
$qry = odbc_fetch_array($rst);
echo "<script language=\"JavaScript\" src=\"zam_items_das.js\"></script>";
if ($qry['role_code']=="DAS") {
echo "<script language=\"JavaScript\" src=\"zam_items_das.js\"></script>";
}
else if ($qry['role_code']=="DPC")
{
echo "<script language=\"JavaScript\" src=\"zam_items_dpc.js\"></script>";
}
else if ($qry['role_code']=="ACS")
{
echo "<script language=\"JavaScript\" src=\"zam_items_ACS.js\"></script>";
}
else if ($qry['role_code']=="ACP")
{
echo "<script language=\"JavaScript\" src=\"zam_items_ACP.js\"></script>";
}
else if ($qry['role_code']=="ACX")
{
echo "<script language=\"JavaScript\" src=\"zam_items_ACX.js\"></script>";
}
else if ($qry['role_code']=="ADM")
echo "<script language=\"JavaScript\" src=\"zam_items_adm.js\"></script>";
?>
<table cellpadding="50" cellspacing="0" border="8" width="80%" style="background-color:white;position:absolute;top:180px;left:80px;">
<tr>
<td>
<script language="JavaScript">
<!--//
new tree (TREE_ITEMS, TREE_TPL);
//-->
</script>
</td>
</tr>
</table>
<?
echo "<div class=\"loginas\">";
echo "<p>Welcome <br>$valid_user<br>($g_area)</p>";
echo "<div>";
ob_end_flush();
?>
Hello, Sorry for my reply is being late.
Did you copy "register_globals = On" from php.ini-dist to php.ini?
If not, please copy and let me know if still has problem.
Did you copy "register_globals = On" from php.ini-dist to php.ini?
If not, please copy and let me know if still has problem.
ASKER
I've just put such line into file
and then have re-started httpd but I've still got the same problem as currently shown in above.
C:\AppServ\php5\php.ini
and then have re-started httpd but I've still got the same problem as currently shown in above.
You did not make the edits to login_menu.php as I instructed. Specifically lines 14 and 15.
<?php
//...
//...
error_reporting(E_ALL);
ini_set('display_errors','on');
require_once("login_fns.php");
require_once("..\lib\db_fns.php");
ob_start();
session_start();
if (isset($_SESSION['username']) && isset($_SESSION['passwd']) )
// they have just tried logging in
{
$username = $_SESSION['username'];
$passwd = $_SESSION['passwd'];
...
ASKER
Many thanks. I have
but on last line in above, I still get empty username.
<?
//...
//...
error_reporting(E_ALL);
ini_set('display_errors','on');
require_once("login_fns.php");
require_once("..\lib\db_fns.php");
ob_start();
session_start();
//if ($username && $passwd)
//if (session_is_registered("username") && session_is_registered("passwd") )
if (isset($_SESSION['username']) && isset($_SESSION['passwd']) )
// they have just tried logging in
{
$username = $_SESSION['username'];
$passwd = $_SESSION['passwd'];
...
but on last line in above, I still get empty username.
I think we are muddying the water here. In his previous question we attempted to discover where $username and $passwd were being set - they were not being defined anywhere which was identified as a problem - at the time register_globals was not on the radar - so there was a piece missing.
As a result of this, and based on our recommendations, the asker appears to have declared the two variables and initialised them to empty strings. It is possible that this is wiping out the registered versions of the variables coming in from the form.
While we all agree that dependence on deprecated features is not the way to go - the asker has a situation where he is porting code from one server to another. Right or wrong the code is a currently production (working) code base - that is simply being moved. As per accepted change control procedures rewriting code as part of a code move is not a great idea.
My recommendation then is
a) Make a fresh copy of the code base from the working server
b) Make sure register_globals=on in the PHP.INI file on the new server
c) Test the login process
Once working - the next step would be for the asker to initiate a project on his side to upgrade the code base - if it is something deemed necessary by his organisation.
As a result of this, and based on our recommendations, the asker appears to have declared the two variables and initialised them to empty strings. It is possible that this is wiping out the registered versions of the variables coming in from the form.
