Hey,

After seeing many people advise that using sessions as opposed to cookies is a better way to do a login/store... I changed my entire script (about 30 pages) so that it was thru sessions... and since then I have had nothing but trouble!

My new problem is this:

Fatal Error: Cannot use assign-op operators with overloaded objects nor string offsets in C:\FoxServ\www\yclub\modules\admin\guide.php on line 3

And here is what guide.php actually is:


<?php

$admin[body].='<b>Admin Guide</b> | <a href="?module=admin&mode=control">Control Panel</a> | <a href="?module=admin&mode=user">User Edit</a> | <a href="?module=admin&mode=logs">Logs</a>';

?>


THAT's IT! lol

Now.. admin.php in the modules directory, calls on this guide page, so I'll show that code:


// admin.php

<?php

force_login();

if ($_SESSION[admin] == 0 OR $_SESSION[admin] == 3) {
$admin[body] = "<div align=center class=error>SORRY! BUT YOU ARE NOT AN ADMINISTRATOR! NO ACCESS ALLOWED!</div>";
} else {
$admin[body]='
<h3>ADMINISTRATION PANEL</h3>';

if (!$mode) {

$mode = 'guide';

}

include('admin/'.$mode.'.php');

}


echo $admin[body];

function force_login() {

if($_SESSION[id]) {

$select = mysql_query("SELECT alias FROM users WHERE id='$_SESSION[id]'");
$logged = mysql_num_rows($select);
if ($logged == 0) { unset($_SESSION[id]); }
}

if (!$_SESSION[id]) {

echo "<div align=center class=error>ERROR: YOU MUST BE LOGGED IN TO USE THIS FEATURE!</DIV>";
die();

}

}

?>

Now.. there is the index.php page which includes the admin.php page and config.php - but this is not causing the problem with any of the other moule pages.. so the problem has to be up there somewhere.

On a side note:

Once the error comes up, if I refresh the error message goes away and I get just simply "<" - that's it. I also notice in my menu section that the Admin menu disappears, which means it has reset $_SESSION[admin] to either 0 or null, yet it keeps me logged in so $_SESSION[id] is still set.

EDIT: I just added in my script: echo $_SESSION[admin] and it's printing "<".. but that's on a different page! No where in my guide.php or admin.php do I have echo $_SESSION[admin] and yet it is showing "<" too!

Does anyone see any problems here?

Thanks in advance! :thumbsup:

Taylor.

Panic attack over!

Apparently it doesn't like it when you use similar words when you have sessions in work... eg. $_SESSION[admin] and $admin[body] was causing the problem!!!

I found this out by accident! lol

I'm a bit curios.

Have you that many constants defined or are you just unable to use associative arrays?

E.g.:

define('admin', 0);
...
... $_SESSION[admin] ...

// vs.

... $_SESSION['admin'] ...If the second case is true, maybe php tries to use $admin instead of the undefined constant admin, which of course causes errors as $admin is an array. And indexes cannot be arrays.

dumpfi

I'm a bit confused meself.

I'm more wondering if this is a register globals kind of issue. Now, offhand, I'm not 100% certain if the $_SESSION superglobal is registered or not, as its the only one I've found to be false when session start is not found.
The ponit I'm getting at with this is, if you set $_SESSION['admin'] somewheres, passing it to another script, if it becomes registered then you end up with a variable: $admin. You are attempting to create an addon to the array. This could be your troubles.
My suggested solution if this is the case:
create a register_globals removal function - don't use them at all.


As well, I don't see session_start() on your pages anywhere.

My suggested solution if this is the case:
create a register_globals removal function - don't use them at all.
Hey Fou-Lu, I don't suppose you know how I'd go about doing this? My main host decided they wanted to enable register_globals and, while I am confident that my code is secure enough not to allow abuse of register_globals, there's always that lil' bit of paranoia saying... "yeah, but what if...".

At the moment I've got around the problem using .htaccess to disable register_globals, but if there is a way to do it through the code then I think that's a much more elegant solution, any suggestions? I was taught not to use register_globals from the start so I don't really know where to begin with disabling it, would it be something like unsetting any $GLOBAL that isn't one of the recognised defaults?

