Session problems with register globals enabled

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Manu J
    #1

    Session problems with register globals enabled

    Hi,
    i have a login script which makes use of sessions.

    Login script
    ***********

    session_start()
    .....
    .....
    ....
    if(!empty($row["roll_no"]))
    {
    $_SESSION['bo_id']=$bo_id;
    $_SESSION['pass']=$passw;
    .....
    .....

    and sets the session varaibles if authentication is successful.

    Then there is another script which is used to check if the user is
    ADMIN


    session_start() ;
    .....
    ......

    function isadmin()
    {
    if($_SESSION['bo_id'] != "ADMIN")
    {
    global $wwwroot;
    include("style. html");
    ?>
    <html><head><ti tle>Must Be admin</title>
    <meta http-equiv="Refresh"
    content="5 ; URL=<?=$wwwroot ?>/userf/login.php">
    </head>
    <br><br><center >
    <font color="brown">< h4>Only Administerators Can Access
    This Page</h4></font>
    <br>You will be redirected to <a
    href="<?=$wwwro ot?>/userf/login.php">Logi n Page</a> in 5 seconds
    </center></body></html>

    <?
    exit;
    }
    }


    Now with the newer PHP versions(that which comes with RH9 ) all this
    works perfectly.
    (Register globals is off and session.auto_st art is 1 )
    But with older PHP versions 4.1.2 etc this script doesn't work because
    $_SESSION['bo_id'] is empty in the admin authentication script(2nd
    script).
    But this session variable is set in the login script !!
    (In old PHP versions register globals is on and session_auto_st art is
    off)

    Can anyone plz tell me how to make this work in all PHP versions!!

    Thanx
    Manu
    Tags: None
    • Erwin Moller
      #2
      Re: Session problems with register globals enabled

      <snip>
      [color=blue]
      >
      > Now with the newer PHP versions(that which comes with RH9 ) all this
      > works perfectly.
      > (Register globals is off and session.auto_st art is 1 )
      > But with older PHP versions 4.1.2 etc this script doesn't work because
      > $_SESSION['bo_id'] is empty in the admin authentication script(2nd
      > script).
      > But this session variable is set in the login script !!
      > (In old PHP versions register globals is on and session_auto_st art is
      > off)
      >
      > Can anyone plz tell me how to make this work in all PHP versions!!
      >
      > Thanx
      > Manu[/color]

      Hi Manu,

      That is probably because $_SESSION[] array is new. So in your older versions
      of PHP you just create the $_SESSION-array and store something in it.
      That is why your other script cannot retrieve values from it because it
      simply isn't there. (It is destroyed as the script ends)

      You can always use $HTTP_SESSION_V ARS[] to get/set values in your session,
      allthough it is not superglobal as $_SESSION is.

      So you should make it global if you cannot reach it somewhere (function).

      Hope this helps.

      Regards,
      Erwin Moller


        Comment

        Previous template Next
        Working...