While we all agree that dependence on deprecated features is not the way to go - the asker has a situation where he is porting code from one server to another. Right or wrong the code is a currently production (working) code base - that is simply being moved. As per accepted change control procedures rewriting code as part of a code move is not a great idea.
My recommendation then is
a) Make a fresh copy of the code base from the working server
b) Make sure register_globals=on in the PHP.INI file on the new server
c) Test the login process
Once working - the next step would be for the asker to initiate a project on his side to upgrade the code base - if it is something deemed necessary by his organisation.
ASKER
Julian,
Can I know why my current codes in above, are not working as expected?
Can I know why my current codes in above, are not working as expected?
Have you modified the original code from the working server - or is the code that is on the new server an exact copy?
ASKER
Yes, the current PHP files are exactly copies from working server.
Why aren't the current codes I've shown in above, working as expected?
Why aren't the current codes I've shown in above, working as expected?
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Here is login.php
and login_menu.php
I still get
<?
//global $username, $passwd;
//$username='';
//$passwd='';
//session_register("username","passwd");
require_once("login_fns.php");
do_html_header("Login");
display_site_info();
display_login_form();
do_html_footer();
//$_SESSION['username'] = $username;
//$_SESSION['passwd'] = $passwd;
?>
and login_menu.php
<?
error_reporting(E_ALL);
ini_set('display_errors','on');
require_once("login_fns.php");
require_once("..\lib\db_fns.php");
ob_start();
session_start();
if ($username && $passwd)
//if (session_is_registered("username") && session_is_registered("passwd") )
//if (isset($_SESSION['username']) && isset($_SESSION['passwd']) )
// they have just tried logging in
{
//$username = $_SESSION['username'];
//$passwd = $_SESSION['passwd'];
echo "DEBUG: iii User name = {$username}<br/>";
echo "DEBUG: iii passwd = {$passwd}<br/>";
if (login($username, $passwd))
{
echo "DEBUG: dddValid User = jjj<br/>";
// if they are in the database register the user id
$valid_user = $username;
echo "DEBUG: Valid User = {$valid_user}<br/>";
session_register("valid_user");
$conn = df_conn();
$sql="select top 1 principal from user_acct where username='$username'";
$rst = odbc_exec($conn,$sql);
$qry = odbc_fetch_array($rst);
$pri=$qry[principal];
session_register("pri");
$sql="select top 1 territory from user_acct where username='$username'";
$rst = odbc_exec($conn,$sql);
$qry = odbc_fetch_array($rst);
$g_area=$qry[territory];
session_register("g_area");
$g_multiarea = str_replace(",", chr(13), $g_area);
session_register("g_multiarea");
}
else
{
// unsuccessful login
do_html_header("Problem:");
echo "You could not be logged in.
You must be logged in to view this page.";
do_html_url("login.php", "Login");
do_html_footer();
exit;
}
}
check_valid_user();
setcookie("username", $username);
?>
<head>
<title>Zimnet A4 Menu</title>
</head>
<link rel="stylesheet" href="../styles.css" type="text/css">
<body style="background-color:white;">
<table width="100%" border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
<tr>
<td height="21" bgcolor="#495e83"></td>
<td height="21" bgcolor="#495e83"></td>
</tr>
<tr>
<td height="120" align="left" valign="middle" bgcolor="#FFFFFF"> <img alt="" src="../images/company_name.gif" width="368" height="110">
</td>
<td align="right" width="287"><img alt="" src="../images/header_graphic.jpg" width="287" height="119"></td>
</tr>
<tr>
<td height="35" valign="middle" bgcolor="#495e83"> </td>
<td bgcolor="#495e83"></td>
</tr>
<tr>
<td height="1"><img alt="" src="../images/spacer.gif" width="1" height="1"></td>
<td height="1"><img alt="" src="../images/spacer.gif" width="1" height="1"></td>
</tr>
<tr background="../images/links_bot_fill.gif">
<td height="30"> </td>
<td> </td>
</tr>
</table>
<img src="../images/RightImage1570.jpg" alt="" name="zimpic1" width="112" height="533" align="right">
<script language="JavaScript" src="zam.js"></script>
<?