Heres what I use to disable globals that are on.
I also have a piece that will enable registration of variables when register globals are off, much the same as register globals but more control, as I can set what is to passthrough:

/* I use this in an initialization or global script, which I include into all other files.
If you need to declare any other variables, arrays, etc, you have to add them to the filter:*/
$_filter = array(
'GLOBALS', // This is absolutly
'_GET',
'_POST',
'_COOKIE',
'_REQUEST',
'_SERVER',
'_ENV',
'_FILES',
'_filter', // This is also manditory
// Add anything else in here you would need _SESSION for instance, or any other previously declared data:
);

if (is_array($GLOBALS))
{
foreach ($GLOBALS AS $_superkey => $_supervalue) // Heh heh, super-value
{
if (!in_array($_superkey, $_filter) AND $_superkey != '_superkey' AND $_superkey != '_superval')
{
unset($GLOBALS["$_superkey"]);
}
}
}
else
{
$GLOBALS['_GET'] = &$_GET;
$GLOBALS['_POST'] = &$_POST;
$GLOBALS['_COOKIE'] = &$_COOKIE;
$GLOBALS['_SERVER'] = &$_SERVER;
$GLOBALS['_ENV'] = &$_ENV;
$GLOBALS['_FILES'] = &$_FILES;
}

Test 'er out, no more register_globals :)
Now... this one I put together, but I didn't make the original concept. Offhand though, I'm not certain who I got it from, so I cannot give credit for it :o

Awesome, thanks for that Fou :thumbsup:

As well, I don't see session_start() on your pages anywhere.


Register globals are on... and all pages are includes.. so I have session_start() at top of index.php... the browser itself never moves from index.php - just includes all my files dependant on the module :)


I just re-read your post.. so I should turn register globals off ?

Heres what I use to disable globals that are on.
I also have a piece that will enable registration of variables when register globals are off, much the same as register globals but more control, as I can set what is to passthrough:

/* I use this in an initialization or global script, which I include into all other files.
If you need to declare any other variables, arrays, etc, you have to add them to the filter:*/
$_filter = array(
'GLOBALS', // This is absolutly
'_GET',
'_POST',
'_COOKIE',
'_REQUEST',
'_SERVER',
'_ENV',
'_FILES',
'_filter', // This is also manditory
// Add anything else in here you would need _SESSION for instance, or any other previously declared data:
);

if (is_array($GLOBALS))
{
foreach ($GLOBALS AS $_superkey => $_supervalue) // Heh heh, super-value
{
if (!in_array($_superkey, $_filter) AND $_superkey != '_superkey' AND $_superkey != '_superval')
{
unset($GLOBALS["$_superkey"]);
}
}
}
else
{
$GLOBALS['_GET'] = &$_GET;
$GLOBALS['_POST'] = &$_POST;
$GLOBALS['_COOKIE'] = &$_COOKIE;
$GLOBALS['_SERVER'] = &$_SERVER;
$GLOBALS['_ENV'] = &$_ENV;
$GLOBALS['_FILES'] = &$_FILES;
}

Test 'er out, no more register_globals :)
Now... this one I put together, but I didn't make the original concept. Offhand though, I'm not certain who I got it from, so I cannot give credit for it :o


what a waste of processing, the server adds these variables for you, and then you manually unset - the .htaccess way is *much* more elegant and efficient.

You method is, however useful for people who are not allowed to override PHP options with .htaccess.


EDIT:
hrm, seems i misunderstood your script, i'm not even sure what it's for now :s

I just had the exact same error message on a totally different error, i wasn't using sessions at all, anyway i checked out the line :-

$filea[$i] .= "CustomSelect: ".$customsql[$i]." ".$a_limit.",".$limit[$i]."\n";

I tried a few things thinking it was cause i was trying to do multiplication on a string, but all it was in the end was I hadn't defined $filea as an array first!
i added $filea = array(); and the error dissappeared.

you may just need to define $admin as an array before using it.

hope it helps anyway:)