[Wolves] Replacing globals on with off php

David Goodwin david at codepoets.co.uk
Tue Apr 5 18:20:17 UTC 2011 

Depending on where the data came from...

$email = $_POST['email'];
or
$email = $_GET['email'];
or even :
$email = $_COOKIE['email'];

Get rid of 'session_is_registered' and replace with if(isset($_SESSION['key'])) { ... }

So, e.g. if you're able to make widespread changes, try the following.
The main problem is I don't know where your getting variables from - it could be from a POST (form submission), the URL (GET) or the session or a cookie.... 


session_start(); // put in some common include file; don't hide in a function.
$ADMIN_USER = 'xxxx';
$ADMIN_PASS = 'xxxx';

$is_user = verifyUser($_POST['user'], $_POST['passwd']);
$is_admin = verifyAdmin($_POST['user'], $_POST['passwd']);
 
function verifyUser($user, $passwd) {
    global $ADMIN_EMAIL;
    $user = db_escape($user);
    $passwd = db_escape($passwd)
    $result = mysql_query('SELECT email,passwd FROM user WHERE email = '$email' and BINARY passwd='$passwd') or die("Ick...");
       if(mysql_num_rows($result) == 1) { 
           $_SESSION['user'] = $user;
           $_SESSION['passwd'] = $passwd;
           return true; 
       }
    }
}
function db_escape($string) {
    if(get_magic_quotes_gpc()) { 
        $string = stripslashes($string);
    }
    return mysql_real_escape_string($string);
}

>    function verifyAdmin($user, $passwd)
>    {
>        global $ADMIN_NAME, $ADMIN_PASS;
          return $user === $ADMIN_NAME && $passwd == $ADMIN_PASS;
>    }



thanks
David.

On 5 Apr 2011, at 18:56, Wayne Morris wrote:

> Got an old bit of php (a classified ads site ) which I like but used 'register globals on' and I understand this is not a good idea.
> So can someone give me a starter for ten to get rid of the globals bit (don't really understand how they worked anyway)  eg in this snippit which is for logon:
> 
> function verifyUser()
>    {
>        global $ADMIN_EMAIL;
>        session_start();
>        global $email, $passwd;
>        if( session_is_registered( "email" ) && session_is_registered( "passwd" ) )
>        {
>            $result = mysql_query( "SELECT email, passwd FROM user WHERE email='$email' AND BINARY passwd='$passwd'" ) or error( "Login failed, please contact <a href=\"$ADMIN_EMAIL\">adminstrator</a>" );
>            if( mysql_num_rows( $result ) == 1 ) return true;
>        }
>        return false;
>    }
>    function verifyAdmin()
>    {
>        session_start();
>        global $ADMIN_NAME, $ADMIN_PASS, $adminPasswd, $adminName;
>        if( session_is_registered( "adminName" ) && session_is_registered( "adminPasswd" ) )
>        {
>            if( $adminName == $ADMIN_NAME && $adminPasswd == $ADMIN_PASS )
>                return true;
>        }
>        return false;
>    }
> 
> cheers
> 
> 
> 
> _______________________________________________
> Wolves LUG mailing list
> Homepage: http://www.wolveslug.org.uk/
> Mailing list: Wolves at mailman.lug.org.uk
> Mailing list home: https://mailman.lug.org.uk/mailman/listinfo/wolves

More information about the Wolves mailing list