Solved

PHP Register global

Posted on 2016-08-22
21
63 Views
Last Modified: 2016-08-23
Hi,
On PHP 5.2, where should be the option to declare variable as Register global one? Within httpd.conf, I cannot find out such option.
0
Comment
Question by:HuaMinChen
  • 8
  • 5
  • 3
  • +4
21 Comments
 
LVL 2

Expert Comment

by:Kyaw Wanna
Comment Utility
If you means "on/off " of register_global, should configure in php.ini.

Register_globals=0;
0
 
LVL 10

Author Comment

by:HuaMinChen
Comment Utility
I do not see php.ini file and should I create it?

How to further declare variable for Register global use, within PHP files?
0
 
LVL 21

Expert Comment

by:Kim Walker
Comment Utility
I recognize that this is a continuation of this question that veered off topic. Thank you for starting a new question but I'm afraid you're still asking the wrong question. As I understand from the previous question, the question is really about getting a variable from one page to pass to the next page. In the other question we strongly suggested that you avoid using register globals and session_register which are now deprecated and removed because of the security issues. Allow me to address the situation using the recommended approach.

You have two files, login.php and login_menu.php. As I understand it, $username and $passwd are being defined in login.php but you need to use them again in login_menu.php. So what we need to do, is to store those values in the $_SESSION superglobal at the very end of login.php. Please find the very last exit PHP flag (?>) in login.php. It could be at the very end or it may have some HTML after it. When you've found it, enter the following just before it.
$_SESSION['username'] = $username;
$_SESSION['passwd'] = $passwd;
?>

Open in new window

Now modify the beginning of login_menu.php so it will define a new $username and $passwd from the $_SESSION superglobal. (See lines 14 and 15.)
<?php
//...
//...
error_reporting(E_ALL);
ini_set('display_errors','on');
require_once("login_fns.php");
require_once("..\lib\db_fns.php");

ob_start();
session_start();
if (isset($_SESSION['username']) && isset($_SESSION['passwd']) )
// they have just tried logging in
{
	$username = $_SESSION['username'];
	$passwd = $_SESSION['passwd'];
...

Open in new window

0
 
LVL 34

Expert Comment

by:gr8gonzo
Comment Utility
1. You can find out where your php.ini file is by simply creating a new PHP script and put this line in it:
<?php phpinfo(); ?>

Save and visit the page and you will see all sorts of settings and configurations. In the first section, it will tell you the location for the php.ini file. You also don't HAVE to have a php.ini file. It will use defaults if you don't have a php.ini file.

2. You don't declare variables for "register global use". The register_globals setting will automatically create variables for you. So if you normally had $_GET["myvariable"] with a value of 1, then if register_globals was enabled, then you would automatically have another copy of that variable called $myvariable with a value of 1. So you could use either $_GET["myvariable"] or $myvariable.

3. Register_globals is bad. You should not use it. It is very insecure and can lead to problems. That is why it is turned off by default and it is completely deprecated in recent versions.
2
 
LVL 21

Expert Comment

by:Kim Walker
Comment Utility
@gr8gonzo, in the author's previous question we determined that they are using PHP 5.2 and register_globals is already turned on.
0
 
LVL 20

Expert Comment

by:steelseth12
Comment Utility
register_globals was turned off by default in PHP 4.2.
@HuaMinChen register_globals is a security threat.
Please consider that it was turned off by default almost 15 years ago you should take the advice Ray Paseur gave you in your previous question and use an up to date secure method to authenticate your users.
1
 
LVL 10

Author Comment

by:HuaMinChen
Comment Utility
I have line like

register_globals = On

to file php.ini-dist

Here is login.php
<?
//Author:jack
//Date:30/03/09
 global $username, $passwd;
 $username='';
 $passwd='';
 session_register("username","passwd");
 require_once("login_fns.php");

 do_html_header("Login");

 display_site_info(); 
 display_login_form();

 do_html_footer();
 $_SESSION['username'] = $username;
 $_SESSION['passwd'] = $passwd;
?>

Open in new window

and login_menu_php
<?
//Author:jack	Desc:Login validation program
//Created Date: 15/04/09  Modified Date: 15:08 30/11/10
error_reporting(E_ALL);
ini_set('display_errors','on');
require_once("login_fns.php");
require_once("..\lib\db_fns.php");

ob_start();
session_start();
//if ($username && $passwd)
//if (session_is_registered("username") && session_is_registered("passwd") )
if (isset($_SESSION['username']) && isset($_SESSION['passwd']) )
// they have just tried logging in
{
      echo "DEBUG: iiiValid User = {$username}<br/>";
    if (login($username, $passwd))
    {
      echo "DEBUG: dddValid User = jjj<br/>";
      // if they are in the database register the user id
      $valid_user = $username;
      echo "DEBUG: Valid User = {$valid_user}<br/>";
      session_register("valid_user");
	  $conn = df_conn();
	  $sql="select top 1 principal from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $pri=$qry[principal];
      session_register("pri");
	  $sql="select top 1 territory from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $g_area=$qry[territory];
	  session_register("g_area");
	  $g_multiarea = str_replace(",", chr(13), $g_area);
	  session_register("g_multiarea");
    }  
    else
    {
      // unsuccessful login
      do_html_header("Problem:");
      echo "You could not be logged in. 
            You must be logged in to view this page.";
      do_html_url("login.php", "Login");
      do_html_footer();
      exit;
    }      
}

check_valid_user();
setcookie("username", $username);
?>

<head>
<title>Zimnet A4 Menu</title>
</head>
<link rel="stylesheet" href="../styles.css" type="text/css">
<body style="background-color:white;">

<table width="100%"  border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
  <tr> 
    <td height="21" bgcolor="#495e83"></td>
    <td height="21" bgcolor="#495e83"></td>
  </tr>
  <tr> 
    <td height="120" align="left" valign="middle" bgcolor="#FFFFFF"> <img alt="" src="../images/company_name.gif" width="368" height="110"> 
    </td>
    <td align="right" width="287"><img alt="" src="../images/header_graphic.jpg" width="287" height="119"></td>
  </tr>
  <tr> 
    <td height="35" valign="middle" bgcolor="#495e83"> &nbsp; &nbsp; &nbsp; </td>
    <td bgcolor="#495e83"></td>
  </tr>
  <tr>
    <td height="1"><img alt="" src="../images/spacer.gif" width="1" height="1"></td>
    <td height="1"><img alt="" src="../images/spacer.gif" width="1" height="1"></td>
  </tr>
  <tr background="../images/links_bot_fill.gif">
    <td height="30">&nbsp;</td>
    <td>&nbsp;</td>
  </tr>
</table>

<img src="../images/RightImage1570.jpg" alt="" name="zimpic1" width="112" height="533" align="right">
<script language="JavaScript" src="zam.js"></script>
<?
  $conn = df_conn();
  $sql="select top 10000 * from user_role where username='$username'";
  $rst = odbc_exec($conn,$sql);
  $qry = odbc_fetch_array($rst);
  echo "<script language=\"JavaScript\" src=\"zam_items_das.js\"></script>";
  
 if ($qry['role_code']=="DAS")  {
 echo "<script language=\"JavaScript\" src=\"zam_items_das.js\"></script>";
 }
 else if ($qry['role_code']=="DPC")
 {
 echo "<script language=\"JavaScript\" src=\"zam_items_dpc.js\"></script>";
 }
 else if ($qry['role_code']=="ACS")
 {
 echo "<script language=\"JavaScript\" src=\"zam_items_ACS.js\"></script>";
 }
  else if ($qry['role_code']=="ACP")
 {
 echo "<script language=\"JavaScript\" src=\"zam_items_ACP.js\"></script>";
 }
  else if ($qry['role_code']=="ACX")
 {
 echo "<script language=\"JavaScript\" src=\"zam_items_ACX.js\"></script>";
 }
 else if ($qry['role_code']=="ADM")
 echo "<script language=\"JavaScript\" src=\"zam_items_adm.js\"></script>";
?>
<table cellpadding="50" cellspacing="0" border="8" width="80%" style="background-color:white;position:absolute;top:180px;left:80px;">
<tr>
	<td>
	<script language="JavaScript">

	<!--//
		new tree (TREE_ITEMS, TREE_TPL);

	//-->
	</script>
	</td>
</tr>
</table>


<?

echo "<div class=\"loginas\">";
echo "<p>Welcome <br>$valid_user<br>($g_area)</p>";
echo "<div>";
ob_end_flush();
?>

Open in new window

but I still get this problem
6v.png
0
 
LVL 2

Expert Comment

by:Kyaw Wanna
Comment Utility
Hello, Sorry for my reply is being late.
Did you copy "register_globals = On" from php.ini-dist to php.ini?
If not, please copy and let me know if still has problem.
0
 
LVL 10

Author Comment

by:HuaMinChen
Comment Utility
I've just put such line into file

C:\AppServ\php5\php.ini

and then have re-started httpd but I've still got the same problem as currently shown in above.
0
 
LVL 21

Expert Comment

by:Kim Walker
Comment Utility
You did not make the edits to login_menu.php as I instructed. Specifically lines 14 and 15.
<?php
//...
//...
error_reporting(E_ALL);
ini_set('display_errors','on');
require_once("login_fns.php");
require_once("..\lib\db_fns.php");

ob_start();
session_start();
if (isset($_SESSION['username']) && isset($_SESSION['passwd']) )
// they have just tried logging in
{
	$username = $_SESSION['username'];
	$passwd = $_SESSION['passwd'];
...

Open in new window

1
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 10

Author Comment

by:HuaMinChen
Comment Utility
Many thanks. I have
<?
//...
//...
error_reporting(E_ALL);
ini_set('display_errors','on');
require_once("login_fns.php");
require_once("..\lib\db_fns.php");

ob_start();
session_start();
//if ($username && $passwd)
//if (session_is_registered("username") && session_is_registered("passwd") )
if (isset($_SESSION['username']) && isset($_SESSION['passwd']) )
// they have just tried logging in
{
	$username = $_SESSION['username'];
	$passwd = $_SESSION['passwd'];
...

Open in new window


but on last line in above, I still get empty username.
0
 
LVL 51

Expert Comment

by:Julian Hansen
Comment Utility
I think we are muddying the water here. In his previous question we attempted to discover where $username and $passwd were being set - they were not being defined anywhere which was identified as a problem - at the time register_globals was not on the radar - so there was a piece missing.
As a result of this, and based on our recommendations, the asker appears to have declared the two variables and initialised them to empty strings. It is possible that this is wiping out the registered versions of the variables coming in from the form.

While we all agree that dependence on deprecated features is not the way to go - the asker has a situation where he is porting code from one server to another. Right or wrong the code is a currently production (working) code base - that is simply being moved. As per accepted change control procedures rewriting code as part of a code move is not a great idea.

My recommendation then is
a) Make a fresh copy of the code base from the working server
b) Make sure register_globals=on in the PHP.INI file on the new server
c) Test the login process

Once working - the next step would be for the asker to initiate a project on his side to upgrade the code base - if it is something deemed necessary by his organisation.
1
 
LVL 10

Author Comment

by:HuaMinChen
Comment Utility
Julian,
Can I know why my current codes in above, are not working as expected?
0
 
LVL 51

Expert Comment

by:Julian Hansen
Comment Utility
Have you modified the original code from the working server - or is the code that is on the new server an exact copy?
0
 
LVL 10

Author Comment

by:HuaMinChen
Comment Utility
Yes, the current PHP files are exactly copies from working server.

Why aren't the current codes I've shown in above, working as expected?
0
 
LVL 51

Assisted Solution

by:Julian Hansen
Julian Hansen earned 500 total points
Comment Utility
This confuses me (from this post https://www.experts-exchange.com/questions/28964920/PHP-Register-global.html#a41766320) login.php looks like this
<?
//Author:jack
//Date:30/03/09
 global $username, $passwd; /* NEW */
 $username='';  /* NEW */
 $passwd=''; /* NEW */
 session_register("username","passwd"); /* NEW */
 require_once("login_fns.php");

 do_html_header("Login");

 display_site_info(); 
 display_login_form();

 do_html_footer();
 $_SESSION['username'] = $username; /* NEW */
 $_SESSION['passwd'] = $passwd; /* NEW */
?>

Open in new window

Yet your original login.php looks like this
<?
//Author:jack
//Date:30/03/09
 require_once("login_fns.php");

 do_html_header("Login");

 display_site_info(); 
 display_login_form();

 do_html_footer();
?>

Open in new window

1
 
LVL 10

Author Comment

by:HuaMinChen
Comment Utility
Here is login.php
<?
 //global $username, $passwd;
 //$username='';
 //$passwd='';
 //session_register("username","passwd");
 require_once("login_fns.php");

 do_html_header("Login");

 display_site_info(); 
 display_login_form();

 do_html_footer();
 //$_SESSION['username'] = $username;
 //$_SESSION['passwd'] = $passwd;
?>

