...

View Full Version : Sessions :: register_globals went from ON to OFF



ingrommet
11-06-2006, 03:38 PM
Can someone please tell me where I'm going wrong with sessions. My authorization was working fine with register_globals on (ON to OFF in PHP 4.2.0) but with new php.ini settings I'm getting Warnings when I login. I though the fallowing code would work but doesn't. I'm not getting the warning now but I can't get to secure_page.php for some reason.
ANY HELP??!!!

~A



<?php // index.php contains Login form action="check_access.php"
session_start();
header("Cache-control: private");

$admin_username = "demo";
$admin_password = "admin";

$Match = array("@","\r","\n","\\");
$Replace = array("","","","");
$post_username = str_replace($Match, $Replace, $_POST['post_username']);
$post_password = str_replace($Match, $Replace, $_POST['post_password']);

if ($post_username == $admin_username && $post_password == $admin_password) {
$_SESSION['access_username'] = $admin_username ;
$_SESSION['access_password"'] = $admin_password ;
header ("Location: secure_page.php");
} else {
header ("Location: index.php");
exit;
}
?>


<?php // authorize.php
session_start();
header("Cache-control: private");

$admin_username = "demo";
$admin_password = "admin";

if ($_SESSION['access_username'] != $admin_username && $_SESSION['access_password'] != $admin_password ) {
header ("Location: index.php");
session_destroy();
exit;
}
?>


<?php // secure_page.php
require("authorize.php");
?>

vinyl-junkie
11-06-2006, 05:43 PM
Nothing just really jumps out at me as being incorrect. Personally, I would start with some strategically placed echo statements in the code to see what's going on. For example:


<?php // index.php contains Login form action="check_access.php"
session_start();
header("Cache-control: private");

$admin_username = "demo";
$admin_password = "admin";

echo "post password: " & $_POST['post_password'])& "<br>";
echo "post username: " & $_POST['post_username']) & "<br>";
echo "session username: " & $_SESSION['access_username'] & "<br>";
echo "session password: " & $_SESSION['access_password"'] & "<br>";

$Match = array("@","\r","\n","\\");
$Replace = array("","","","");
$post_username = str_replace($Match, $Replace, $_POST['post_username']);
$post_password = str_replace($Match, $Replace, $_POST['post_password']);

if ($post_username == $admin_username && $post_password == $admin_password) {
$_SESSION['access_username'] = $admin_username ;
$_SESSION['access_password"'] = $admin_password ;
header ("Location: secure_page.php");
} else {
header ("Location: index.php");
exit;
}
?>

Brandoe85
11-06-2006, 05:48 PM
heh, vinyl...been doing too much asp! Concatenation is the '.' here.

echo "post password: " . $_POST['post_password'] . "<br>";

vinyl-junkie
11-06-2006, 05:50 PM
Yep, you're right. And the heck of it is, I know better! :o



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum