register_globals的可能解决方案

.hi guys i have created a site which uses $_SESSION multiple times. but, there was always an error saying that i shouldn't use such to throw values to other pages. but i found a solution to turn on the register_globals in my php.ini and so it did work. but now, my problem is that i have already had my site hosted online. and the host doesn't have register_globals on. and so my site doesn't work specially on the login part.

.can anyone please tell me what I can use to replace $_SESSION which also has the same function. Thanks in advance guys! More power!

.Alright guys here is the snippet where i am having the errors, please take time to check.:

this is my index.php where the user needs to login:

<form method="post" action="login-exec.php">
<tr>
<td><label for="email">Student Number</label></td>
<td><label for="pass">Password</label></td>
<td></td>
</tr>
<tr>
<td><input type="text" name="Studentno" id="Studentno" tabindex="1" /></td>
<td><input type="password" name="password" id="password" tabindex="2" /></td>
<td><input value="Login" tabindex="3" type="submit" style="background:#06C; color:#fff; cursor:pointer; border-top:solid 1px #CCC; border-left:solid 1px #CCC; border-radius:3px; margin-left:2px;width:60px; height:21px; font-weight:900;"/></td>
</tr>
<tr style="color:#F00;" align="center">
</tr>
</form>

after which, this page named login-exec.php will catch the value of the inputs:

<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Array to store validation errors
$errmsg_arrs = array();
//Validation error flag
$errflags = false;
//Connect to mysql server
$con = mysql_connect(host,user,pw);
if(!$con) 
{
    die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(dtbse);
if(!$db) 
{
    die("Unable to select database");
}

//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) 
{
    $str = @trim($str);
    if(get_magic_quotes_gpc()) 
    {
        $str = stripslashes($str);
    }
    return mysql_real_escape_string($str);
}

//Sanitize the POST values
$Studentno = clean($_POST['Studentno']);
$password = clean($_POST['password']);

//Input Validations
if($Studentno == '') 
{
    $errmsg_arrs[] = '* Student ID missing';
    $errflags = true;
}
if($password == '') 
{
    $errmsg_arrs[] = '* Password missing';
    $errflags = true;
}

//If there are input validations, redirect back to the Studentno form
if($errflags) 
{
    $_SESSION['ERRMSG_ARRS'] = $errmsg_arrs;
    session_write_close();
    header("location: index.php");
    exit();
}

//Create query
if($Studentno!="" and $password!="")
{
$qry="SELECT * FROM `cassw` WHERE studentno='$Studentno' AND password='$password' UNION
      SELECT * FROM `cbaa` WHERE studentno='$Studentno' AND password='$password' UNION
      SELECT * FROM `cedap` WHERE studentno='$Studentno' AND password='$password' UNION
      SELECT * FROM `ceit` WHERE studentno='$Studentno' AND password='$password' UNION 
      SELECT * FROM `cnah` WHERE studentno='$Studentno' AND password='$password'";

$result=mysql_query($qry);
$table = mysql_fetch_assoc($result);
//$row = mysql_fetch_assoc($result);
//$array[] = $row;
$tr = $table['restriction'];
$act = $table['activation'];
//echo $tr;


//Check whether the query was successful or not
    if($result) 
    {
        if((mysql_num_rows($result) == 1) && ($tr ==0) && ($act==1)) 
        {
            //Studentno Successful
            session_regenerate_id();
            //$table = mysql_fetch_assoc($result);
            $_SESSION['studentno'] = $table['studentno'];
            $_SESSION['SESS_FIRST_NAME'] = $table['firstname'];
            $_SESSION['SESS_FIRST_NICK'] = $table['nickname'];
            //$_SESSION['SESS_LAST_NAME'] = $ceit['lastname'];
            session_write_close();
            header("location: Auth.php");
            exit();
        }
        else if((mysql_num_rows($result) == 1) && ($tr ==1) && ($act==1)) 
        {
            //Studentno Successful
            session_regenerate_id();
            //$table = mysql_fetch_assoc($result);
            $_SESSION['studentno'] = $table['studentno'];
            $_SESSION['SESS_FIRST_NAME'] = $table['firstname'];
            $_SESSION['SESS_FIRST_NICK'] = $table['nickname'];
            //$_SESSION['SESS_LAST_NAME'] = $ceit['lastname'];
            session_write_close();
            header("location: AdminPage.php");
            exit();
        }
        else 
        {
            //Studentno failed
            header("location: login-failed.php");
            exit();
        }
    }
    else 
    {
        die("Query failed");
    }
}   
?>

and when the input values passed verification this page will create a session for studentno and then redirects to Auth.php.

here is the code for Auth.php:

<?php
//Start session
session_start();

if(!isset($_SESSION['studentno']) || (trim($_SESSION['studentno']) == '')) 
{
    header("location: access-denied.php");
    exit();
}
    else
    {
            header("location: homepage.php");
            exit();
    }
?>

.when i test this on dreamweaver with php, and mysql. it works fine as it redirects to homepage.php. but when i got it hosted online. it always goes to access-denied.php even though the login is correct.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dongzhi6927 2011-03-27 00:22
关注
You do not need to activate register_globals in order to use persistent $_SESSION variables. In fact, the use of register_globals is strongly discouraged by many developers and deprecated as of PHP 5.3.0.

With register_globals off, we can still define values like:

# foo.php session_start(); $_SESSION['foo'] = 'bar';

and on another page, return that value:

# bar.php session_start(); echo $_SESSION['foo'];

Turning register_globals on would allow us to access that value more easily:

# bar.php session_start(); echo $foo;

but opens up a number of security issues you can read about here.
解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

在CentOS7上安装Xdebug，我得到错误未定义的符号：compiler_globals centos php
2017-06-05 09:09

回答 1 已采纳 Make sure that Xdebug is compiled using right php-config. Manually download xdebug.tgz from https
将大型php项目从register_globals转换为_GET [“param”] php
2011-06-07 04:04

回答 3 已采纳 Although the actual finding/replacing might take more time, doing this manually will most likely r
如果register_globals设置为off，我如何使用会话？ php
2010-01-21 19:14

回答 6 已采纳 All session variables will be in the $_SESSION array. Use $_SESSION['var'] instead of the globally
php.ini没有register_globals,DEDECMS php.ini register_globals must is Off!问题解决方案
2021-04-26 16:26

weixin_39871378的博客刚出的补丁，我就赶快升级，没想到的是当升级快完成的时候出现：php.ini register_globals must is Off然后我就刷新了一下页面，后台无法登录了，只显示一个php.ini register_globals must is Off。前去官方论坛查看...
在php中用$ GLOBALS声明数据库表名 database php
2017-05-26 14:01

回答 2 已采纳 TL;DR: yes, but it depends what you want to improve. The first issue is the global state. In PHP
PHP 5.3 $ GLOBALS无法访问 php
2014-10-09 22:02

回答 1 已采纳 Given your mention of Joomla, and the code's mention of a class JFactory which must be defined els
php GLOBALS会话文件 mysql php
2014-01-06 18:21

回答 3 已采纳 'mysql' => array(), should be 'mysql' => array(
关闭php.ini中register_globals,PHP中register_globals引发的问题
2021-04-26 15:13

鹊雀的博客看了一下，果然是register_globals没开。要信诺立给开是不可能了。。如何有效地改最少的代码，让全部程序正常地跑起来呢。。刚学PHP的时候，官方文档上demo建议用户关闭全局变量并且用$_REQUEST["XXX"]、$_POST["XXX...
$ _SESSION变量在$ GLOBALS中不可见 php
2014-08-20 09:30

回答 1 已采纳 You have to call session_start(); in every page. – Naktibalda Right php.ini shouldn't ha
PHP $ GLOBALS建议 php
2011-03-23 14:46

回答 1 已采纳 Is there any performance or security issues when doing this? No, but it is a bad practice. S
无需打开Register Globals即可抓取IP地址[重复] php
2012-10-05 06:22

