Does registered globals effect $_SESSION

Client Joined: Oct 07, 2003 Posts: 735 Location: Ohio

If they are turned off would this effect $_SESSION variable?

This code no longer works.

Code:

if (!defined('MODULE_FILE')) { 


    die ("You can't access this file directly..."); 


} 





require_once("mainfile.php"); 


$module_name = basename(dirname(__FILE__)); 


get_lang($module_name); 


global $prefix, $db; 





$nukeusername = $userinfo['username']; 


 





$sql = "SELECT * FROM ".$prefix."_milpacs_members WHERE nukeusername='$nukeusername'"; 


   $result = $db->sql_query($sql); 


   if ($db->sql_numrows($result) > 0) { 


       @session_destroy(); 


       session_start(); 


       $_SESSION['loggedin1'] = 1;       


       Header("Location: modules.php?name=MILPACS&file=viewdrill"); 


    } else { 


       @session_destroy(); 


       session_start(); 


       $_SESSION['loggedin1'] = 0;       


       Header("Location: modules.php?name=MILPACS&file=accessdenied"); 


    } 


    die(); 





?>

Posted: Mon Jun 12, 2006 8:26 am

I think I understand that these are not automatically created for you by PHP when the register_globals setting Off but if $_SESSION is a superglobal then isn't this different? I could use the variables $_GET, $_POST, $_COOKIE, $_ENV, $_SERVER and $_SESSION without having to reference them as globals first.

Posted: Mon Jun 12, 2006 9:23 am

My front part of viewdrill page looks like this.

Code:

if (!defined('MODULE_FILE')) { 


    die ("You can't access this file directly..."); 


}





require_once("common.php");





if (!milpacs_is_user())


{


    Header("Location: modules.php?name=MILPACS&file=checkuser");


}

And my common is this:

Code:

if ( !defined('MODULE_FILE') )


{


   die("You can't access this file directly...");


}





session_start();





function milpacs_is_user()


{


    global $db, $prefix;





   if (isset($_SESSION['loggedin1']) AND $_SESSION['loggedin1'] == 1)


    {


   $nukeusername = $userinfo['username'];


    $query = "SELECT * FROM ".$prefix."_milpacs_members WHERE nukeusername ='$nukeusername'";


      $result = $db->sql_query($query);


      if ($row = $db->sql_fetchrow($result)) {


           return true;


        } else {


           return false;


        }


    } else {


       return false;


    }


}


?>

Posted: Mon Jun 12, 2006 9:45 am

Instead of "and"ing the test of the value of $_session with the test for whether it is set, why don't you put the test for the value inside the test for whether it is set and only execute it if it's set? I don't think you want to be testing the value of a variable that is not set.

As to the larger question, I'd suggest using the isset function as a diagnostic and echoing something out if the $_session variable isn't set where you would expect it to be. That way you'd know for sure.

Posted: Mon Jun 12, 2006 10:58 am

I kept looking at common.php and asked myself why I even need it in the first place. If I set the session in checkuser all I need in viewdrill and drillreport is the following:

Code:

session_start();





if ($_SESSION['loggedin1'] ) {





..








}


else


{


        $_SESSION['loggedin1'] = 0;


    Header("Location: modules.php?name=MILPACS&file=checkuser");


}

common.php was confusing no???

I got rid of it and modified my script and poof...it works. Very Happy

registered · Posted: Tue Jun 13, 2006 6:50 am

Quote:

I could use the variables $_GET, $_POST, $_COOKIE, $_ENV, $_SERVER and $_SESSION without having to reference them as globals first.

I just wanted to respond to this one question. You never have to declare superglobals. They are what I like to call "scopeless".

I just found another useful one the other day called $GLOBALS. You can "stuff" your own variables into this associative array (just make sure the names are unique!) and they are immediately useable everywhere. Can be handy at times when one has nested functions (which is all over nuke!).

Posted: Tue Jun 13, 2006 11:29 am

Donovan wrote:

I got rid of it and modified my script and poof...it works. Very Happy

I spoke to soon. Mad

This does not work.

Code:

if (!defined('MODULE_FILE')) { 


    die ("You can't access this file directly..."); 


} 





require_once("mainfile.php"); 


$module_name = basename(dirname(__FILE__)); 


get_lang($module_name); 


global $prefix, $db; 





$nukeusername = $userinfo['username']; 





//echo "$nukeusername"; 





$sql = "SELECT * FROM ".$prefix."_milpacs_members WHERE nukeusername='$nukeusername'"; 


   $result = $db->sql_query($sql); 


   if ($db->sql_numrows($result) > 0) {  


      session_destroy();


       session_start(); 


       $_SESSION['loggedin1'] = 1;       


       Header("Location: modules.php?name=MILPACS&file=viewdrill"); 


    } else {         


       session_start(); 


       $_SESSION['loggedin1'] = 0;       


       Header("Location: modules.php?name=MILPACS&file=accessdenied"); 


    } 


    die(); 





?>

I can echo out the username just fine. If I am not logged in I can see the viewdrill. If I am logged in but do not have a nukeusername field set to my username I get sent to accessdenied which is correct. But why can I still see the viewdrill if I am "Guest", with no username?

Posted: Tue Jun 13, 2006 11:32 am

Would this work?

Code:

if  (isset($nukeusername)) and ($db->sql_numrows($result) > 0) {

Posted: Tue Jun 13, 2006 10:10 pm

What is the value of $nukeusername when you are not logged in...

Posted: Wed Jun 14, 2006 7:42 am

It is empty.

I have tried this as well.

Quote:

if (empty($nukeusername))&&($db->sql_numrows($result) > 0) {
session_destroy();
session_start();
$_SESSION['loggedin1'] = 1;
Header("Location: modules.php?name=MILPACS&file=viewdrill");
} else {
session_start();
$_SESSION['loggedin1'] = 0;
Header("Location: modules.php?name=MILPACS&file=accessdenied");
}

I am getting this error.

Parse error: syntax error, unexpected T_BOOLEAN_AND

Posted: Wed Jun 14, 2006 7:53 am

*smack head*

Code:

$sql = "SELECT * FROM ".$prefix."_milpacs_members WHERE nukeusername='$nukeusername'"; 


   $result = $db->sql_query($sql); 


   if (!empty($nukeusername)) {


      if ($db->sql_numrows($result) > 0) {  


      session_destroy();


       session_start(); 


       $_SESSION['loggedin1'] = 1;       


       Header("Location: modules.php?name=MILPACS&file=viewdrill"); 


      }


    } else {         


       session_start(); 


       $_SESSION['loggedin1'] = 0;       


       Header("Location: modules.php?name=MILPACS&file=accessdenied"); 


    } 


   die();

Posted: Wed Jun 14, 2006 12:53 pm

Darnit.

This still isn't working. Now if I am logged in but have no nukeusername loaded to compare it gives me a blank screen and does not send me to the accessdenied page.

I either need to go with (isset($nukeusername)) or (!empty($nukeusername))

The username has to be set and the username has to be compared to:

Code:

$nukeusername = $userinfo['username'];

Code:

"SELECT * FROM ".$prefix."_milpacs_members WHERE nukeusername='$nukeusername'";

Posted: Wed Jun 14, 2006 1:09 pm

Thinking of the logic here you realize why a person not logged in can see the viewdrill.php page from the following code:

Code:

$nukeusername = $userinfo['username']; 





//echo "$nukeusername"; 








$sql = "SELECT * FROM ".$prefix."_milpacs_members WHERE nukeusername='$nukeusername'"; 


   $result = $db->sql_query($sql); 


   if ($db->sql_numrows($result) > 0) {  


      session_destroy();


       session_start(); 


       $_SESSION['loggedin1'] = 1;       


       Header("Location: modules.php?name=MILPACS&file=viewdrill");    


    } else {         


       session_start(); 


       $_SESSION['loggedin1'] = 0;       


       Header("Location: modules.php?name=MILPACS&file=accessdenied"); 


    } 


   die();

If they are not logged in then this returns NULL true?

Code:

$nukeusername = $userinfo['username'];

So this code...

Code:

if ($db->sql_numrows($result) > 0) {  


      session_destroy();


       session_start(); 


       $_SESSION['loggedin1'] = 1;

...would result in 1 since I have members in my table with no nukeusername set. The field is empty.

Posted: Thu Jun 15, 2006 6:51 am

Quote:

would result in 1 since I have members in my table with no nukeusername set. The field is empty.

But why would you have users with no usernames? Every user within nuke is required to have a login name, which is what I was assuming your username field in your table was. So, why would you be inserting a record into your table which does not have usename valued with a valid user from the nuke_users table?

Posted: Thu Jun 15, 2006 8:26 am

montego wrote:

Quote:

would result in 1 since I have members in my table with no nukeusername set. The field is empty.

But why would you have users with no usernames? Every user within nuke is required to have a login name, which is what I was assuming your username field in your table was. So, why would you be inserting a record into your table which does not have usename valued with a valid user from the nuke_users table?

If the user is not logged in then ...

Code:

$nukeusername = $userinfo['username'];

would return a NULL. True?

So

Code:




$sql = "SELECT * FROM ".$prefix."_milpacs_members WHERE nukeusername='$nukeusername'"; 


   $result = $db->sql_query($sql); 


   if ($db->sql_numrows($result) > 0) {

would actually return a value > 0 because in my milpacs_members I have a field called nukeusername that is supposed to match the $userinfo['username'] to allow them access to viewdrill.

If nukeusername is blank in my milpacs_members and the person is not logged in then I do have a match.

So again I need to find a way to make sure the person is logged in, and there is a match between $userinfo['username'] and my $nukeusername value in my table.