$conn = df_conn();
$sql="select top 10000 * from user_role where username='$username'";
$rst = odbc_exec($conn,$sql);
$qry = odbc_fetch_array($rst);
echo "<script language=\"JavaScript\" src=\"zam_items_das.js\"></script>";
if ($qry['role_code']=="DAS") {
echo "<script language=\"JavaScript\" src=\"zam_items_das.js\"></script>";
}
else if ($qry['role_code']=="DPC")
{
echo "<script language=\"JavaScript\" src=\"zam_items_dpc.js\"></script>";
}
else if ($qry['role_code']=="ACS")
{
echo "<script language=\"JavaScript\" src=\"zam_items_ACS.js\"></script>";
}
else if ($qry['role_code']=="ACP")
{
echo "<script language=\"JavaScript\" src=\"zam_items_ACP.js\"></script>";
}
else if ($qry['role_code']=="ACX")
{
echo "<script language=\"JavaScript\" src=\"zam_items_ACX.js\"></script>";
}
else if ($qry['role_code']=="ADM")
echo "<script language=\"JavaScript\" src=\"zam_items_adm.js\"></script>";
?>
<table cellpadding="50" cellspacing="0" border="8" width="80%" style="background-color:white;position:absolute;top:180px;left:80px;">
<tr>
<td>
<script language="JavaScript">
<!--//
new tree (TREE_ITEMS, TREE_TPL);
//-->
</script>
</td>
</tr>
</table>
<?
echo "<div class=\"loginas\">";
echo "<p>Welcome <br>$valid_user<br>($g_area)</p>";
echo "<div>";
ob_end_flush();
?>
I still get
Notice: Undefined variable: username in D:\edi\Zim_GlobalDA\adm\login_menu.p hp on line 9
You must be logged in to view this page.
You are not logged in.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I get this
when running your php file. I appreciate you a lot!
A php.ini file is not loaded
when running your php file. I appreciate you a lot!
@HuaMinChen: PHP Register_Globals is, and has always been, a bad idea and a dangerous practice. Don't even think about using it. Dependency Injection is the correct approach.
https://www.experts-exchange.com/articles/7317/Register-Globals-a-bad-idea-from-day-one.html
PHP 5.2 is obsolete, and has been obsolete for years. Do not use PHP 5.2. Do not listen to people who tell you to use PHP 5.2. Instead, look at the upper right corner of http://php.net and choose one of the currently supported versions of PHP. Download and install one of the current versions of PHP.
From this and some of your other questions it sounds like you may have "jumped into the deep end" of the PHP swimming pool and you could use a life raft. There are many good learning resources for PHP, gathered into this article. If you have a depth of experience in other computer science topics, you can skip over some of this. But at least it will give you a chance to learn enough of the basics that you will be able to make your way forward in PHP. More importantly, it will help you avoid the many terrible, dangerous, and outdated PHP examples that litter the internet!
https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html
Couple of other ideas, too. You may want to refer back to this comment. And you may want to consider using E-E Gigs to get some hands-on help from an expert.
Best of luck with your learning adventures! ~Ray
https://www.experts-exchange.com/articles/7317/Register-Globals-a-bad-idea-from-day-one.html
PHP 5.2 is obsolete, and has been obsolete for years. Do not use PHP 5.2. Do not listen to people who tell you to use PHP 5.2. Instead, look at the upper right corner of http://php.net and choose one of the currently supported versions of PHP. Download and install one of the current versions of PHP.
From this and some of your other questions it sounds like you may have "jumped into the deep end" of the PHP swimming pool and you could use a life raft. There are many good learning resources for PHP, gathered into this article. If you have a depth of experience in other computer science topics, you can skip over some of this. But at least it will give you a chance to learn enough of the basics that you will be able to make your way forward in PHP. More importantly, it will help you avoid the many terrible, dangerous, and outdated PHP examples that litter the internet!
https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html
Couple of other ideas, too. You may want to refer back to this comment. And you may want to consider using E-E Gigs to get some hands-on help from an expert.
Best of luck with your learning adventures! ~Ray
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Register_globals=0;