回答 1 已采纳 Register Globals is not required to obtain the IP Address, why would you think it is? Get the IP:
php 5.5.7 register_global,关于php：PHP5 $ _SESSION在register_globals关闭时不起作用
2021-04-24 16:04

weixin_39682897的博客我知道，这个问题问了很多遍，但是我找不到解决方案。我已经编码了一个php / JS脚本来从服务器获取数据并显示它们。我正在使用Ajax验证用户是否经过身份验证？我正在使用下面的方法来做到这一点；我的index.php：&gt...
在Query中使用PHP php
2016-03-05 00:14

回答 2 已采纳 You need to use the ?: conditional (AKA ternary) expression. mysqli_query($GLOBALS["___mysqli_sto
dedecms系统php.ini register_globals must is Off的解决方案
2012-04-09 14:42

济宏的博客访问后台，报错如下图：成因：由于register_globals设置控制PHP变量访问范围,...１，如果是独立服务器的用户，可以修改php配置文件中的php.ini,将register_globals=On改为register_globals=Off,然后重启Apache...
PHP中register_globals引发的问题
2015-03-04 21:53

Chrisdowson的博客中的register_globals被禁用了。百度了之后发现一片好文章解释了这个问题。前几天要命了。。因为偷懒，服信建材拿tg的代码来复用了一下，，本地测试完，传到新开的虚拟主机上去。。不能登录，phpinfo();看了一下，...
织梦/dedecms提示php.ini register_globals must is Off!的解决方法
2010-08-10 16:42

huangqingtao的博客解决php.ini register_globals must is Off!方案： 1、如果是独立服务器的用户可以修改php配置文件中的php.ini,将register_globals=On改为register_globals=Off，如果不行也把session.auto_start=1改成...
php globals httprawpostdata,$GLOBALS["HTTP_RAW_POST_DATA"]不能获取到POST数据
2021-04-09 11:07

安会怡的博客 $GLOBALS["HTTP_RAW_POST_DATA"]不能获取到POST数据，有两种可能性：第一是PHP版本大于5.3，第二是php.ini文件中register_globals值没有设置为Off；php://input数据总是跟$GLOBALS["HTTP_RAW_POST_DATA"]相同，但是...
关于php4.2.x的register_globals=off导致变量无法传递的解决方案。
2007-10-11 14:03

army97的博客 1 改php.ini register_globals=On 2 在你程序最开始加 ini_set(register_globals,1); 3 extract($_GET); extract($_POST); extract($_COOKIE); extract($_SERVER); extract($_FILES); 4改apache的httpd.conf ...
Phalcon4框架入门踩坑，502解决方案
2021-07-11 12:09

旨酒当歌的博客 Phalcon框架安装：phalcon源安装，pecl编译安装 pear/pecl报错解决：安装新版pear
PHP 5.4弃Register Globals增Traits
2012-03-12 10:04

糖糖糖糖糖糖糖糖糖糖糖糖糖糖糖糖糖糖的博客 PHP 5.4于本月尘埃落定，它是PHP自2009年以来的首次重大更新。该版本对语言部分进行了增强，包括支持Traits和移除部分争议特性。\Traits\同Java和.NET一样，PHP使用单一继承模型。虽然这种模型足够应付大部分用例...
没有解决我的问题, 去提问

悬赏问题

¥15 神经网络预测均方误差很小但是图像上看着差别太大
¥15 Oracle中如何从clob类型截取特定字符串后面的字符
¥15 想通过pywinauto自动电机应用程序按钮，但是找不到应用程序按钮信息
¥15 如何在炒股软件中，爬到我想看的日k线
¥15 seatunnel 怎么配置Elasticsearch
¥15 PSCAD安装问题 ERROR: Visual Studio 2013, 2015, 2017 or 2019 is not found in the system.
¥15 (标签-MATLAB|关键词-多址)
¥15 关于#MATLAB#的问题，如何解决？（相关搜索：信噪比，系统容量）
¥500 52810做蓝牙接受端
¥15 基于PLC的三轴机械手程序

register_globals的可能解决方案

1条回答 默认 最新

悬赏问题

1条回答默认最新