Open in new window


and login_menu.php
<?
error_reporting(E_ALL);
ini_set('display_errors','on');
require_once("login_fns.php");
require_once("..\lib\db_fns.php");

ob_start();
session_start();
if ($username && $passwd)
//if (session_is_registered("username") && session_is_registered("passwd") )
//if (isset($_SESSION['username']) && isset($_SESSION['passwd']) )
// they have just tried logging in
{
	//$username = $_SESSION['username'];
	//$passwd = $_SESSION['passwd'];
      echo "DEBUG: iii User name = {$username}<br/>";
      echo "DEBUG: iii passwd = {$passwd}<br/>";
    if (login($username, $passwd))
    {
      echo "DEBUG: dddValid User = jjj<br/>";
      // if they are in the database register the user id
      $valid_user = $username;
      echo "DEBUG: Valid User = {$valid_user}<br/>";
      session_register("valid_user");
	  $conn = df_conn();
	  $sql="select top 1 principal from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $pri=$qry[principal];
      session_register("pri");
	  $sql="select top 1 territory from user_acct where username='$username'";
	  $rst = odbc_exec($conn,$sql);
	  $qry = odbc_fetch_array($rst);
	  $g_area=$qry[territory];
	  session_register("g_area");
	  $g_multiarea = str_replace(",", chr(13), $g_area);
	  session_register("g_multiarea");
    }  
    else
    {
      // unsuccessful login
      do_html_header("Problem:");
      echo "You could not be logged in. 
            You must be logged in to view this page.";
      do_html_url("login.php", "Login");
      do_html_footer();
      exit;
    }      
}

check_valid_user();
setcookie("username", $username);
?>

<head>
<title>Zimnet A4 Menu</title>
</head>
<link rel="stylesheet" href="../styles.css" type="text/css">
<body style="background-color:white;">

<table width="100%"  border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
  <tr> 
    <td height="21" bgcolor="#495e83"></td>
    <td height="21" bgcolor="#495e83"></td>
  </tr>
  <tr> 
    <td height="120" align="left" valign="middle" bgcolor="#FFFFFF"> <img alt="" src="../images/company_name.gif" width="368" height="110"> 
    </td>
    <td align="right" width="287"><img alt="" src="../images/header_graphic.jpg" width="287" height="119"></td>
  </tr>
  <tr> 
    <td height="35" valign="middle" bgcolor="#495e83"> &nbsp; &nbsp; &nbsp; </td>
    <td bgcolor="#495e83"></td>
  </tr>
  <tr>
    <td height="1"><img alt="" src="../images/spacer.gif" width="1" height="1"></td>
    <td height="1"><img alt="" src="../images/spacer.gif" width="1" height="1"></td>
  </tr>
  <tr background="../images/links_bot_fill.gif">
    <td height="30">&nbsp;</td>
    <td>&nbsp;</td>
  </tr>
</table>

<img src="../images/RightImage1570.jpg" alt="" name="zimpic1" width="112" height="533" align="right">
<script language="JavaScript" src="zam.js"></script>
<?
  $conn = df_conn();
  $sql="select top 10000 * from user_role where username='$username'";
  $rst = odbc_exec($conn,$sql);
  $qry = odbc_fetch_array($rst);
  echo "<script language=\"JavaScript\" src=\"zam_items_das.js\"></script>";
  
 if ($qry['role_code']=="DAS")  {
 echo "<script language=\"JavaScript\" src=\"zam_items_das.js\"></script>";
 }
 else if ($qry['role_code']=="DPC")
 {
 echo "<script language=\"JavaScript\" src=\"zam_items_dpc.js\"></script>";
 }
 else if ($qry['role_code']=="ACS")
 {
 echo "<script language=\"JavaScript\" src=\"zam_items_ACS.js\"></script>";
 }
  else if ($qry['role_code']=="ACP")
 {
 echo "<script language=\"JavaScript\" src=\"zam_items_ACP.js\"></script>";
 }
  else if ($qry['role_code']=="ACX")
 {
 echo "<script language=\"JavaScript\" src=\"zam_items_ACX.js\"></script>";
 }
 else if ($qry['role_code']=="ADM")
 echo "<script language=\"JavaScript\" src=\"zam_items_adm.js\"></script>";
?>
<table cellpadding="50" cellspacing="0" border="8" width="80%" style="background-color:white;position:absolute;top:180px;left:80px;">
<tr>
	<td>
	<script language="JavaScript">

	<!--//
		new tree (TREE_ITEMS, TREE_TPL);

	//-->
	</script>
	</td>
</tr>
</table>


<?

echo "<div class=\"loginas\">";
echo "<p>Welcome <br>$valid_user<br>($g_area)</p>";
echo "<div>";
ob_end_flush();
?>

Open in new window


I still get


Notice: Undefined variable: username in D:\edi\Zim_GlobalDA\adm\login_menu.php on line 9

You must be logged in to view this page.

You are not logged in.
0
 
LVL 51

Assisted Solution

by:Julian Hansen
Julian Hansen earned 500 total points
Comment Utility
Can you create the following script and post the ouput from it
Source: http://php.net/manual/en/function.php-ini-loaded-file.php#example-582
<?php
$inipath = php_ini_loaded_file();

if ($inipath) {
    echo 'Loaded php.ini: ' . $inipath;
} else {
    echo 'A php.ini file is not loaded';
}
?>

Open in new window

0
 
LVL 10

Author Comment

by:HuaMinChen
Comment Utility
I get this

A php.ini file is not loaded

when running your php file. I appreciate you a lot!
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
@HuaMinChen: PHP Register_Globals  is, and has always been, a bad idea and a dangerous practice.  Don't even think about using it.  Dependency Injection is the correct approach.
https://www.experts-exchange.com/articles/7317/Register-Globals-a-bad-idea-from-day-one.html

PHP 5.2 is obsolete, and has been obsolete for years.  Do not use PHP 5.2.  Do not listen to people who tell you to use PHP 5.2.  Instead, look at the upper right corner of http://php.net and choose one of the currently supported versions of PHP.  Download and install one of the current versions of PHP.

From this and some of your other questions it sounds like you may have "jumped into the deep end" of the PHP swimming pool and you could use a life raft.  There are many good learning resources for PHP, gathered into this article.  If you have a depth of experience in other computer science topics, you can skip over some of this.  But at least it will give you a chance to learn enough of the basics that you will be able to make your way forward in PHP.  More importantly, it will help you avoid the many terrible, dangerous, and outdated PHP examples that litter the internet!
https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html

Couple of other ideas, too.  You may want to refer back to this comment.  And you may want to consider using E-E Gigs to get some hands-on help from an expert.

Best of luck with your learning adventures! ~Ray
0
 
LVL 51

Accepted Solution

by:
Julian Hansen earned 500 total points
Comment Utility
@HuaMinChen,
Before we go any further can we just get some clarity on what your expectations are from this question. As I understand it you are simply wanting to port working code from one (working) server to another new server - is that correct? Or are you looking for advice on how to rewrite the code you have presented to be more in line with current PHP standards? These are two separate issues and if we start confusing them we are going to get into a (bigger) mess.
From where I am sitting you want to port the code and get it working - the reason it is not working (based on your last post) is because your web server has not been configured to find your PHP.INI file.

Step 1: Configure PHP.INI - if you are using the same version of PHP on the new server as the old then you can use the PHP.INI file from the old server as a reference on what to change. Make a copy of the old server PHP.INI and go through the copy making sure all paths are correct for the new server

Step 2: Copy the PHP.INI file to the PHP folder on the new server

Step 3: Configure your web server to use the new PHP.INI file. This depends on which server you are using - I am going to assume Apache 2.2 - you need to post back if it is not
Instructions on how to configure Apache for PHP can be found here
http://editrocket.com/articles/php_apache_windows.html
Relevant content replicated below
This guide assumes you are using apache 2.2. To configure Apache to run PHP, 
the httpd.conf file needs to be modified. This file is located in the apache installation 
directory under the conf folder. Open the httpd.conf file in EditRocket and do the following:

A. Add the following line after all of the LoadModule statements:

LoadModule php5_module "c:/php/php5apache2_2.dll"

B. Search for AddType, and add the following after the last AddType line:

AddType application/x-httpd-php .php

C. Add the PHP location to the end of the httpd.conf file. 
For example, at the end of the file, add the following:

PHPIniDir "c:/php" 

Open in new window

In the above code change c:/php path to match the location of PHP on your new server.

Restart server when done
1

Featured Post

Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This article discusses how to create an extensible mechanism for linked drop downs.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now